Windows
Analysis Report
Hauptdokument - Documento principale.PDF
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
- System is w10x64_ra
Acrobat.exe (PID: 3900 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\H auptdokume nt - Docum ento princ ipale.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) AdobeCollabSync.exe (PID: 6216 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) AdobeCollabSync.exe (PID: 6304 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=621 6 MD5: 8A41FC5F946230805512B943C45AC9D8) FullTrustNotifier.exe (PID: 6624 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\RDCNoti ficationCl ient\FullT rustNotifi er.exe" Ge tChannelUr i MD5: 92366A2F482926C3D0DD02D6F952F742) AdobeCollabSync.exe (PID: 6432 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) AdobeCollabSync.exe (PID: 6476 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=643 2 MD5: 8A41FC5F946230805512B943C45AC9D8) AdobeCollabSync.exe (PID: 6588 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) AdobeCollabSync.exe (PID: 6632 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=658 8 MD5: 8A41FC5F946230805512B943C45AC9D8) AdobeCollabSync.exe (PID: 6832 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) AdobeCollabSync.exe (PID: 6996 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=683 2 MD5: 8A41FC5F946230805512B943C45AC9D8) AdobeCollabSync.exe (PID: 6256 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) AdobeCollabSync.exe (PID: 6536 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=625 6 MD5: 8A41FC5F946230805512B943C45AC9D8) AdobeCollabSync.exe (PID: 6540 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) AdobeCollabSync.exe (PID: 6664 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=654 0 MD5: 8A41FC5F946230805512B943C45AC9D8) AcroCEF.exe (PID: 6968 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) AcroCEF.exe (PID: 6516 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 56 --field -trial-han dle=1580,i ,656368388 09153346,4 1683365583 03447421,1 31072 --di sable-feat ures=BackF orwardCach e,Calculat eNativeWin Occlusion, WinUseBrow serSpellCh ecker /pre fetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Process information queried: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | 2 Exploitation for Client Execution | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Virtualization/Sandbox Evasion | LSASS Memory | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 2 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.159.61.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
23.43.60.134 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
95.101.54.195 | unknown | European Union | 34164 | AKAMAI-LONGB | false | |
173.222.108.210 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
23.52.160.183 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
3.233.129.217 | unknown | United States | 14618 | AMAZON-AESUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467036 |
Start date and time: | 2024-07-03 16:49:27 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 30 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | Hauptdokument - Documento principale.PDF |
Detection: | CLEAN |
Classification: | clean1.winPDF@43/50@0/43 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.211.8.250
- Excluded domains from analysis (whitelisted): ssl.adobe.com.edgekey.net, fs.microsoft.com, armmf.adobe.com, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: Hauptdokument - Documento principale.PDF
Input | Output |
---|---|
URL: PDF Model: gpt-4o | ```json{ "riskscore": 1, "reasons": "The provided screenshot of the PDF document does not contain any visually prominent button or link that could mislead the user into clicking on a potentially harmful link. The text in the document does not create a sense of urgency or interest typically associated with phishing attempts, such as 'Click here to view document' or 'Open the link to see your invoice.' Additionally, there is no impersonation of well-known brands that would typically be used to deceive the user. The document appears to be a formal request for a certificate, with no immediate call to action that would prompt the user to click on a link. Therefore, the phishing risk is very low."} |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.193393237439825 |
Encrypted: | false |
SSDEEP: | |
MD5: | C6CBB9D8D1D8B717D43FB5C919F881CB |
SHA1: | EE3E05AE778407B0774599056B710934B00602F4 |
SHA-256: | 65C0F5276B59D0921A73BE487EBB75A48954C3CD08F09B9BBF8C9F764E0E4AEE |
SHA-512: | 35405C125AD9ECCC352B82368E3186B90126173D2547B8453B4977C374110AA0D54B09B89FC0B68B351E9816E003BFC688FA1A2C2EFF7F45403D4555DE3D504D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.164701539230745 |
Encrypted: | false |
SSDEEP: | |
MD5: | 42ADAC88811D3A13265CBA29B28003BC |
SHA1: | 426EF1FF9AF79CFED10996CF427B14E2D36F1379 |
SHA-256: | 9BA21D3189C2161D485828A7D9CAA5152DE333825A4DF65F592C09C30F148A2D |
SHA-512: | 987DFCB87C3EE70BD36D842ABDC8CF460D2A5B6AC82EFFE3F5DC3A892031F23479AC1B704C27128BF3314548706FD8DC4A2CC69051EAC8377B9C5B9E0AE84A3A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\960da9b3-01aa-49a8-b9f6-5fed21001b49.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF4baa8b.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e63c3327-24fd-4d17-85d9-9278eb8b0a4a.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.967178600473574 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6E87BDF071812D26B24CA187A8941704 |
SHA1: | 74867282E29D6EEFC276E47FB79CB24308270B1E |
SHA-256: | 89028DA960981BA77D7BAD5E3BD8A037CEB8E87F3F737BA258AF640120BA95F4 |
SHA-512: | B4293BC95DB7E23449E9D06B80DC5C73FF5E4884478FCF0DDA0E55A52FA7A33193590F9C28554CEF3BB34BF26A436422512FB78ADE1CFE4F12A98BC5AB7379ED |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.230883859331389 |
Encrypted: | false |
SSDEEP: | |
MD5: | CFD3DCCA704551C1CBAB69DFD5362873 |
SHA1: | 6E29434BDEC562269A7C0EB38168BF07E4B47914 |
SHA-256: | B6B82DBF0AEDBAB8A52EC361F27CE7BE967F3875EAB5A2E88CF1B2A66DACD1A1 |
SHA-512: | 2E278216547C575D54AAD2E74D01AA0DF2153107C33BE79112629598F7F25DE54BDEEA5FD984323BA5626642D6D61A1A3F8C4E1A989DFED6C5CB0F25DC90F449 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.19382200610318 |
Encrypted: | false |
SSDEEP: | |
MD5: | 34589E5B528191CC5AA7C921741E7559 |
SHA1: | 749E083CADD0A776896745AFA84E3C269634D387 |
SHA-256: | 52228730C2C1D347194CF0C7B4AB3BEFA0941D6CAC4282379C30D894C16D1B71 |
SHA-512: | 6BD8145C533039FAEA43F027DC3D2751EF4F0394F07AC6487321329B169F949D7E1224169D03A50C3F39442AF04B3CC985771D8F50C970DA814A589D62399DFA |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 0.08728080750134917 |
Encrypted: | false |
SSDEEP: | |
MD5: | 863BB379B267B2404CB64A3BC9B4A650 |
SHA1: | 139EDCE2C64569B81175543D1DE743EF474F4432 |
SHA-256: | F7C1BC02F430EBD015E45159D9FD9E18643C4CDCCBB7E7733A248C8393CAA88C |
SHA-512: | 6AFF907DDAFC78AF2186F58D7102A88527BCE5473D72C03607EFC49C56ABAA157191D391A1ED9350CC058E9BB37040C29DBA9E3A668F640DE0100A639F1D2F51 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.28499812076190567 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3380C9FD1A21DEB9638D27246580ECBA |
SHA1: | 50265CCF1200250F9F8FF05323ECF9C297E3B941 |
SHA-256: | 77B2FB6BBE4ABB53F552B446679A63C2A4F6D4755D3724E66A2A73230E7ED40A |
SHA-512: | 8C0A438CB8FAA004C614906059FDCBA327FEFFFD441E437E4A979317A704792892372D1E4B67EB872D08D4A8782C7F2E16A1D8687A57E8DA2117F94C9B33AF5C |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.06158684890055117 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2D3959FEE44B45956517E8B73B06ED83 |
SHA1: | 844E6A6A62E3B9C4D7E4028D0DB6E8DBCFC3C535 |
SHA-256: | 8DBB58119C91ACB0E85AAB08D26384917DF36DBC5462964F63DFE8A34044179C |
SHA-512: | B32D3C406CFE59B89E2C58BDB03AB4E7FAB7668B60242912A992E54405A0229E6C4DF37630E1C0C6494721B47F44EEC3CAC2AF9A4B93B3EC07BADB9B3C657E52 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 119512 |
Entropy (8bit): | 0.9630844021492451 |
Encrypted: | false |
SSDEEP: | |
MD5: | D1057445C633A77B29356CAB93A443B6 |
SHA1: | 70BBF1663897EE24410BA5A33C6706CFB9CD352F |
SHA-256: | 4719C30694D48396CBAEF06722033C7314B250C465E3D54DFC9BED5AEED1E2C1 |
SHA-512: | D14978CD25E7A2D0CD08C59A93ECD773750D965F0957C8823960B8E04C30C415C90A1DA2155BE7AC9FB8910C1A51B92E20534DB70A9D79DB9DCE8117E2B6BE1B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-07-03.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2420 |
Entropy (8bit): | 5.176076530481997 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3E1985403A301C0A9FEEEBE666B7668B |
SHA1: | 44ADBB2450879A024BE1020ADA83E031ECCE49BF |
SHA-256: | D739F42547AF26F1CCE2C733512734892000E92E5FAF9F6049E024219A45CF4F |
SHA-512: | 5477C61E928CE922943E488B4C884E9070489C399F8D92AE7B6200D09C57F165EFC0A3A03E1EEF05B1364ED350E43E53EDA94169E369D6FF37FA6A643B188DCE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.36835287347338636 |
Encrypted: | false |
SSDEEP: | |
MD5: | F391306DD8BAA3198B26D3C80A906E19 |
SHA1: | 6CD1B24D186F1CC68BF9097177DA5676C4A56422 |
SHA-256: | 62604481C477AF3F8813122011B9CEC6DDEE9A3992F3FAFE236E3E92FC62E680 |
SHA-512: | 5AD524078462D761F0F01933EBFC3714B44C93296BD4EDAB34B59CB833D1D9334CE830E196D2BD2BDA82837914E91B2B53E848EDC9BD04B7EDCC31D7DFD9DD53 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.28499812076190567 |
Encrypted: | false |
SSDEEP: | |
MD5: | 65DBD9197EDC8A864E15146276870452 |
SHA1: | 57543AFDFEB6AD8E1F18EDA0071D33D985E73004 |
SHA-256: | C0875B21967C37946DD9DAAC9A86397D5D72A4739EE3051CBE2A0945D45C8584 |
SHA-512: | AE96D00A7092A8616178F044EDE54669F5107673F5B69E92216C8C6F76B3C1A7856D7F125DB0971DD5BBCA4DC8E83F0B877A0BF53ADE1EC4AC947CF06B4C4147 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240703145013Z-619.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 2.2139355797296174 |
Encrypted: | false |
SSDEEP: | |
MD5: | EDD0EFB8D4EE8E1AC7BC1CA98363E046 |
SHA1: | AFC9BAE3407E93599DDD6F19450A807491494A28 |
SHA-256: | 18664E2FC0F450EE6409C7363A8183C70EA2ECE839B3F4D8477F4072964BCD44 |
SHA-512: | 1F5475BC6FF5A7E80502DB69CD7B688A156AF9A084EDCE0763E561CFF61A990729FB7EAC874EB28AB3F78B84A0CF52B13A7424A650189DB3E0040A6C5951D406 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2148576983672634 |
Encrypted: | false |
SSDEEP: | |
MD5: | 00422C9D7E3B2FFC482FCC9F56FD5B61 |
SHA1: | 7C21027C57716F7B9E75F9243D8544C5FE9F5785 |
SHA-256: | BB37C8542ED33790466957A1A5A134B1418797E0B5F984E5CEF05FFE1F13564D |
SHA-512: | 2F7988FC1C1BE497166AF7E9A9029D282F4BACB95171FAED8FA0F7455B7A73E9827C4FCCA275EA212A5ADBF40C9F167B44A60474E6D3FA7E71B03F928E81648A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 0.9951370817377893 |
Encrypted: | false |
SSDEEP: | |
MD5: | DCD066A1C8CA38D94ACA4E5DF6CA20BF |
SHA1: | 0C670E7CB31FE1CFD952082C3629AD8861BFD799 |
SHA-256: | E484D26709945669E18A3D0A7F95E3EA943D4170736EDD8FEDFE3F69A7B8D25E |
SHA-512: | C07D385DB9B836F106E1951FDCD911D7FFF44AAE6EE7406CA665B211236E8ABE3395789E10200644343779983E9AD7B5E484B3B1567CA6EAB890A88E4FF9500B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.28109187076190567 |
Encrypted: | false |
SSDEEP: | |
MD5: | 81D9E6BE1EB91CEDE94A7938CE742A75 |
SHA1: | 7A76EF7D951A4EF16E8FBD6480C7D97EAA5320FF |
SHA-256: | 150958A913ED0310CB642414A244AA0D8814C2FF7F8055DDC440D89C20E39788 |
SHA-512: | 9DA64258044B6627F6425B5640F1CF55F82B9084E0527129A4EEA4D216198E4DB81B3F4F759D7B83C99D48BCF8DF613C029F8C050CBB081A8B2E7AE42B51E3AA |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 ![encrypted](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAXCAYAAAARIY8tAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQyIDc5LjE2MDkyNCwgMjAxNy8wNy8xMy0wMTowNjozOSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6NkY0N0QxMkZFMDExMTFFNzlEQjNEM0NBNTA2NjRBOEEiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6NkY0N0QxMkVFMDExMTFFNzlEQjNEM0NBNTA2NjRBOEEiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjUxREYxNzEwRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjUxREYxNzExRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+MtWoxQAAAcJJREFUeNpi/P//PwMyYGRkhLOrauvZuDg5izk5OZPff/ig9O/fP0YGVADSfBOI5wLxpLbmxl9wCai5jLgsABkuJiq6j5ub2/rBw4cM6OqwgD1A7A2zBKaeBZdqoMFNwsLC1tdv3ABxXwPxJiD+gqaMB4j9gFgUiF2AuBaKEQ7G5gOg61nk5eXev3v7jufzly93gcKWQJe9xuYQoFqQ4ceBWBmIP4AsA6r9AzOXCYcHVIDhDjIcxJ6My3AQgMpNhnIFQHqR5XFZwMHECJd6yEAYIKvhIMYCqoFRCwgCjGSanZPzhpeXVwiYXBn///vH8PPXr/8MaGpu3Ljx+e/fv/+RkjYrExMTF4gNzO1fgGYe27VrlzvWjCYsJCT8/ccPkEKIF5mYGLE4jA+lvAA6AGghcuZzwxlE/4CKYYbTPQ5AuVxTU5PBzMwMpVDEB1hIscDB3p7Bx8cHzJ49ezbD6tWrqesDGRkZOFtNTY36QXT02DFw/IAidNOmTdQPonv37jFcv36d4fPnzwyXL1+mTUb7j1SZDIqcjBFEhFx34sQJhkcPH5Jvwa9fv/BqAMXBtatXyQ+iHz9+/KRCyFyDMQACDADO2LiJuitcAQAAAABJRU5ErkJggg==)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.144086598890895 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9FE798BBDBCC9CF606DB3422AD5B8494 |
