Malware analysis https://tools.pdf24.org/en/creator Malicious activity

Add for printing

URL:	https://tools.pdf24.org/en/creator
Full analysis:	https://app.any.run/tasks/2a0c8fa7-3f37-47dc-a789-26bd556ea0bf
Verdict:	Malicious activity
Analysis date:	March 04, 2024, 16:44:30
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:	2E48B438068096016E56E9CB6312A080
SHA1:	75C94F348639F9723C84384BA8466C3C953792C6
SHA256:	F272825ADB68B7A67E34AA1415AC4E14BC36611DA33B297102DC14AA3669AC4B
SSDEEP:	3:N8CKXSbO3n:2CKXSC3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - pdf24-creator-9.6.0-x86.exe (PID: 748)
  - pdf24-creator-9.6.0-x86.exe (PID: 1340)
  - pdf24-PrinterInstall.exe (PID: 3760)
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
- Changes the autorun value in the registry
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
- Registers / Runs the DLL via REGSVR32.EXE
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
- Creates a writable file in the system directory
  - pdf24-PrinterInstall.exe (PID: 3760)
  - expand.exe (PID: 4092)
  - expand.exe (PID: 3456)
  - expand.exe (PID: 3808)
  - expand.exe (PID: 752)
- Actions looks like stealing of personal data
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
SUSPICIOUS
- Executable content was dropped or overwritten
  - pdf24-creator-9.6.0-x86.exe (PID: 748)
  - pdf24-creator-9.6.0-x86.exe (PID: 1340)
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
  - expand.exe (PID: 4092)
  - expand.exe (PID: 3456)
  - pdf24-PrinterInstall.exe (PID: 3760)
- Reads security settings of Internet Explorer
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
  - pdf24-Launcher.exe (PID: 1540)
- Starts SC.EXE for service management
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
- Uses WMIC.EXE to obtain data on processes
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
- Reads the Windows owner or organization settings
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
- Reads the Internet Settings
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
  - WMIC.exe (PID: 2576)
  - WMIC.exe (PID: 2248)
  - WMIC.exe (PID: 2096)
  - pdf24-Launcher.exe (PID: 1540)
- Creates/Modifies COM task schedule object
  - regsvr32.exe (PID: 3292)
  - regsvr32.exe (PID: 3780)
- Starts CMD.EXE for commands execution
  - pdf24-PrinterInstall.exe (PID: 3760)
- Process drops legitimate windows executable
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
  - expand.exe (PID: 4092)
  - expand.exe (PID: 3456)
  - pdf24-PrinterInstall.exe (PID: 3760)
- The process drops C-runtime libraries
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
- Executes as Windows Service
  - pdf24.exe (PID: 3524)
- Reads Microsoft Outlook installation path
  - pdf24-Launcher.exe (PID: 1540)
- Checks Windows Trust Settings
  - pdf24-Launcher.exe (PID: 1540)
- Reads settings of System Certificates
  - pdf24-Launcher.exe (PID: 1540)
INFO
- Modifies the phishing filter of IE
  - iexplore.exe (PID: 4052)
- Application launched itself
  - iexplore.exe (PID: 4052)
  - msedge.exe (PID: 3548)
  - msedge.exe (PID: 1168)
- Checks supported languages
  - pdf24-creator-9.6.0-x86.exe (PID: 748)
  - pdf24-creator-9.6.0-x86.tmp (PID: 3776)
  - pdf24-creator-9.6.0-x86.exe (PID: 1340)
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
  - pdf24-PrinterInstall.exe (PID: 3760)
  - pdf24-PrinterInstall.exe (PID: 2740)
  - pdf24-Launcher.exe (PID: 1540)
  - pdf24-PrinterInstall.exe (PID: 324)
  - pdf24.exe (PID: 3440)
  - pdf24.exe (PID: 3524)
  - pdf24.exe (PID: 1932)
- The process uses the downloaded file
  - iexplore.exe (PID: 4052)
- Drops the executable file immediately after the start
  - iexplore.exe (PID: 3664)
  - expand.exe (PID: 4092)
  - expand.exe (PID: 3456)
- Executable content was dropped or overwritten
  - iexplore.exe (PID: 3664)
- Create files in a temporary directory
  - pdf24-creator-9.6.0-x86.exe (PID: 748)
  - pdf24-creator-9.6.0-x86.exe (PID: 1340)
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
  - pdf24-PrinterInstall.exe (PID: 3760)
  - pdf24-PrinterInstall.exe (PID: 2740)
  - pdf24.exe (PID: 1932)
  - pdf24-PrinterInstall.exe (PID: 324)
- Reads the computer name
  - pdf24-creator-9.6.0-x86.tmp (PID: 3776)
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
  - pdf24-PrinterInstall.exe (PID: 3760)
  - pdf24-PrinterInstall.exe (PID: 2740)
  - pdf24-PrinterInstall.exe (PID: 324)
  - pdf24.exe (PID: 3524)
  - pdf24.exe (PID: 1932)
  - pdf24-Launcher.exe (PID: 1540)
  - pdf24.exe (PID: 3440)
- Creates a software uninstall entry
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
- Creates files in the program directory
  - pdf24-PrinterInstall.exe (PID: 3760)
  - pdf24-creator-9.6.0-x86.tmp (PID: 2260)
  - pdf24-PrinterInstall.exe (PID: 2740)
  - pdf24.exe (PID: 3440)
  - pdf24-PrinterInstall.exe (PID: 324)
- Manual execution by a user
  - msedge.exe (PID: 1168)
  - pdf24-Launcher.exe (PID: 1540)
- Reads the machine GUID from the registry
  - pdf24-Launcher.exe (PID: 1540)
- Reads the software policy settings
  - pdf24-Launcher.exe (PID: 1540)
- Creates files or folders in the user directory
  - pdf24-Launcher.exe (PID: 1540)
- Checks proxy server information
  - pdf24-Launcher.exe (PID: 1540)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

100

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

324

"C:\Program Files\PDF24\pdf24-PrinterInstall.exe" -printerName "PDF24 Fax" -portName "\\.\pipe\FaxPrint" -log "C:\Program Files\PDF24\faxPrnInst.log" -config fax installPrinter installCompatiblePrinter

C:\Program Files\PDF24\pdf24-PrinterInstall.exe

—

pdf24-creator-9.6.0-x86.tmp

User:

admin

Company:

geek software GmbH

Integrity Level:

HIGH

Description:

PDF24 PrinterInstall

Exit code:

Version:

9.6.0

Modules

Images
c:\program files\pdf24\pdf24-printerinstall.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv

680

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1204,i,4318366816371229202,10475039304707094862,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

748

"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\pdf24-creator-9.6.0-x86.exe"

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\pdf24-creator-9.6.0-x86.exe

iexplore.exe

User:

admin

Company:

geek software GmbH

Integrity Level:

MEDIUM

Description:

PDF24 Creator

Exit code:

Version:

9.6.0

Modules

Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\po2hn1x2\pdf24-creator-9.6.0-x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll

752

expand "c:\windows\system32\spool\drivers\w32x86\pcc\ntprint.inf_x86_neutral_88459cb66b0e2d44.cab" -F:PSCRIPT.NTF "C:\Windows\system32\spool\DRIVERS\W32X86"

C:\Windows\System32\expand.exe

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

LZ Expansion Utility

Exit code:

Version:

6.1.7601.24535 (win7sp1_ldr_escrow.191105-1059)

Modules

Images
c:\windows\system32\expand.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cabinet.dll

1040

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1268 --field-trial-handle=1332,i,404089362182654112,17271954826871872121,131072 /prefetch:2

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1168

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate https://www.pdf24.org/products/pdf-creator/afterInstall.php?version=9.6.0&iid=C81EE893-9B70-45CE-A451-6E3B7225849C&language=en

C:\Program Files\Microsoft\Edge\Application\msedge.exe

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1220

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2156 --field-trial-handle=1204,i,4318366816371229202,10475039304707094862,131072 /prefetch:1

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1264

C:\Windows\system32\cmd.exe /c expand "c:\windows\system32\spool\drivers\w32x86\pcc\ntprint.inf_x86_neutral_88459cb66b0e2d44.cab" -F:PSCRIPT.NTF "C:\Windows\system32\spool\DRIVERS\W32X86"

C:\Windows\System32\cmd.exe

—

pdf24-PrinterInstall.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

1316

C:\Windows\system32\cmd.exe /c expand "c:\windows\system32\spool\drivers\w32x86\pcc\ntprint.inf_x86_neutral_88459cb66b0e2d44.cab" -F:PSCRIPT.HLP "C:\Windows\system32\spool\DRIVERS\W32X86"

C:\Windows\System32\cmd.exe

—

pdf24-PrinterInstall.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

1340

"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\pdf24-creator-9.6.0-x86.exe" /SPAWNWND=$80210 /NOTIFYWND=$80212

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\pdf24-creator-9.6.0-x86.exe

pdf24-creator-9.6.0-x86.tmp

User:

admin

Company:

geek software GmbH

Integrity Level:

HIGH

Description:

PDF24 Creator

Exit code:

Version:

9.6.0

Modules

Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\po2hn1x2\pdf24-creator-9.6.0-x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll

Add for printing

Total events

40 100

Read events

39 723

Write events

290

Delete events

Modification events


(PID) Process:	(4052) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPDaysSinceLastAutoMigration
Value: 1
(PID) Process:	(4052) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPLastLaunchLowDateTime
Value:
(PID) Process:	(4052) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPLastLaunchHighDateTime
Value: 31092307
(PID) Process:	(4052) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:	write	Name:	NextCheckForUpdateLowDateTime
Value:
(PID) Process:	(4052) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:	write	Name:	NextCheckForUpdateHighDateTime
Value: 31092307
(PID) Process:	(4052) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:	write	Name:	CachePrefix
Value:
(PID) Process:	(4052) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(4052) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(4052) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:	write	Name:	CompatibilityFlags
Value: 0
(PID) Process:	(4052) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1

Add for printing

Executable files

396

Suspicious files

563

Text files

1 385

Unknown types

415

Dropped files

PID	Process	Filename		Type
3664	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506		compressed
		MD5:753DF6889FD7410A2E9FE333DA83A429	SHA256:B42DC237E44CBC9A43400E7D3F9CBD406DBDEFD62BFE87328F8663897D69DF78
3664	iexplore.exe	C:\Users\admin\AppData\Local\Temp\Low\CabFA0F.tmp		compressed
		MD5:753DF6889FD7410A2E9FE333DA83A429	SHA256:B42DC237E44CBC9A43400E7D3F9CBD406DBDEFD62BFE87328F8663897D69DF78
3664	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\A.font,,_fontello-c650def2,,_css,,_icon-font.css,,qv==659fcfea+js,,_dropzone,,_dropzone.css,,qv==651fad9b+js,,_utilz,,_utilz.css,,qv==63f78248+css,,_style[1].css		text
		MD5:385150F2B189805D4BADAD30475D237C	SHA256:F53ABBA84DA6982AFAE40F6ABEA770908F1191B36C7DAA5AA1CE57C360BD5D96
3664	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BF5AF5FA52E2CF752DAA16705FD254CA		binary
		MD5:E49C77E21E246817E780ECEF3230677C	SHA256:097897DDE3BED51663982E1844C2F4168516C27277FED68A3AE7CB5FA43D058E
3664	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\creator[1].htm		html
		MD5:F192D7840BB0744276CD5954DCFA1F04	SHA256:2A1E87B4A6150B63242A683C5F2C837B6B2B2B0F8C6FFC638C72FFCBC2136D28
3664	iexplore.exe	C:\Users\admin\AppData\Local\Temp\Low\TarFA10.tmp		cat
		MD5:DD73CEAD4B93366CF3465C8CD32E2796	SHA256:A6752B7851B591550E4625B832A393AABCC428DE18D83E8593CD540F7D7CAE22
3664	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157		binary
		MD5:5B1B76ED62257CFD7DC934269715AB48	SHA256:4119036EEB015BF9F08DEED356D028C794FE02C04D69A5D0B524CA9FD9C261D5
3664	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751		binary
		MD5:0EB238C38150DE6C93B2D237DBC08116	SHA256:DB3BC148B78E70440A8DDBD59DE070B5B7EF31410DB746ECC9FAA4ED04A7BD46
3664	iexplore.exe	C:\Users\admin\AppData\Local\Temp\Low\CabFA21.tmp		compressed
		MD5:753DF6889FD7410A2E9FE333DA83A429	SHA256:B42DC237E44CBC9A43400E7D3F9CBD406DBDEFD62BFE87328F8663897D69DF78
3664	iexplore.exe	C:\Users\admin\AppData\Local\Temp\Low\TarFA22.tmp		cat
		MD5:DD73CEAD4B93366CF3465C8CD32E2796	SHA256:A6752B7851B591550E4625B832A393AABCC428DE18D83E8593CD540F7D7CAE22

