16-16428 buyer docs.pdf
This report is generated from a file or URL submitted to this webservice on January 25th 2018 15:24:19 (UTC)
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v7.21 © Hybrid Analysis
Incident Response
Risk Assessment
- Persistence
- Writes data to a remote process
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 2
-
Installation/Persistance
-
Writes data to a remote process
- details
-
"RdrCEF.exe" wrote 32 bytes to a remote process "%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1312)
"RdrCEF.exe" wrote 52 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1312)
"RdrCEF.exe" wrote 4 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1312)
"RdrCEF.exe" wrote 8 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1312)
"RdrCEF.exe" wrote 84 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1312)
"RdrCEF.exe" wrote 54 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1312)
"RdrCEF.exe" wrote 12 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1312)
"RdrCEF.exe" wrote 16 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1312)
"RdrCEF.exe" wrote 164 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1312)
"RdrCEF.exe" wrote 88 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1312)
"RdrCEF.exe" wrote 156 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1312)
"RdrCEF.exe" wrote 32 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1420)
"RdrCEF.exe" wrote 52 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1420)
"RdrCEF.exe" wrote 4 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1420)
"RdrCEF.exe" wrote 8 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1420)
"RdrCEF.exe" wrote 84 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1420)
"RdrCEF.exe" wrote 54 bytes to a remote process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" (Handle: 1420) - source
- API Call
- relevance
- 6/10
-
Writes data to a remote process
-
Hiding 1 Malicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Suspicious Indicators 2
-
Installation/Persistance
-
Creates new processes
- details
-
"AcroRd32.exe" is creating a new process (Name: "%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe", Handle: 692), "RdrCEF.exe" is creating a new process (Name: "%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe", Handle: 1312), "RdrCEF.exe" is creating a new process (Name: "%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"
Handle: 1420) - source
- API Call
- relevance
- 8/10
-
Creates new processes
-
Unusual Characteristics
-
Installs hooks/patches the running process
- details
-
"AcroRd32.exe" wrote bytes "f811dd762014dd760c11dd76f516dd76a911dd768548dd76b934dd76a934dd766834dd7600000000a56b2b77e4852b77e04d2b779cc02b77a3bf2b7792ae2b770c7d2b7700000000" to virtual address "0x73511000" (part of module "MSIMG32.DLL")
"AcroRd32.exe" wrote bytes "7111ba007a3bb900ab8b02007f950200fc8c0200729602006cc805001ecdb6007d26b600" to virtual address "0x76CD07E4" (part of module "USER32.DLL")
"AcroRd32.exe" wrote bytes "7d07857781ed8377ae868277c6e08177effd84772d16837760148577478d8277a8e281776089827700000000ad3733778b2d3377b641337700000000" to virtual address "0x6A531000" (part of module "WSHTCPIP.DLL")
"AcroRd32.exe" wrote bytes "0efc847781ed8377ae868277c6e08177effd84772d168377c0fc8077da8f8b7760148577478d8277a8e281776089827700000000ad3733778b2d3377b641337700000000" to virtual address "0x6A611000" (part of module "WSHIP6.DLL")
"AcroRd32.exe" wrote bytes "c0df81771cf98077ccf880770d64827700000000c011dd7600000000fc3edd7600000000e013dd760000000094579b7525e08177c6e0817700000000bc6a9a7500000000cf31dd760000000093199b75000000002c32dd7600000000" to virtual address "0x754A1000" (part of module "NSI.DLL")
"RdrCEF.exe" wrote bytes "5faf336e" to virtual address "0x6F2B037C" (part of module "LIBCEF.DLL")
"RdrCEF.exe" wrote bytes "7111ba007a3bb900ab8b02007f950200fc8c0200729602006cc805001ecdb6007d26b600" to virtual address "0x76CD07E4" (part of module "USER32.DLL")
"RdrCEF.exe" wrote bytes "0efc847781ed8377ae868277c6e08177effd84772d168377c0fc8077da8f8b7760148577478d8277a8e281776089827700000000ad3733778b2d3377b641337700000000" to virtual address "0x6A611000" (part of module "WSHIP6.DLL")
"RdrCEF.exe" wrote bytes "c0df81771cf98077ccf880770d64827700000000c011dd7600000000fc3edd7600000000e013dd760000000094579b7525e08177c6e0817700000000bc6a9a7500000000cf31dd760000000093199b75000000002c32dd7600000000" to virtual address "0x754A1000" (part of module "NSI.DLL")
"RdrCEF.exe" wrote bytes "d1e2336e" to virtual address "0x6B79A610" (part of module "DWRITE.DLL")
"RdrCEF.exe" wrote bytes "e9e2336e" to virtual address "0x6B79A35C" (part of module "DWRITE.DLL")
"RdrCEF.exe" wrote bytes "10006489" to virtual address "0x76E80490" (part of module "KERNEL32.DLL")
"RdrCEF.exe" wrote bytes "9ae4336e" to virtual address "0x6B79A374" (part of module "DWRITE.DLL")
"RdrCEF.exe" wrote bytes "d9e2336e" to virtual address "0x6B79A364" (part of module "DWRITE.DLL")
"RdrCEF.exe" wrote bytes "63de336e" to virtual address "0x6B79A360" (part of module "DWRITE.DLL") - source
- Hook Detection
- relevance
- 10/10
-
Installs hooks/patches the running process
-
Informative 10
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
- 0/58 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Contains object with compressed stream data
- details
-
Object ID 11 contains compressed stream data: No filters
Object ID 14 contains compressed stream data: No filters
Object ID 17 contains compressed stream data: No filters
Object ID 20 contains compressed stream data: No filters
Object ID 23 contains compressed stream data: No filters - source
- Static Parser
- relevance
- 10/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\Local\Acrobat Instance Mutex"
"\Sessions\1\BaseNamedObjects\DBWinMutex"
"DBWinMutex"
"Local\Acrobat Instance Mutex"
"\Sessions\1\BaseNamedObjects\com.adobe.acrobat.rna.RdrCefBrowserLock.DC"
"com.adobe.acrobat.rna.RdrCefBrowserLock.DC" - source
- Created Mutant
- relevance
- 3/10
-
PDF contains no significant text data on the first page(s)
- details
- The input only has no visible characters on the first 5 page(s)
- source
- Static Parser
- relevance
- 5/10
-
Process launched with changed environment
- details
-
Process "RdrCEF.exe" (Show Process) was launched with new environment variables: "PATH="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\plug_ins;%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\;%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\test_tools""
Process "RdrCEF.exe" (Show Process) was launched with missing environment variables: "MEOW" - source
- Monitored Target
- relevance
- 10/10
-
Scanning for window names
- details
-
"AcroRd32.exe" searching for window "_AcroAppTimer"
"AcroRd32.exe" searching for class "AdobeAcrobatSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "AdobeReaderSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "Acrobat Instance Window Class"
"AcroRd32.exe" searching for class "JFWUI2" - source
- API Call
- relevance
- 10/10
-
Spawns new processes
- details
-
Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=AD896740BCCDC97CD241753F53CDC41C --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=AD896740BCCDC97CD241753F53CDC41C --renderer-client-id=2 --mojo-platform-channel-handle=1280 --allow-no-sandbox-job /prefetch:1" (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=09CC5A882D37150FE97882C3A6C670CF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=09CC5A882D37150FE97882C3A6C670CF --renderer-client-id=3 --mojo-platform-channel-handle=1408 --allow-no-sandbox-job /prefetch:1" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Contains object with compressed stream data
-
Installation/Persistance
-
Dropped files
- details
-
"A9Rof6012_yasar2_1e4.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
"A9Rjnthhf_yasaqz_1e4.tmp" has type "data"
"Visited Links" has type "data"
"0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl" has type "data"
"CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl" has type "data"
"A9Rxnt8ev_yasar0_1e4.tmp" has type "data" - source
- Binary File
- relevance
- 3/10
-
Touches files in the Windows directory
- details
-
"RdrCEF.exe" touched file "%WINDIR%\SysWOW64\oleaccrc.dll"
"RdrCEF.exe" touched file "%WINDIR%\Globalization\Sorting\SortDefault.nls"
"RdrCEF.exe" touched file "%WINDIR%\SysWOW64\KBDUS.DLL"
"RdrCEF.exe" touched file "%WINDIR%\System32\drivers\etc\hosts"
"RdrCEF.exe" touched file "%WINDIR%\System32\spool\drivers\color\sRGB Color Space Profile.icm"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\arial.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALN.TTF"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ariali.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALNI.TTF"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\arialbd.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALNB.TTF"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\arialbi.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALNBI.TTF"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ariblk.ttf" - source
- API Call
- relevance
- 7/10
-
Dropped files
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"
Pattern match: "http://dmd.metaservices.microsoft.com/dms/metadata.svc"
Pattern match: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Heuristic match: "GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?250b98e122445179 HTTP/1.1Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 20 Apr 2017 16:02:20 GMTIf-None-Match: 04e707defb9d21:0User-Agent: Microsoft-CryptoAPI/6.1Hos"
Heuristic match: "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?229c7af0afd7d391 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ctldl.windowsupdate.com"
Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: s2.symcb.com"
Pattern match: "http://www.symauth.com/cps0"
Pattern match: "http://www.symauth.com/rpa0"
Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEBuN56dlW1Lzehhu%2FtdSD3U%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: sv.symcd.com"
Pattern match: "http://www.symauth.com/cps0*"
Heuristic match: "GET /CRL/Omniroot2025.crl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: cdp1.public-trust.com"
Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAt%2BEJA8OEkP%2Bi9nmoehp7k%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.digicert.com"
Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSLIycRsoI3J6zPns4K1aQgAqaqHgQUZ50PIAkMzIo65YJGcmL88cyQ5UACEAG2Yem3HYLmNssdMr3TCFk%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.digicert.com"
Pattern match: "www.microsoft.com" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
File Details
16-16428 buyer docs.pdf
- Filename
- 16-16428 buyer docs.pdf
- Size
- 658KiB (673665 bytes)
- Type
- Description
- PDF document, version 1.4
- Document pages
- 5
- Architecture
- WINDOWS
- SHA256
- f645405a6a34b4af5c9cebbf17a791fcacf2efc44a62334fe600e570041fb0ab
- MD5
- 33e30a2973d8f1c347b4fc1604049a81
- SHA1
- 990d19ba475d92ad7f70067b790d254716e2ff38
Classification (TrID)
- 100.0% (.PDF) Adobe Portable Document Format
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 4 processes in total (System Resource Monitor).
-
AcroRd32.exe
"C:\f645405a6a34b4af5c9cebbf17a791fcacf2efc44a62334fe600e570041fb0ab.pdf"
(PID: 1804)
-
RdrCEF.exe
--backgroundcolor=16448250
(PID: 2092)
- RdrCEF.exe --type=renderer --primordial-pipe-token=AD896740BCCDC97CD241753F53CDC41C --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=AD896740BCCDC97CD241753F53CDC41C --renderer-client-id=2 --mojo-platform-channel-handle=1280 --allow-no-sandbox-job /prefetch:1 (PID: 1348)
- RdrCEF.exe --type=renderer --primordial-pipe-token=09CC5A882D37150FE97882C3A6C670CF --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=09CC5A882D37150FE97882C3A6C670CF --renderer-client-id=3 --mojo-platform-channel-handle=1408 --allow-no-sandbox-job /prefetch:1 (PID: 2384)
-
RdrCEF.exe
--backgroundcolor=16448250
(PID: 2092)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
-
Informative 6
-
-
Visited Links
- Size
- 128KiB (131072 bytes)
- Type
- data
- Runtime Process
- RdrCEF.exe (PID: 2092)
- MD5
- 81a284a2b84dde3230ff339415b0112f
- SHA1
- f61be0648fe365bc7d398aa4907c097a06739384
- SHA256
- cdb94563c99017ea9eb34642740794033fb48257f3f06df0ab5af0da5f7cbf6c
-
A9Rjnthhf_yasaqz_1e4.tmp
- Size
- 2B (2 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 1804)
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
A9Rof6012_yasar2_1e4.tmp
- Size
- 9.4KiB (9667 bytes)
- Type
- java compressed jar
- Description
- Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
- Runtime Process
- AcroRd32.exe (PID: 1804)
- MD5
- de2c1df078f21bcbff9e2a743e5f6cda
- SHA1
- f93e657ef1640625a3c73aa8b7bbadd7d1c56a44
- SHA256
- e6778540f3c71c0d8c16b33057969e62fbe0f5ca29cf17585286ebd5dbcea6f3
-
A9Rxnt8ev_yasar0_1e4.tmp
- Size
- 2B (2 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 1804)
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
- Size
- 637B (637 bytes)
- Type
- data
- MD5
- 98e5c0cd257c9fb8f2f315231964607d
- SHA1
- a4b3da16d085f5a9277400c8f7c5fd8fe228a863
- SHA256
- ccb6bc1460ac9f418e6aaf8ba4a3f679739355f7fb773fa160fb505ee512662c
-
CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
- Size
- 425B (425 bytes)
- Type
- data
- MD5
- b3e7829a9b1a6840e5eba994d633a8d6
- SHA1
- 77bf14e4b1b1bb2d361c134e2670fdf477b89eea
- SHA256
- 222e2278413279ab18b7dbf6a38019341f84a41083d7f3f7dab99f61466a40ca
-
Notifications
-
Runtime
- Added comment to Virus Total report
- Not all IP/URL string resources were checked online
- Not all sources for signature ID "api-0" are available in the report
- Not all sources for signature ID "api-21" are available in the report
- Not all sources for signature ID "api-55" are available in the report