Edit tour
Windows
Analysis Report
MDE_File_Sample_63ddeafcb4a1bcf61b83f738321d223a055bb288.zip
Overview
General Information
| Sample name: | MDE_File_Sample_63ddeafcb4a1bcf61b83f738321d223a055bb288.zip |
| Analysis ID: | 1545913 |
| MD5: | a44fd5a1494a40049f230cc1c1075268 |
| SHA1: | 5687c84a0b8c89749af05df761dbed786475e5c9 |
| SHA256: | 4215f8c59cbae20156ecdaad5ccb2317bebd418b576f2f09f76ecbf4750e696f |
| Infos: | |
 | |
Detection
| Score: | 0 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
IP address seen in connection with other malware
Classification
- System is w10x64_ra
rundll32.exe (PID: 4344 cmdline: C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
Acrobat.exe (PID: 1824 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \AppData\L ocal\Temp\ Temp1_MDE_ File_Sampl e_63ddeafc b4a1bcf61b 83f738321d 223a055bb2 88.zip\749 76.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 5952 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 2884 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 76 --field -trial-han dle=1608,i ,738660240 6532942348 ,398630099 6243732554 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- Acrobat.exe (PID: 4840 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \AppData\L ocal\Temp\ Temp1_MDE_ File_Sampl e_63ddeafc b4a1bcf61b 83f738321d 223a055bb2 88.zip\749 76.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 4448 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 2748 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 16 --field -trial-han dle=1644,i ,704940021 3542787093 ,182506347 5438035670 1,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | IP Address: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Rundll32 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 96.7.168.138 | unknown | United States | 262589 | INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1545913 |
| Start date and time: | 2024-10-31 10:10:09 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 55s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 19 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | MDE_File_Sample_63ddeafcb4a1bcf61b83f738321d223a055bb288.zip |
| Detection: | CLEAN |
| Classification: | clean0.winZIP@30/60@0/1 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 2.16.202.121, 95.101.54.121, 192.168.2.16, 162.159.61.3, 172.64.41.3, 2.23.197.184, 184.28.88.176, 199.232.214.172, 2.19.126.149, 2.19.126.143, 34.193.227.236, 18.207.85.246, 107.22.247.231, 54.144.73.197
- Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, e4578.dscg.akamaiedge.net, fs.microsoft.com, e8652.dscx.akamaiedge.net, stls.adobe.com-cn.edgesuite.net.globalredir.akadns.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, stls.adobe.com-cn.edgesuite.net, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, a1815.dscr.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, www.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtWriteVirtualMemory calls found.
- VT rate limit hit for: MDE_File_Sample_63ddeafcb4a1bcf61b83f738321d223a055bb288.zip
| Time | Type | Description |
|---|---|---|
| 05:11:32 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 96.7.168.138 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Abobus Obfuscator | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.134689978537579 |
| Encrypted: | false |
| SSDEEP: | 6:UfMQq2PRN2nKuAl9OmbnIFUt89fjZmw+9f5kwORN2nKuAl9OmbjLJ:0vaHAahFUt8Z/+z5JHAaSJ |
| MD5: | 45425F89A9D9CBAECA6673366ED89320 |
| SHA1: | FEFB3B296C223FFD6F97DC8E72328939A916EB2B |
| SHA-256: | 6D94687A8BF1AD604FFEA9598ED6A8241CF0AAFF9948EFE9B0BF4D9667415B8E |
| SHA-512: | 0525A021F0CD60A5A7CE2F9813D3E4AE8C1D78736D6A8C1FF5476C587A1DA4A2C6FB83DF860E486B6966C92E182914E322EAF7CF75662093D9C633525A4947AC |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.134689978537579 |
| Encrypted: | false |
| SSDEEP: | 6:UfMQq2PRN2nKuAl9OmbnIFUt89fjZmw+9f5kwORN2nKuAl9OmbjLJ:0vaHAahFUt8Z/+z5JHAaSJ |
| MD5: | 45425F89A9D9CBAECA6673366ED89320 |
| SHA1: | FEFB3B296C223FFD6F97DC8E72328939A916EB2B |
| SHA-256: | 6D94687A8BF1AD604FFEA9598ED6A8241CF0AAFF9948EFE9B0BF4D9667415B8E |
| SHA-512: | 0525A021F0CD60A5A7CE2F9813D3E4AE8C1D78736D6A8C1FF5476C587A1DA4A2C6FB83DF860E486B6966C92E182914E322EAF7CF75662093D9C633525A4947AC |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF48d4b6.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.134689978537579 |
| Encrypted: | false |
| SSDEEP: | 6:UfMQq2PRN2nKuAl9OmbnIFUt89fjZmw+9f5kwORN2nKuAl9OmbjLJ:0vaHAahFUt8Z/+z5JHAaSJ |
| MD5: | 45425F89A9D9CBAECA6673366ED89320 |
| SHA1: | FEFB3B296C223FFD6F97DC8E72328939A916EB2B |
| SHA-256: | 6D94687A8BF1AD604FFEA9598ED6A8241CF0AAFF9948EFE9B0BF4D9667415B8E |
| SHA-512: | 0525A021F0CD60A5A7CE2F9813D3E4AE8C1D78736D6A8C1FF5476C587A1DA4A2C6FB83DF860E486B6966C92E182914E322EAF7CF75662093D9C633525A4947AC |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 331 |
| Entropy (8bit): | 5.18252730319891 |
| Encrypted: | false |
| SSDEEP: | 6:UfQEQ+q2PRN2nKuAl9Ombzo2jMGIFUt89fQCQgZmw+9fQQQVkwORN2nKuAl9OmbX:aVvaHAa8uFUt8Ug/+tI5JHAa8RJ |
| MD5: | D9B69E55B7A8A232FAD64F20A9E56F85 |
| SHA1: | 869E043CE05B7D08806C80779AD773EF843DFABA |
| SHA-256: | 9843A5EA49C0DCA0D48E3C5412B95AA1E6EDE5D41955E130DE3D684D6502ADF4 |
| SHA-512: | 89729040D5F31EB2CA00E0F6B8F25D6568655A5ABE1BC7ABF3450D9EA75A082102049C87E35C626547E83797F27B688E72FD6D43B1F67F47B6DE4BBA44649BE0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 331 |
| Entropy (8bit): | 5.18252730319891 |
| Encrypted: | false |
| SSDEEP: | 6:UfQEQ+q2PRN2nKuAl9Ombzo2jMGIFUt89fQCQgZmw+9fQQQVkwORN2nKuAl9OmbX:aVvaHAa8uFUt8Ug/+tI5JHAa8RJ |
| MD5: | D9B69E55B7A8A232FAD64F20A9E56F85 |
| SHA1: | 869E043CE05B7D08806C80779AD773EF843DFABA |
| SHA-256: | 9843A5EA49C0DCA0D48E3C5412B95AA1E6EDE5D41955E130DE3D684D6502ADF4 |
| SHA-512: | 89729040D5F31EB2CA00E0F6B8F25D6568655A5ABE1BC7ABF3450D9EA75A082102049C87E35C626547E83797F27B688E72FD6D43B1F67F47B6DE4BBA44649BE0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old~RF48d4d6.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 331 |
| Entropy (8bit): | 5.18252730319891 |
| Encrypted: | false |
| SSDEEP: | 6:UfQEQ+q2PRN2nKuAl9Ombzo2jMGIFUt89fQCQgZmw+9fQQQVkwORN2nKuAl9OmbX:aVvaHAa8uFUt8Ug/+tI5JHAa8RJ |
| MD5: | D9B69E55B7A8A232FAD64F20A9E56F85 |
| SHA1: | 869E043CE05B7D08806C80779AD773EF843DFABA |
| SHA-256: | 9843A5EA49C0DCA0D48E3C5412B95AA1E6EDE5D41955E130DE3D684D6502ADF4 |
| SHA-512: | 89729040D5F31EB2CA00E0F6B8F25D6568655A5ABE1BC7ABF3450D9EA75A082102049C87E35C626547E83797F27B688E72FD6D43B1F67F47B6DE4BBA44649BE0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\55ccb7eb-e7c6-4e3a-8810-f6252569267a.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.994586495157486 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sqqsBdOg2HdXwcaq3QYiubrP7E4T3y:YXsidMHdr3QYhbz7nby |
| MD5: | 37D5525FB5F4401747F98EB9E249296C |
| SHA1: | 074D4B2FA8D62E8399B671FAD5984B53EC671DE8 |
| SHA-256: | B84875DC6FFACD497F11594A907D6734F67D2A8070AD82A3F7B4089E476B3405 |
| SHA-512: | FB3181243A8751A1353F097ADBC9C96B42EADD5DFAA42CE8EF00B0A86B845444046305989D16BBBE3DE9B76D7B46AF0908E7CDE00279174F43896AD76467D28A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.991191791548924 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sqc/sBdOg2H42caq3QYiubrP7E4TX:YXsNAdMH4J3QYhbz7n7 |
| MD5: | 6DBDC64E073233F72687CB7936909B8C |
| SHA1: | 0E0418F29CC8C0EB5BEBC88D847E9DC5C5685EFD |
| SHA-256: | D0A4436C9496E55FF98016AA541735B1537D7CAC190120438F3E518DF4B76C32 |
| SHA-512: | 6B5E0CDD007D3501D62F3A63603325836F13C3210D2EABC7C49B78C498E95A85B8174DB57E447588CA20C478B551294E0C115B0490E9A9F96D1BAFF9DBB9CEFD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF48edec.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.991191791548924 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sqc/sBdOg2H42caq3QYiubrP7E4TX:YXsNAdMH4J3QYhbz7n7 |
| MD5: | 6DBDC64E073233F72687CB7936909B8C |
| SHA1: | 0E0418F29CC8C0EB5BEBC88D847E9DC5C5685EFD |
| SHA-256: | D0A4436C9496E55FF98016AA541735B1537D7CAC190120438F3E518DF4B76C32 |
| SHA-512: | 6B5E0CDD007D3501D62F3A63603325836F13C3210D2EABC7C49B78C498E95A85B8174DB57E447588CA20C478B551294E0C115B0490E9A9F96D1BAFF9DBB9CEFD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\cf2b2074-fefa-4c6d-b93b-aea22ad63807.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.991191791548924 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sqc/sBdOg2H42caq3QYiubrP7E4TX:YXsNAdMH4J3QYhbz7n7 |
| MD5: | 6DBDC64E073233F72687CB7936909B8C |
| SHA1: | 0E0418F29CC8C0EB5BEBC88D847E9DC5C5685EFD |
| SHA-256: | D0A4436C9496E55FF98016AA541735B1537D7CAC190120438F3E518DF4B76C32 |
| SHA-512: | 6B5E0CDD007D3501D62F3A63603325836F13C3210D2EABC7C49B78C498E95A85B8174DB57E447588CA20C478B551294E0C115B0490E9A9F96D1BAFF9DBB9CEFD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5405 |
| Entropy (8bit): | 5.236505853103586 |
| Encrypted: | false |
| SSDEEP: | 96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xeNFhyyxvTQ4gQPZ:OLT0bTIeYa51Ogu/0OZARBT8kN88NFhb |
| MD5: | 7BBD95E434FD2DD98C19E286DDF8BD24 |
| SHA1: | 51A1D74F305C169CADA62BBF65B7C404ADAD10C2 |
| SHA-256: | 49199AFA5929BCD9806AB36EEE20109978E76B96A77D14DC8C76043D7F4DBA78 |
| SHA-512: | 82C5B29C611DB0837F33C9E84CF37969D601F97CD71703E936BB11B5F609104D1632D5A6E2099AE3D2215D95D2ABFB652AA4F7393A080D74112EDE4772B04D1B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.1267078968144135 |
| Encrypted: | false |
| SSDEEP: | 6:Ufg+q2PRN2nKuAl9OmbzNMxIFUt89f+YZmw+9fDiVkwORN2nKuAl9OmbzNMFLJ:l+vaHAa8jFUt8oY/+sV5JHAa84J |
| MD5: | 5CCB51594B776EFECAEBC335C96AE6FE |
| SHA1: | A7E596C3BE6F1AC481A5D344DA5DFE4A01C07060 |
| SHA-256: | 5F26D6B4E7FD77B48E1EBC50CD5161031A8B6DB9685D9ADF0F97D7F4444464FB |
| SHA-512: | 3986A6DBBF240BF70C847D8DD8AF49C8C0BAA3784841E843C3806755A8B2267291B265F642B9F7BBB3D82371E749233CA038CF9DF3ED4AC62F12EACD619CD372 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.1267078968144135 |
| Encrypted: | false |
| SSDEEP: | 6:Ufg+q2PRN2nKuAl9OmbzNMxIFUt89f+YZmw+9fDiVkwORN2nKuAl9OmbzNMFLJ:l+vaHAa8jFUt8oY/+sV5JHAa84J |
| MD5: | 5CCB51594B776EFECAEBC335C96AE6FE |
| SHA1: | A7E596C3BE6F1AC481A5D344DA5DFE4A01C07060 |
| SHA-256: | 5F26D6B4E7FD77B48E1EBC50CD5161031A8B6DB9685D9ADF0F97D7F4444464FB |
| SHA-512: | 3986A6DBBF240BF70C847D8DD8AF49C8C0BAA3784841E843C3806755A8B2267291B265F642B9F7BBB3D82371E749233CA038CF9DF3ED4AC62F12EACD619CD372 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old~RF48d514.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.1267078968144135 |
| Encrypted: | false |
| SSDEEP: | 6:Ufg+q2PRN2nKuAl9OmbzNMxIFUt89f+YZmw+9fDiVkwORN2nKuAl9OmbzNMFLJ:l+vaHAa8jFUt8oY/+sV5JHAa84J |
| MD5: | 5CCB51594B776EFECAEBC335C96AE6FE |
| SHA1: | A7E596C3BE6F1AC481A5D344DA5DFE4A01C07060 |
| SHA-256: | 5F26D6B4E7FD77B48E1EBC50CD5161031A8B6DB9685D9ADF0F97D7F4444464FB |
| SHA-512: | 3986A6DBBF240BF70C847D8DD8AF49C8C0BAA3784841E843C3806755A8B2267291B265F642B9F7BBB3D82371E749233CA038CF9DF3ED4AC62F12EACD619CD372 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 57344 |
| Entropy (8bit): | 3.291927920232006 |
| Encrypted: | false |
| SSDEEP: | 192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP |
| MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
| SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
| SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
| SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16928 |
| Entropy (8bit): | 1.212862478336151 |
| Encrypted: | false |
| SSDEEP: | 24:7+tAjqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+ZT:7MkqLmFTIF3XmHjBoGGR+jMz+LhG |
| MD5: | D387B0B6A190068C6FB723E66F282A77 |
| SHA1: | CE9CC7BE2E32AC2DA17A620291DDB21BB6724B26 |
| SHA-256: | E3EFF297E468DD036E93000184A227ABAC803DD0675B0D36BB3D1B50AF7FCED5 |
| SHA-512: | F283253CC7D729AE36B069976657972CBE40F95B8A8860E0F6954F81CFE71E7DD731795D3E0580A4B761BB912351617563D4D51D4677A5CA22331AB6F95C446A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1391 |
| Entropy (8bit): | 7.705940075877404 |
| Encrypted: | false |
| SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
| MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
| SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
| SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
| SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192 |
| Entropy (8bit): | 2.775162490582081 |
| Encrypted: | false |
