Click to jump to signature section
| Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.2.dr | String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c |
| Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr | String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
| Source: classification engine | Classification label: clean0.winPDF@14/45@0/0 |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6784 | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-17 12-15-39-341.log | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA | Jump to behavior |
| Source: unknown | Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Security Guards of America Proposal.pdf" | |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 | |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1644,i,2323614241662355698,2891551153677106926,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 | |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1644,i,2323614241662355698,2891551153677106926,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
| Source: Window Recorder | Window detected: More than 3 window changes detected |
| Source: Security Guards of America Proposal.pdf | Static file information: File size 9526728 > 6291456 |
| Source: Security Guards of America Proposal.pdf | Initial sample: PDF keyword /JavaScript count = 0 |
| Source: Security Guards of America Proposal.pdf | Initial sample: PDF keyword /Page count = 165 |
| Source: Security Guards of America Proposal.pdf | Initial sample: PDF keyword startxref count = 128 |
| Source: Security Guards of America Proposal.pdf | Initial sample: PDF keyword stream count = 1055 |
| Source: Security Guards of America Proposal.pdf | Initial sample: PDF keyword /EmbeddedFile count = 0 |
| Source: Security Guards of America Proposal.pdf | Initial sample: PDF keyword /ObjStm count = 149 |
| Source: Security Guards of America Proposal.pdf | Initial sample: PDF keyword endobj count = 1852 |
| Source: Security Guards of America Proposal.pdf | Initial sample: PDF keyword endstream count = 1055 |
| Source: Security Guards of America Proposal.pdf | Initial sample: PDF eof value = 128 |
| Source: Security Guards of America Proposal.pdf | Initial sample: PDF keyword obj count = 1852 |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Edit tour
Acrobat.exe (PID: 5216 cmdline: 
AcroCEF.exe (PID: 3504 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
