Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
136s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
24/10/2024, 04:09
Static task
static1
Behavioral task
behavioral1
Sample
7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe
-
Size
572KB
-
MD5
7243d2dd2c6160ce5ce29cfd5161b826
-
SHA1
5d7701e0b1e3aef3ba950bc31585df418373ff64
-
SHA256
9ed1bd70a534d7389b8a03d94eb0c23da123e367629509dc97a40f3b63ca2a2b
-
SHA512
92adceb9141b717e43ed8ae2fddf7b1a3e7dba2ae13cf9bcec027885197c1f40ba0026faa52741bc9572a3a8b3ea83bce1766bbdaef17871de4954bca56ebb59
-
SSDEEP
6144:9ov67XgTTSjN81oqYcTq4A28FPzCsVyUhn8aZyMy1NT1lD1Hr0vuJ:yvTW8ppq4AZCsVphnzUM41LEuJ
Malware Config
Signatures
-
Ardamax main executable 1 IoCs
resource yara_rule behavioral2/files/0x0007000000023ca2-12.dat family_ardamax -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation 7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 4760 JLUW.exe -
Loads dropped DLL 8 IoCs
pid Process 1520 7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe 4760 JLUW.exe 4760 JLUW.exe 4760 JLUW.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JLUW Agent = "C:\\Windows\\SysWOW64\\28463\\JLUW.exe" JLUW.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory 5 IoCs
description ioc Process File created C:\Windows\SysWOW64\28463\JLUW.006 7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe File created C:\Windows\SysWOW64\28463\JLUW.007 7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe File created C:\Windows\SysWOW64\28463\JLUW.exe 7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\28463 JLUW.exe File created C:\Windows\SysWOW64\28463\JLUW.001 7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 10 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JLUW.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings 7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4760 JLUW.exe Token: SeIncBasePriorityPrivilege 4760 JLUW.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2740 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 4760 JLUW.exe 4760 JLUW.exe 4760 JLUW.exe 4760 JLUW.exe 4760 JLUW.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe 2740 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1520 wrote to memory of 4760 1520 7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe 84 PID 1520 wrote to memory of 4760 1520 7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe 84 PID 1520 wrote to memory of 4760 1520 7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe 84 PID 1520 wrote to memory of 2740 1520 7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe 85 PID 1520 wrote to memory of 2740 1520 7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe 85 PID 1520 wrote to memory of 2740 1520 7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe 85 PID 2740 wrote to memory of 2652 2740 AcroRd32.exe 92 PID 2740 wrote to memory of 2652 2740 AcroRd32.exe 92 PID 2740 wrote to memory of 2652 2740 AcroRd32.exe 92 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 3576 2652 RdrCEF.exe 94 PID 2652 wrote to memory of 904 2652 RdrCEF.exe 95 PID 2652 wrote to memory of 904 2652 RdrCEF.exe 95 PID 2652 wrote to memory of 904 2652 RdrCEF.exe 95 PID 2652 wrote to memory of 904 2652 RdrCEF.exe 95 PID 2652 wrote to memory of 904 2652 RdrCEF.exe 95 PID 2652 wrote to memory of 904 2652 RdrCEF.exe 95 PID 2652 wrote to memory of 904 2652 RdrCEF.exe 95 PID 2652 wrote to memory of 904 2652 RdrCEF.exe 95 PID 2652 wrote to memory of 904 2652 RdrCEF.exe 95 PID 2652 wrote to memory of 904 2652 RdrCEF.exe 95 PID 2652 wrote to memory of 904 2652 RdrCEF.exe 95 PID 2652 wrote to memory of 904 2652 RdrCEF.exe 95 PID 2652 wrote to memory of 904 2652 RdrCEF.exe 95 PID 2652 wrote to memory of 904 2652 RdrCEF.exe 95
Processes
-
C:\Users\Admin\AppData\Local\Temp\7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\7243d2dd2c6160ce5ce29cfd5161b826_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1520 -
