Windows
Analysis Report
Resume - Ms. Kyi Kyi Oo.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- Acrobat.exe (PID: 5068 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\R esume - Ms . Kyi Kyi Oo.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6208 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6416 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=16 08 --field -trial-han dle=1560,i ,105923167 5947797645 4,96441306 2729077441 8,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Static file information: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
x1.i.lencr.org | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.47.168.24 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1559187 |
Start date and time: | 2024-11-20 09:37:35 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Resume - Ms. Kyi Kyi Oo.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@16/59@1/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, TextInputHost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.144.73.197, 18.207.85.246, 34.193.227.236, 107.22.247.231, 172.64.41.3, 162.159.61.3, 2.19.126.149, 2.19.126.143, 2.23.197.184, 2.22.50.131, 2.22.50.144, 2.16.164.11, 2.16.164.64, 2.16.164.91, 2.16.164.115, 2.16.164.59, 2.16.164.35, 2.16.164.113, 2.16.164.114, 2.16.164.65, 2.16.164.50, 2.16.164.19, 23.200.0.33
- Excluded domains from analysis (whitelisted): www.bing.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, evoke-windowsservices-tas.msedge.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- VT rate limit hit for: Resume - Ms. Kyi Kyi Oo.pdf
Time | Type | Description |
---|---|---|
03:38:32 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.47.168.24 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Ducktail | Browse | |||
Get hash | malicious | Ducktail | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | PureLog Stealer, XWorm | Browse | |||
Get hash | malicious | Metasploit | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | ScreenConnect Tool, Phisher | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.110591924427774 |
Encrypted: | false |
SSDEEP: | 6:H45cVpQ+q2PsHO2nKuAl9OmbnIFUt8Y43SdWZmw+Y43SQVkwOsHO2nKuAl9Ombjd:Y5cVpQ+vkHVHAahFUt8Jig/+JiQV51HY |
MD5: | 0B2CFFDE0F079F3C0787653551515707 |
SHA1: | FAC102B1FDE2E271FACA4E0004EBCE4869F04FCD |
SHA-256: | 8F69D2BA687284A07C50812BF798F0CF825757A6B7057697A046B7C6CAA8AE08 |
SHA-512: | 482D6332A377CEE4164FD8DF47AAE6046CD45A0F0592F45430796B2E73EAA244BD27D9F8971CB38B2958A4B27B4627D21024615CC98C3835A09AA45177BF7032 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.110591924427774 |
Encrypted: | false |
SSDEEP: | 6:H45cVpQ+q2PsHO2nKuAl9OmbnIFUt8Y43SdWZmw+Y43SQVkwOsHO2nKuAl9Ombjd:Y5cVpQ+vkHVHAahFUt8Jig/+JiQV51HY |
MD5: | 0B2CFFDE0F079F3C0787653551515707 |
SHA1: | FAC102B1FDE2E271FACA4E0004EBCE4869F04FCD |
SHA-256: | 8F69D2BA687284A07C50812BF798F0CF825757A6B7057697A046B7C6CAA8AE08 |
SHA-512: | 482D6332A377CEE4164FD8DF47AAE6046CD45A0F0592F45430796B2E73EAA244BD27D9F8971CB38B2958A4B27B4627D21024615CC98C3835A09AA45177BF7032 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.146429712938192 |
Encrypted: | false |
SSDEEP: | 6:H4W2nxSQ+q2PsHO2nKuAl9Ombzo2jMGIFUt8Y4W2ypgZmw+Y4W2HQVkwOsHO2nK3:YW2UQ+vkHVHAa8uFUt8JW2Yg/+JW2HQs |
MD5: | 7905FC6D4CC5A6D425E1D74342F456EB |
SHA1: | 5467079E84488B022EAC4F0714B11ECA66DB21ED |
SHA-256: | 0D6A3923B6CACF9C0C0B7B9BAF9A4364F6CD32F913A0AD5A0D4349D3003B1D43 |
SHA-512: | 49533E203473605E556ADE6B347D992B2FDBB1A6714571C695295B5B9CD62F2BC9CF2BF8045CE28114713A7E9A708B1BD27CADCE4C58151A09EC48CACFE793C7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.146429712938192 |
Encrypted: | false |
SSDEEP: | 6:H4W2nxSQ+q2PsHO2nKuAl9Ombzo2jMGIFUt8Y4W2ypgZmw+Y4W2HQVkwOsHO2nK3:YW2UQ+vkHVHAa8uFUt8JW2Yg/+JW2HQs |
MD5: | 7905FC6D4CC5A6D425E1D74342F456EB |
SHA1: | 5467079E84488B022EAC4F0714B11ECA66DB21ED |
SHA-256: | 0D6A3923B6CACF9C0C0B7B9BAF9A4364F6CD32F913A0AD5A0D4349D3003B1D43 |
SHA-512: | 49533E203473605E556ADE6B347D992B2FDBB1A6714571C695295B5B9CD62F2BC9CF2BF8045CE28114713A7E9A708B1BD27CADCE4C58151A09EC48CACFE793C7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 476 |
Entropy (8bit): | 4.976622644559748 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqTM3xsBdOg2HVZcaq3QYiubEP7E4T3y:Y2sRdsaM3idMHVg3QYhbY7nby |