SHA1: | 1879BA1F536A9C7827F429B9160CCB18E7E9425E |
SHA-256: | 91B2E49307602A2D66E2ACF0F3A7BFE540547543158F19AC343E397563615190 |
SHA-512: | 54E6F59E1B6FE9D266704D86B6E880170B35F8FC0397DDA8CC0BB4684952AE3A7798385BC9C7EF5AD42D98A61B0F1DC5FF213BF35432365E27D4738D3D05B0AC |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.026467887142631 |
Encrypted: | false |
SSDEEP: | |
MD5: | 15617FBAE3637673916B4E4F4F591A44 |
SHA1: | B00B579B5BC63101D4AB87EE8D45DAEB4BCE2F26 |
SHA-256: | 21CB75FC32C4062B0EA2A52E83845332270E91A8372A1A220603AB54ABDF757C |
SHA-512: | D6C2D4BFEFAF5A9FF34B47F4AB21E241715DB85F91EDABEE59D6616F90B1DAB05D486E5603466C555584C3C951CE7C49974575658BCE3D97E870C0C2F91D1F69 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.390197001749834 |
Encrypted: | false |
SSDEEP: | |
MD5: | D866FEE7148890CB8E16E8E5BCC81FC1 |
SHA1: | 3C7065BE8A8671648B26461130955508358C5B8A |
SHA-256: | 4147C0F7B0EB26B1EA777B05A98F499466333164C78AE8A8DF0B13E5C098D1E1 |
SHA-512: | 79F31DA746512D0532B7850057DCF54DAB2A091458A4F4B4354C25E91E7F62F4C9F677991289347E3355F80467B411E8910B965E9F5A2F75539524C7F1D451F9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.33854735789515 |
Encrypted: | false |
SSDEEP: | |
MD5: | 83CD9E2973A211515CDF036E15A65FC3 |
SHA1: | 52026344E313752DBF7CA93023CD1743BB866553 |
SHA-256: | AFFC3DBBCA78996281ECA891A652A3BBB841A41FBC8D53E6F26B48092F2FF9EC |
SHA-512: | D9307103DCCAAB8AEB134AD6B2F01CCE0844F6E8B5CD195C416C89C8FE0269C0517CD0D240E8A172DC96896215D787F5059670FAE211E69A707DC78C2BD41175 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.317542393290227 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2F072F5E0DF6AD5B7F3481C7B715BB1F |
SHA1: | DB952771FDF316B8D979E00C9A2FD041911F566A |
SHA-256: | EC78718E0A9E06FB99AA3C8CE2611A1D7A800B4C360F50E5D4C0A3CF40D64721 |
SHA-512: | 5AFBF2DC13648981AF9C36C3ECCAE34FAEF46171E5DD3C1125FD6FAF65D6C32965FBCC3AC4F9FA23B15D8761A4D3B59FAB73EF99E8D6AEFE55EEE74682706C92 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.379518720856886 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8224B059394C742878AEBDE65EA458D2 |
SHA1: | F0A6D3AD623DF5A3E48999D6B76F6B5EDEB4D0B1 |
SHA-256: | 2B5F5618FD75C22BDFEE5D8EBB261A2BB4B8163C5D063B1EA6348EAB30890CF1 |
SHA-512: | 4798A919EA25C0451E75E95076E914B0F9638D9946C183B6AB7E19FDAC72406DDC90C4006729575FDA44C9E011EC4E6CCE4CEE12C04C2E3AFCEEF67478A1AD2E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.33775370798398 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3D7BDDDE75E5B26E179852DF480703C5 |
SHA1: | 7CAC45C81E261D7A502E488EF5C52AE2C5ED834D |
SHA-256: | 019544E16DB6F81B36B0A87393B63A017B4626281A35F2D86428AA8E5A1540FD |
SHA-512: | 548F31199534ED726321228766964E2E4E9A1703CF3E1A4E293BEFADCBA7A7606EAD2EAF78C447BAF6233CF9B6D453952BEF7A1F25096613608926C9FA078823 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.325428270838421 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9E838100AA341ECAA60AAFFD59D03878 |
SHA1: | 9371BB0838ACF56EA422560BB31CAEC946EF58CA |
SHA-256: | 4FDBA88C278053C9AE480EFF1C82A0BFC7CFC7DD31285EB80E81CFD5100C8DA5 |
SHA-512: | 2831C6C3C1C0DA67591F2B3BC6AEF22C6D0289A443A8BB3F9D581F10DEF0DEBCFA7C5658FE8E98E3FB3649B2E4AA44EAD8C72BB2C679B71323DCAD22BE07AFE4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.327510276241869 |
Encrypted: | false |
SSDEEP: | |
MD5: | BA25440C45127C156BA09E7AABB3E8B4 |
SHA1: | 2DC640E349D4B243404C7F1C94C5A1B4668F7511 |
SHA-256: | 0615F5DB1AD51F4277B1B512551EB473E36675E441BA1272F79B022F0ECD0811 |
SHA-512: | C5DC1969FBBA0C7226C31BC30FBE9983D834FF57978FF5A6C68597DD48FD7B7D85FE552BC6E54130D6F1E863B350EF08322DE7D95BCD7D75702655AB2B15BE55 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.33267982570569 |
Encrypted: | false |
SSDEEP: | |
MD5: | CDB92AB7281C684F12E8461166159CD3 |
SHA1: | AA7EB9427EE2AADD810024DC2853E8E4A82C1B3B |
SHA-256: | 96215B50F2B34CB288CB7BA238753BE36CD9A7C5CED8EE9E66029FAE75849065 |
SHA-512: | 1D8609F55AA29871A9F651904479F1991113652E834A40ECDBC663D10C96BF64003973AA242D8CC7AF1B1A81F8CD54A40271DB4A46172C006E751D25E6E6B419 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.738546325191226 |
Encrypted: | false |
SSDEEP: | |
MD5: | A351F53F94DC0ED837D0877774A34A55 |
SHA1: | 01D9115CE3F299D5351B03726A7698AF17E43BF0 |
SHA-256: | FC67C95D5A44BBCBE11BD2566F61D98BF65FEDE0FB51FF6ED5A3E150DC57832C |
SHA-512: | 3381EC42E2B58BAE4C875E194BD56BE1E868799125EFBDAB698C090DD4494D4E86449B7A43292229BA89B6337B38C79FB8C48D5BADCAE37F691DD931012BFE8D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.331218913925979 |
Encrypted: | false |
SSDEEP: | |
MD5: | CD979531C51C7F2B7B00B88F18362CC8 |
SHA1: | AE99653895719E702BCAD7597A73CAC7143D665B |
SHA-256: | 7FF6317AEB611BCAD146849386069CFDFC4054ED32E5E5DDAA617875FBF61483 |
SHA-512: | 03EB5587058794981BC4BCC3AC8287A89FB2841776FED511B77F4AFECD253E1D685EFDF047A001CC92C679A91A4AF9DAB3EC20FDD988EE6D83CDBB38F14FA834 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.7726774192466355 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9A92BD0F904FBC908CF1462E5FDF1ED9 |
SHA1: | CCED31437D736E3F9A632E4E7D5E776337313A4B |
SHA-256: | 3339CFBF926552990CC5633D580330F0191D808E402A141E595E868966EBB185 |
SHA-512: | C316184CCAE8027A4E3E8140DD2620A6A8FAF20469972C215C503E9116ADED7FF58683D7EC52CA3327BD0424A95373B2D9D121904FF8E07F1D05AD34EB3E205B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.314551448617534 |
Encrypted: | false |
SSDEEP: | |
MD5: | 45F2829950DB04177164EA5F8648E3D1 |
SHA1: | 10739B7392A4C05C6671DFC25B5F1E1979F08E41 |
SHA-256: | 1BB8D35B91F0B54F000D184C7F32711FD2C0F68925BC5E5FEED6D529B85949D9 |
SHA-512: | 480D4A63395A696C089694236D7259E7941C8251BB1FAF76AF044B16AE1BA0222245E99133822E96801FD74D13DA4B469D9CFDB97D2B1CB60887F58793717CC8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.3180505047094755 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0B490F32A23F1DE2EF30E48A9E437B87 |