C:\Windows\SysWOW64\28463\JLUW.exe"C:\Windows\system32\28463\JLUW.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4760
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\FortyMistakesMenMakeDuringSex.pdf"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2652 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C1ED8A1371C9290AACDBFB76FCEDA90C --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:3576
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AFB128BE43801C61278E6638E6A60E56 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AFB128BE43801C61278E6638E6A60E56 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:14⤵
- System Location Discovery: System Language Discovery
PID:904
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B2174D880DBBF557FCE5530238248AC7 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:1596
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AA7985FAFE83A5273B406343C137F8E3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AA7985FAFE83A5273B406343C137F8E3 --renderer-client-id=5 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:14⤵
- System Location Discovery: System Language Discovery
PID:4860
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6B93CADF983C2FBE741314ED1C5BE351 --mojo-platform-channel-handle=2404 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:4796
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9FF598C363C9BC3F13BA47B69B202B85 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:3596
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3120
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD508754fd8fae348bd5ffd91d832633899
SHA1a4c7e90e8557ace43b29ef5e5333efc82c3024dd
SHA256abcdfd920e74cb87b8d599929208866eac0449c9c98a7471f0611889ca2a28b0
SHA512c1c7ef392a19412f0230e43cff5b946a1bc8f4010ae555c4e30d61bc81b93568bb5ff6fa415987c568753cf42320284773044107acdfbc22b8f60e7c7993c5f7
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
4KB
MD59dc64557fcebd521ca4b267da15c2914
SHA1c2247f9e0f0c8d11c7b9ab93f43ed53943d0bdd2
SHA256a49cb9cbab2a60418b2079d4110123682fc980bb6b46ac5ada144797b5fa2cf4
SHA51200241a139ca307c5eb4d89fa8b6296833961091286282c3482746e4a3589ef61e6d007edb6aa6fa1ef812d57bf63a8e495e0db712e17decc77bbae2490cdbe01
-
Filesize
20KB
MD51bb4c745f5918abcc66d3302cdeb025f
SHA155b25bca8054c01ab5768af5f61d70a0669c5e94
SHA2564c7bf01a3a1599875961eb513f644efc3b9adf379fb8965c7fbad9fb15978c97
SHA5127baed4b35c504e0dab794659e42f12e1c7022c7db86c08a7336d8cebb9a3667f5a7fb6557144760f6806a0783abc395f11cad88d33b408ee16af23f554594afd
-
Filesize
454B
MD56bc1557a87952b4b59f6323a75700d3c
SHA13f0f6cce5e604d785344c978d9cb8088e45d54e9
SHA2567b159c4485e83f94a0433dd141fcfac7f8eb7879c00da83089f37d63b499aa18
SHA512ece0d7a4abafc8316e9de19070f76222803eede7f1c1e49a36be766ee61ade6b9ee60c99755a15f80ecee7d9913af64c428bba2816b94ee5f969f3482da0552f
-
Filesize
8KB
MD586d96c93965255cef35ca42413188b75
SHA19d77f203267febe047d049584e5c79f1c1801b2d
SHA256b796bd1f5cdb1d1db91c3aca1ac700c015775b9caf2725fbf4b6089a096f21c5
SHA5122db81080a16494ec549f4f39ee382580ba12cd5cbfe31632c8459ba94d767ce1ad3e9c0e6643f80530ae5e316fc42dca05708eeade7ce3c0341d669325cdb095
-
Filesize
5KB
MD5b73942c11844487ca7fc3e78062c8abb
SHA128f4c4159528ccbe9d83b5cd5e157861d11ff04c
SHA2564ba88f8964ee02a395d88974fd43b05610cf520b4ab40f36b3f98715ce1e0984
SHA512d4c782f5abd91b3396b243345f968eb5a705a7aefeedf92e62047309f7ccf223c0825623c184de66e3667c22eb371f0329be97ea70f6d72b54f98b22042e1f9c
-
Filesize
472KB
MD5324154483b20e6f67a3c1486e3fc7c6a
SHA1d6630eb1d8555b48413434b4a5d54c8de819cbf8
SHA256ded1c934280294375d7b926773511e4d5e6c8dbb22b0dd25a80a6b0b3af065d3
SHA51236349f7c53b9989eac63e8c91b7fb009a5a0dce934242ae5956a5e3d3764949a87296adeba81f3da96b5e035f3755b4dd75de2ffa211b7db296313c52f6d478b