| SSDEEP: | 3:kkFklGfRKlXfllXlE/HT8ksVhlXNNX8RolJuRdxLlGB9lQRYwpDdt:kKf5K2T87zdNMa8RdWBwRd |
| MD5: | 379A6EC5C94C0B4D7C12A5B09127D00B |
| SHA1: | CD73FE0305BB713C082EC6F570382804E1602A66 |
| SHA-256: | 41B53341B0D77F375EC767DFB210F8052AAE2810692440033A146282DB1416B1 |
| SHA-512: | F83025951D3E790D2683CD909E46A7F1EF0EB0213D8AACBAB94FC95051ACA2B71D000483CF0DE036DC0D27113C97F80E4DB94C2E0EDD98A5A35E4B9BF73600CE |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.224190177427459 |
| Encrypted: | false |
| SSDEEP: | 6:kKTi9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:bdDImsLNkPlE99SNxAhUe/3 |
| MD5: | 627D26E76C8D736031623577FB0C8F46 |
| SHA1: | 56339DBDC45B72CD4801D59840B6F1D6486CF342 |
| SHA-256: | 1FA8DC4A30F61EB68C9606FBBA145A9BE09408E9C40C61F3EA320A1D4D1C9CFA |
| SHA-512: | 3C6C78C339AD1AB78243CE1E547D134E1D76BAD39C143096B685BA90E42C37149BB92807B0BEBE0D33875A5C26F59AE34B50E1C0B3D088FA68C1A337AE10F652 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 231031 |
| Entropy (8bit): | 3.3762863910038354 |
| Encrypted: | false |
| SSDEEP: | 1536:gpKPliyzDtrh1cK3XEi3D7Vg/3AYvYwgZbrioWisn:OKP7m/3AYvYwgNOoWisn |
| MD5: | A9F6D97B95BC9531C5713A1FA0E24A63 |
| SHA1: | 4EC20BF4C335559704D23585285D115B750C23A5 |
| SHA-256: | 80094506B4C7B8898C738F135F94225933F40FC329B940CEB1C25170EB7446CA |
| SHA-512: | 3028BFE2FB61CE1AEB1D7FC403C0050E20400DF43EEBCE8C41D83CF576F31E2683774A1CB93200370828B0E465262DDAAC0CA557D127208487C38D35A53B6001 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.382764871523485 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCNUMQ5IRR4UhUR0YLfoAvJM3g98kUwPeUkwRe9:YvXKX3MQWRuUhUPgGMbLUkee9 |
| MD5: | C0C32F1CDAAD1863163FA25C15A82EDB |
| SHA1: | F8DAB2EE7A18C7B3E5B53899D4EC3145DCA1C20F |
| SHA-256: | FBBC2E755158CCD98F047D71D1C55131C80E179C9AB6C2568DFB13A3BF140260 |
| SHA-512: | 6A938281125CC3CA1946ACF23739EDB991638C19F06A359F744E3CC7EFDAD3F112F43EB9014006D94BE43775BB38A48C00D83AC60EC8B2F922362623654179D0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.331238043401213 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCNUMQ5IRR4UhUR0YLfoAvJfBoTfXpnrPeUkwRe9:YvXKX3MQWRuUhUPgGWTfXcUkee9 |
| MD5: | 89EE5F2D9BE122437BF40AAEAD0C4476 |
| SHA1: | 8341AE9E8FCEA77FAF415F9386D2BD2998094BA1 |
| SHA-256: | BDF6C0301BAD3C966094F99691287B10818470A6E215AC8B1B3081E3CA64A760 |
| SHA-512: | 0BF14A231083FA79E1D07C91F0E8EFB2DBCFF8FA6CFCB79138438F6C17C984F93831D2A738B36F00B093F21ED24DFB7EBC103637B062DF5DD99D51DADAFE5C21 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.309497538759021 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCNUMQ5IRR4UhUR0YLfoAvJfBD2G6UpnrPeUkwRe9:YvXKX3MQWRuUhUPgGR22cUkee9 |
| MD5: | F0768A9640BD202ED8C4F4E4533917F7 |
| SHA1: | 43D6F3E97272905983974A3B73E3636A49702D4B |
| SHA-256: | 8ACD71C4020FC2D93763232B5C13BC08B92F36D1FD4F0870CEC935B378E8E45E |
| SHA-512: | 7D103D98345FD8A2B103EC69F810A2610C0184C624FC7EFC0D7A52190A6C153E113C74FE8833A49E584244EF383DA15D0A2842814A9B5FB9773595A5A7DDAB05 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.371825814131368 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCNUMQ5IRR4UhUR0YLfoAvJfPmwrPeUkwRe9:YvXKX3MQWRuUhUPgGH56Ukee9 |
| MD5: | 6A7FDF236BF16ADD8E8B5C04BEE4C4A7 |
| SHA1: | D1DE9862BFC8F10199A06D8FF0D6FF0A50E9CF03 |
| SHA-256: | 929DE604CF039FEFA3C8619F59FF17A2AF4301C866CBE568542DA027F15E05F4 |
| SHA-512: | B092C1B230A40B7976C776E819A71DC10CFCCAFF106F97268C8FC21C2332A7FCACAC987C630808F78A9AB63F869C087C8572EEDC2AD75CB750CFE45D19B6581F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1055 |
| Entropy (8bit): | 5.662972018634758 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X3MRUP9pLgEscLf7nnl0RCmK8czOCCSl:YvxUP9hgGzaAh8cv/l |
| MD5: | 3AB35B5FF33ECB632A232EDAF95810AD |
| SHA1: | 96B9A5AE99A6F314B48534CB9F55EFACCEAEF84D |
| SHA-256: | 122049966BED5AC3083DF7D0A63EB9080929C5930E60A46AFD80A6FC873A94FB |
| SHA-512: | 43EFD81FF48C93D805234BDD4767A81C7DF8D320FF26032C64652655162E7DB989B85EFE9EBCCF77E247A9F158DB8EFE3B669ADCFFA04654260FAA2E91C549A4 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1050 |