MD5: | 99C8141D4E0205C57BBD053495B50D0E |
SHA1: | F5AF8D6A05B572DD8FF9BB9F92CD2970961AB430 |
SHA-256: | 335D69B3B4C1051BB37A1BBE2A00702057113FB809116F805E623A48458FBE4D |
SHA-512: | 286F80FCAF3CF7DDE7268A74A1B51CDF2BB805649A7ACBEE6E71E7AA5815967ABCCAB2C2B9EE859CD507714AF94B007E4AF880FDB9E5134AAE1D56E1E344EC1A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f87a8a89-c465-485f-82ce-4937bc1ee9d2.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 476 |
Entropy (8bit): | 4.976622644559748 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqTM3xsBdOg2HVZcaq3QYiubEP7E4T3y:Y2sRdsaM3idMHVg3QYhbY7nby |
MD5: | 99C8141D4E0205C57BBD053495B50D0E |
SHA1: | F5AF8D6A05B572DD8FF9BB9F92CD2970961AB430 |
SHA-256: | 335D69B3B4C1051BB37A1BBE2A00702057113FB809116F805E623A48458FBE4D |
SHA-512: | 286F80FCAF3CF7DDE7268A74A1B51CDF2BB805649A7ACBEE6E71E7AA5815967ABCCAB2C2B9EE859CD507714AF94B007E4AF880FDB9E5134AAE1D56E1E344EC1A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6495 |
Entropy (8bit): | 5.245226245585287 |
Encrypted: | false |
SSDEEP: | 192:TUi8h+F8Aj8DRCGwtqzmsLnNreR2ZpjRe4I8qr9jnNI92D3jC+3ETKEAE87pgfZ:jX8eQp |
MD5: | 84A7D3617CBADE0B2028DA5AB2089B0D |
SHA1: | 2A5F573959ADC9C28A2A4C64CFFE59FB097A1579 |
SHA-256: | 845FA6DB59B27EA980CDD9B20F002E8EBFEFCB7454524C6FDD1C06E2AD180098 |
SHA-512: | 8C0052CEA4F727DC0E5FDD012FF4F09E8EDF48CDAEC5688612A32CFBD0CDC9E4EC01E737083A7BD17DC927975F5FDF1232BDE88DE5453194F08A5B3B5364F635 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.14217585139798 |
Encrypted: | false |
SSDEEP: | 6:H4uQ+q2PsHO2nKuAl9OmbzNMxIFUt8Y4zmGSgZmw+Y4oUQVkwOsHO2nKuAl9Ombg:YuQ+vkHVHAa8jFUt8JzxSg/+JjQV51Hp |
MD5: | D7FBFE6D77DA85BC2D2B84EE4595D667 |
SHA1: | 4E6234D324A745426510129B0073FFF7C966D2A1 |
SHA-256: | 10ABFEC8A066DC8C9F7687891EDC23E98770BCB6819553DB1B53B25339C75E38 |
SHA-512: | 47A5AA0C3222874D95BD3264AB7F9787404ADEF90E96C8D5B242EDDCB4CCDC7ABDE3CB472F698A184A1A663C10B0F78BFEAD0DD814E6476F767A662DC91BA143 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.14217585139798 |
Encrypted: | false |
SSDEEP: | 6:H4uQ+q2PsHO2nKuAl9OmbzNMxIFUt8Y4zmGSgZmw+Y4oUQVkwOsHO2nKuAl9Ombg:YuQ+vkHVHAa8jFUt8JzxSg/+JjQV51Hp |
MD5: | D7FBFE6D77DA85BC2D2B84EE4595D667 |
SHA1: | 4E6234D324A745426510129B0073FFF7C966D2A1 |
SHA-256: | 10ABFEC8A066DC8C9F7687891EDC23E98770BCB6819553DB1B53B25339C75E38 |
SHA-512: | 47A5AA0C3222874D95BD3264AB7F9787404ADEF90E96C8D5B242EDDCB4CCDC7ABDE3CB472F698A184A1A663C10B0F78BFEAD0DD814E6476F767A662DC91BA143 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000001.dbtmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16 |
Entropy (8bit): | 3.2743974703476995 |
Encrypted: | false |
SSDEEP: | 3:1sjgWIV//Uv:1qIFUv |
MD5: | 46295CAC801E5D4857D09837238A6394 |
SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 108 |
Entropy (8bit): | 4.604703155082988 |
Encrypted: | false |
SSDEEP: | 3:U+klXt1HcZUV/TW1g9OvM11HcZUV/TSlBHr:U+klXtVnV6GOMVnVmnr |
MD5: | 6B8E12338F874A0602998C0EB718A75A |
SHA1: | 49F9ACC8AF1EC396DD8F0A767AD3EC7032358757 |
SHA-256: | A1CFC142EC2B1AA3526D02CCA4478492E9C6131A4D8B8D8B09A0DDD31B736F2B |
SHA-512: | 43E83BE6B7AF67749E28722DCB8FBD8058CF58261070272F9F42FDBC3E9BB99E9BF415E1C31D543440ED74FF44B6498126AB3DE6861D3A4BC60DD0E8A886BC66 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\CURRENT (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16 |
Entropy (8bit): | 3.2743974703476995 |
Encrypted: | false |
SSDEEP: | 3:1sjgWIV//Uv:1qIFUv |
MD5: | 46295CAC801E5D4857D09837238A6394 |
SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.18639392703946 |
Encrypted: | false |
SSDEEP: | 6:HTwo1sHO2nKuAl9OmbzfXkrl2KLlVTwCYVq2PsHO2nKuAl9OmbzfXkrK+IFUv:zwXHVHAa8/uLLwjvkHVHAa8/F3FUv |
MD5: | 33694096FD011F3CEE7991B9DD9C3944 |
SHA1: | 3C3EBA39B6886B75C0B9E2D011E6FA2C395D08F1 |
SHA-256: | 01711587B43F6EB50E73212A097B8211BBBE6BA0A0575A36A87BC92DBB1A4F4D |
SHA-512: | D6DCD35818B4B4E39A5FB364763A649CA39BC6FCB76847AF377AB79A442DACFE30724F79A7DA0A06ACA69FA736640E26AD02799395E38E0C913CCAE1AAA3313D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\MANIFEST-000001
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41 |
Entropy (8bit): | 4.704993772857998 |
Encrypted: | false |
SSDEEP: | 3:scoBAIxQRDKIVjn:scoBY7jn |
MD5: | 5AF87DFD673BA2115E2FCF5CFDB727AB |
