General Info

File name

db-terms-conditions.pdf

Full analysis
https://app.any.run/tasks/1e1253c9-26bf-4075-8b6e-1c9d68f0242c
Verdict
Malicious activity
Analysis date
2/10/2019, 19:48:16
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/pdf
File info:
PDF document, version 1.4
MD5

0b0554b52b2b7ed7c9de0806b0622ff4

SHA1

7edfdf88563ccf6b8e62e6178f090f16ba832920

SHA256

a46db91c07915dddd9eb8c30c6473cb095393feb4a5bb97a8edf9f8ccc2d617d

SSDEEP

1536:5AK2ALp2Qi3zwH7xa5Aw9Z0cWSReutTrfO4ebFS1YeI+7Gi8zCrkd6fYJUPg0p:KALpvVcAKZkutTrfjEFS1Ztod6QC3p

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads the Task Scheduler COM API
  • MsiExec.exe (PID: 3692)
  • MsiExec.exe (PID: 3572)
Executable content was dropped or overwritten
  • msiexec.exe (PID: 3776)
  • AdobeARM.exe (PID: 3404)
Reads Internet Cache Settings
  • AdobeARM.exe (PID: 3404)
Starts Internet Explorer
  • AcroRd32.exe (PID: 2936)
Connects to unusual port
  • AcroRd32.exe (PID: 2936)
Creates files in the program directory
  • AdobeARM.exe (PID: 3404)
Loads dropped or rewritten executable
  • MsiExec.exe (PID: 3572)
  • MsiExec.exe (PID: 3692)
Creates files in the program directory
  • msiexec.exe (PID: 3776)
Creates a software uninstall entry
  • msiexec.exe (PID: 3776)
Application launched itself
  • msiexec.exe (PID: 3776)
  • iexplore.exe (PID: 2428)
  • RdrCEF.exe (PID: 3936)
  • AcroRd32.exe (PID: 2936)
Reads settings of System Certificates
  • msiexec.exe (PID: 3776)
Creates files in the user directory
  • AcroRd32.exe (PID: 2936)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2800)
Reads internet explorer settings
  • iexplore.exe (PID: 2800)
Changes internet zones settings
  • iexplore.exe (PID: 2428)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.pdf
|   Adobe Portable Document Format (100%)
EXIF
PDF
PDFVersion:
1.4
Linearized:
No
PageCount:
6
CreateDate:
0000:01:01 00:00:00

Screenshots

Processes

Total processes
42
Monitored processes
12
Malicious processes
0
Suspicious processes
2

Behavior graph

+
start acrord32.exe acrord32.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs adobearm.exe reader_sl.exe no specs iexplore.exe iexplore.exe no specs msiexec.exe msiexec.exe no specs msiexec.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2936
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\AppData\Local\Temp\db-terms-conditions.pdf"
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Adobe Systems Incorporated
Description
Adobe Acrobat Reader DC
Version
15.23.20070.215641
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\kbdus.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sspicli.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\program files\common files\adobe\arm\1.0\adobearm.exe
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\msieftp.dll
c:\windows\system32\shdocvw.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\normaliz.dll

PID
2296
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\AppData\Local\Temp\db-terms-conditions.pdf"
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Indicators
No indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
LOW
Exit code
1
Version:
Company
Adobe Systems Incorporated
Description
Adobe Acrobat Reader DC
Version
15.23.20070.215641
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.dll
c:\program files\adobe\acrobat reader dc\reader\agm.dll
c:\windows\system32\msvcp120.dll
c:\windows\system32\msvcr120.dll
c:\windows\system32\version.dll
c:\program files\adobe\acrobat reader dc\reader\bib.dll
c:\program files\adobe\acrobat reader dc\reader\cooltype.dll
c:\program files\adobe\acrobat reader dc\reader\ace.dll
c:\windows\system32\profapi.dll
c:\program files\adobe\acrobat reader dc\reader\axe8sharedexpat.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\adobe\acrobat reader dc\reader\bibutils.dll
c:\program files\adobe\acrobat reader dc\reader\sqlite.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\ia32.api
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\weblink.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\escript.api
c:\windows\system32\psapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\updater.api
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll

PID
3936
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16448250
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\apphelp.dll

PID
3212
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3936.0.24491002\1698831572" --allow-no-sandbox-job /prefetch:673131151
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
RdrCEF.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll

PID
3808
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3936.1.1128899234\390511194" --allow-no-sandbox-job /prefetch:673131151
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
RdrCEF.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll

PID
3404
CMD
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:15.0 /MODE:3
Path
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe Reader and Acrobat Manager
Version
1.824.27.2646
Modules
Image
c:\program files\common files\adobe\arm\1.0\adobearm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wintrust.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\program files\adobe\acrobat reader dc\reader\reader_sl.exe
c:\windows\system32\normaliz.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wshext.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\program files\common files\adobe\arm\1.0\adobearmhelper.exe
c:\windows\system32\imagehlp.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\uxtheme.dll

PID
2808
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
Indicators
No indicators
Parent process
AdobeARM.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Adobe Systems Incorporated
Description
Adobe Acrobat SpeedLauncher
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\reader_sl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcp120.dll
c:\windows\system32\msvcr120.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2428
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\rfc2622[1].txt
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\netutils.dll

PID
2800
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2428 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll

PID
3776
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\devrtl.dll
c:\program files\common files\adobe\arm\1.0\adobearmhelper.exe
c:\program files\common files\adobe\arm\1.0\adobearm.exe
c:\windows\system32\cscdll.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cabinet.dll

PID
3572
CMD
C:\Windows\system32\MsiExec.exe -Embedding E18ED73863C4F3CF56F8A1C12EA451D0 M Global\MSI0000
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msidc4.tmp
c:\windows\installer\msie71.tmp
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll

PID
3692
CMD
C:\Windows\system32\MsiExec.exe -Embedding 51BA11DD22B799DE715FA75215A5AA87 M Global\MSI0000
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msi10a8.tmp
c:\windows\installer\msi1116.tmp
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll

Registry activity

Total events
1247
Read events
1017
Write events
216
Delete events
14

Modification events

PID
Process
Operation
Key
Name
Value
2936
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2936
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2936
AcroRd32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2936
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2936
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2936
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\Privileged
bProtectedMode
1
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ExitSection
bLastExitNormal
0
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
bExpandRHPInViewer
1
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
bPromptBeforeClosingMultipleTabs
1
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\HomeWelcome
iKillSwitchCheckDay
20190210
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\NoTimeOut
smailto
5900
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1
iTime
1549824595
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
iAVDocViewBottomSplitterPos
0
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
iAVDocViewLeftSplitterPos
0
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
bAVDocViewTabsShowing
0
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
bShowingHUD
0
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
bShowingPageGaps
1
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
bShowingHUD
0
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
bShowingPageGaps
1
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
ipageRotation
0
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
xpageViewBead
0000000000000000
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
ipageViewLayoutMode
2
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
ipageViewPageNum
1
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
bpageViewStartThread
0
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
ipageViewThreadIndex
4294967295
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
ipageViewX
0
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
ipageViewY
190
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
dpageViewZoom
1.080215
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
ipageViewZoomType
2
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
bbringToFront
1
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ioverViewMode
1
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ioverViewPos
0
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageRotation
0
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
xpageViewBead
0000000000000000
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewLayoutMode
2
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewMaxVisPageNum
1
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewMinVisPageNum
1
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewPageNum
1
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
bpageViewStartThread
0
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewThreadIndex
4294967295
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewX
0
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewY
190
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
dpageViewZoom
1.080215
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewZoomType
2
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
xwindowFrame
000000002600000000050000B4020000
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
bwindowMaximized
1
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\Workflows\cServices
bEpdfRhpExpanded
1
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ExitSection
bLastExitNormal
1
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AcroApp\cRegistered\c2
tDescription
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AcroApp\cRegistered\c10
tDescription
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AcroApp\cRegistered\c11
tDescription
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AcroApp\cRegistered\c12
tDescription
2296
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AcroApp\cRegistered\c17
tDescription
3404
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Adobe\Adobe ARM\1.0\ARM
iSpeedLauncherLogonTime
F017D285A380D401
3404
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3404
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3404
AdobeARM.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3404
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Adobe\Adobe ARM\1.0\ARM
iNotifyCount
1
2428
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2428
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{99581368-2D64-11E9-91D7-5254004A04AF}
0
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307020000000A00120031001F00A703
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307020000000A00120031001F00AD03
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307020000000A00120031002000EC00
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
10
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307020000000A001200310020001E01
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
24
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307020000000A001200310020006701
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
19
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021020190211
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019021020190211
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021020190211
CachePrefix
:2019021020190211:
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021020190211
CacheLimit
8192
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021020190211
CacheOptions
11
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021020190211
CacheRepair
0
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
AE2C875D71C1D401
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
8F11885D71C1D401
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2800
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
2800
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021020190211
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019021020190211
2800
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021020190211
CachePrefix
:2019021020190211:
2800
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021020190211
CacheLimit
8192
2800
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021020190211
CacheOptions
11
2800
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021020190211
CacheRepair
0
3776
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA408033019195008142726264\Patches
3776
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
3776
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F
3776
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
3776
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
3776
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
3776
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\60
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\260c7b.ipi
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\260c7c.rbs
30720369
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\260c7c.rbsLow
2029677776
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BF16734F09DF24787B7AE363E01A86
68AB67CA408033019195008142726264
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6639F7A1600D0DD43B6C80F98BA770EC
68AB67CA408033019195008142726264
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3684BFA619C939645B066762586740C5
68AB67CA408033019195008142726264
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BF16734F09DF24787B7AE363E01A86\68AB67CA408033019195008142726264
PatchGUID
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BF16734F09DF24787B7AE363E01A86\68AB67CA408033019195008142726264
MediaCabinet
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BF16734F09DF24787B7AE363E01A86\68AB67CA408033019195008142726264
File
adobearm.exe
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BF16734F09DF24787B7AE363E01A86\68AB67CA408033019195008142726264
ComponentVersion
1.824.27.2646
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BF16734F09DF24787B7AE363E01A86\68AB67CA408033019195008142726264
ProductVersion
1.8.0
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BF16734F09DF24787B7AE363E01A86\68AB67CA408033019195008142726264
PatchSize
0
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BF16734F09DF24787B7AE363E01A86\68AB67CA408033019195008142726264
PatchAttributes
0
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BF16734F09DF24787B7AE363E01A86\68AB67CA408033019195008142726264
PatchSequence
0
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BF16734F09DF24787B7AE363E01A86\68AB67CA408033019195008142726264
SharedComponent
0
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BF16734F09DF24787B7AE363E01A86\68AB67CA408033019195008142726264
IsFullFile
0
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6639F7A1600D0DD43B6C80F98BA770EC\68AB67CA408033019195008142726264
PatchGUID
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6639F7A1600D0DD43B6C80F98BA770EC\68AB67CA408033019195008142726264
MediaCabinet
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6639F7A1600D0DD43B6C80F98BA770EC\68AB67CA408033019195008142726264
File
adobearmhelper.exe
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6639F7A1600D0DD43B6C80F98BA770EC\68AB67CA408033019195008142726264
ComponentVersion
1.824.27.2646
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6639F7A1600D0DD43B6C80F98BA770EC\68AB67CA408033019195008142726264
ProductVersion
1.8.0
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6639F7A1600D0DD43B6C80F98BA770EC\68AB67CA408033019195008142726264
PatchSize
0
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6639F7A1600D0DD43B6C80F98BA770EC\68AB67CA408033019195008142726264
PatchAttributes
0
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6639F7A1600D0DD43B6C80F98BA770EC\68AB67CA408033019195008142726264
PatchSequence
0
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6639F7A1600D0DD43B6C80F98BA770EC\68AB67CA408033019195008142726264
SharedComponent
0
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6639F7A1600D0DD43B6C80F98BA770EC\68AB67CA408033019195008142726264
IsFullFile
0
3776
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA408033019195008142726264\InstallProperties
DisplayName
Adobe Refresh Manager
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824272646}
DisplayName
Adobe Refresh Manager
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\68AB67CA408033019195008142726264
ARM
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA408033019195008142726264\Features
ARM
'Z~l5C%,U9Mta.8wvE^IgzuS+s8p!AJO_,[,cQ6k6W]HJ+G)c=+mhF0*8nXE
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA408033019195008142726264\Patches
AllPatches
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
96
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\260c7f.ipi
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\260c80.rbs
30720369
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\260c80.rbsLow
2037647776
3776
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
97

Files activity

Executable files
3
Suspicious files
9
Text files
33
Unknown types
17

Dropped files

PID
Process
Filename
Type
3776
msiexec.exe
C:\Windows\Installer\MSIDC4.tmp
executable
MD5: 9bc66786cbd79d26485085d85c1222ec
SHA256: 7c56f00e1dec292b891587f0248e8dcedc0ee6bdda8d178b6e6921f98d7369ec
3404
AdobeARM.exe
C:\ProgramData\Adobe\ARM\S\24746\AdobeARM.msi
executable
MD5: d5e51c3a1d7979665b6b7e1ad2a653b4
SHA256: 2339ee197758a31ef70ea19a7a11413e08341c34d34a07a11029f8003114080f
3404
AdobeARM.exe
C:\ProgramData\Adobe\ARM\S\24746\AdobeARMHelper.exe
executable
MD5: 7182705213142ee4dcf722aa247dd55c
SHA256: f9b595f657589a25f6f247b4cdd0de7f2ba0319b015d33f000728bfc11d0a1c2
2296
AcroRd32.exe
C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
binary
MD5: d23609eb9e6297a230ee5379030afc7a
SHA256: f64b0fc99d21c2dbe3011500ed35921bd97f193c09be4c26b16ccdcbcad9336c
3776
msiexec.exe
C:\Config.Msi\260c80.rbs
––
MD5:  ––
SHA256:  ––
3776
msiexec.exe
C:\Windows\Installer\MSI1116.tmp
––
MD5:  ––
SHA256:  ––
3776
msiexec.exe
C:\Windows\Installer\MSI10A8.tmp
––
MD5:  ––
SHA256:  ––
3776
msiexec.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
––
MD5:  ––
SHA256:  ––
3776
msiexec.exe
C:\Config.Msi\260c81.rbf
––
MD5:  ––
SHA256:  ––
3776
msiexec.exe
C:\Windows\Installer\MSIFEA.tmp
––
MD5:  ––
SHA256:  ––
3776
msiexec.exe
C:\Windows\Installer\260c7f.ipi
binary
MD5: 176a43b5d6f92e2eae42fffa84e5b8bc
SHA256: 661b74e5dd861d6c70e18129a7f513e2feef1a825f32a58318474af9bd948ce6
3776
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DFA6EDD042499D740B.TMP
––
MD5:  ––
SHA256:  ––
3404
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: e9592d312ecb0db7c8acbdadbea6c01d
SHA256: 21896ac97f5c3a93b1d6a75b3269297db8bba824fcc90cae963a8d4a667a2fab
3776
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DFBAB72F771462F9B0.TMP
––
MD5:  ––
SHA256:  ––
3776
msiexec.exe
C:\Windows\Installer\260c7b.ipi
––
MD5:  ––
SHA256:  ––
3776
msiexec.exe
C:\Config.Msi\260c7c.rbs
––
MD5:  ––
SHA256:  ––
3776
msiexec.exe
C:\Windows\Installer\MSIE71.tmp
––
MD5:  ––
SHA256:  ––
3404
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: 4814779c66cec4ab2fa58248294cb3b6
SHA256: 92002d96f830fb1899d20e3f3e5a8805695df78080e5cdb262134097e0541194
3776
msiexec.exe
C:\Config.Msi\260c7d.rbf
––
MD5:  ––
SHA256:  ––
3776
msiexec.exe
C:\Windows\Installer\MSICD8.tmp
binary
MD5: 7af159a4eed493cdc45c7a7bffdc55cb
SHA256: 4ad78882790a59637dfb2ac2a854fd3fc56824fe949bd175d37a7269028d3c40
3776
msiexec.exe
C:\Windows\Installer\260c7b.ipi
binary
MD5: 57cfa4694b06ce5854c37c3bc0b34137
SHA256: b550de5854bf444934cee9630ce9a9bb39ee57a73c6badbe6a9c88e7453a38f8
3776
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DFDB510069DF7E7962.TMP
––
MD5:  ––
SHA256:  ––
3404
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: a019efa3ea676663be83fa235ca3cdef
SHA256: 493e6b1a28f27196fee11c7149620be6dcd752be0a7c2a6ca36a494b66f7a6e1
3776
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DFC22040511D4FEE10.TMP
––
MD5:  ––
SHA256:  ––
3776
msiexec.exe
C:\Windows\Installer\260c7f.ipi
––
MD5:  ––
SHA256:  ––
3404
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\TmpABB.tmp
––
MD5:  ––
SHA256:  ––
3404
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\TmpAAA.tmp
––
MD5:  ––
SHA256:  ––
3404
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\TmpF01C.tmp
––
MD5:  ––
SHA256:  ––
3404
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: 799b9de06f5aac31748012f0fd6a5e91
SHA256: 5bcccee88c9ae42354de1af87787723106fce3c25385f075e24ec8aaa4a564d8
3404
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\TmpF00C.tmp
––
MD5:  ––
SHA256:  ––
3404
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: d9ab444b7968b1b8e563ef00eed7976c
SHA256: 9db68f066c64075068cd0f62fd8c9f5ba6cbebe7c6bb671d0448885f3552018f
3404
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\TmpD426.tmp
––
MD5:  ––
SHA256:  ––
3936
RdrCEF.exe
C:\Users\admin\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\data_1
binary
MD5: b62da1fd8e3c1b78a36bb71931ce65c8
SHA256: f4b80c9d0ac212b4b358806097492789b5d60a73e1f8506d741e8ab36699c0d2
2296
AcroRd32.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav
binary
MD5: 5c6b932a79952b4b27833691305e61db
SHA256: dee5a5925227b125f4ac6d9b70a277e6ec8494ffc73d1cce9e08cc7a78d6208a
2296
AcroRd32.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav
binary
MD5: 6a614a7743b0c781aaeca60448e861d6
SHA256: 9703120dc62c2c3f843bad5b1e77594682ca7820f0345ae0bbd73021c1427146
2296
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 71289f8f8d3000638a846f994c51e52b
