Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 15:11
Static task
static1
Behavioral task
behavioral1
Sample
documento prueba 1.pdf
Resource
win10v2004-20240508-en
General
-
Target
documento prueba 1.pdf
-
Size
81KB
-
MD5
277088045a97be9d630ec96f2ff67450
-
SHA1
6499890b273cdfae7c446f5b3138405effa1d765
-
SHA256
bae1e30daad2e3628f8f8cf91ef19637fcdd67318f8b677b6e7639f45f2d455d
-
SHA512
8f58b9e0002f918d24c9fc7420edb662f1f94ab143ca8f70e036cf1f7d079bc9245bbaa88d1078a184ee90040d8bbf3889adfaf7ec0339aac1d69b679b5c7340
-
SSDEEP
1536:C/O2IxxzpuFuUFqZEM/c8ikOXIny18iQlY7pxsv6TfzjgXkb:C/OV/NuzFc5OXaV2xE631
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133626787103186842" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3300 chrome.exe 3300 chrome.exe 1028 chrome.exe 1028 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
pid Process 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe Token: SeShutdownPrivilege 3300 chrome.exe Token: SeCreatePagefilePrivilege 3300 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 1076 AcroRd32.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe 3300 chrome.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1076 AcroRd32.exe 1076 AcroRd32.exe 1076 AcroRd32.exe 1076 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3300 wrote to memory of 1900 3300 chrome.exe 96 PID 3300 wrote to memory of 1900 3300 chrome.exe 96 PID 1076 wrote to memory of 4920 1076 AcroRd32.exe 97 PID 1076 wrote to memory of 4920 1076 AcroRd32.exe 97 PID 1076 wrote to memory of 4920 1076 AcroRd32.exe 97 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 1412 3300 chrome.exe 98 PID 3300 wrote to memory of 4852 3300 chrome.exe 99 PID 3300 wrote to memory of 4852 3300 chrome.exe 99 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100 PID 3300 wrote to memory of 3632 3300 chrome.exe 100
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\documento prueba 1.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1076 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵PID:4920
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=54388F215E0531088178AB60489C59DA --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4992
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D6B5A4058AF661BD71EBF55F3B4169A4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D6B5A4058AF661BD71EBF55F3B4169A4 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:13⤵PID:748
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2D0BD98BD4444D35B9F1F1121558F94B --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:456
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9DAED4E71324D77BF72F4008CD7D99F7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9DAED4E71324D77BF72F4008CD7D99F7 --renderer-client-id=5 --mojo-platform-channel-handle=1884 --allow-no-sandbox-job /prefetch:13⤵PID:3656
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=21159287255FDC05BAFCFBC040BA6F95 --mojo-platform-channel-handle=2532 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1904
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E6ADF0F2E52D7D98C9777A034D938918 --mojo-platform-channel-handle=2376 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4752
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3300 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff94bc4ab58,0x7ff94bc4ab68,0x7ff94bc4ab782⤵PID:1900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:22⤵PID:1412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:82⤵PID:4852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:82⤵PID:3632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:12⤵PID:4936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:12⤵PID:3184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3648 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:12⤵PID:2520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:82⤵PID:5320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:82⤵PID:5436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2916 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:12⤵PID:5128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4916 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:12⤵PID:5364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=872 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:12⤵PID:5640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1636 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:12⤵PID:3800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3412 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:12⤵PID:3940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1168 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:12⤵PID:1036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2684 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:12⤵PID:5208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3212 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:12⤵PID:4480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3380 --field-trial-handle=1924,i,4509826754981566613,14821454475215469435,131072 /prefetch:12⤵PID:3140
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1392,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=4024 /prefetch:81⤵PID:5164
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD53fb39793d98ceaf22218b59fb1b79e70
SHA11007e516ec8967597dbf772297dcf44c2499fef5
SHA2560e65ea765b20ad5cb472aa2579e326c76b737a0165edb32be4f0848bb3ead53a
SHA512b1968673f7b4d372194cf95305b722a85550b1a178592f8ba7b9ce146b95a65889fbaa3f988565d57bc96fca619ad4fbaa388f03c6685c4343f8767f4061cc7a
-
Filesize
255KB
MD5c5d6d2a9080a4c9d3c44bedb936c7f50
SHA1a5c3d7b510364bbba03631da8daaa585ee0682cb
SHA256bad322f7f121b279121386521a804fd87bf01b0d386d3304783c63140e00e7ec
SHA5129ed532ff846ec0a7dcb347aaf71f6a2bfc6200f980c58394bce7289563f2507d1d2aa098ad0ba2c6b725974c65676d1c14a04098454a6862289f3b79c68121fb