| Entropy (8bit): | 5.655455919896994 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X3MRUPhVLgEF0c7sbnl0RCmK8czOCYHflEpwiV8:YvxUPhFg6sGAh8cvYHWpwl |
| MD5: | D8DB70910897FC7882CBABF0CF8BF83F |
| SHA1: | FA026FBB7D1413F286B361BAE0D6F5CFAD15682B |
| SHA-256: | E916E75F4251339E6402257A3C2EAD0A2F67D522FB9C5EB3A473363C588B1446 |
| SHA-512: | 997817A8485B5F67DCB4592AE81E221ED88533E4EF94F46DD2AA14A6F855B074E368BDECCBF95E6C5AA00D605AC725A08067A6ECF60B1672B58E02C4E7748F5D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.32197305197619 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCNUMQ5IRR4UhUR0YLfoAvJfQ1rPeUkwRe9:YvXKX3MQWRuUhUPgGY16Ukee9 |
| MD5: | 0616AA1B1A5932558693BD455F189BE8 |
| SHA1: | 5D00882B04E25634C7720D8A6F44229AA07B639A |
| SHA-256: | 52266D4EF0BC541450833E5E1A6562AB9D29354961CFFDE6BDDFEBBEFA697DDC |
| SHA-512: | 435B9A3E4A556F60A23D9B5A2004573B97CDD2BD2251E87A08C736FC9AD557987B149D5FF50348279CFA626C6852BBD1F1B351D9CDE1FA39238F0AFAC543E5FB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1038 |
| Entropy (8bit): | 5.649978524201069 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X3MRUPQ2LgEF7cciAXs0nl0RCmK8czOCAPtciB8:YvxUPQogc8hAh8cvA2 |
| MD5: | EDDDBCE028735FAB71A3B03DA783F3D1 |
| SHA1: | 905167EB28CBFC9A9827EB5A880A88BD1C63D236 |
| SHA-256: | 48CAD131E3944C1B15BE4465F6FB10F9EBF3E073FF19840D3F3FEA65409D2FC7 |
| SHA-512: | 239430943F2A66F85DA5E2902C908E7CF47DED8150154E16FA0C7B89B5942FDD94B8FD5C41CACDB020E20A5A23182E2608C8BC176C764B39A613F6E3B816D2B9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1164 |
| Entropy (8bit): | 5.699154184836258 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X3MRUPYKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK58:YvxUPYEgqprtrS5OZjSlwTmAfSK6 |
| MD5: | DA309EDA37022BC660E0514B1213764D |
| SHA1: | D182225BF7DC4219AA8335A5AB43D7136B82F69D |
| SHA-256: | 69A40DA65699F03BC1491B32CC4A96E2DBB4604105A2B1EB4DDFC357B6415624 |
| SHA-512: | 3726B374B51CF16755859029AA5CB67F93FFF58368571010ECCC5777083501E8322E20BD4463613218C33D0ABC674C6BFF858DEC8A402AA059680C04F92735DF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.325518224568998 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCNUMQ5IRR4UhUR0YLfoAvJfYdPeUkwRe9:YvXKX3MQWRuUhUPgGg8Ukee9 |
| MD5: | 46F525811B906C11AA0DA5E9018A06C7 |
| SHA1: | 5AD68DE4009AFD6AB84EFA8EE5BBAA6E21722EB4 |
| SHA-256: | 63783D0414AD676C885D7CF2AB77C8660F87C7114FFB2B912F383F1C61CB140C |
| SHA-512: | 9E94C2C4E7D698A54B09028450C360E7B24285152D0D469E4CD72158510B9144E7ACB03FAF6920F21CC176C3F19804463FDAB7CC69F5F9F840F4838D2BEBE86F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.7766139450069796 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X3MRUP3rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNE:YvxUP3HgDv3W2aYQfgB5OUupHrQ9FJ6 |
| MD5: | 4F9DA9DA8B086D4A77B4884FE4DD75D7 |
| SHA1: | D2109B3E7E91B9C31BD89A4D72A2B3EAA0798C38 |
| SHA-256: | 29AB06047EEB5D107F083BA2F12E5DA6DE74AFD87A36ACDACE69342BC408D1FA |
| SHA-512: | FB31B08650314398C86A662E0FC9229A53B1F74980274E6A0D62765E2BF162FE1CE6E97BF7BF82979AEDB97EA3D1C9E556440DB1595243CB9984267098CAEAA4 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.308889939256132 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCNUMQ5IRR4UhUR0YLfoAvJfbPtdPeUkwRe9:YvXKX3MQWRuUhUPgGDV8Ukee9 |
| MD5: | D35F94EF1C52A9193EFBC814029CC91E |
| SHA1: | 7E0308194D22D3A7A8B948190C9EC904DA89B447 |
| SHA-256: | C0E0E15E0230C17C73B0556299A72F66B3F329973C8CAB5001CEEA166E5A9EB4 |
| SHA-512: | F530B85D420E257BB2FBECCA7C9335EED9D61C631CB4B97D076C342745B17DC9324D3670726F9C28F3168A37CF735F201F17A3DD28D13B7DA8AF07EDFF2389D0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.312920335492284 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCNUMQ5IRR4UhUR0YLfoAvJf21rPeUkwRe9:YvXKX3MQWRuUhUPgG+16Ukee9 |
| MD5: | E853CF8088AB48F437F2106AB5F7A1B7 |
| SHA1: | 72B49A5C69755A7B52B652E8501D08169507F3BB |
| SHA-256: | F4A20CCEA7423AC1B5229C89E2FF879EDC1A786642F533D985303383A880992B |
| SHA-512: | 9F23917912103FBDEB12BEF023BAD5680CD72C39138347C741E242A3E215587BEC2FA865C7950AB078FFCB636DACADA87904D40FD7D37DF9CFEB5C0AE21B7A5A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1026 |
| Entropy (8bit): | 5.633510123753392 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X3MRUPFamXayLgE7cMCBNaqnl0RCmK8czOC/BSl:YvxUP5BgACBOAh8cvMl |
| MD5: | 436B312FD55691B38A28DEABAEA72A77 |
| SHA1: | 3B094999BF8E64B397C1666C4CB12AC457659C09 |
| SHA-256: | 23C6DC15069C84EE47ADEF6EA105A05BAA391863087873FD282F6EEB9962A17F |
| SHA-512: | D86E993FCB73B9E008893D312374DEE4476D39FDC968D86DE2063FA77901793EFBDEECC5F3BB5882BC7A5DD41FD04852F1725FCE98594E5140BAED086E764D84 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.288054321117152 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCNUMQ5IRR4UhUR0YLfoAvJfshHHrPeUkwRe9:YvXKX3MQWRuUhUPgGUUUkee9 |
| MD5: | 326D187C24FCCF9533AB80D3BE0234B2 |
| SHA1: | 3C1F7F75F4224A3F1DC6D44C322C823C6970B778 |
| SHA-256: | 4641FFFC396D59D64AF14702C086A1540459C0F2233850A2A6A1F8835E192E9B |
| SHA-512: | C240B94A3674EB9499BA3397FDFB75118C9E78D85DB2F28ADAB179F2AE7AB917058FD94B65FFBA13A17DF82A1381CBF352633C268EC292A7F3EE84EAB8655515 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.373926942468442 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKX3MQWRuUhUPgGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWA:Yv6X3MRUPW168CgEXX5kcIfANhl |
| MD5: | 66C48DD169EDCB3783E12C9553E11253 |
| SHA1: | 1D80ED4BC50F7F8D928C41A5C0756DC449968C3B |
| SHA-256: | 12821AAFAD9BD126F4525EC2617962BCCA9FDE89721D7CAE7F005DA31967FD0E |
| SHA-512: | 6C1B07285BA7FA1DAB011A08A11A2B01C32FDB7E72230CE931408B3B1BAA3F78400A9D0AE24192DEABEEA64FCE0AB92AABDA4DE85ABD931B76D6DFC5DEB7A477 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2818 |
| Entropy (8bit): | 5.124576487989521 |
| Encrypted: | false |
| SSDEEP: | 24:Y6MIkjaBayXBlbIDBGHlQCBQrQLuf+VBPJwjxzj0S0lw2EJniQx2LSeUMP5dw9Ap:YIVbpC+QMLuG/Yx/1RJiQxsUMPTw94 |
| MD5: | B41EBB95EDD2BEF8FE461D42B86E546C |
| SHA1: | A06F50972D8FC87F6D9F9DA505426989544064D9 |
| SHA-256: | EADE7265E8D3CF9CA433E1F51907DD31B322784BE2FE2E1010D18BBC42FC71EA |
| SHA-512: | 578D24086CDB67C1266798F7175FDFEB319F368892D2FBFCE505A4C62B90D35819304BD74A81BDC47F1EA89F553D5C6BBB654F690AE16311E7E870A9BFD058B2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.9920023224206472 |
| Encrypted: | false |
| SSDEEP: | 24:TLWwx/XYKQvGJF7ursZY9QmQ6QeihGcbWUWf7JniYhF:Tll2GL7msZYXtrzckJiE |
| MD5: | 63952CC82F8FAD682096B569D929D933 |
| SHA1: | 22671750A7C8E69107752B35C0AFD1EF85B7C6EE |
| SHA-256: | 0F55A4862EDBFD76A6655C016BE7B58BF17CDDD81C56DA5E3BB880E8ED817B3C |
| SHA-512: | 47D9A7C13FCF2A01FEBC8097A78DF51950FF5998692BAC5389DA38538D8064BACDA5EE9DC3C811BED401145887FC2957EFA18E89AF7CBF50FD64A0717B5ACC52 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.350699538628377 |
| Encrypted: | false |
| SSDEEP: | 24:7+t8V6Y9QmQ6QeihbcLEVLWf7JniYhHXvqLRx/XYKQvGJF7ursY7:7MXYXtrucIV0JikXvq1l2GL7msW |
| MD5: | D205B29E72EA99A6A0BE623FD39144E2 |
| SHA1: | 2298CB124C8A654ECB9182E22DE8425D73200F5F |
| SHA-256: | 087DBAB2F7CBC4A1BAB33FD49AABFF7242C27A37674D8C2B0B97A2880F7D5A28 |
| SHA-512: | 29F9785FD2F745D672F41C4264FC35BF66C3CAD0F02C4761FCC32A1D5A4B8FC3200F60865D50292EA5642CFDDFDF0C145AF9534FD83246A0A3659B09A8B2F63E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5136057226030957 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8fQRWfUOul:Qw946cPbiOxDlbYnuRKuHm |
| MD5: | EC712D735BF199E7F9497EF9C0217ACD |
| SHA1: | 719C563F439404249E3FCDEE92865055ED9045BB |
| SHA-256: | D144DEA60DA09BC39EC2054991E636F1AA40777E5AEB2DA5A398F48245413AC4 |
| SHA-512: | 1D9BDC3CAD5915A549128C3A26907CE6D0DBF693C10D92DBED5611EF4FA55C64BEBDAEC7E0EF99EF5DE71AD1AD59D38B96EFDE6C4BD92AD78E53AF8135493A5F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 383 |
| Entropy (8bit): | 5.3272426871592335 |
| Encrypted: | false |
| SSDEEP: | 6:wBqWjn8iTawMnraH5hS3EajrRQAtBkFKklCmvz/vbcaS3jfU0cMYz/FooA:a8eir8qEajr+AtBkFZzAjfuzk |
| MD5: | 5CC2355A6AD5615A4AD373DA53DB5667 |
| SHA1: | 70E00F3E369036B32CE8C7A971C543BFCCFBEF8E |
| SHA-256: | 542ACC2C8E55514142D1089360F15E17B41A1E60DFB5D299B0DBCA55D9D0D94D |
| SHA-512: | 3E5705F388719E5EE1D4281E30A65E893D11D8E3C491C7F39BEC185FF071E4D73FA50FD04728018D7F33A3906904FD9CA3EE77269F488044723EB74B883B1DF5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1734720 |
| Entropy (8bit): | 7.999581305333742 |
| Encrypted: | true |
| SSDEEP: | 49152:Vindpk/BgYlE87nasHBpFjt6oyk5b8dk1HR7G:8ndp0BgzgLHBp9qsbxY |
| MD5: | 1527BBD38601C24087D9BE0F5ACCBE19 |
| SHA1: | 0C4539A4DD2CD8302D29FB50DA4D3B5F9E65CE1F |
| SHA-256: | 5C2E32A79BA4E2ABA9DEF10E521ED268463288BAFE038B5CD9DE099799663DD1 |
| SHA-512: | 00391887BCE35EEEF1636A6902FF82831E5FE600144966FDAA95276FA713FD3E5D417C79AA85947D005762B02CB9A8F5DD4C2AF1038C79D78532536CDAB6A9D4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 383 |
| Entropy (8bit): | 5.34415788556862 |
| Encrypted: | false |
| SSDEEP: | 6:wBqWjn8iTawMnraH5hS3EajrRQAtBkFKklCm862bcaS3jfU0cMFvbQoA:a8eir8qEajr+AtBkFb9jfrb2 |
| MD5: | C9A1FCC704FC4A259CC1C3306BA0C343 |
| SHA1: | 28B424BADACDB9B828E669324CE227AD41D9C57A |
| SHA-256: | 1AD959C9DC0B66B20BAD7AB5B04D0E625FC8FFE86E892EF1CEBB970632E9BF51 |
| SHA-512: | 56BE339F6EE09D6E8F94205FF620280B1F826E70BCA876580ED3F95CF656E8D9B0FB4D5834099D04C7BEBE45011046A6CF8677621DC87666466414F50FB61D59 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 383 |
| Entropy (8bit): | 5.354367535947652 |
| Encrypted: | false |
| SSDEEP: | 6:wBqWjn8iTawMnraH5hS3EajrRQAtBkFKklCmro1KmebcaS3jfU0cMSo1KQ2ooA:a8eir8qEajr+AtBkF5ujfEC2+ |
| MD5: | 04D9B43D671DD6D74330F48E2493872D |
| SHA1: | B6B366A6B78865A663B377B7D1476B48EDBD08ED |
| SHA-256: | 25517355F0B05D882FA682E5C34790747D4A6F3D7C2E8A8D525B84567110CBA6 |
| SHA-512: | A2D2C4D1C608968B85FB20ACBE033E3A5C9DCEA5ADBE811BB4213C5BF7256A8E3ECB4AA13FA8679E7B182B82429E03171E253661E87A29B97CE650EF7BC95C5B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 05-11-18-243.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.353642815103214 |
| Encrypted: | false |
| SSDEEP: | 384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL |
| MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
| SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
| SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
| SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 05-11-41-191.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16529 |
| Entropy (8bit): | 5.3246154948535285 |
| Encrypted: | false |
| SSDEEP: | 384:xLhocKPjqnsGYPvsyxbMXdEYMpynRzLS9sTlvXFUfVmrptLTThJviPv8jOM+M9Nr:UXXs |
| MD5: | 74833D9391A4F7FCD1710CBA37CAD630 |
| SHA1: | C9766A35F0E92F588CDB4F863FA59AEFAE5AAA79 |
| SHA-256: | 5072ED08DA80025296E24E53987923D78D23DB99E53D759C2F46F522CB0B51B0 |
| SHA-512: | 9A5252DC11D29789774E543EAFCD804EE66957B33F2F188827F69F9B6EE0B365C19E2039A1F5472802291032DD6315A9C89A3FAEAF0DFD16FDD325204AA373F5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16581 |
| Entropy (8bit): | 5.3211172691250965 |
| Encrypted: | false |
| SSDEEP: | 384:dlLUjlWRXOrUIFwjrtL6+d58AHlNjHb9u9cWgsW8ZfpOE2npb6GSmrmL+E2G7UsV:ZLCT |
| MD5: | 748330513B388DFA998D9A0AE0722DC8 |
| SHA1: | FD2CDBD98938274D011A89DA954557E1ABA26F2B |
| SHA-256: | 047B3C816367A75CCC55605EEBE733B656FB5BB7CBCBD916111191F4B69B834D |
| SHA-512: | 47D93C3F45F89E2BA75B6ECD616598FC65BCA7DA87415B6529CF49F6E763306ACA6F9019BD3C4E8FE426952ADDDABA0DE5E7AF7B400C2156F67F5651944F9891 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 35814 |
| Entropy (8bit): | 5.413733815637046 |
| Encrypted: | false |
| SSDEEP: | 192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbGcb81IXhcbWRcbKDIdzcbD:fhWlA/TVByXnUdI |
| MD5: | F74AC1C9AFD70DE5A58E19D98BD3C8B7 |
| SHA1: | 36379FE12A37CDEAFE3755A4023CF07C35CF0713 |
| SHA-256: | 3398A3F3C1E74185BE8F12ED100F348DDFECC7598A887AE52D28F4C28D4CAF0E |
| SHA-512: | 4D5B9A15A2CF40A78BDFF8FFC46021531E5110A01436B8F115E9ECA8747F7C6ED6273CCCD1279448CF2DE66CC76E343A8D5F59CCC08DDD78AE4EEFB2DC6E4034 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje |
| MD5: | 716C2C392DCD15C95BBD760EEBABFCD0 |
| SHA1: | 4B4CE9C6AED6A7F809236B2DAFA9987CA886E603 |
| SHA-256: | DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8 |
| SHA-512: | E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
| MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
| SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
| SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
| SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 22 |
| Entropy (8bit): | 3.4594316186372964 |
| Encrypted: | false |
| SSDEEP: | 3:3cEHn:3nHn |
| MD5: | 4AC65FD0505524C840E4B8ED9352125F |
| SHA1: | F914B6F0DF85ED7B5AA059AFDBD993E18748493F |
| SHA-256: | 913EF675AA4754FBB1A0B07E73B75D515B05C2058CB1144BC115E0430A90CC11 |
| SHA-512: | 9E8913B2E71CA3C0D422A2ED1CA6E2BEE3C7C7F493A0F79573CA4E0341946FFB1D38F669521190B1303B4F3F6F392E20B7694ED25A177301C93816BB8B073438 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 24 |
| Entropy (8bit): | 3.66829583405449 |
| Encrypted: | false |
| SSDEEP: | 3:So6FwHn:So6FwHn |
| MD5: | DD4A3BD8B9FF61628346391EA9987E1D |
| SHA1: | 474076C122CACAAF112469FC62976BB69187AA2B |
| SHA-256: | 7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486 |
| SHA-512: | FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 36 |
| Entropy (8bit): | 4.294653473544341 |
| Encrypted: | false |
| SSDEEP: | 3:8QvCyKGziFLpn:8QayKGyLpn |
| MD5: | 5C6B932A79952B4B27833691305E61DB |
| SHA1: | 09804DB0986A989C2C49CDCEA563567FB4C7B1A0 |
| SHA-256: | DEE5A5925227B125F4AC6D9B70A277E6EC8494FFC73D1CCE9E08CC7A78D6208A |
| SHA-512: | 4FAA9585BB10156D5DEA3B62D3A3A1BFA92430BA6E1E3381FC4C76C3071C85E53D5CBCE0016DBA1D1F9EA1B7AF37B4A4EFBAF4F3106B7D958B6E2E90AA0DF059 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 54 |
| Entropy (8bit): | 3.7119196645733785 |
| Encrypted: | false |
| SSDEEP: | 3:8QvCxXLV1AiLKltVln:8QaRhJ2ltPn |
| MD5: | 6A614A7743B0C781AAECA60448E861D6 |
| SHA1: | 67B7DF5EBEB4527E4C31F3F9B7E52A0581DC4B6D |
| SHA-256: | 9703120DC62C2C3F843BAD5B1E77594682CA7820F0345AE0BBD73021C1427146 |
| SHA-512: | 3A45B27ED6F3AAA8C2113FBB21637675CC91D1239754447A7032D1A86CB1E7381575B28F992E5FFC9986354C2B9C173C614F1F703CA4C2BEE63AB3BC6ED909A6 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.9908104263283946 |
| TrID: |
|
| File name: | MDE_File_Sample_63ddeafcb4a1bcf61b83f738321d223a055bb288.zip |
| File size: | 28'130 bytes |
| MD5: | a44fd5a1494a40049f230cc1c1075268 |
| SHA1: | 5687c84a0b8c89749af05df761dbed786475e5c9 |
| SHA256: | 4215f8c59cbae20156ecdaad5ccb2317bebd418b576f2f09f76ecbf4750e696f |
| SHA512: | 453c2840b84b96ee77369b1dd66b3cc181c8d8a4736fc72ac0886cedcc54569209ff02e06da380eb07ef76c20c087d30984ac719bc5cf42003c71ccb5fcc9211 |
| SSDEEP: | 384:UTWYii0mSlDbwUU/lRYxCyeIy8a8kq6L8AFtMj15ywBkr05OMbFGeX241gyEz6:lSnS2UfeIHgq6L8A45Yus0Ked9H |
| TLSH: | 37C2E15D66969B1251021EAB0B4617E3AC83CBADB3358531700741A72BACFCDC1EE33E |
| File Content Preview: | PK........$I_Y.5Wa&m........$.74976.pdf.. .............t+......t+......t+...'....P..G..../}7I(@...,...W.;..N........;D.....6[.d.._.. .m....#...r..y;..8.k....Q...2.-._P.....N.2...x.K.&1.*..I...J.....n.....x......#K...5K..h.>..`;.^.6..}5....C/..}]..:e.M:.{. |
 | |
| Icon Hash: | 1c1c1e4e4ececedc |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node⊘No network behavior found
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 05:10:40 |
| Start date: | 31/10/2024 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74d2a0000 |
| File size: | 71'680 bytes |
| MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 05:11:14 |
| Start date: | 31/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74de40000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 10 |
| Start time: | 05:11:18 |
| Start date: | 31/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7763d0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 11 |
| Start time: | 05:11:18 |
| Start date: | 31/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7763d0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 14 |
| Start time: | 05:11:38 |
| Start date: | 31/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74de40000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 15 |
| Start time: | 05:11:41 |
| Start date: | 31/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7763d0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 16 |
| Start time: | 05:11:41 |
| Start date: | 31/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6d4dc0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly