Edit tour

Windows Analysis Report
https://www.adobe.com/go/ConnectShell11

Overview

General Information

Sample URL:	https://www.adobe.com/go/ConnectShell11
Analysis ID:	791294
Infos:

Detection

Score:	4
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Drops files with a non-matching file extension (content does not match file extension)

Queries the volume information (name, serial number etc) of a device

Drops certificate files (DER)

Drops PE files

Tries to load missing DLLs

Stores files to the Windows start menu directory

Found dropped PE file which has not been started or loaded

Abnormal high CPU Usage

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample searches for specific file, try point organization specific fake files to the analysis machine

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

System is w10x64_ra

chrome.exe (PID: 5324 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.adobe.com/go/ConnectShell11 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 1780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 6496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5628 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 6504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5684 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 7064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 7072 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5188 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

ConnectShellSetup11.exe (PID: 6580 cmdline: "C:\Users\eyup\Downloads\ConnectShellSetup11.exe" MD5: 00B6898BF01716F6FE6C1FC1E7256905)

ConnectDetector.exe (PID: 6716 cmdline: C:\Users\eyup\AppData\Roaming\Adobe\Connect\connectdetector.exe MD5: 77A4C18414964E80B8BBBADF52319578)

Connect.exe (PID: 2228 cmdline: "C:\Users\eyup\AppData\Roaming\Adobe\Connect\Connect.exe" MD5: 6B2652F2F1395CC69F6059D5E8248D8B)

Connect.exe (PID: 5224 cmdline: "C:\Users\eyup\AppData\Roaming\Adobe\Connect\Connect.exe" MD5: 6B2652F2F1395CC69F6059D5E8248D8B)

Connect.exe (PID: 6124 cmdline: "C:\Users\eyup\AppData\Roaming\Adobe\Connect\Connect.exe" MD5: 6B2652F2F1395CC69F6059D5E8248D8B)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe

File created: C:\Users\eyup\AppData\Local\Temp\ConnectInstallDebug.log

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe

Registry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Connect App

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File opened: C:\Users\eyup\AppData\Local
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File opened: C:\Users\eyup\Documents\desktop.ini
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File opened: C:\Users\eyup\AppData\Local\Temp
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File opened: C:\Users\eyup\Desktop\desktop.ini
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File opened: C:\Users\eyup\AppData
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File opened: C:\Users\eyup

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe

File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\digest.s

Jump to dropped file

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	Section loaded: linkinfo.dll
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	Section loaded: ntshrui.dll
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	Section loaded: srvcli.dll
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	Section loaded: cscapi.dll
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	Section loaded: netutils.dll

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe

Process Stats: CPU usage > 98%

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.adobe.com/go/ConnectShell11
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5628 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5684 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5188 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\eyup\Downloads\ConnectShellSetup11.exe "C:\Users\eyup\Downloads\ConnectShellSetup11.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5628 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5684 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	Process created: C:\Users\eyup\AppData\Roaming\Adobe\Connect\ConnectDetector.exe C:\Users\eyup\AppData\Roaming\Adobe\Connect\connectdetector.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5188 --field-trial-handle=1776,i,12495699109451929491,2760430471534754406,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\eyup\Downloads\ConnectShellSetup11.exe "C:\Users\eyup\Downloads\ConnectShellSetup11.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Users\eyup\AppData\Roaming\Adobe\Connect\Connect.exe "C:\Users\eyup\AppData\Roaming\Adobe\Connect\Connect.exe"
Source: unknown	Process created: C:\Users\eyup\AppData\Roaming\Adobe\Connect\Connect.exe "C:\Users\eyup\AppData\Roaming\Adobe\Connect\Connect.exe"
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	Process created: C:\Users\eyup\AppData\Roaming\Adobe\Connect\ConnectDetector.exe C:\Users\eyup\AppData\Roaming\Adobe\Connect\connectdetector.exe
Source: unknown	Process created: C:\Users\eyup\AppData\Roaming\Adobe\Connect\Connect.exe "C:\Users\eyup\AppData\Roaming\Adobe\Connect\Connect.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Source: C:\Users\eyup\AppData\Roaming\Adobe\Connect\ConnectDetector.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\{F45F2585-6943-4DD9-8740-1602C5BF9D13}

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\eyup\Downloads\6bcc8cff-6afa-4c34-b8b1-3a042b0a5bd0.tmp

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe

File created: C:\Users\eyup\AppData\Local\Temp\Con553D.tmp

Source: classification engine

Classification label: clean4.win@39/50@0/86

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe

File read: C:\Users\desktop.ini

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe

File opened: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\cr_win_client_config.cfg

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe

Registry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Connect App

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\eyup\Downloads\Unconfirmed 658627.crdownload

Jump to dropped file

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libcef.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Dmo.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Opus.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\concrt140.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: unknown (copy)	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libcrypto-1_1-x64.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libvpxfm.dll	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\eyup\Downloads\6bcc8cff-6afa-4c34-b8b1-3a042b0a5bd0.tmp	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.AudioProcessing.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.JsonNet.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libyuvfm.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\ConnectDetector.exe	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\CRWindowsClientService.exe	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libaudioprocessingfm.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libopusfm.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\AForge.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\librnnoise.dll	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\eyup\Downloads\ConnectShellSetup11.exe (copy)	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Log4Net.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Yuv.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libGLESv2.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Vpx.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\CRClient.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libopenh264fm.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.WinForms.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libnvidiafm.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.NAudio.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\chrome_elf.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.AForge.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\AForge.Video.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\Connect.exe	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\CRLogTransport.exe	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\BouncyCastle.dll	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\eyup\Downloads\Unconfirmed 658627.crdownload	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.SharpDX.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Wpf.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Nvidia.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.XirSys.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\EncoderHelper.exe	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\AForge.Video.DirectShow.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libssl-1_1-x64.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libEGL.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	File created: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.OpenH264.dll	Jump to dropped file

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe

File created: C:\Users\eyup\AppData\Local\Temp\ConnectInstallDebug.log

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe

File created: C:\Users\eyup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Connect.lnk

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ConnectDetector
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ConnectDetector

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe

Process information set: NOOPENFILEERRORBOX

Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	Dropped PE file which has not been started: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libcef.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	Dropped PE file which has not been started: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Dmo.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSetup11.exe	Dropped PE file which has not been started: C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Opus.dll	Jump to dropped file
Source: C:\Users\eyup\Downloads\ConnectShellSe

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
https://www.adobe.com/go/ConnectShell11

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

E-Banking Fraud

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.adobe.com/go/ConnectShell11

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

E-Banking Fraud

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Windows Analysis Report
https://www.adobe.com/go/ConnectShell11