SHA1: | FF0573757AFDB8DD83B269DFEE0CB70FDC520BD8 |
SHA-256: | D52F33EBD8A1CDD3EC96E2AB66921B01B7CE5940566C59DEDEDF867D7578E70E |
SHA-512: | E5E55F5562356A46BAF8FB7ABA8758AFD1455423A993CAA8D8C540EA781075CB2F8655CF9E8FAED658472C5F9A488D10D60A5EB605C6572BB22D1D27FB9A8B0F |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.338054042684127 |
Encrypted: | false |
SSDEEP: | |
MD5: | ADB02676A4F663E4CFA2DD473B6A9A00 |
SHA1: | F651B068AA96959318DA6FCBBD28918971465BC3 |
SHA-256: | E10C541EA2F6ABD4139E04BDD230F5819B70F5229ED0BFB96006A1168E8DE2E0 |
SHA-512: | A464B6CD92E00CD45E73D8FB114592617A0E0085FCAF02AEEFFCF9B745733E122B78F4570D85F61F9F6BC173393B21F3BD9D99639354144165C6975468FFC006 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.29254394220775 |
Encrypted: | false |
SSDEEP: | |
MD5: | E42A2D1F4D8BF9C6146D1358009A9878 |
SHA1: | DEAE80D7598A84ECCB8E87A484CC8DF9C8ABF1EB |
SHA-256: | 8A0E9C4E9EA0DDF8D85A8B7FCE39FF317CF51BD141F4C2CBA1C48AFFDB5AF86D |
SHA-512: | 153E5029A527ADFEC653902DE6C7F5BC90C245A79A1246BAAFB2441299BE5A1CA4EF6BFA7FCDE8916E3C784568B74B0F937A266BD48B3B50CF45F140D7736AC4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.3679677788513604 |
Encrypted: | false |
SSDEEP: | |
MD5: | 63B794074EDD411A692FFCFBADB6B7B1 |
SHA1: | BF45AF564A212D06B690A799D9F98D2D7723FB30 |
SHA-256: | 5FFBF2310F24796C9AEDE72475DCA51B85DF3624F250261C7C3127007CE06E07 |
SHA-512: | 89BA16EF446568CB9A486A050908F5E9675EB7B18D8722FFD324FF9669AE2998849FADA9CAA52CF8507D8884468CE928E992EF69AF4DA21B8F95413D82828D43 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.113503087433393 |
Encrypted: | false |
SSDEEP: | |
MD5: | CC342233308082791FBF71EB9A796ED2 |
SHA1: | E6258B6B304BBE93E2F6A75ADDBFCEDE4AF47D7D |
SHA-256: | DEAACBC166650DC364C8DA4178026708C7A8E063C2E84D60548D2AEDF351AD77 |
SHA-512: | FB5DEF5CA758323AACF0AC61720A955CE867237F682939F6FD92978D38F27F7CA8C4885BE0C9464196246D5FED92674B2C100BE408D002CC94CA35C85AFB4BC9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9968806338812427 |
Encrypted: | false |
SSDEEP: | |
MD5: | CA1A7BFCF291414D7DE7BE683799F791 |
SHA1: | F5482CE5997A4D4930D4481B576E4FC87226FB85 |
SHA-256: | 0D2508E2914D601D443008B1717A52922C751113C7D5153E6523CCC8323ACA99 |
SHA-512: | B5D92595E1C215759F4086B71EAD5BD358CA67433F1E109D086702C86FAACE8A4572DA4C5888C79C08F5936247B7C5D3D0EBE7B67E99EB4B6E28E7BE797D0C95 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3609479924375107 |
Encrypted: | false |
SSDEEP: | |
MD5: | CC323D2B04F8CB7A9ABE8A07747651FC |
SHA1: | 1E24DC1A4444CE20200177401D0469A986F7DF8D |
SHA-256: | BE3A77CB34C58C7A6E99D4B7E8C22D7780804F66F3CB216E2A2B94BD17838A45 |
SHA-512: | AAA97A23A20F5D4DA187566E9E355FBC96CD30B38F6B5C332E24CD55C20AC93743B5390BAA023EDD8C524E4CB9E64C17EA6DC5F60BA1B68BB78CA17C704C5D04 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.524398495091119 |
Encrypted: | false |
SSDEEP: | |
MD5: | D15928170018CDC0C294FA643880DBD5 |
SHA1: | DF8D6C99038D9685DAC46000C987BBD93000B5BC |
SHA-256: | 617253A624406D76C7AEE200606A51EA58A327F1CBB831EE2134E5B5240430E5 |
SHA-512: | 258A00842C84148C15E73410948348C6F49601EFDA84D48686FD9E46C0EC91B207D5F5EB4F91D798A87276D8A2E23BD07EC938378C05E9652A60FD9A9C021E3B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 10-50-11-470.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.415699751069799 |
Encrypted: | false |
SSDEEP: | |
MD5: | 56829348AC72F2724FFD57673597FAEF |
SHA1: | 29EF95A42D983849A52E4FAE8F9C183C95E5A870 |
SHA-256: | 1FD3A7D92216AC01328E01138F8D2FCF0C60128ACCDB0FBCA1793E307E19E7FD |
SHA-512: | 1AC39CAD44980F8BFD457D4390C3AAC1C6E8B177720C8A5338AD0511ABE3967E3958332BECF7C5C8E784DB3CAC3F81F327C1AC5BD49AB568CADD0CA1128CFE21 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1D64D25345DD73F100517644279994E6 |
SHA1: | DE807F82098D469302955DCBE1A963CD6E887737 |
SHA-256: | 0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC |
SHA-512: | C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1A39CAAE4C5F8AD2A98F0756FFCBA562 |
SHA1: | 279F2B503A0B10E257674D31532B01EA7DE0473F |
SHA-256: | 57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95 |
SHA-512: | 73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14456 |
Entropy (8bit): | 4.2098179599164975 |
Encrypted: | false |
SSDEEP: | |
MD5: | 32FCA302C8B872738373D7CCB1E75FD4 |
SHA1: | DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1 |
SHA-256: | CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6 |
SHA-512: | 57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.727222210819467 |
TrID: |
|
File name: | Hauptdokument - Documento principale.PDF |
File size: | 1'474'834 bytes |
MD5: | 2efab3f36e5fd8abc3017694cb52c496 |
SHA1: | 13b8c63c42df6b5250ebcefd0e20a428a02abc71 |
SHA256: | 3674679e65bccbae759c967bab8eaeb14aaf7a8878f62931b7111f51f991914d |
SHA512: | 33a0e4472298dc1fe5fe09e9692cf45fe97d0538fa9a001f8dabdc7ba81daa0c23af5b3b220d22ed84c982d21f2a6dc4d287767241fab28a6ebffca6b8848945 |
SSDEEP: | 24576:BXBjXuhf0uzrWrPauZeUJpiMkZ6XE8YM3o2WxgGrYS5LYgJRwd0y5:BazYDZeUrimn4eGbqgJRwd0y5 |
TLSH: | AB650158418BD8CDE2539BD6F72E786A510DB32766C428A23D1D0F924B53EEFF41B182 |
File Content Preview: | %PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(it-IT) /StructTreeRoot 70 0 R/Outlines 65 0 R/MarkInfo<</Marked true>>/Metadata 308 0 R/ViewerPreferences 309 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 3/Kids[ 3 0 R 47 0 R 52 0 R] >>..endobj..3 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.727222 |
Total Bytes: | 1474834 |
Stream Entropy: | 7.979718 |
Stream Bytes: | 1244864 |
Entropy outside Streams: | 4.014232 |
Bytes outside Streams: | 229970 |
Number of EOF found: | 7 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 384 |
endobj | 384 |
stream | 183 |
endstream | 183 |
xref | 7 |
trailer | 7 |
startxref | 7 |
/Page | 11 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 2 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 3 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
15 | 00c4d8d8c0e03000 | 2c574ae57fb2fa6495c3a5eaefd8403b | |
16 | 00ccece8d8e83044 | faf2cd5829601e9ea9afcfc490dfb57c | |
17 | 0100010101010000 | 76b876b8f852e4985cc6f07ffb6dad2b | |
18 | 0100050101010200 | caf715a28cac6e469e3fb501139f865b | |
62 | a280a2a2a2a280a2 | 99cef03e2963cb6ab984fb5db07fb51f |