SHA256: a67239b25ef289bb16b95feb12a1d0a77fef6772cd26901970bce3116d81fcb9
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{99581368-2D64-11E9-91D7-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2428
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF1B502E443A3C7C00.TMP
––
MD5:  ––
SHA256:  ––
2800
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 2f31c0beb113e053f3a789de78d14896
SHA256: 6952c38a63ffea6dc67f7fe6c4a936d486ba2f888f19aac93de222458c8c5b4c
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{99581369-2D64-11E9-91D7-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2428
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFC1B4F1158868BF74.TMP
––
MD5:  ––
SHA256:  ––
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4BBB6F4B-AC5C-11E8-969E-5254004AAD11}.dat
binary
MD5: aba8551ec765125570f1d2248556d106
SHA256: 887339ec9db37f001d926e2decf1b44e7067dce9663eb4d7500136f3f581b767
2428
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF807BA2A08FB69153.TMP
––
MD5:  ––
SHA256:  ––
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{A6CCA0D0-2D64-11E9-91D7-5254004A04AF}.dat
binary
MD5: 0a25b2e6b101ccca68dd8f86a0aaf790
SHA256: 6c7c8590db80fe7ded968e9d18cb5634aa4c2cf68ec7fd35dbcf447143fc1606
2428
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFCCC9DD8547E8A919.TMP
––
MD5:  ––
SHA256:  ––
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2428
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019021020190211\index.dat
dat
MD5: e0bd0aafa52069d77fbaafaf07ea3850
SHA256: c2dc577251cfba57c70f59945cfc2777182bb4fb5656a17298fecf87d53882cd
2800
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019021020190211\index.dat
dat
MD5: efe708f492a6d5d6a6e94da80fddd9a3
SHA256: 574a6df9cd273b000e8bda86601b2b53d59f18142f361059d88ea02f04ce8fed
3404
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: a5deee52b298967638b05dc479def3a9
SHA256: 932ad7d7735eabddcecd281d859df90619225c5ff6d3d5c717b4bcbae46b094d
3404
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\TmpBE4.tmp
––
MD5:  ––
SHA256:  ––
3404
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\TmpBD3.tmp
––
MD5:  ––
SHA256:  ––
2296
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: fc31812b06a8732fea15a6cf3f6cd9a2
SHA256: 610c28e563b84b60aef6389479f1ed32d7da8a3e036b8c7385be41c3ca788728
2296
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
––
MD5:  ––
SHA256:  ––
2296
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 2a93fe9292470f532cf15080239f89c7
SHA256: 6b8a0c6fce33b380495b213a60513f647cf0abac446ba3b323467ac18150c0d9
3404
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\ArmUI.ini
text
MD5: 864c22fb9a1c0670edf01c6ed3e4fbe4
SHA256: b4d4dcd9594d372d7c0c975d80ef5802c88502895ed4b8a26ca62e225f2f18b0
2296
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: dd5d3263c939c00b4a646e292888be45
SHA256: 2de2f1ab40909abc9d1fdbe6eed58110028cbc4b4c35e19b3a341e64849f24d5
2296
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 4682f4d71479a3e91f5d1a5aabd520cf
SHA256: ca56064358603b90eaf0b782f93e69c073497f2bcb980f24cca6a5b01b43cd85
2296
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R1pdl2nl_1svb46t_1rs.tmp
––
MD5:  ––
SHA256:  ––
2296
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Rriwwhs_1svb46r_1rs.tmp
––
MD5:  ––
SHA256:  ––
2296
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R1gq6jos_1svb46s_1rs.tmp
––
MD5:  ––
SHA256:  ––
2296
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R1758v0y_1svb46p_1rs.tmp
––
MD5:  ––
SHA256:  ––
2296
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R1mvn3wu_1svb46q_1rs.tmp
––
MD5:  ––
SHA256:  ––
2296
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 0c07f3c48bd2a24d9b327ae28bc65081
SHA256: 22e46fc1bf08b956bfe03471e840342104a20c5516c678d0e2b0bcdd7c947e10
2296
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: b93b145fe0eb9ccadf3b49905c4a0ae2
SHA256: 8928b58dc44f172b2bea427a12bc8aa05e44873e6425a6fe6f302964c5a59822
2296
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 37a0303191a90de5742ddb378fb281bc
SHA256: e42fdb7cb9817206fab71f933a2a5eafcb3668eccc20d9883badafdcfb083403
2296
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 26a8885ce9b1e03aac7d6ae6e1343801
SHA256: 37dd44e1ab880b4baefc5abf97b1e24444fe8a3d880a245199ae16e7a520c5a8
2296
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: eab71718813cfe89151bbfdc77f7a471
SHA256: cb34a1f8ae424cd9d25fc4a2081ad0f8a5943a027ec5e30d7a02f5bd56ec80a0
3404
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: 482f3e9a7026968e75b5e8f5589b6d27
SHA256: 5ee21876f9619e9693a53a1ce2939fa861cef353d9cbf49888cbda9ddfef0ce1

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
6
TCP/UDP connections
8
DNS requests
7
Threats
2

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2936 AcroRd32.exe GET 304 2.16.186.41:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/278_15_23_20070.zip unknown
––
––
whitelisted
2936 AcroRd32.exe GET 304 2.16.186.41:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/277_15_23_20070.zip unknown
––
––
whitelisted
2936 AcroRd32.exe GET 304 2.16.186.41:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/281_15_23_20070.zip unknown
––
––
whitelisted
2936 AcroRd32.exe GET 304 2.16.186.41:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/280_15_23_20070.zip unknown
––
––
whitelisted
2936 AcroRd32.exe GET 304 2.16.186.41:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/message.zip unknown
––
––
whitelisted
2428 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2936 AcroRd32.exe 2.18.233.74:443 Akamai International B.V. –– whitelisted
2936 AcroRd32.exe 2.16.186.41:80 Akamai International B.V. –– whitelisted
–– –– 2.18.233.74:443 Akamai International B.V. –– whitelisted
–– –– 23.58.217.61:443 Akamai Technologies, Inc. US suspicious
2936 AcroRd32.exe 193.0.6.140:21 Reseaux IP Europeens Network Coordination Centre (RIPE NCC) NL unknown
2936 AcroRd32.exe 193.0.6.140:56865 Reseaux IP Europeens Network Coordination Centre (RIPE NCC) NL unknown
2428 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted

DNS requests

Domain IP Reputation
acroipm2.adobe.com 2.16.186.41
2.16.186.17
2.16.186.11
2.16.186.27
whitelisted
armmf.adobe.com 2.18.233.74
whitelisted
ardownload2.adobe.com 23.58.217.61
whitelisted
ftp.ripe.net 193.0.6.140
unknown
www.bing.com 204.79.197.200
13.107.21.200
whitelisted

Threats

PID Process Class Message
2936 AcroRd32.exe Generic Protocol Command Decode SURICATA Applayer Detect protocol only one direction
–– –– Generic Protocol Command Decode SURICATA STREAM excessive retransmissions

Debug output strings

No debug info.