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3664	iexplore.exe	GET	304	2.22.242.112:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d362edf7b65e9a48	unknown	—	—	unknown
3664	iexplore.exe	GET	304	2.22.242.121:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?927e0d673a39dd41	unknown	—	—	unknown
3664	iexplore.exe	GET	200	2.19.245.44:80	http://x1.c.lencr.org/	unknown	binary	717 b	unknown
3664	iexplore.exe	GET	200	2.22.242.121:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0302b3af7cdfdbed	unknown	compressed	67.5 Kb	unknown
3664	iexplore.exe	GET	200	2.22.242.112:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?5b0325f31ae0f9b6	unknown	compressed	67.5 Kb	unknown
3664	iexplore.exe	GET	200	2.16.241.8:80	http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgR14AuRYMCOPQbh%2BiCurBtjRw%3D%3D	unknown	binary	503 b	unknown
4052	iexplore.exe	GET	304	2.22.242.112:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4dd617501e33218a	unknown	—	—	unknown
4052	iexplore.exe	GET	304	2.22.242.112:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?bdc5ae628aaf0bd4	unknown	—	—	unknown
4052	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D	unknown	binary	312 b	unknown
4052	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	binary	471 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
3664	iexplore.exe	88.99.34.112:443	tools.pdf24.org	Hetzner Online GmbH	DE	unknown
3664	iexplore.exe	2.22.242.112:80	ctldl.windowsupdate.com	Akamai International B.V.	DE	unknown
3664	iexplore.exe	2.22.242.121:80	ctldl.windowsupdate.com	Akamai International B.V.	DE	unknown
3664	iexplore.exe	2.19.245.44:80	x1.c.lencr.org	AKAMAI-AS	DE	unknown
3664	iexplore.exe	2.16.241.8:80	r3.o.lencr.org	Akamai International B.V.	DE	unknown
4052	iexplore.exe	88.99.34.112:443	tools.pdf24.org	Hetzner Online GmbH	DE	unknown
4052	iexplore.exe	2.22.242.112:80	ctldl.windowsupdate.com	Akamai International B.V.	DE	unknown

DNS requests

Domain	IP	Reputation
tools.pdf24.org	88.99.34.112	shared
ctldl.windowsupdate.com	2.22.242.112 2.22.242.121 2.22.242.97 2.22.242.138 2.22.242.10 2.22.242.11 2.22.242.90 2.22.242.82 2.22.242.122	whitelisted
x1.c.lencr.org	2.19.245.44	whitelisted
r3.o.lencr.org	2.16.241.8 2.16.241.15	shared
consent.pdf24.org	88.99.34.112	unknown
api.bing.com	13.107.5.80	whitelisted
www.bing.com	2.23.209.179 2.23.209.177 2.23.209.187 2.23.209.189 2.23.209.148 2.23.209.161 2.23.209.185 2.23.209.176 2.23.209.193 2.23.209.133 2.23.209.149 2.23.209.182	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
download.pdf24.org	91.107.177.140 128.140.92.59 195.201.227.97 167.235.31.148 5.75.227.95 157.90.231.214	unknown
r20swj13mr.microsoft.com	152.199.19.161	whitelisted

Threats

No threats detected

Add for printing

No debug info

General Info

https://tools.pdf24.org/en/creator

2E48B438068096016E56E9CB6312A080

75C94F348639F9723C84384BA8466C3C953792C6

F272825ADB68B7A67E34AA1415AC4E14BC36611DA33B297102DC14AA3669AC4B

3:N8CKXSbO3n:2CKXSC3

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Changes the autorun value in the registry

Registers / Runs the DLL via REGSVR32.EXE

Creates a writable file in the system directory

Actions looks like stealing of personal data

SUSPICIOUS

Executable content was dropped or overwritten

Reads security settings of Internet Explorer

Starts SC.EXE for service management

Uses WMIC.EXE to obtain data on processes

Reads the Windows owner or organization settings

Reads the Internet Settings

Creates/Modifies COM task schedule object

Starts CMD.EXE for commands execution

Process drops legitimate windows executable

The process drops C-runtime libraries

Executes as Windows Service

Reads Microsoft Outlook installation path

Checks Windows Trust Settings

Reads settings of System Certificates

INFO

Modifies the phishing filter of IE

Application launched itself

Checks supported languages

The process uses the downloaded file

Drops the executable file immediately after the start

Executable content was dropped or overwritten

Create files in a temporary directory

Reads the computer name

Creates a software uninstall entry

Creates files in the program directory

Manual execution by a user

Reads the machine GUID from the registry

Reads the software policy settings

Creates files or folders in the user directory

Checks proxy server information

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests