Closed 59e5aaf4 closed 2 years ago
59e5aaf4
Adobe Reader (in this example, reader_sl.exe from Adobe Reader 11, events are from 2020, maybe this stopped now)
Adobe Reader for no reason starts a subprocess using the command line "I run".
{ "eventType": "start", "processPath": "C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\reader_sl.exe", "process": "reader_sl.exe", "parentProcessPath": "C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\reader_sl.exe", "parentProcess": "reader_sl.exe", "md5": "58b8702c20de211d1fcb248d2fdd71d1", "processCmdLine": "I run", "audit": "stateagentinspector", "type": "processEvent", }
https://www.virustotal.com/gui/file/b2f6e3ba6fb5250f0e70555b39d34f19ada760bdda7e1a44113b97c3a1fd3f8b/detection
Link to Documentation of Behavior:
Haha there's none :')
It's really wtf.
KEKW. this is what WTFbins was made for
What da
Yeah this is perfect. Approved and will be added shortly!
Added in 23ad1ccefa88aed43346e098aa8e1ecc961e987b
59e5aaf4
Adobe Reader (in this example, reader_sl.exe from Adobe Reader 11, events are from 2020, maybe this stopped now)
Adobe Reader for no reason starts a subprocess using the command line "I run".
https://www.virustotal.com/gui/file/b2f6e3ba6fb5250f0e70555b39d34f19ada760bdda7e1a44113b97c3a1fd3f8b/detection
Link to Documentation of Behavior:
Haha there's none :')
It's really wtf.