제4기AMP 안내자료.pdf| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6402 | Aug. 5, 2021, 10:41 a.m. | Aug. 5, 2021, 10:43 a.m. |
-
AcroRd32.exe "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\test22\AppData\Local\Temp\제4기AMP 안내자료.pdf"
2056-
Adobe_Updater.exe "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-en_US
2356 -
Adobe_Updater.exe "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -AU_LAUNCH_MODE=1 -AU_DISPLAY_LANG=en_US -AU_LAUNCH_APPID=reader9rdr-en_US
2996
-
-
explorer.exe C:\Windows\Explorer.EXE
1248
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| swupmf.adobe.com | 23.201.36.139 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| request | GET http://swupmf.adobe.com/manifest/60/win/reader9rdr-en_US.upd |
| request | GET http://swupmf.adobe.com/manifest/60/win/AdobeUpdater.upd |
| McAfee | Artemis!70294AC8B61B |
| Kaspersky | HEUR:Trojan-Dropper.PDF.Agent.gen |
| Comodo | TrojWare.Win32.Agent.vlynu@0 |
| TrendMicro | HEUR_PDFEXP.B |
| McAfee-GW-Edition | Artemis!Trojan |
| Microsoft | Trojan:Win32/Casdet!rfn |
| ViRobot | Trojan.Win32.S.FakePDF.208091 |
| ZoneAlarm | HEUR:Trojan-Dropper.PDF.Agent.gen |
| AhnLab-V3 | Exploit/PDF.FakeDocu |
| ALYac | Trojan.PDF.208091A |
| Fortinet | JS/Agent.FF84!tr |
| parent_process | acrord32.exe | martian_process | "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -AU_LAUNCH_MODE=1 -AU_DISPLAY_LANG=en_US -AU_LAUNCH_APPID=reader9rdr-en_US | ||||||
| parent_process | acrord32.exe | martian_process | "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-en_US | ||||||