Analysis
-
max time kernel
52s -
max time network
50s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27-06-2024 19:48
General
-
Target
Dentons_SKM_C590368369060_417161.pdf
-
Size
76KB
-
MD5
b9cd9b554463fe065bbb425b69c06530
-
SHA1
9797bb99c407b8f78d454d0fef61c35e7d2164c2
-
SHA256
55950be03d6df328adb3cfdeabe2c6b4da3f58c4107a5759a29e0aee7241c47a
-
SHA512
07350030e1461be9c73303517f47733fa25eec552e2932e0f9a54501fa3898e1747ecd1c0ca2f3641c89b141256a841a0ce181f72bd284c17e6f7c36fe6aa1c3
-
SSDEEP
1536:wnxfWMljw7X+HBbWA0npQTUUNBgJ6ElEJJzwopynK8ig0g:G3c7X+RWAypc9u6/Bs7ig7
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 1976 msedge.exe 1976 msedge.exe 1968 msedge.exe 1968 msedge.exe 4832 identity_helper.exe 4832 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
AcroRd32.exemsedge.exepid process 1916 AcroRd32.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
msedge.exepid process 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
AcroRd32.exepid process 1916 AcroRd32.exe 1916 AcroRd32.exe 1916 AcroRd32.exe 1916 AcroRd32.exe 1916 AcroRd32.exe 1916 AcroRd32.exe 1916 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 1916 wrote to memory of 4348 1916 AcroRd32.exe RdrCEF.exe PID 1916 wrote to memory of 4348 1916 AcroRd32.exe RdrCEF.exe PID 1916 wrote to memory of 4348 1916 AcroRd32.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3256 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe PID 4348 wrote to memory of 3408 4348 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Dentons_SKM_C590368369060_417161.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=97C45931E35D0D4E8BA7580A842EF1F8 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=19B09861D2F393827F98EBBC1DD397CD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=19B09861D2F393827F98EBBC1DD397CD --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=098B8926815A72A34CC45CCE9F7AC0A8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=098B8926815A72A34CC45CCE9F7AC0A8 --renderer-client-id=4 --mojo-platform-channel-handle=2148 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=80BADC560DF68E5DFCCC13619AB15381 --mojo-platform-channel-handle=2556 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=37A2D37E5DF06462B0CA886939A2F484 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=37A2D37E5DF06462B0CA886939A2F484 --renderer-client-id=6 --mojo-platform-channel-handle=1800 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B532A268B482DB5D3B8C3D37E887A0E3 --mojo-platform-channel-handle=3052 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C73710B9FF57967BB5A1305A08A01C5F --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe" 359719e2-cb4d-4d28-a4e6-59e634d5a7842⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://secure.adnxs.com/clktrb?id=273568&redir=https://c%65rr%6fs%65ns%65%61f%6f%6fd%2ecom/?rvqbrxli&qrc=d%6fck%65t%2eg%65n%65r%61l%2el%69t%2echi@d%65nt%6fns%2ecom2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff667e46f8,0x7fff667e4708,0x7fff667e47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12582338563147027894,13808786312754215065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:13⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD51ff77cbd89b9c1f56e7dad6f10ed90df
SHA1c7bfa8d8aab4da2f880b32d502077ae8bcfdbdc8
SHA256e2c48d479ea9cd2a357d5825d066c34790b4712138742bae8ce5a924131c6048
SHA5123736931ed6b12c5317a42808f64e4cb92d13a1e501aac8ee62730f48499614e9539332ea97d5ddc11981f88fdd903b8ebe7cc230b11b0103d5673fb21ed3ac6c
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD58ba8184c7d03d310e06071a9ff94b29f
SHA16f859a334c2ed579e36db50dec565d928058bd1e
SHA256252d5fde02f92e991c703a521a02b2f903c54f1aac07f2e6be15d5c60a4217d4
SHA512d0d9b2ca0cc38ff353eff69ce3f04fcc7fafc31b59343fd634097fffbdecd8530ed79e68ed7099195b70c3a75ec58fa8ed28db8aed9da8d2c3ffa104839b79b5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5864ba265d45622217d02734cefadc22c
SHA19f3f44e4cd709e1c3830e1fea9b6e3edc1ab7d53
SHA2565f01bbc5009e92756e93f7f67567ea8d95182c0ae6c00d2b1550d231d850cad1
SHA5129b66d1827aabfabb87e7107d09597637f4cf77ccabe32f6b735589782e4a3d2b6c8c0d74ab6bfc5e0089bb141d6163af1bfe254ebda78582608f580408a8299c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD54f7d56e61ada49d466b9d51db134d9c6
SHA1d8bb221e925519e7bc0aba5b168db9606fd3f114
SHA2562e739e350048c22900c55686eecb5021b037f3245335959240f20d4efb1ee94e
SHA512a63a8f864dc25beb3f9c9fa69bd73c30217130e3308b1699c3ed740a917505fa013a597392375766beb84971548f376b1f4e55410af01e10715fef3cb745051b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD58bd26051158eaa7496e2f23947283233
SHA115f8d3d70d2e8aff909108865bc8b27288054d94
SHA2560179692d4e16de40311b77f95303d7b2ebf6d5660fee49658282ca0bef1b4b45
SHA5128eac0b629f6701b5f2618bc736041ed616fa56a8c068ec6c6c9ea69cc0da660355bb58351575fa24ae89b61d13216c42c3aa3a4dccc694da9216bad364cc12b1
-
C:\Users\Admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfgFilesize
125B
MD55ab328ad8bbb152faf682da8d6f09fea
SHA1f2a08728426b4d8a19294747cde6f680293b0211
SHA256e50ba417b3c1b1ca8bec6bb81d2dfc24bf20ec580301592b796cb87a8c1603ec
SHA512cbcd2c7a2290f78febe6c83f7fb5c35828d09c65f825ebeab30eb10e58bc9fd7b876c737fe9c9362e9708649c45f1040e1024f5405a85cd36eabf04eeefcf3fc
-
C:\Users\Admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfgFilesize
3KB
MD5e83249d369e40955702745c2f96e4332
SHA1a3db7d5e9a3b302193273a34e924eadd0dfaff57
SHA256b8891aab9239164bb4d01336a49a69e5b88f1abecfa150ddb0561a13c9c746f2
SHA51268ea5b0904acda37bb023952a80f1d1927ce749f47bb9a0d101ba404e345cd3e8941353233559d706ef0c545963854d2140355b0c89884b67158ef9fea0355f0
-
C:\Users\Admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_5d84c1c1-fd5c-4441-b47a-69a595d33728.rdyFilesize
1KB
MD57161a2e9a92fcdd4496fb4f893f95f67
SHA11611df9f9883a96b0ce9e38fe73788882c292ecc
SHA256803455a5628745360683c4b8ff019c1f006c922474d08c9aa5e385467ff73a7b
SHA5124dece21c9fa345ab59897a20ed3fd9ebe53221950be35a0e3e7c498f51c7513c8072e204094ad6784ec42dd541ab55973ea733026bf946e27e73cd940d983877
-
\??\pipe\LOCAL\crashpad_1968_GDLURHTMMUGQJEWOMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1916-341-0x0000000003F50000-0x0000000003F7A000-memory.dmpFilesize
168KB