SHA1: | D5B5BBF396DC291274584EF71F444F420B6056F1 |
SHA-256: | F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 |
SHA-512: | DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16 |
Entropy (8bit): | 3.2743974703476995 |
Encrypted: | false |
SSDEEP: | 3:1sjgWIV//Uv:1qIFUv |
MD5: | 46295CAC801E5D4857D09837238A6394 |
SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 126 |
Entropy (8bit): | 3.6123534208443075 |
Encrypted: | false |
SSDEEP: | 3:G0XttkJcsRwI9tkJcsSaJkG3mH2lztzlkzXlfmH2lG:G0XtqcsqczaJf3mH2lztzl4mH2lG |
MD5: | A05963DD9E2C7C3F13C18A9245AD5934 |
SHA1: | 15A87493591860C6C22499DF3A705ACB3CB466BD |
SHA-256: | F40B7EF0FE0B676871403B8DD21CE42AF8E482DC8B81F09D93CB2C48CCD112B4 |
SHA-512: | E67833950A3DB8D4C27FC851C7DF9AEBB85699024F805E98A2951E9E9FC3B606F10EAD23CE0A3B97484A18A9A52520540FB29787178BFEB9FBD8D46D0AA492A2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16 |
Entropy (8bit): | 3.2743974703476995 |
Encrypted: | false |
SSDEEP: | 3:1sjgWIV//Uv:1qIFUv |
MD5: | 46295CAC801E5D4857D09837238A6394 |
SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 303 |
Entropy (8bit): | 5.16031935001652 |
Encrypted: | false |
SSDEEP: | 6:HTwN/1sHO2nKuAl9OmbzfXkrzs52KLlVTwgYVq2PsHO2nKuAl9OmbzfXkrzAdIF2:zwNmHVHAa8/N9LLwgAvkHVHAa8/iFUv |
MD5: | 95EBF90CA73B35511DB832D0CE7642D2 |
SHA1: | 01C81E153142E576ECE38E3B538CEA472C308BFB |
SHA-256: | B9F452A446D92AA14A910665D7C5D3B44DA28C2ABEF1F4485CD500FC4DFDB9C9 |
SHA-512: | C0B88799EFB884891F01CC1BFDFAF54DF9D2047F4A17698357FCCBC38CD80039BA45A2AD30A9BEDBAB27E17520AEBF8703C622E1615A529716940E06DE2E3AFB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41 |
Entropy (8bit): | 4.704993772857998 |
Encrypted: | false |
SSDEEP: | 3:scoBAIxQRDKIVjn:scoBY7jn |
MD5: | 5AF87DFD673BA2115E2FCF5CFDB727AB |
SHA1: | D5B5BBF396DC291274584EF71F444F420B6056F1 |
SHA-256: | F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 |
SHA-512: | DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241120083823Z-182.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 3.2435283055240207 |
Encrypted: | false |
SSDEEP: | 768:si3+ylBNk2EX1CgWvX3OjrvJChvQfj3MFexBzki5cMCXKiPQ27NCh0h:sRylHk2E4r6V5q |
MD5: | 49FBE601BB189C0E1DB599F8445974F4 |
SHA1: | F5DE3210B7E6BF70E656BBF4B9281C8F00245CA0 |
SHA-256: | 6274FF8B8FB123DB5D0481AC1E95B036AE48835E3BCCB04C7FD645286F80CFDB |
SHA-512: | B99D9001AC650999048DB8ED49CA6F9D4C77E2D5AD5DE75C234A499473A2B9F011F8BFD10C8EEACC936AD0995CE50D76F30F1BDFFD70091AE41FF2054938B51E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444742297700738 |
Encrypted: | false |
SSDEEP: | 384:ie5ci5ttiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:dGs3OazzU89UTTgUL |
MD5: | 17957FEABAB4A23D5F507DF54CC98440 |
SHA1: | FBD184B737FD2A2F23EA1F588B44FB730D4861A3 |
SHA-256: | 9C0CCE0B47B849B9040CAF6EB651CCF1AB9DE939D6EE4D3EFD9B79B921C19B25 |
SHA-512: | CCDD564E821DD48DEDEB89E5EE00310FF3283ECA9B394B22E0D3FBEF13AE19AD25DCE8F3BA70ABF69676F4F86CF7A0072AFCA56AC40F7163D3796116DA4C6049 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 2.2104256434422287 |
Encrypted: | false |
SSDEEP: | 24:7+tjAnuwKBmqL0MzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmff:7MsnCEq/mFTIF3XmHjBoGGR+jMz+LhX |
MD5: | BBCE93CFD342B6EA74E14322C2C29DA6 |
SHA1: | E05CB2AC950A4E675F486564493EC483CFDC7FF3 |
SHA-256: | 8DE614300B7BA027D6EC4B1092A4E33B0292F7AE698EA89C53034C16DBB7EB0A |
SHA-512: | 2FD530C68EBE7741EB83D14B067A531B39966AAD76BBD201BE2774C746EADEBB68CF84F496753F2FECB7BAF2018FB2EAA159B1173A64DF6C91E0C34A74F7EFAE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7582608629891827 |
Encrypted: | false |
SSDEEP: | 3:kkFklGt2evfllXlE/HT8klHvNNX8RolJuRdxLlGB9lQRYwpDdt:kKft2PT8s1NMa8RdWBwRd |
MD5: | 8A25250BDE3484A948E09F347F47242C |
SHA1: | 8A75E4EAFF31EED00773D8AEA8AE519D1BC4B430 |
SHA-256: | F75B62120E1D02EFF69B0DEB160F2C2C8BDD5100711C9292D519F0E4C096693F |
SHA-512: | 827F678392220158C399E769A6D71AA2BC5B9F8DFC0EFA21C0412089234AE58C1851799B42A9CD5E1B92DB07196C553E23950DD615D3817EE710ED9DD120261F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 328 |
Entropy (8bit): | 3.144086598890895 |
Encrypted: | false |
SSDEEP: | 6:kKc9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:XDnLNkPlE99SNxAhUe/3 |
MD5: | 4FDECAB9999D7CB3408FF88A902557C5 |
SHA1: | DE715D3F5A7D39B2953EE719B98AE7A65DD008E2 |
