Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
aios3.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.$$A
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\E-Sticker Style 3 Uninstaller.$$A
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\E-Sticker Style 3 Uninstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\01369b0e-588f-48a3-93ee-1c761f7cac52.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8,
version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7124
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 19
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI11e97.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91445x7t_zjmr7l_5hw.tmp
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A914ftr3u_zjmr7r_5hw.tmp
|
PDF document, version 1.6, 0 pages
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91h805t1_zjmr7o_5hw.tmp
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91wiz1z1_zjmr7s_5hw.tmp
|
PDF document, version 1.6, 0 pages
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A93bb41v_zjmr7n_5hw.tmp
|
PDF document, version 1.3, 2 pages
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9h3n54p_zjmr7m_5hw.tmp
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 21-39-04-133.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\725a1ef6-b4f3-4414-8d6a-b82c9392c1b2.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\7d2ff6ef-3a28-4c6a-9b67-b0a5952cfbc7.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\94319180-d90f-42b4-b4db-f1042ed2bb68.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\aa91fd00-0747-46da-bf07-39ff87e8466b.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 160932
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\de463e6e-c168-4d9b-bc79-43494690e288.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ztmp\t15594.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ztmp\t15647.exe
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\10.0\Stamps\AIO S3.$$A
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\10.0\Stamps\AIO S3.pdf (copy)
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\11.0\Stamps\AIO S3.$$A
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\11.0\Stamps\AIO S3.pdf (copy)
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\2015\Stamps\AIO S3.$$A
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\2015\Stamps\AIO S3.pdf (copy)
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\2017\Stamps\AIO S3.$$A
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\2017\Stamps\AIO S3.pdf (copy)
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\2019\Stamps\AIO S3.$$A
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\2019\Stamps\AIO S3.pdf (copy)
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\2020\Stamps\AIO S3.$$A
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\2020\Stamps\AIO S3.pdf (copy)
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\Annss.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\Annssi.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\Annssk.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Stamps\AIO S3.$$A
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Stamps\AIO S3.pdf (copy)
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\10.0\JavaScripts\com.exhibitco.aio.3style.$$A
|
ASCII text, with very long lines (3247), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\10.0\JavaScripts\com.exhibitco.aio.3style.js (copy)
|
ASCII text, with very long lines (3247), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\10.0\JavaScripts\com.exhibitco.aio.privileged.$$A
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\10.0\JavaScripts\com.exhibitco.aio.privileged.js (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\10.0\JavaScripts\com.exhibitco.aio.util.$$A
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\10.0\JavaScripts\com.exhibitco.aio.util.js (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\11.0\JavaScripts\com.exhibitco.aio.3style.$$A
|
ASCII text, with very long lines (3247), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\11.0\JavaScripts\com.exhibitco.aio.3style.js (copy)
|
ASCII text, with very long lines (3247), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\11.0\JavaScripts\com.exhibitco.aio.privileged.$$A
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\11.0\JavaScripts\com.exhibitco.aio.privileged.js (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\11.0\JavaScripts\com.exhibitco.aio.util.$$A
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\11.0\JavaScripts\com.exhibitco.aio.util.js (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2015\JavaScripts\com.exhibitco.aio.3style.$$A
|
ASCII text, with very long lines (3247), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2015\JavaScripts\com.exhibitco.aio.3style.js (copy)
|
ASCII text, with very long lines (3247), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2015\JavaScripts\com.exhibitco.aio.privileged.$$A
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2015\JavaScripts\com.exhibitco.aio.privileged.js (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2015\JavaScripts\com.exhibitco.aio.util.$$A
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2015\JavaScripts\com.exhibitco.aio.util.js (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2017\JavaScripts\com.exhibitco.aio.3style.$$A
|
ASCII text, with very long lines (3247), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2017\JavaScripts\com.exhibitco.aio.3style.js (copy)
|
ASCII text, with very long lines (3247), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2017\JavaScripts\com.exhibitco.aio.privileged.$$A
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2017\JavaScripts\com.exhibitco.aio.privileged.js (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2017\JavaScripts\com.exhibitco.aio.util.$$A
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2017\JavaScripts\com.exhibitco.aio.util.js (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2019\JavaScripts\com.exhibitco.aio.3style.$$A
|
ASCII text, with very long lines (3247), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2019\JavaScripts\com.exhibitco.aio.3style.js (copy)
|
ASCII text, with very long lines (3247), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2019\JavaScripts\com.exhibitco.aio.privileged.$$A
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2019\JavaScripts\com.exhibitco.aio.privileged.js (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2019\JavaScripts\com.exhibitco.aio.util.$$A
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2019\JavaScripts\com.exhibitco.aio.util.js (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2020\JavaScripts\com.exhibitco.aio.3style.$$A
|
ASCII text, with very long lines (3247), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2020\JavaScripts\com.exhibitco.aio.3style.js (copy)
|
ASCII text, with very long lines (3247), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2020\JavaScripts\com.exhibitco.aio.privileged.$$A
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2020\JavaScripts\com.exhibitco.aio.privileged.js (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2020\JavaScripts\com.exhibitco.aio.util.$$A
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2020\JavaScripts\com.exhibitco.aio.util.js (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\DC\JavaScripts\com.exhibitco.aio.3style.$$A
|
ASCII text, with very long lines (3247), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\DC\JavaScripts\com.exhibitco.aio.3style.js (copy)
|
ASCII text, with very long lines (3247), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\DC\JavaScripts\com.exhibitco.aio.privileged.$$A
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\DC\JavaScripts\com.exhibitco.aio.privileged.js (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\DC\JavaScripts\com.exhibitco.aio.util.$$A
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\DC\JavaScripts\com.exhibitco.aio.util.js (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 104 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\aios3.exe
|
"C:\Users\user\Desktop\aios3.exe"
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe
|
"C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ztmp\t15594.bat" "C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe"
"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ZGGKNSUKOP.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1640
--field-trial-handle=1568,i,13351684638296647614,3962373673390658352,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://chrome.cloudflare-dns.com
|
unknown
|
||
|
http://www.clickteam.com
|
unknown
|
||
|
http://www.clickteam.com/pub
|
unknown
|
||
|
http://www.clickteam.com/pub.bmp
|
unknown
|
||
|
http://www.clickteam.comc
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
184.25.164.138
|
unknown
|
United States
|
||
|
23.22.254.206
|
unknown
|
United States
|
||
|
184.31.60.185
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\E-Sticker
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\E-Sticker
|
UninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
There are 1 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
42A000
|
unkown
|
page write copy
|
||
|
799000
|
heap
|
page read and write
|
||
|
F04000
|
unkown
|
page read and write
|
||
|
23B5000
|
heap
|
page read and write
|
||
|
127E000
|
stack
|
page read and write
|
||
|
4713000
|
heap
|
page read and write
|
||
|
2796000
|
heap
|
page read and write
|
||
|
4710000
|
heap
|
page read and write
|
||
|
794000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
72F000
|
stack
|
page read and write
|
||
|
471A000
|
heap
|
page read and write
|
||
|
2762000
|
heap
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
226E000
|
stack
|
page read and write
|
||
|
55E000
|
stack
|
page read and write
|
||
|
37AE000
|
stack
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
76C000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
2C84000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
7B8000
|
heap
|
page read and write
|
||
|
166000
|
stack
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
F77000
|
heap
|
page read and write
|
||
|
59E000
|
stack
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
19A000
|
stack
|
page read and write
|
||
|
221E000
|
stack
|
page read and write
|
||
|
95000
|
stack
|
page read and write
|
||
|
F1E000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
758000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page readonly
|
||
|
39EF000
|
stack
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
22D0000
|
heap
|
page read and write
|
||
|
F07000
|
unkown
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
376F000
|
stack
|
page read and write
|
||
|
274B000
|
heap
|
page read and write
|
||
|
79A000
|
heap
|
page read and write
|
||
|
362F000
|
stack
|
page read and write
|
||
|
42D000
|
unkown
|
page readonly
|
||
|
2701000
|
heap
|
page read and write
|
||
|
277C000
|
heap
|
page read and write
|
||
|
280A000
|
heap
|
page read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
765000
|
heap
|
page read and write
|
||
|
2793000
|
heap
|
page read and write
|
||
|
19E000
|
stack
|
page read and write
|
||
|
38EE000
|
stack
|
page read and write
|
||
|
38AF000
|
stack
|
page read and write
|
||
|
774000
|
heap
|
page read and write
|
||
|
42B000
|
unkown
|
page read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page write copy
|
||
|
789000
|
heap
|
page read and write
|
||
|
2C90000
|
direct allocation
|
page read and write
|
||
|
14BE000
|
stack
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
774000
|
heap
|
page read and write
|
||
|
F1A000
|
heap
|
page read and write
|
||
|
4B10000
|
trusted library allocation
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
2274000
|
heap
|
page read and write
|
||
|
4716000
|
heap
|
page read and write
|
||
|
34EE000
|
stack
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
137F000
|
stack
|
page read and write
|
||
|
423000
|
unkown
|
page readonly
|
||
|
730000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
77C000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
F41000
|
heap
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
92F000
|
stack
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
366E000
|
stack
|
page read and write
|
||
|
F0A000
|
unkown
|
page read and write
|
||
|
788000
|
heap
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
426000
|
unkown
|
page read and write
|
||
|
F8C000
|
heap
|
page read and write
|
||
|
426000
|
unkown
|
page write copy
|
||
|
471C000
|
heap
|
page read and write
|
||
|
78E000
|
heap
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
123F000
|
stack
|
page read and write
|
||
|
272A000
|
heap
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
40C000
|
unkown
|
page read and write
|
||
|
7B1000
|
heap
|
page read and write
|
||
|
4610000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
23B9000
|
heap
|
page read and write
|
||
|
423000
|
unkown
|
page readonly
|
||
|
33EE000
|
stack
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
There are 106 hidden memdumps, click here to show them.