Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
RP4ICG2DE42ZABHS_Nota n.19273 del 22-4-2024.pdf
|
PDF document, version 1.7 (zip deflate encoded)
|
initial sample
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424090531Z-160.bmp
|
PC bitmap, Windows 3.x format, 134 x -190 x 32, cbSize 101894, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3035004, file counter 22, database pages 16, 1st free page 12, free
pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 22
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt21.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt22.lst.8580
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt21.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt21.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt22.lst.8580
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr81920.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei
|
data
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
|
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\RP4ICG2DE42ZABHS_Nota n.19273
del 22-4-2024.pdf"
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
There are 5 hidden registries, click here to show them.