SHA-256: | 10F618A41EAC29E2BA759229137325F90319F61CE599051116F7248C2D0D659E |
SHA-512: | AFB2F9A9108D3D45F72811DA23605708B92AF6ABAEE553FBE7C44DAEF44B5BEB4232A7662A08EDABF56C1F4C27108EECD0BC408D324CE559F76271C267CA694C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.360739329060337 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsAVFKVNIcZKxjx6mJ0Yt/EeoAvJM3g98kUwPeUkwRe9:YvXKXsskIJxjx6m50GMbLUkee9 |
MD5: | 1853205F333304A9EE356983DC3CEEF0 |
SHA1: | 174262E74E02939D9B9F4842CAEE292EDD90B00E |
SHA-256: | 1EBD5C13C4D64EC385190EDECEF3143618A9F96CFA6EB92E5957EBD399ACD601 |
SHA-512: | D9637647017D9A75F811B046F09DBD080282EF61368B57E1721677DCA24F694D4497B1C3E2B32E97901C96D28330EFA02D5C596312133FFD626654F1A5A09A2E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.311561970852877 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsAVFKVNIcZKxjx6mJ0Yt/EeoAvJfBoTfXpnrPeUkwRe9:YvXKXsskIJxjx6m50GWTfXcUkee9 |
MD5: | DFB82C4CA00B544441CC6532E80211D4 |
SHA1: | 60381A8E834ED923CF3A9857E35B1651FA32D8D5 |
SHA-256: | BEE2B3696A3CC2E56194AD7AE3CBCEFEDB89D7D1453C7FA6F3B742E165970F6B |
SHA-512: | E4DDF37EC24884F0DE9FAE639235C465193D5BE5B5AFF3A63CADD153748408399917DC5B60C9F9B328864CD6BB14FD8CFD712D13643F487120F0197920A67538 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.289961289721308 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsAVFKVNIcZKxjx6mJ0Yt/EeoAvJfBD2G6UpnrPeUkwRe9:YvXKXsskIJxjx6m50GR22cUkee9 |
MD5: | CF569EFEB26D762E26CFAE788AC458AF |
SHA1: | 704B65C43863ED5862265764593C534CE69D7D47 |
SHA-256: | BD9A633DBFA22433ED222A2969EBA7CAB321C359D4C009B9F66F3098CC7502F1 |
SHA-512: | 4401AE07FFF3556E4D50AEB37702585634C60B3E78EC60290D1CD77631EB6849BDCAA39DAF93F89B2674AD8FBCC798EBC3FC02490691F5F07E7B5EE3A5B2F82C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.34674374063939 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsAVFKVNIcZKxjx6mJ0Yt/EeoAvJfPmwrPeUkwRe9:YvXKXsskIJxjx6m50GH56Ukee9 |
MD5: | BF22151A82A343B5C3657B350195F87C |
SHA1: | 053585A79C2C46F9576E13EFAA592985415139C8 |
SHA-256: | A4A33665072F075FDFDED91536C00523E87D9A4EB053C41E6AD53ECC70F17019 |
SHA-512: | 861D3796EB0971C849BABCCD322A685229FA015FE545F7AA65B1C8AC059CF1EF0046260F4844469544F0D03304C9CB1211C49FD7936E1ADA96A96AF6A1851C89 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1123 |
Entropy (8bit): | 5.692462899572956 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xssjxd6apLgE9cQx8LennAvzBvkn0RCmK8czOCCSI:Yv3sjx8ahgy6SAFv5Ah8cv/I |
MD5: | 66045AF2B62CE11A366F54F076DC021B |
SHA1: | 87B1E43E216C5B91B8F8C2C30C195F05BB9CB6AA |
SHA-256: | E715B93094CBDD2748B66106D9C58CE63F90B09EB11216868A0E5B0405BFFD28 |
SHA-512: | B27B8D588A0FD54585D29616FDB75CBE6ACB9709D00191E70F5C82C66C9E19F44A66D227D96C7B3971B192CDB37050C7A2FE09E540F80457A9AE5892F0F5227C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1122 |
Entropy (8bit): | 5.686779838331596 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xssjxd68VLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBB:Yv3sjx88FgSNycJUAh8cvYHu |
MD5: | C885D1A06C2744DAB352E1F5F591A4BA |
SHA1: | E730331B1463EA78D5D8689A3A64DADC6196748E |
SHA-256: | 7013A9CB48CF324F9BE59527BDBEC221149C87AA847D8A06F4EC1AEFE940A1EC |
SHA-512: | 7E529ABB9641403D6184A28BE1A3387B6C272CFB945CD4E12F6F881104446C6C879E584B706D1A411B157FD54F12F56D8D112AD0BEC7E903A7CA04CE34D76A66 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.301796542128766 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsAVFKVNIcZKxjx6mJ0Yt/EeoAvJfQ1rPeUkwRe9:YvXKXsskIJxjx6m50GY16Ukee9 |
MD5: | 31F423FAE6D922433EEFC1C6E113BFD3 |
SHA1: | 040F5226E395F8F60711E7CCF56A2B23D343E4F0 |
SHA-256: | B7D2C5DDE76887073FB0889AF514082073AF281C81387C9963AC5150C425AE90 |
SHA-512: | 4F7460D1C38003C1141982BEA5ADCF9D338DA8CE9295F870CFF921F88C96C18E2DBBA8A94D732813F9EA5D6D6E127EE76A55E2AE9F2C0F0D9C591668465E8A6F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1102 |
Entropy (8bit): | 5.675444420012059 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xssjxd6h2LgErcXWl7y0nAvzIBcSJCBViVB:Yv3sjx8hogH47yfkB5kVI |
MD5: | 0B6CA35BBF6A286C69D6F0F1453EA070 |
SHA1: | 4394FAF9186DC79BE3BD34F9AEBB94D5432C5A6A |
SHA-256: | A8D90E3AFB7D4D6995E3F338853BCE21D5479711CC72C41C5F9ABE3B5E5B4BF0 |
SHA-512: | 46F4F2D4FF4BC84DD13D9734EA393A7B73607D6FD04D1D99027B40B533CFE134F34A71A6A6AF649C1A6ACFBAC4C70742BC6EAEF9D18EAEF2CE13B2A93D231E84 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.70278007948475 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xssjxd6hKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5B:Yv3sjx8hEgqprtrS5OZjSlwTmAfSKH |
MD5: | E9374867A540B96C9E09F1E6036534FC |
SHA1: | 4FFC0B209C4706B23B1F96561E88789FA0E0EC13 |
SHA-256: | C1D7543E6449710540BFD8933CBB42CFDB8F90E8F2C81E7C762FB997A0C5DA91 |
SHA-512: | 6728B9540341948622AC9370602DAA35AA2C47BEF4F5A0891D38992CB82B13CCEC8AEB4CC1F254038589A8E9CB966C83C1CA57F0D5B35D67F05EA1134AF06BBB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.307560173794599 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsAVFKVNIcZKxjx6mJ0Yt/EeoAvJfYdPeUkwRe9:YvXKXsskIJxjx6m50Gg8Ukee9 |
MD5: | 480BD9EDEAA8F599C2165BE2E601272B |
SHA1: | F282BF79F1ADB5D2D63E69E448B2B91B888E32B2 |
SHA-256: | 75D3A9BEA771CD97826927DC1D11C95CA59FBCD993347C879B981B41FEFC538F |
SHA-512: | 42C25AD07F3548B44CA04BC5D93EB77887DFBBC675869FDD24533F16F5A61DFA6F50F2EA412ABFBFFF3C6E352B11BE8BD4CE9EAA2F7078F08AE5D2579DFD545A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 284 |
Entropy (8bit): | 5.293425946735745 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsAVFKVNIcZKxjx6mJ0Yt/EeoAvJf+dPeUkwRe9:YvXKXsskIJxjx6m50G28Ukee9 |
MD5: | 18396041204231399BBC462352ACC8BA |
SHA1: | DBA3AB6DA68A09BFF6E5B373ECDA0D36E3642A61 |
SHA-256: | 84B51BB4FE13E6D6461AF54FFF9F3656CB1A4B7401ABB8B0146187B11881D6EF |
SHA-512: | A7F17128ED65518F99C9F43E266929DD12006BA9D433BD846F2C362C596DB1A1FDF4C1B744D4B678B05DEAF744EDF7378AA4FD9213AF3C5D43FEA6FCF3415E06 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.291055311511111 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsAVFKVNIcZKxjx6mJ0Yt/EeoAvJfbPtdPeUkwRe9:YvXKXsskIJxjx6m50GDV8Ukee9 |
MD5: | 5738A5176BD402AADEE171AC465C03FC |
SHA1: | 444F4DFE0AF5E590DB235293E6FF9312BFF5EAF3 |
SHA-256: | FEF582DCA0A5A2159D7195C0172ECE9B9D918EA8AF9A8A8AF5D23785D45DE18C |
SHA-512: | D5AA4D10CF80125E313ACB43C490FACB8DD174B29B44D5AD965C3737F742C6964BB7D4CB0BA95C3916D67F205B0B25DA0B3561E7CEE7ADF7A13B25E93CDBA58F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.292518794278666 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsAVFKVNIcZKxjx6mJ0Yt/EeoAvJf21rPeUkwRe9:YvXKXsskIJxjx6m50G+16Ukee9 |
MD5: | 54C497B765B767BD3DF0D80F22A84AA7 |
SHA1: | 350BA2CA71A0D3E35F08974446C8BB2012D4E6C5 |
SHA-256: | A2289E74EE7F170C25D89689A2114E5FE436B438D736B8059E04FAE0121A1D40 |
SHA-512: | EC8F4C25E7172D05FE502050DD7347B69354527F5116AABD2CD93DC252BE99A143D33AD4B59853F2FD63687822049E3D013344B170040E2FFEE6CEC0FC5E7FF1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1090 |
Entropy (8bit): | 5.665893050544167 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xssjxd6GamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSI:Yv3sjx8IBgkDMUJUAh8cvMI |
MD5: | 24386251FC413FB4A56E581384E2DAE6 |
SHA1: | 292E0D64BA9B8EB5107FE49C50C7A4580341B285 |
SHA-256: | F86B94DD52515DA08C98A954CF9F035CDCEE7AF1C41835CD370525D94CA58764 |
SHA-512: | D8926BF21BE5F96D7D64207DB33F8559734D54B1D7CD0CCCBE35C45FFB593D4A6E027AA293D8AA8EC05DBEB684C786933C2FFEDC1D8775E6B17D369BA148EA44 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.268894059405946 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsAVFKVNIcZKxjx6mJ0Yt/EeoAvJfshHHrPeUkwRe9:YvXKXsskIJxjx6m50GUUUkee9 |
MD5: | 500BFA276E0BC6DF43AAC89E1B9360AF |
SHA1: | A504D12491687D4BBF9574A63CD9F29A69E4EA68 |
SHA-256: | 6B9839268E5C62852DF1ED5A3FB08487C04505A1DF5E5EB99D58F20735A14D0D |
SHA-512: | A39950E849A43AAFA7E3E8CA55C3B2F234040A301A857B309317F9FBDB3F3927ADB75D3D797571F02D97BCEAAE9D4BE340CAB8BD0A1EA461CC1C7126406A8684 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.372865865567789 |
Encrypted: | false |
SSDEEP: | 12:YvXKXsskIJxjx6m50GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWV:Yv6Xssjxd6R168CgEXX5kcIfANhI |
MD5: | 2EC80CD7938CA4D268DD8F03E0460CAE |
SHA1: | 6E6EB4763856D1B5370CE34287631919AD0F4DD4 |
SHA-256: | A2A672FEE61F589884056E4D61F8C067AFA29302A1BDE2210B297FB148883143 |
SHA-512: | 59848DCE8BE95C0CDB29E417BEB681ED917D8FFDFC37FF3A131790E0B435C52156D39741C26338CFEE6F211E2FDA070C396A14CAF9B90D9357CC9F105D885B8C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2817 |
Entropy (8bit): | 5.127420417515991 |
Encrypted: | false |
SSDEEP: | 48:YgEVR3TxUAEC7wcLeA47C7F4bfkpNRneo59kf:REVJTC5ELeAKy6MpN5pkf |
MD5: | 82AED75A92E72F3EA9CD99F18299480F |
SHA1: | 886EBD407B50ACDDDBA6E55640A710F1DCECA8AC |
SHA-256: | DC3940DD52A742EC9DB510AA0CA94F5F7D83B1F44A6D70A4C59AB700CE8FA52E |
SHA-512: | 3D69411296304AAFDAF7E5484702423F2C229F27632CDCAB2107A591B2D7C28B86637321A88A680E451F9D2A1066789CFF54DCA4656E9136E5B764A650075FB1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.3566718747551323 |
Encrypted: | false |
SSDEEP: | 48:TVl2GL7msncRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22LZZPI5BvP5ZPq:vVmssZnrFIZWtBZS |
MD5: | F327B4AAE8584FF293719232B0D51A8F |
SHA1: | F102768C432E9023E56605A632215250619A3751 |
SHA-256: | 8B945A89D8B2B5BE41CEB629100CE4013E062FAAB1BBC96EDCE5C47474732CE3 |
SHA-512: | BD8DA5E37DC42EE3742548AB35B284D39147D6BA25EC139525740C40D5F085A2BA2204FE821BD89EE454BB4FBF557C9FB5BD81C1208746763A0A86E91318FE5E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.8302247571434582 |
Encrypted: | false |
SSDEEP: | 48:7MdWcRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22LZZPBBvPxc1qll2GL7U:7EZnrFIZptAqVms4 |
MD5: | 6F1D82DB5CE787B6424B48B9629BB123 |
SHA1: | 36A4667F7880B3F7BE62FC9AA58608E9EC6DCA45 |
SHA-256: | 443006892359B903EBFE6777EAD6C14E59F5FFA9AB56DDAE4FCD5720A0A2E51D |
SHA-512: | 5C0435E4F0D47F46F1B8F153B29D148BF2E3BD827C66B8B9049E018593B8D5D630F290B2EFBAD23B536C1A6B17213DFB609B29B2C936D81A74EA72A0E4B36791 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgv9hGKqUjMcVbeBxrj05qGVNfag9Yyu:6a6TZ44ADEvDRqUAcaxrjUNCaK |
MD5: | 3D25F271E5D5231FABED8116F8B48235 |
SHA1: | 69265C44FDD644AD77C95B3AB0F4A39981A9D76E |
SHA-256: | 14F4983D786708F8FF98B7552503A17AA1E54536A258E039EFB2AFE1B2B6CFBB |
SHA-512: | 6915D49ABD17B0549E3271D988849DCB701BEA03396C1B787169D783B49EF6F8F34DBC26B4D2080D809E4AD64DCB629BAFB7B04D93C51EF093557214E5A528F8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5162684137903053 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8QOOltiNYN9:Qw946cPbiOxDlbYnuRKZOOX0YH |
MD5: | 45C327897F697D737D6AD714F2F55462 |
SHA1: | 6F01F32455519517282AC0A253705615B6D3C87F |
SHA-256: | FC80D7520618BCA4780D9E63792EB30E7CDD722FD2DE82ED56B07AAD7A98705E |
SHA-512: | 84DF568AADFBBCA3D1F93A170CB927BB3179282B404502A22D6CA6DA02DF7254CA93E084D4668B7234D2E6CD6030A11A631849A42FA814AD2D42912CF83E85E6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-20 03-38-21-702.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.359827924713262 |
Encrypted: | false |
SSDEEP: | 384:yNDmLJAZYTtvEcrd/GVMimVRMTzpCeb9sJVPbvHktuFKr4Bnk2DfNSNq8iwyhZ9u:bAPaRH9E3/ |
MD5: | 06DEAEDB81D09FD8FB5FF668D8E09CB2 |
SHA1: | 28A02BCBD5975117B97A08AFB049F2C94F334726 |
SHA-256: | D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64 |
SHA-512: | 948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.336566987942526 |
Encrypted: | false |
SSDEEP: | 384:m6mLmmgEK03Hr9JnKFMTDWhogTA0qUkUUUCUkU1UxUrUNUVULUMU5oxo+/t6C110:ql8HXxHG6g+mAvqO1Nd8YTA/AUM |
MD5: | A8DBC473B7E94436EA9569190CC1E4FE |
SHA1: | B38D1620D8046714A31B3EF900E1C752DFF42B33 |
SHA-256: | ED31035A57E23588B65E859031EFB4EA3610C52FFD132324EA7888F360F6CA01 |
SHA-512: | DD119CDED765A5996C8512CE7358A54914CBD62C6D81324959C098D06C74DDB5B2FBE8D8A6DDBF1E9AD82ACE87DA6F0AF0C877ACFA376AA39682F78D78BB065D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35721 |
Entropy (8bit): | 5.420983985650666 |
Encrypted: | false |
SSDEEP: | 192:fcbmI6ccb9cb+IqccbdcbIIl3cbXcbWIS+cb4cbIIJzcbScbdKIjLcbh:g6sqGlVS/Jazjo |
MD5: | E9917CC18F353AC0A4357C1B6DC509D0 |
SHA1: | D0AC7D8E137EDC334D4A728C14020B52D04617A0 |
SHA-256: | 7DDAF411425D972D67455D20B1BF5DF7A7E873B9613AC4D2759CC0B581480EDF |
SHA-512: | 09480A2A0640CB2B0B1EC3EB6C7A547728198211D8587F09F93D7CAE688325473CCA2794CE4D5DE1E042D33B2ECF6FE2B2D83B98B9F7DE4AF206BE45C84F6E9D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xaWL07oXGZGwYIGNPJwdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JaWLxXGZGwZGM3mlind9i4ufFXpAXkru |
MD5: | 0A347312E361322436D1AF1D5145D2AB |
SHA1: | 1D6C06A274705F8A295F62AD90CF8CA27555C226 |
SHA-256: | 094501B3CA4E93F626ABFCAE800645C533B61409DC3D1D233F4D053CE6A124D7 |
SHA-512: | 9856C231513B47DD996488DF19EEE44DBB320E55432984C0C041EF568B6EC5C05F5340831132890D1D162E0505CA243D579582EDB9157CF722A86EC8CE2FEAFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 543911 |
Entropy (8bit): | 7.977303608379539 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121D1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9UZ+bvHs:O3Pjegf121DMNB1DofjgJJJJm94+g |
MD5: | 5B21A6981E55EF9576D169BBED44BCDB |
SHA1: | B3A14100B7E7C2C01D61B010A54937952D111E20 |
SHA-256: | 9555E661370D1DC26605DAE88BDBC1ABA68038C769BF6E354A256B1A1C4C110E |
SHA-512: | FCA72A5131D8780A17DF65BBFF37FBA88DBEA3B7AE991C3D893B21B9E6C1EED44DC12945C8DA39DE471FAC5013BE71D43E5BBB892994742BC33EF5934469B1B1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje |
MD5: | 716C2C392DCD15C95BBD760EEBABFCD0 |
SHA1: | 4B4CE9C6AED6A7F809236B2DAFA9987CA886E603 |
SHA-256: | DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8 |
SHA-512: | E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98682 |
Entropy (8bit): | 6.445287254681573 |
Encrypted: | false |
SSDEEP: | 1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L |
MD5: | 7113425405A05E110DC458BBF93F608A |
SHA1: | 88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF |
SHA-256: | 7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46 |
SHA-512: | 6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 737 |
Entropy (8bit): | 7.501268097735403 |
Encrypted: | false |
SSDEEP: | 12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa |
MD5: | 5274D23C3AB7C3D5A4F3F86D4249A545 |
SHA1: | 8A3778F5083169B281B610F2036E79AEA3020192 |
SHA-256: | 8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97 |
SHA-512: | FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.962174827002139 |
TrID: |
|
File name: | Resume - Ms. Kyi Kyi Oo.pdf |
File size: | 9'115'944 bytes |
MD5: | 1c41f617e44bc8e620cc682573cb8363 |
SHA1: | c1a10c8aab66733f910546b09d5f4b1fb0d3d5e1 |
SHA256: | ec74560f1c40aadec1a061cc796411806aef5d32eff94a855fa679196fad15a4 |
SHA512: | b41a21015bd1eb592166f821629ce880034b0d3b41377c93434287f0fea2abef7c2a65c7106090b389df2dfe0578bc01a818c21f91809e8966c48fbc6e4a10b3 |
SSDEEP: | 196608:vjXwQYpfPiUZaafLbHLic8gaSJOfEePKVujH/:rnYNcArilg9OfEeFf |
TLSH: | 7A96E063857CC8ABCE4783F47E725FEF514F764BF0D961F681150E9E2100E6A6AAE021 |
File Content Preview: | %PDF-1.4..%......1 0 obj..<<../Type /Page../MediaBox [ 0 0 595.56 842.04 ]../Resources << /ExtGState << /GS7 2 0 R /GS33 3 0 R >> /XObject << /Image5..4 0 R /Image8 5 0 R /Image10 6 0 R /Image12 7 0 R /Image14 8 0 R /Image16..9 0 R /Image18 10 0 R /Image2 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.962175 |
Total Bytes: | 9115944 |
Stream Entropy: | 7.974754 |
Stream Bytes: | 8768898 |
Entropy outside Streams: | 5.046128 |
Bytes outside Streams: | 347046 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 2386 |
endobj | 2386 |
stream | 1655 |
endstream | 1655 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 13 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 14 |
/JS | 1 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
4 | 2000500000000000 | 66f675af31d3ef437f11854d7efad846 | |
29 | 2000500000000000 | 6ba743666d860dc80d74344fbc11290f | |
5 | 82556932b24d4d92 | 87f5e63a34baa778390d77ef092b99ce | |
30 | a2556933334d49b2 | 3013a5e754ed760d78c5b61f689f5a64 | |
6 | 90480089c4e47bbc | 17e4169abafbf703cbc436a4722f82ce |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 20, 2024 09:38:32.944820881 CET | 49716 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:32.944873095 CET | 443 | 49716 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:32.944972038 CET | 49716 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:32.949414015 CET | 49717 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:32.949459076 CET | 443 | 49717 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:32.949538946 CET | 49717 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:32.949711084 CET | 49716 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:32.949738979 CET | 443 | 49716 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:32.949876070 CET | 49717 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:32.949891090 CET | 443 | 49717 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:33.502475977 CET | 443 | 49717 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:33.503079891 CET | 49717 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:33.503108978 CET | 443 | 49717 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:33.504621029 CET | 443 | 49717 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:33.504700899 CET | 49717 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:33.507538080 CET | 49717 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:33.507689953 CET | 443 | 49717 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:33.507863998 CET | 49717 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:33.507874966 CET | 443 | 49717 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:33.532269001 CET | 443 | 49716 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:33.532785892 CET | 49716 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:33.532814026 CET | 443 | 49716 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:33.533914089 CET | 443 | 49716 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:33.533999920 CET | 49716 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:33.534387112 CET | 49716 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:33.534454107 CET | 443 | 49716 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:33.553097010 CET | 49717 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:33.585076094 CET | 49716 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:33.585113049 CET | 443 | 49716 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:33.615015030 CET | 443 | 49717 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:33.615115881 CET | 443 | 49717 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:33.615190983 CET | 49717 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:33.615766048 CET | 49717 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:33.615789890 CET | 443 | 49717 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:33.633111954 CET | 49716 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:38:52.531671047 CET | 443 | 49716 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:52.531760931 CET | 443 | 49716 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:38:52.531841040 CET | 49716 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:39:37.537538052 CET | 49716 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:39:37.537559986 CET | 443 | 49716 | 23.47.168.24 | 192.168.2.17 |
Nov 20, 2024 09:40:22.538741112 CET | 49716 | 443 | 192.168.2.17 | 23.47.168.24 |
Nov 20, 2024 09:40:22.538827896 CET | 443 | 49716 | 23.47.168.24 | 192.168.2.17 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 20, 2024 09:38:32.967487097 CET | 55324 | 53 | 192.168.2.17 | 1.1.1.1 |
Nov 20, 2024 09:39:58.723014116 CET | 53 | 63279 | 1.1.1.1 | 192.168.2.17 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 20, 2024 09:38:32.967487097 CET | 192.168.2.17 | 1.1.1.1 | 0xff1 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 20, 2024 09:38:32.976305008 CET | 1.1.1.1 | 192.168.2.17 | 0xff1 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 09:38:56.520535946 CET | 1.1.1.1 | 192.168.2.17 | 0xfd71 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:38:56.520535946 CET | 1.1.1.1 | 192.168.2.17 | 0xfd71 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:39:20.575519085 CET | 1.1.1.1 | 192.168.2.17 | 0x5204 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:39:20.575519085 CET | 1.1.1.1 | 192.168.2.17 | 0x5204 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:39:44.664021015 CET | 1.1.1.1 | 192.168.2.17 | 0xcbae | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:39:44.664021015 CET | 1.1.1.1 | 192.168.2.17 | 0xcbae | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.17 | 49717 | 23.47.168.24 | 443 | 6416 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-11-20 08:38:33 UTC | 475 | OUT | |
2024-11-20 08:38:33 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 03:38:17 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff67a970000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 6 |
Start time: | 03:38:18 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff759e30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 7 |
Start time: | 03:38:19 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff759e30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |