Windows
Analysis Report
SR_AD40BM0.1-A01N_A24-ENG.pdf
Overview
General Information
Detection
Score: | 5 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 0% |
Signatures
Classification
Analysis Advice
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook |
No malicious behavior found, analyze the document also on other version of Office / Acrobat |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
- System is w10x64_ra
- Acrobat.exe (PID: 7160 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\S R_AD40BM0. 1-A01N_A24 -ENG.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2900 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6632 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=15 52 --field -trial-han dle=1588,i ,397923720 4365230565 ,698212220 64031274,1 31072 --di sable-feat ures=BackF orwardCach e,Calculat eNativeWin Occlusion, WinUseBrow serSpellCh ecker /pre fetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | File deleted: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | File Volume queried: | ||
Source: | File Volume queried: |
Source: | Process information queried: |
Source: | Queries volume information: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Replication Through Removable Media | 2 Exploitation for Client Execution | 1 DLL Side-Loading | 1 Process Injection | 21 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 11 Peripheral Device Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 12 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 File Deletion | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.204.76.141 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
162.159.61.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
23.196.176.131 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
34.237.241.83 | unknown | United States | 14618 | AMAZON-AESUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1419164 |
Start date and time: | 2024-04-03 08:35:04 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | SR_AD40BM0.1-A01N_A24-ENG.pdf |
Detection: | CLEAN |
Classification: | clean5.winPDF@19/42@0/33 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 23.204.76.141, 34.237.241.83, 54.224.241.105, 18.213.11.84, 50.16.47.176, 162.159.61.3, 172.64.41.3, 20.12.23.50, 20.166.126.56, 23.196.177.159
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, p13n.adobe.io, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, geo2.adobe.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.198916841768628 |
Encrypted: | false |
SSDEEP: | |
MD5: | E83DFEE4C809EDB6F7FAF3C3C28B84EA |
SHA1: | E51AA42B246E139DCB90B833E54AC4D3F1FD32F8 |
SHA-256: | 68A36D4C4CEBBD0C607BD5DE45736CD08751679664964E3F879D20E90E776009 |
SHA-512: | 7BD48A6174AC582127FBABAC5B36A8A3833A0220BCE737E4311DA28098B04153E495F120B38AC51800325A45BC0B7B424E8047E15BAA946BDF62FB21359EFA33 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.14254485137875 |
Encrypted: | false |
SSDEEP: | |
MD5: | 36942C6F5E008B497F52A3DFAA5B5C24 |
SHA1: | 899BCCA4FAAA7CD1B90DAC3E728A14129A08EB52 |
SHA-256: | 01DD170B48C8D4DAB67DA90D2A9A8444B6434CCF0316B48357A258D86BF7B770 |
SHA-512: | 16D8FF913DCAAA0773AE017F87730A4D2D792B1A1FDFEB76CE1A48558457A8B58F87EFF9D88D9994F13D3DA7BA85490385D7D6C72441A8E3F6D2CB8236AFF06C |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\17aeaf4d-b999-4107-b68d-66ff83fa22c3.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.972245210845698 |
Encrypted: | false |
SSDEEP: | |
MD5: | E5E97A920F1A1CAAEDBB707715B7B2B4 |
SHA1: | 400FE4ECF9F4C0A0A4208D7C89B7340A6AE16C2B |
SHA-256: | 4B9DF5CD16AEB256236E28CBDEDEAE338F3B3E0824898BDEAC5474A7E7FC3AB2 |
SHA-512: | 0FBCFFCC0805CA3E35AB0095AFCA1AFFDF35DFAF9DC7FADFB8917B49798222F60DCFFB89F4E666D77CEAC0CE1EF9F95D2DD369646DBDC5DEA80100F5E0236E02 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\962cc3d5-e632-41ae-894a-d11439f45ba1.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF67f0c3.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.231232062611431 |
Encrypted: | false |
SSDEEP: | |
MD5: | A97A07300AA4A07C34E848EDBEE5C5A7 |
SHA1: | DFACEAD3737B4EA0C17E84250542F783AEC91469 |
SHA-256: | A372F45E9E168152AA5847E661500D161544F9790C45B53AC288D540076D71AF |
SHA-512: | 7F41B6DB4C4DC43E5CC01D656EC2ACEAC7FB06626B84450B94A70BC9E7F35B8571E61F13741C04FC09B02DB66FD7997E62368E1EE0C39205EE1EFC1B32EBF4E1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.198429437438584 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0C63303B575B09873406AFC5A126F96A |
SHA1: | A4FCA957C5777F29CBA23302328D9017764758CD |
SHA-256: | 5D485E680469F4B1BC3F4FB3E08D86115FFFCF433446327EF0A1DF7387FCF847 |
SHA-512: | 0A78EE3781397BCAB532169AB004E9705F604F204607E0944AD9FA61337B316774ED94A753DD28032E3A9B9D2142E348BDCC1572DA357BCC50AB44A14C42BFBA |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240403063539Z-230.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 2.3873512568659114 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7BF7EEDC7F45DAC3E109745A6DF3FE77 |
SHA1: | 05D03B563ABCCD899ADDCF34B478C0BD5CD36ADA |
SHA-256: | DF6FCE7C4C9055A6CE692D76A381F8F91CFCBAFEE4C5A84D94CA20BAE7756A5E |
SHA-512: | 6F757D3A9745396E9ED380D626490DBE0EB6C8100C5217F9F3FB4002FC1211545C9385BC17492BDF53CC449C0E51C61A7A57ECA0127E4916231E6B9A95698F0B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2143690290588536 |
Encrypted: | false |
SSDEEP: | |
MD5: | D4FF5FB2136BC7FDAE455299848362CC |
SHA1: | 00304B872FE3098DFA17A2A1940A97B3927FAF6F |
SHA-256: | 0D2D2C47C88F794645CC32F4F8D9147BB3574E2DEDDF4C78248120F36C4D590B |
SHA-512: | D6AF504ABFCB8C1F5931CE80AD4CFEC2785E1D62515C351FC6CC813A4790D12EA10C13D617E6E2D53D732AE6E59EB197E444F7067A0D2084E0B665470281C030 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.342491865342198 |
Encrypted: | false |
SSDEEP: | |
MD5: | 93329C09AABDCE87D4BB89052DF4A80D |
SHA1: | CF61B668E5D6057946F7B7B9B057CC1ABD9C6609 |
SHA-256: | 20F60109D1E91A6264F7C9E75B4C121E017D96F66B3D9A13C3CE6CBE9BC184C8 |
SHA-512: | 497652DD765C8451C40563390A826833B07B43B417FF0A27344AFF5A48CBB5A86EDA45F9D56BCF43CFD8B701D21BC93B53FEBB9DEA86993826372EE9716B200F |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.28905753983878 |
Encrypted: | false |
SSDEEP: | |
MD5: | 34279108F356BEBC72140D82E47EE20B |
SHA1: | FDDBA280B1141BEE9B7C23A916C2994B3BE98A9B |
SHA-256: | 214AAB515EE2CACD384EC988BE47500FFA73AC14EF83C3EB1FD3DE5A0278F4ED |
SHA-512: | 113F59021B07F7BBECE851BE8B3897F93BA089F4568511E0AEDC5070B60DEEA1A09EF7DA7D74740BF2B49DB91FDE5E9BE5E189AE4CB8864979DD800181447D77 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.267878614884379 |
Encrypted: | false |
SSDEEP: | |
MD5: | 706A80C0D68EA8F8B0BE5750C0E03B6F |
SHA1: | D15BBBEF334CFA8D1A09640C33E50A4372D631B7 |
SHA-256: | C7D2B26E9D66BCA891264C9484B4A959C56478D9AD026F084BDE659C8CAB0B5D |
SHA-512: | FA21D9FB296890A5449B29AA1886DAC3F14FA6C8158CAF9749C9B8B8BC91206CD27796DE39E382A6CD85EEE0A96926B29233971034EB7EA19230AA6737D911B5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.330139720013896 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0EA14C1D8DB6776BD4FE936B64519C45 |
SHA1: | 93FA15F4524530949D13714D80E8FD7A7882532D |
SHA-256: | EA5A25AB3070E201DEA14F870AC6AA60346F86C83C70631F2166DE7FF934FCE7 |
SHA-512: | 6169DDBEC0B006F6574453CF82FEFCAFC79BC08E4C99599DF7D51ABE55864128BB8216BE2EEE607C2D080DE616167E3E46A518E6A231D9F41CD64C96B0E21E00 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2873778641922335 |
Encrypted: | false |
SSDEEP: | |
MD5: | E473B0B4083681F3DABAF88A9C66E515 |
SHA1: | 58D843543D75B00C45ADC2A08F5EE89CB8E89E45 |
SHA-256: | BF0A7308E274832C2E0AF5EA363F72D8079380B12859CAE1D0896F6DDAC76875 |
SHA-512: | B7D6A2ED3F0B06732F044E3138D862BDC1C0B2C7EA00D99A9C86CA57BD98EAA6345B5426E517511149D533F7DBDA9140CE4D0A0F2F28CA25C01AE053B0E0D47A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.274306934150969 |
Encrypted: | false |
SSDEEP: | |
MD5: | B4A5A927A5E2B61C78CAE5A7BE69D9C7 |
SHA1: | 964C2A4EF8C11EE5518043B6E19E07FAE788D11C |
SHA-256: | 3C505B7D380FD56C2AFBF130F882FC8056E7BF45CC595501B67F138E94589DC7 |
SHA-512: | 0F856EE82360DBADD52BF34A4BA07D5F70A693786749F616BAE06576A1D07EBEAD7A9626D1F7CE25D78A5BA8A6806FAE147CEDECD924AF241C4847D6C9390141 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.277513955543785 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9D1E067E5D639E2DEB80CFF4FFCA8338 |
SHA1: | DC728B542DC0D63C88F5504F150B98DA66EEFA37 |
SHA-256: | 1D0D427DF082FC780AC2026CBD306B030BAB21277FCCD6DA2925FE36E7C5998E |
SHA-512: | 90E11FFA65382FD48C1A91C4BB356CB3C50B4D9FB5A649C98BA59FBCE804C1FB080E98885B24D82DBA4A4537C0577279611188FA2CAADABB1F3A2B7A0C3ED6E7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.282774118830573 |
Encrypted: | false |
SSDEEP: | |
MD5: | 02D2E0BAC9EC1D4CCA9B9B265154C957 |
SHA1: | 83696CBA015DC23275CF2F77C65A06EC47DE8CE5 |
SHA-256: | D8C504C24C327E3519B967EAD120C2D1CBB1195FD4890F1F85B59CB8887EFB6D |
SHA-512: | 5F7D016A56538658E86692D6F87B653F11D06940FD72E3B2B77D7F5720F9D7ADF4DE0B8BFF3A2F90B327567676F01D71A419AAF94FEFD771C2EFA1706AD73F63 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.299547465707525 |
Encrypted: | false |
SSDEEP: | |
MD5: | FC6EDFEBD8E5BCA3BDF0126737002E3A |
SHA1: | 3EC5C18143374FEF711DC248BA2BA36FC6CEAEC5 |
SHA-256: | 09059574136CD94219B070BA5B0E5FAE6EA41F9215B7B7327EADD3A05A65751A |
SHA-512: | 9C586C3D0724DD7F6A76C526452C3AB71540518B87E6EE00FE9A3AC332D634B3739AA974C735B8CCE245ABD525CA40A0FA19E97AC471110287B5011F1CB4744A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.280320137499715 |
Encrypted: | false |
SSDEEP: | |
MD5: | 05B9DE7FB60FBA8DA610FAFD955F6DF5 |
SHA1: | 9A5EC78E28A76736E9239281EFB203990D360ABC |
SHA-256: | 2FC27CF2E6ACA29E19F1678DD4DF39250A513E2FB6E8A765C728BCDBFF04BB0D |
SHA-512: | 08749889357A0889EAD195080F9276E12A5E3AECD8425E0D86D2DEF14538F7827F2CADE3EF6D81DD1A41856AD30E7EB5CFF878B5131D767F674176C14701B8C2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.76394853064917 |
Encrypted: | false |
SSDEEP: | |
MD5: | 47AD3C6DCA31EA398EF3B84A47C141EF |
SHA1: | 0FE2D72C890B492FDB51493E8E322BB299E127C9 |
SHA-256: | 4FCF95437979AFE7244394815CAA81A7A69BB5B06383906491939FF00B2447E2 |
SHA-512: | 177BE5CBDD33460E3B58CDDD9FE51441B8B00EF733B3F37C1B9D381F1F38797841073598F8AE0CB2C73AC793C02900A8677A163BCE7973813B0B32206BFE074B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.264002491960522 |
Encrypted: | false |
SSDEEP: | |
MD5: | 734FC20D08DFA08732F54D7082A531CD |
SHA1: | 712CA82149CFC730C138311EF735F7FAA23B1B1B |
SHA-256: | DEDFD390CDE3E8400A8973B293C58E83050A8D351261CEECFA7467EB91901596 |
SHA-512: | AC0CD7F1FAFD41E5462102961C975F254B649F3A62F2A3AE2F1EFC820BDDF8F0ACCEE8C6406CA0CEC20B1596F184EFDD0865E49981E62F0085A414EDA9C47485 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.267686690341544 |
Encrypted: | false |
SSDEEP: | |
MD5: | 90C92F9F7A2B4B48E5B2F996F03E8E58 |
SHA1: | C1C51DD4E58849C8AFDC82A231410DDE61646459 |
SHA-256: | F3A597B265E52D9E6FB01EC085DB9494CCAE7D2A637C883836F9C9ADC56F7C32 |
SHA-512: | D3A6A50994A9F48E8E3AC9028F68A77C0C321B988F1B1F7794CD3D70C6334F0F7BD7564CE3A904503E8B5BA3F08D353243BEE090646321AAA95E91E3ED3FB6EB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.287432743782986 |
Encrypted: | false |
SSDEEP: | |
MD5: | 41439F8210A72375AC0E9EF67712D9E6 |
SHA1: | 7EC72A56118507BE614E914B94AFC4BE94F1B4EE |
SHA-256: | D249CD03E7265B36A98C8E68E277D6CE8EF3539B4FE87DF0A28E308C63108F06 |
SHA-512: | 21EF4DFB4BC5A4607EFC2C7F4B7B175A19F2307FEDA10230E78CA45F4FE00081A6E9B13B2B4302FBB42180750425BB0C36A0F90F92344184BEB1101CC7BC3423 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.242114748896878 |
Encrypted: | false |
SSDEEP: | |
MD5: | 66F77AE5488B6E268C32A98745D90CBF |
SHA1: | 6F568BFA7191AE6A0E4A15C31D8BFB95BD8372DC |
SHA-256: | FBF28B0813660159A78E27E881FE114E41EB120C7D6B3421CE933FC4C6E92D1D |
SHA-512: | 4D96EBA1D08ACE23929F7127803B7B2A82965AC9FAE61322B702F904D3F3FC792465AB5C9AF48D05945AFF271D478D38EB315A33E713D308D4054826B8453AAC |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.356498495895757 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2E44D20EBF32E182C8CA7E76798E597D |
SHA1: | AFDD87D8D099436C835AB95C5973CE408D81B2A5 |
SHA-256: | 358DE31ADDB9161653AA83555CD3372609422D2EA7658BE416E26F18D7B4B791 |
SHA-512: | B3E15B603B6EE082DC2B5864AC8FDFDFA1389B56673AADA46F7D5A076FE6A91F895C2B85E46D149B21BEBA0F214AA932ADE4B4A41D2915595B36934757F71B50 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2813 |
Entropy (8bit): | 5.12235879939367 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2C824E7070AFFAB8F4F7DCF09B8E0205 |
SHA1: | CB0192250FB749593B9B205B99D34F3D2AD08D31 |
SHA-256: | F8F240333833DE0621A26B75BF24118EC4A7A55ECD163122BEAE6BB767E6DFCB |
SHA-512: | 0B048DD43C04C81E61802E078F03FD5E7692311AE6305D422A296615A9572E50884FA747C882B2225560A513BC0933D3268EC744DBFE7040396E5AB38F7A080A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9874046361526946 |
Encrypted: | false |
SSDEEP: | |
MD5: | D46B97CEAB6767833187708D9D8E3EF8 |
SHA1: | 31F3CA0189DCC7C94FDB1BB24398D787F4CAC194 |
SHA-256: | 1050F1D37D0C518AEE8C9D81DE44A09F6E46BA5D46390FECF63FBC59D2032E54 |
SHA-512: | 4DB2C32CA192656765229F718B713241F0FEFB2E57E42A3526DF54F4BCD6C22934748DC72D0C4518B9A99A3CC36A31754BEB0EE165D2C7FBB073852F1F91AB68 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3416138682843353 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4B20B784873CA04CB46D4C117AB51FA6 |
SHA1: | 2757A3AC903B40ACFF282DF262C4820C8781F1B4 |
SHA-256: | 3CCBCB938B961ABAFB919B5A18FE07A6D05DD20AB019E87FBDE46E07A92BAAEC |
SHA-512: | BE584581B685B5BA52419EC3F74E18DA4C2E54E6A04DA8817CF0FF73E34565C4F87437C86060496951B7E3960D48BB5442DD21D1B84AFDF3682D3E3000993ABA |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5329345335875004 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6F2F65ED326FE33FEABFBB66E851EAAA |
SHA1: | 734418543D90E647379F469A4B4614DFD819B90B |
SHA-256: | F88D51F9216EC37A98ED7CB6F5603F96BC8C06FD5B14EB01FD379866F4CCB2EB |
SHA-512: | 048285E2339814D907AA1824D995CE6B211B185875A13CEAA76742EF4F61C2D26863866A87392AAA90C336AC72BDF20A7BA058A63833ECA39F21B2CDFC4506D1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-03 08-35-37-986.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.4214785911315335 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2F828A3A3C5EDBA53F754FA1B5DA5F24 |
SHA1: | F17A96FEF30F87A240EC98B3C69A00E8B6BD545E |
SHA-256: | 74F81B9146F8DC57AE1CD689ED3B1DF2271E867710F4CD4B468F67894C4238CB |
SHA-512: | E6FB169D29F42D0AA6116C7DA09DB04EA94F323989B7EE956CF3F4D0F45AD99F08A3AD936A6AE7FC8A9ECC9177BBE78D14F30AFC7C1B12A0CDD70C8B9EA90AF2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | |
MD5: | FFA982D6F2F9B46A1DECDD28BF3EF0E1 |
SHA1: | B1D05ED9BD6A80BD0E3377E9F62B47EF83FCC0C8 |
SHA-256: | 93D954FA4BBEDCDFBC7BF14FA1BB3986056261F4A5035C3CFF229FF16D12B78B |
SHA-512: | BF2931508F2039FFF4A74EC9B2FF2706FCF05DC5D56E22CA9C74B7C4AF9E8B4173419791DE648FD77AE7C4B441734E7C70C964A2B91C816FC98C9BA78BEB7879 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 850392 |
Entropy (8bit): | 6.206852111668413 |
Encrypted: | false |
SSDEEP: | |
MD5: | 02BF4F9572D87DB0A85662B792E0D3FE |
SHA1: | A7E2CF47C9EC8A812457055DE5CBB92E230AC14B |
SHA-256: | 0D94E8ED592846BA7B7D035F08D753BB89514D230AD0B494E50D86DD5220AB34 |
SHA-512: | 5CCEC1878AC317AC9CBE8E108CB3F85DBAD9688F9010319079A9F8EB43050A72D4A43EE8E53C773FE85AE4B68FA6DF7D3DC75E2E023A584967837622FCD9E0A5 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 530392 |
Entropy (8bit): | 6.45816181579208 |
Encrypted: | false |
SSDEEP: | |
MD5: | 063D4491FF8D8146B167EE4B24E304FC |
SHA1: | D7178B029828DB23A115D224DCA3130B7ED9537B |
SHA-256: | 0A100DC7F447CC980491199F5D0583FA7D44D8FE7A1632482567C617F10FE54D |
SHA-512: | 834ADB66F6E12D9DE5AEDE21EFF716EE6893B9F168FBE835AD6FD7434800CF2C38B9ACA555C828041E07F866D12684536ACF996A82E11C53B48ABF6A005F0CD8 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 497112 |
Entropy (8bit): | 6.438361119688651 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4F89DA665E512350058C520174611135 |
SHA1: | 0A4720B834E50D7DBB850F112E322D6FC64334B1 |
SHA-256: | EC2FF4D9ABD96A9E42E01DD98BDEFF390C05729FAC3FEE50AEB6D88398B1E653 |
SHA-512: | 981DB94F68C3366909CA1D032E622C53420B1E9AF81BD2C30F8482082DE4539F269AC87D67AFBDC890AE2096CFF0CD3A4F1EDF0EE0D98767FC7330425D9E3BCB |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 211408 |
Entropy (8bit): | 6.337608794464878 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0FB71A79C1269E2BA50FB92EB92866D6 |
SHA1: | 7292A917707D174F7F98BBCD7E248000EBCFE9E0 |
SHA-256: | E9E4ADFA160CE9BBEDA6A083C42562FDB33A8C9261F85EDC682528333813B7B6 |
SHA-512: | 0C2E80768302FB009298B288B06BB9E62DB91FBD04163F0FAD707F9CC84445985CF811839A6C6CF022817F4405276B63B7BA46C5C67E24FD5A90CF976FFD4144 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 498640 |
Entropy (8bit): | 6.435753543146649 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1566E699EE42EAA571700F3AD30B2DBA |
SHA1: | D2B11F53310AD7118B6893C46EA815F9C7BF9CE2 |
SHA-256: | 4BC5FC5CD0AE661B4FFE6AD9E12E55B233F471BA84F40CBA7BEB0CEA8822E831 |
SHA-512: | 52F8B86486BC22198CDE10F91D4588A7A939580327E8BA03B254D5A2C915B039775AFE696FE2014AAECF83EF514D3123C6EC68244B40603AA5D980F7E4C1BA1B |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 454234 |
Entropy (8bit): | 5.356163486568204 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3E28AFC7E618592DAE47E86D06A61EA5 |
SHA1: | 6D88103FCEB01A6C5D1B12F852529D3CDC5CF5FF |
SHA-256: | AC789B15F2AE1D624D81F66D5CE74341478D1BCD47EE4150845D009526057D73 |
SHA-512: | DD0D86855EE9FB9168898C2C66F6403CF57F49823EC122510B3B567FA1D8C92E83606AA901EF814945F3CCA29E0E2783A2864481AEEE35DD198652F746F23C90 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.972853438205484 |
TrID: |
|
File name: | SR_AD40BM0.1-A01N_A24-ENG.pdf |
File size: | 312'541 bytes |
MD5: | aa8ff96636214fb017ed4d31f3e81540 |
SHA1: | 945ba0fc78217bd64a2c5f97f74a20708592c0d0 |
SHA256: | 3198b142e34be6ef581d4b9a8681960c41f57c27812132de08e06de750316e20 |
SHA512: | ea641d2ce413298d8a50e86352011665e2b24cc64944737439963f76f8c3fbbc024274ffbdf06baf96122964b4090b6f93daa28879f6f6223c7921e0f4c4dfae |
SSDEEP: | 6144:A72aVE4dnpNV/VfruI/K3LfK/nMuUY77zlNWqSTVF:ITVEKJVfKI/K3+vqubBST/ |
TLSH: | 086412ECA380189492A9C2F5B34C42E2222ED0FB7C45376AEE095B174559DE3E7E5CC7 |
File Content Preview: | %PDF-1.7.%......843 0 obj.<</Linearized 1/L 312541/O 846/E 266121/N 2/T 312089/H [ 663 350]>>.endobj. ..896 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Encrypt 844 0 R/Filter/FlateDecode/ID[<541A29A77C090C4DA3D95554B18CE4EE><B3DA0EEDA453D9 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.972853 |
Total Bytes: | 312541 |
Stream Entropy: | 7.999349 |
Stream Bytes: | 290436 |
Entropy outside Streams: | 5.313282 |
Bytes outside Streams: | 22105 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 86 |
endobj | 86 |
stream | 81 |
endstream | 81 |
xref | 0 |
trailer | 0 |
startxref | 2 |
/Page | 2 |
/Encrypt | 2 |
/ObjStm | 14 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |