IOCReport

loading gif

Files

File Path
Type
Category
Malicious
46.896.524.pdf
PDF document, version 1.5
initial sample
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index
Maple help database
modified
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-210622181809Z-260.bmp
PC bitmap, Windows 3.x format, 107 x -152 x 32
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
SQLite 3.x database, last written using SQLite version 3024000
dropped
 clean
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
data
dropped
 clean
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
data
dropped
 clean
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store
data
dropped
 clean
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei
MS Windows COFF PA-RISC object file
modified
 clean
There are 39 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\46.896.524.pdf'
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\46.896.524.pdf'
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1748,247041772033505157,3887638589712820161,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=18154713270360583040 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18154713270360583040 --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1748,247041772033505157,3887638589712820161,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=5327604125794324983 --mojo-platform-channel-handle=1696 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1748,247041772033505157,3887638589712820161,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=11484347080584688627 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11484347080584688627 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1
clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1748,247041772033505157,3887638589712820161,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9495211575289344956 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9495211575289344956 --renderer-client-id=5 --mojo-platform-channel-handle=2140 --allow-no-sandbox-job /prefetch:1
clean

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown
clean

Registry

Path
Value
Malicious
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
aFS
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
tDIText
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
tFileName
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
tFileSource
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
sFileAncestors
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
sDI
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
sDate
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
uFileSize
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
uPageCount
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
aFS
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
tDIText
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
tFileName
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
sFileAncestors
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
sDI
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
sDate
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
sDI
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
tDIText
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
aFS
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
tfilename
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
iTabCount
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
iWinCount
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
aDefaultRHPViewModeL
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
bExpandRHPInViewer
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
bLastExitNormal
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
bNormalExit
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
uLastAppLaunchTimeStamp
 clean
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
iNumReaderLaunches
 clean
There are 17 hidden registries, click here to show them.