Windows
Analysis Report
Document 35405 (2).pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 984 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\D ocument 35 405 (2).pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2508 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6512 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 00 --field -trial-han dle=1736,i ,148206742 9954804110 2,12000682 5372718028 68,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1419161 |
Start date and time: | 2024-04-03 08:07:32 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 49s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Document 35405 (2).pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/42@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.196.176.131, 52.22.41.97, 3.233.129.217, 52.6.155.20, 3.219.243.226, 162.159.61.3, 172.64.41.3, 23.219.155.148, 23.219.155.165
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.172169464044792 |
Encrypted: | false |
SSDEEP: | 6:7VWgOq2P92nKuAl9OmbnIFUt8sVWntXZmw+sVWntFkwO92nKuAl9OmbjLJ:RWxv4HAahFUt80Wp/+0Wj5LHAaSJ |
MD5: | 1586AA8BD555878247B5DB68D2015F66 |
SHA1: | C80314FD894F65ECD01B8E966D53F0C000307904 |
SHA-256: | 517B71E3C0A119E04DDDD479F9BDD01AE39EB218004E8218DE812A8B2D914790 |
SHA-512: | 10816124E76C96DCE0FB524F0FE054BE88640122446A152F715C969FDD53B9577B8E6B69A5A2158BA83227D9E5031BE45D062232ABAB9C4235E2BDE3D40269AC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.172169464044792 |
Encrypted: | false |
SSDEEP: | 6:7VWgOq2P92nKuAl9OmbnIFUt8sVWntXZmw+sVWntFkwO92nKuAl9OmbjLJ:RWxv4HAahFUt80Wp/+0Wj5LHAaSJ |
MD5: | 1586AA8BD555878247B5DB68D2015F66 |
SHA1: | C80314FD894F65ECD01B8E966D53F0C000307904 |
SHA-256: | 517B71E3C0A119E04DDDD479F9BDD01AE39EB218004E8218DE812A8B2D914790 |
SHA-512: | 10816124E76C96DCE0FB524F0FE054BE88640122446A152F715C969FDD53B9577B8E6B69A5A2158BA83227D9E5031BE45D062232ABAB9C4235E2BDE3D40269AC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.129058208555339 |
Encrypted: | false |
SSDEEP: | 6:7VWQLI+q2P92nKuAl9Ombzo2jMGIFUt8sVWQR6VXWZmw+sVWQR6ViVkwO92nKuAv:RWb+v4HAa8uFUt80WK6Vm/+0WK6ViV5c |
MD5: | 9E3DB1B2BCA4036619CA0FB0DBAD8C25 |
SHA1: | C51C05CA6C62947B775024A0A4B463896ACE39E4 |
SHA-256: | 7039BBF8D6AF5395F5A9D86365D217A8ED2D24DBC6A58AE2E84287CFC3028202 |
SHA-512: | 662842A9F4C6CCD3E69C9DF70B1C36AE8862CA29EE291B5BE0D24309544851D80359C645BD730244BB08032A5B172B327DF1F9BCF2B38FA353AF395682F179DB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.129058208555339 |
Encrypted: | false |
SSDEEP: | 6:7VWQLI+q2P92nKuAl9Ombzo2jMGIFUt8sVWQR6VXWZmw+sVWQR6ViVkwO92nKuAv:RWb+v4HAa8uFUt80WK6Vm/+0WK6ViV5c |
MD5: | 9E3DB1B2BCA4036619CA0FB0DBAD8C25 |
SHA1: | C51C05CA6C62947B775024A0A4B463896ACE39E4 |
SHA-256: | 7039BBF8D6AF5395F5A9D86365D217A8ED2D24DBC6A58AE2E84287CFC3028202 |
SHA-512: | 662842A9F4C6CCD3E69C9DF70B1C36AE8862CA29EE291B5BE0D24309544851D80359C645BD730244BB08032A5B172B327DF1F9BCF2B38FA353AF395682F179DB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.060771069027548 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZsjd2sBdOg2HXcaq3QYiubxnP7E4T3OF+:Y2sRdsLJbdMHW3QYhbxP7nbI+ |
MD5: | 0B5BEDAE031DB562F5A33E559964169C |
SHA1: | BF86FB30E89793745AB58EDC81001166E29505FD |
SHA-256: | D9848448A949058EC14A9E51B0F84109C7D1BB68C6F2049EB6806A5D0B818055 |
SHA-512: | B662C6B2744EB272CB3888EA5B5635DDB8A8C0436040D8B1AFDF2A908BEAE816AC80C09E8AEBCA6B8266082A6BA427ADFC3C848D16EA7F9C63E506E0B46C3550 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\aa63cbc8-6676-4579-b62a-474db838b9af.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.060771069027548 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZsjd2sBdOg2HXcaq3QYiubxnP7E4T3OF+:Y2sRdsLJbdMHW3QYhbxP7nbI+ |
MD5: | 0B5BEDAE031DB562F5A33E559964169C |
SHA1: | BF86FB30E89793745AB58EDC81001166E29505FD |
SHA-256: | D9848448A949058EC14A9E51B0F84109C7D1BB68C6F2049EB6806A5D0B818055 |
SHA-512: | B662C6B2744EB272CB3888EA5B5635DDB8A8C0436040D8B1AFDF2A908BEAE816AC80C09E8AEBCA6B8266082A6BA427ADFC3C848D16EA7F9C63E506E0B46C3550 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.238890546925695 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUQpoJt1++UWJt3o:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLR |
MD5: | A5B850C310B32743A2ACB14AACC11C41 |
SHA1: | B210DD9A748E9158A1BA472D83D11BC0382D7EE7 |
SHA-256: | B4B63E7CCC9995189DACB23AF1F93C879C6C9BC6C3CE7CC2280C8621FD48069E |
SHA-512: | 65D1DC8A0D328C1CDBE514C8EBD71175FFF7E69EBDD2193CC72D02F562477F556E7F4620EF25133B264E48D83BC7A4C9C443C95E83F81C407E5C8C500B2C1E48 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.143275869605203 |
Encrypted: | false |
SSDEEP: | 6:7VWx+q2P92nKuAl9OmbzNMxIFUt8sVWVGFmWZmw+sVWvVkwO92nKuAl9OmbzNMFd:RWx+v4HAa8jFUt80WVm/+0WvV5LHAa8E |
MD5: | CD7AF09DE1178F21DD2888CEC284E9C4 |
SHA1: | CFFE6033A4FA09CBB4DF00FE314D1B14CB897520 |
SHA-256: | F9F10AD9A4C9BDF1828F8C655BEB50C16B3C3C6CBF965A9BE1531125C350C3C0 |
SHA-512: | 92B9D22835D3A2852F066A03A622811E21CB677B5713CF463923AA01EDCA40549B34561FD92DF21776FF812A177DA844083E1B373C666C041A07DE8BBCE2201F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.143275869605203 |
Encrypted: | false |
SSDEEP: | 6:7VWx+q2P92nKuAl9OmbzNMxIFUt8sVWVGFmWZmw+sVWvVkwO92nKuAl9OmbzNMFd:RWx+v4HAa8jFUt80WVm/+0WvV5LHAa8E |
MD5: | CD7AF09DE1178F21DD2888CEC284E9C4 |
SHA1: | CFFE6033A4FA09CBB4DF00FE314D1B14CB897520 |
SHA-256: | F9F10AD9A4C9BDF1828F8C655BEB50C16B3C3C6CBF965A9BE1531125C350C3C0 |
SHA-512: | 92B9D22835D3A2852F066A03A622811E21CB677B5713CF463923AA01EDCA40549B34561FD92DF21776FF812A177DA844083E1B373C666C041A07DE8BBCE2201F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240403060821Z-155.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.1197295883984177 |
Encrypted: | false |
SSDEEP: | 96:QqMzNpM/MuMvEMMM1/MMMMMiEJEMMM3Gh4M9JaW6MQnMEMmMMRMrWMMFXWMMErhG:huN2Xxge9LaI/Gf |
MD5: | 033F4032395A1D74208179F7FA73E311 |
SHA1: | C3B795776DE57D3D4E8C1FA1E104D3B62BB2B736 |
SHA-256: | 237829B14154F7621EDB8A3C747834CE4ADF007D29A5E17AD51AEB3F9A86C8B0 |
SHA-512: | 96E468FFABB51FCB006F12083168A7470FE078C57AA6A7C4D8E7F48576BE87DB350B658B5B647E1B625EABF7A0A3C6C957635A623E4FF2A14C686D62A5D650A3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3227855716307 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJM3g98kUwPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGMbLUkee9 |
MD5: | 2946635432A28931D8C4A2A18C4C0F5D |
SHA1: | FE5D87598D513FE717B2B79056C73362B0D024EA |
SHA-256: | B8ED97C58915FE5A8C7C655333BAD44C5C4963CDD78A5F16D603A039F269EA51 |
SHA-512: | 0DC2CD693FEB22A6A6AF415ADFA76BCB186908A1EE13B746FCF4ED826FFA68AB811EFE63A7EE5D919DE2331D2750E59AFA5C680757540FC44FC587B1CC543416 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.259028489771053 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfBoTfXpnrPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGWTfXcUkee9 |
MD5: | 990F43CED77EDC8FCC4CBB0767942597 |
SHA1: | F1A3AE3C2D43BAA78998E1C4A035C83D8E58C1EC |
SHA-256: | D7456AE71B4F5CFD65FF1E6C75EEC7BBC99C5803F8BB259C4F5D1BBEDF242203 |
SHA-512: | 32906FF175BF59D1CC4F9FA30DD7D696F6D8DFB2042815350F39B61D5AD23B58BA771173D5885134FDC15DE4AC439229E542511B2DF412465D8548B895623D65 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.238107953976015 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfBD2G6UpnrPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGR22cUkee9 |
MD5: | B652946F68EDF9F82475F33AB50DEBD5 |
SHA1: | 8E5A13FA979A0E3FDDCEEEECCA7DA0934DF1A824 |
SHA-256: | 0E6781D9685E6CA43321C57ACC68457E9488C8F76A63534F598DA2C809AFDEB0 |
SHA-512: | BA6C90D3809384E436AF621DC39A872C27DD91F83845A8981E1D97B0D043A22241CB978D40837269AEF484397FFC33170F50A2B296D55510DFDC446BECB90573 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.30025466631318 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfPmwrPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGH56Ukee9 |
MD5: | 611FD5C0C29A3FC83542AACD659C5ACA |
SHA1: | 5786748025FC2382BDACB3D46DE1FA374F20385E |
SHA-256: | 57E2A98CEF355CBC62E03440C6D1D55BE46E5694E2283E6027672949795F043B |
SHA-512: | FA43DE9875CBE5481A34B3CE435A4859DC3989F7A9780A547546814308D4EE27C90C4E60A56CB9E435ECFAD2C479501AF5C384CA73886236C83112B50C56ABEE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2580505668580155 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfJWCtMdPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGBS8Ukee9 |
MD5: | AFA92D174E08B199FC9C4EF81CD675E5 |
SHA1: | 97178BCE623122142010197DCF3DFAFA6F34F9E8 |
SHA-256: | BCAC941362BBAA17475EAA89B9F318ED99CDB286970F412F4884FF17F8F83E3B |
SHA-512: | 530A4A508D634A41B70B00BDEAA627208C31035DFC45B44A1372E4CE3C77FC19A2AD486C5AA1B58ECCF42187E3D9466C6EC282D0C025593027FEFF6C1172C2C9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.244261738082369 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJf8dPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGU8Ukee9 |
MD5: | F76D0EC348E78BE6FEE5815D2FD8424C |
SHA1: | BD0677BE4052B6FD7EE93EE8F7D6E85FDED8E0CF |
SHA-256: | 275B2343B2A1AEE945912B01051E1B01CE59FCCC674528616E412C302F028F10 |
SHA-512: | D74CEF000A998860CF07E8ED17D4BD0DCF78A3BE484C2B1721F9C2662995D94DB3A9006CD30FDFD4FD560179C0F455CA9DF9D6828478DED4DA39D4F13728EF71 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.245273005199397 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfQ1rPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGY16Ukee9 |
MD5: | FBFF380D5E55CE5A5BE33B29B4DEB671 |
SHA1: | F889A6FEACAC0C7D3D81BAA0C806C8DA3AFC20B5 |
SHA-256: | D973D81B4E54DE2F57886A863453F208CC47460D22804E2CE372E0514B61B4A4 |
SHA-512: | 7214B2CB58640E9DDDD02F50D91CDDDE761A40D68A2DD6BCB7867A4486CC12BAADED0FAD8192434743FE4A573AE793D594FBABE3737E69B9B75D20C9FBFF18BE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.265783967012294 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfFldPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGz8Ukee9 |
MD5: | 943B60445F70E3996ED5AFDE14DCA135 |
SHA1: | F13B14397B58A8DC866DD93ABDDB6291F8C8ACD5 |
SHA-256: | 38CECCE3203ACAA9B3A7FEC747127469159122E42D0812511D374662590B3323 |
SHA-512: | A6857249CF8A1B3905F639E4DF16DE1C421CCD45BFCC57238742AE60F5E1F26E8AF4E7AE99631A6593D8F6077AEB032CF90C88FBDE8A7E4C779D7E1A789F46ED |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.272032484865069 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfzdPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGb8Ukee9 |
MD5: | 85BF629CAD0F7CFA8C7B6EC5DDD9E855 |
SHA1: | CC7CCE312C14C76307EE8E4990072C4C589A4652 |
SHA-256: | 09878DD5E7975CAEF08A0192E5D7EC758174A407483BFF6A8B4E821B31EB7EB2 |
SHA-512: | 751266C8E1111278D6748D7B12A618710D75EF72BB763D573C810AD5264ED376C0363BD7F6333C3F4BC87071D30F4B9836535A5F00F725734F941424C10537E6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.251693574295086 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfYdPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGg8Ukee9 |
MD5: | 81C71F62CFA678D0B723765928301F21 |
SHA1: | 6767B0B77B0CE25B7FBBCD90941A2DE65DF0D16F |
SHA-256: | 7E51AB1A2B59A3BC40147049FBCDB04F5BD11713C48BC141F3762D3D4563F0EB |
SHA-512: | C3F345C321A3511E5342A0C1A7FFA9BA6EAB574DDDCFA8585A32301BD47699D276C9C07A9774517FBDC769B3CECC1A36FFAF756581C232CF140D7CFF6A982750 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.769713649135943 |
Encrypted: | false |
SSDEEP: | 24:Yv6XvBFDsFifrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNg:YvALfHgDv3W2aYQfgB5OUupHrQ9FJO |
MD5: | 41D4E90C943BCD840DD5B4D0A9050F7B |
SHA1: | 4DB2C3234B9C1DAA1AC14589F81E10742D2D35CE |
SHA-256: | ADE9E6309E6557C6682FA5BB8531425330F373C800C05918E459F0EF2CE83D75 |
SHA-512: | 9C69197D5C95E73CF2434BB241DE3CC906E63D740187525D7EF6BF8DFB2F8536E6ACCBD0FBD97DA50D35228358E5ABCD27966DC46E15C2A42127680080AE3F71 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.235572674894755 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfbPtdPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGDV8Ukee9 |
MD5: | 40E15D30EA9504A6938FAEF85441D62D |
SHA1: | 05353DF7DDA48F59492E1EDEE309BC53CD38E2F4 |
SHA-256: | 457CD39BE2A605A8C4EE96A61B11F617E162FC0CDF664577BA1955FA56662134 |
SHA-512: | 067391552E14BEC16F985A1E88314E4E707B540D6692A6B05C065675B621CFE670EF01A349282E1DF71F394A4715137C56F5DEDE8B93B741CE355C06CE238023 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.236577261108019 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJf21rPeUkwRe9:YvXKXvXRF3TsnUYpW7wHG+16Ukee9 |
MD5: | 7185BC66D4543C4A30100C9A76B9C5EC |
SHA1: | C0C0F017AE841E8DD2EFBDAB83DCA439FAB66934 |
SHA-256: | BB49D44372366F97CB0DFD03754A9DF67889026BF4C63553BF82B29813FB53B8 |
SHA-512: | 0B0632DF4FE83EAB29CC6142D869148F4BF43909F62DEE3FF6F07158A0178F0A4E547BFFEF432E6806C056C97894DABCA741A3D3FFA5E75E5E68EC95F7EA7050 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2590690401383995 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfbpatdPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGVat8Ukee9 |
MD5: | AC9EB5A36682202C8BC1DFC39A3BAC79 |
SHA1: | A5C66A0D569C2E62A032EB6471D43B451B044D73 |
SHA-256: | 848CFE7A7225AC0234688BA65ACAE55CA519BAF96FE6AD6A6B4025BCD071A616 |
SHA-512: | C7CC6DC3714DDF326FA5FEF7365EB07458823A3412B568DEB19FCE6CF6C0AAE02777C9BADEDEAD28DD1F11DA41C34B06FE695991B2F65B445926B61AD68BBDDA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.212584118027046 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfshHHrPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGUUUkee9 |
MD5: | 8C38FE2D714E52CA814F832458753592 |
SHA1: | A3B9E3F0EE02C527C59FB185DBCF0183DDD3071D |
SHA-256: | DACBAC702ACE488E1123FC0941768E28F6997682BCC83021F5677CF0955C4714 |
SHA-512: | 20705DB1E8817AA83AEC74ADC35BF747C96C25212E4E2C37535BEBAD063712C47A3832C5AB9EEEC91C8F094BDE62BA2ACD7D3DA7B2A691D77CA61BD7EB965537 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.354708997125623 |
Encrypted: | false |
SSDEEP: | 12:YvXKXvXRF3TsnUYpW7wHGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW0:Yv6XvBFDsFiO168CgEXX5kcIfANhd |
MD5: | 4200D4D1DFAF368C2A4B0FBB58B34FA5 |
SHA1: | B4D82C747089238B1FCADF7184EEC757C0B17CBA |
SHA-256: | 8232C01981B52C15487F676F48DC046067B6BB15504989CCC86BB95B93894679 |
SHA-512: | 9CEF73E78338ABE19A3F475641E787DEF894C95428A72F3E9A374538FF35D9FBA53D1064C0428292AEDF6D6DE929F15FB4CBBD2CDB1FDF7A2DA44DB9016A9FEC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2813 |
Entropy (8bit): | 5.118252274127169 |
Encrypted: | false |
SSDEEP: | 48:YIdY9ZfUTTQhxuAuHkyfFx5VOHTDQw7ra6KBw8MuH9U59:lY9CfQhxuAuEyfFxezDQw7r0Bw83U59 |
MD5: | 3773AA7E9129E98BD64D2DCBE0A4D84B |
SHA1: | 14C33F78DCC5CA0929F54D5DA5C8E33811BD7E07 |
SHA-256: | E21616660288BA28C083AF2ACD15185E27CD2F93ADA7E523221EC9211ECEA9E8 |
SHA-512: | 784F74662379F99F5218FADE55C05F2F837A71D9D44362161315D1CFA75E1DEA8AA9DB999E7B7DCB44321E5409518E55CD79D26B57A93B6318B3114EC26159CF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9843395123866714 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spwdq4zJwtNBwtNbRZ6bRZ4rdqF:TVl2GL7ms6ggOVpOzutYtp6PJ |
MD5: | 458F3AD1F3E948E64E064F246B8E332D |
SHA1: | 9B8FE2A2A5BC5D1FD7FC05E21B36212E599767FC |
SHA-256: | 59F9F00950B761C0D54FB0399916CCE7DA68039099C7AF2AD4C4577D7A5F7BC3 |
SHA-512: | 973A2580D93F085074910DA988C15CC81080E44CA3A4EA37F52637D738E37EC6918F6F9CA9DFF99B816C0F56C5BCE4BF936BF720CD222E467BCBAF774A1452C3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3378317747068111 |
Encrypted: | false |
SSDEEP: | 24:7+txlAD1RZKHs/Ds/SpwdqPzJwtNBwtNbRZ6bRZWf1RZKFqLBx/XYKQvGJF7ursb:7MxlGgOVp1zutYtp6PMMqll2GL7msb |
MD5: | BD9D5F9FC5932CE79F03D7B4F0269E78 |
SHA1: | C511A4DE058BE92159D1C6C6CE838CCB61DDCAB4 |
SHA-256: | E2526EB28ECFB5AC6CC2ED0A00DAB879C219723CFBB9F00B3385EB18AE953C94 |
SHA-512: | 62D49C6B3BCEAA3466BAFCA954454C1B60CC842F75BCF87688035BCE808F325025396BF2081DC039115A1307803A3E69159A526FD803A276D506650D1758301A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5274671434738973 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82b0H:Qw946cPbiOxDlbYnuRKXm |
MD5: | F9A2CF6376FF20CB47874DABC17FA935 |
SHA1: | 15AD06F5D9F22DE47B2E61DB0319BB5DF6E1DD96 |
SHA-256: | 97DB3B87DA3E71D1477E437D7FEE140AA6A6E2E3E6DAECE986FAB25FC7F5E3A9 |
SHA-512: | AE2ABEFA2D1A667E77783DC931FA4DBE77B10875CEBF0CB9B7CD632F73251650EECA0FD7925509AEDCDC82E0A24FBEC2DEF102F61838EF27904DF5C5816D221D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.073732355288162 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOzEcEhCSyAAO:IngVMre9T0HQIDmy9g06JXjrClX |
MD5: | 6DC48BE25B2515B345CE42A71F3729FE |
SHA1: | FF6D484DFD54DD8D574535C1AC62885AF2D2D885 |
SHA-256: | 0EA6B7817275F8A6A9E7DD2616D62FAA69B8A45C0274D9475F509C6F861ED943 |
SHA-512: | B6BD79BDCE732A3B93F6E28006EC9A5118F3A1072A5B213717363A21DF0FC7D2C5E02A2FC594DE018FD772EB6ED32FFCDC1A8BDBD60B5756A18700FC45AB832B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-03 08-08-19-922.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.347419595292213 |
Encrypted: | false |
SSDEEP: | 384:nsw5IBg9kx/hXrI5zw/dnAFNaJKVnnIE8btXv9ng1a7xlRtLasRb+byfZ/5gzrrX:8QD |
MD5: | 0F081D91378A0799507766138FE0EFD9 |
SHA1: | 94717DA39643C9A6686B7D851D4E55584AF1FDAD |
SHA-256: | 69AB651E2B54B52FF7B02E2D16893C267D0780EEB51484FBA13483B9C762BF62 |
SHA-512: | 8CDAD1C903B6FFB004E06C7315E6611FC297C7F99112B790687A9554E303BC9EA62F51AF32261C37E30925031D358822BD0DED1635C670840368AEB464019889 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.393508849573061 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbd:qUUQLgZQRN9RrAt+QRMViA |
MD5: | D414E4C6A4F92B456C185F707581256F |
SHA1: | B368A2FC26AF8062E18F3384A107088228A943BF |
SHA-256: | 8D8351B77041274FD3880C70B766B6AA2C9CA59942285481BC70789A7729C197 |
SHA-512: | 26396100E464E549228912BA18C26EDC599C55595F3D034C0A920DD78435D6E2939F0D7B9FFA8063CDC04D28AD163043F25CAD113349605274A9C5B9294B56C4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.991199266962408 |
TrID: |
|
File name: | Document 35405 (2).pdf |
File size: | 342'409 bytes |
MD5: | 4ff9fae10d7736c3572aa9e790956a1f |
SHA1: | 38b58154a27f443d3ee999e492ab25bd5cb3d5f2 |
SHA256: | 366cf33daf5f3807960a5c3120a793385a038b40483c593c8f3e971879b01c20 |
SHA512: | 3b04752ea93fb334f6477198523aff1665b563e40c0c689a6d471a088f8523f9727b24fa38ec6c8d2686e3d281832d28c96abe2ec6ee5ed1083160e2b9de8d6e |
SSDEEP: | 6144:JdCmmdsTkTEineK9uAQ3gMO9qYcBnvHCGGUvQQL57e8yf0SZcRczHq8SJwL:LCVwin791Q3gMOiPC+QQL54f0CEiK8SA |
TLSH: | F7742336ACD02D2CEC938D018E737406576EFA1271DC1C89657E8A5066CEFC4EBA7396 |
File Content Preview: | %PDF-1.5.%.....6 0 obj.<<./Type /ExtGState./BM /Normal./ca 1.>>.endobj.7 0 obj.<<./Type /ExtGState./BM /Normal./CA 1.>>.endobj.10 0 obj.<<./Filter /FlateDecode./Length 83672./Length1 278920.>>.stream.x....`.....o.=gwg.d7.c.%\.Y ..FXB.a@.U........x......j. |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.5 |
Total Entropy: | 7.991199 |
Total Bytes: | 342409 |
Stream Entropy: | 7.994965 |
Stream Bytes: | 333016 |
Entropy outside Streams: | 5.000969 |
Bytes outside Streams: | 9393 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 60 |
endobj | 60 |
stream | 8 |
endstream | 8 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:08:16 |
Start date: | 03/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 08:08:17 |
Start date: | 03/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 08:08:17 |
Start date: | 03/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |