Windows
Analysis Report
P.Adv Form TRC informatica S L.PDF
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 3840 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\P .Adv Form TRC inform atica S L. PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 4712 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5528 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 16 --field -trial-han dle=1712,i ,106498136 8730140874 6,10568959 0599104816 76,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1579942 |
Start date and time: | 2024-12-23 16:21:11 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | P.Adv Form TRC informatica S L.PDF |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/51@1/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.218.208.137, 18.213.11.84, 34.237.241.83, 54.224.241.105, 50.16.47.176, 162.159.61.3, 172.64.41.3, 23.195.39.65, 2.16.168.102, 2.16.168.117, 2.16.168.105, 2.16.168.107, 23.218.208.109, 3.233.129.217, 23.217.172.185, 13.107.246.63, 4.175.87.197
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- VT rate limit hit for: P.Adv Form TRC informatica S L.PDF
Time | Type | Description |
---|---|---|
10:22:16 | API Interceptor |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.164467922245119 |
Encrypted: | false |
SSDEEP: | 6:30L+q2P92nKuAl9OmbnIFUt8Ya1KWZmw+YajLVkwO92nKuAl9OmbjLJ:kL+v4HAahFUt8aW/+BLV5LHAaSJ |
MD5: | 9D431129AFBE6F3F2F52E7265AFA0E56 |
SHA1: | 5FD4B099DA04145CA73EFB6336F8174987396854 |
SHA-256: | B4F509AEB96775F011B9C39BB9BAA5D2CEC38F583CD7E2A0C2FBF1C5D43BEEC8 |
SHA-512: | A09A15B0D990B6E0618B3058E9F970E7376898B9D1201C745A4EBCEBE7385882B9918501BBDC466FE082BC9CA0E3AEB92B9FAC0F487418AA7F4A53E5ED2F6296 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.164467922245119 |
Encrypted: | false |
SSDEEP: | 6:30L+q2P92nKuAl9OmbnIFUt8Ya1KWZmw+YajLVkwO92nKuAl9OmbjLJ:kL+v4HAahFUt8aW/+BLV5LHAaSJ |
MD5: | 9D431129AFBE6F3F2F52E7265AFA0E56 |
SHA1: | 5FD4B099DA04145CA73EFB6336F8174987396854 |
SHA-256: | B4F509AEB96775F011B9C39BB9BAA5D2CEC38F583CD7E2A0C2FBF1C5D43BEEC8 |
SHA-512: | A09A15B0D990B6E0618B3058E9F970E7376898B9D1201C745A4EBCEBE7385882B9918501BBDC466FE082BC9CA0E3AEB92B9FAC0F487418AA7F4A53E5ED2F6296 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.1754947489971785 |
Encrypted: | false |
SSDEEP: | 6:38qM+q2P92nKuAl9Ombzo2jMGIFUt8YVZmw+YwMVkwO92nKuAl9Ombzo2jMmLJ:sqM+v4HAa8uFUt86/+lMV5LHAa8RJ |
MD5: | 62072559BFF713164B6AACBC71041A7B |
SHA1: | F6B0543FBF2E85DD98AAAE3FEB2EA6E2F46B2DB7 |
SHA-256: | E0F27915B59A140F9644A4209AE71247335C5CEA5399CF8090A40F1BD19214ED |
SHA-512: | 47DC02A831915D5F3E49CD39D0924F2A6DEECE3A2BD789DACE614EDE2EF729CEA52D13E8E04AEA00BA7988AEF9DF162C16438A272456DD15D12AFF195CE3570E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.1754947489971785 |
Encrypted: | false |
SSDEEP: | 6:38qM+q2P92nKuAl9Ombzo2jMGIFUt8YVZmw+YwMVkwO92nKuAl9Ombzo2jMmLJ:sqM+v4HAa8uFUt86/+lMV5LHAa8RJ |
MD5: | 62072559BFF713164B6AACBC71041A7B |
SHA1: | F6B0543FBF2E85DD98AAAE3FEB2EA6E2F46B2DB7 |
SHA-256: | E0F27915B59A140F9644A4209AE71247335C5CEA5399CF8090A40F1BD19214ED |
SHA-512: | 47DC02A831915D5F3E49CD39D0924F2A6DEECE3A2BD789DACE614EDE2EF729CEA52D13E8E04AEA00BA7988AEF9DF162C16438A272456DD15D12AFF195CE3570E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5c38e3.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b9ea1759-22b8-4306-b4c6-0c0481f9ceea.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\dbb934cf-841a-4c56-ba29-f161714f0a16.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 579 |
Entropy (8bit): | 5.032582435760348 |
Encrypted: | false |
SSDEEP: | 12:YHgLdvFzoqBWsB6um3RA8sq40SsBd2caq3QH7E4TfF+:YALtFJB7JsRdsEdJ3QH7np+ |
MD5: | BC1244A67D55E9A8538BFA2E2040EB48 |
SHA1: | 478CB0DDAE73F6683B3C5153F2BA3979868B5FF8 |
SHA-256: | 9BF42183BB3890BC85580A0E917487DCF7D53BC58D3E0B304D4ED8E189FF1840 |
SHA-512: | 8F42933552607031AC7DB66D376ABBD6302F11C3E13F623C44BC363C2AD5A65B08BBF94B65BE4781B76222F005AAEA73CDF8318BA70584C4E958D3D7CBDD486E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.241508830973213 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUAfAnBMhImfYZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL2 |
MD5: | 422CF260653579B032E130DC02F4E31F |
SHA1: | 2157EC6CCAC8DBF56E70240E2AA0F64978286763 |
SHA-256: | 12B7B21F293575CD45267B9773292EDC20DDBCC43586026898AD6B3B8B0FA435 |
SHA-512: | 8A63A4D59004BF037908CD4A31A54AEDDDA316F4984ED76FFC489F4F3E4E0CEF7BBE443AE23383C0A900215F170B156B3C9003710B332971292F460D43A51716 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.197881231472661 |
Encrypted: | false |
SSDEEP: | 6:3aM+q2P92nKuAl9OmbzNMxIFUt8Y5sZmw+Y5HMVkwO92nKuAl9OmbzNMFLJ:KM+v4HAa8jFUt85/+sMV5LHAa84J |
MD5: | 9CED6211BE5FD5F9237D99EFA525454F |
SHA1: | 3E6F4E4000C6FF53BB1C3F82B8517D7FF5053A36 |
SHA-256: | 9334D016B9BA968B86D745F7B3556EFFDAEE77FD1465E2F14155C078C9768898 |
SHA-512: | E231278BED85FA2738B4FAC8F5851E4B079118CA364BB75A5E95439EFFDB409AD58C9E44B0F86E8DFE61B05367667DEF5ED8E913F309204B98E6C6C8550B9025 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.197881231472661 |
Encrypted: | false |
SSDEEP: | 6:3aM+q2P92nKuAl9OmbzNMxIFUt8Y5sZmw+Y5HMVkwO92nKuAl9OmbzNMFLJ:KM+v4HAa8jFUt85/+sMV5LHAa84J |
MD5: | 9CED6211BE5FD5F9237D99EFA525454F |
SHA1: | 3E6F4E4000C6FF53BB1C3F82B8517D7FF5053A36 |
SHA-256: | 9334D016B9BA968B86D745F7B3556EFFDAEE77FD1465E2F14155C078C9768898 |
SHA-512: | E231278BED85FA2738B4FAC8F5851E4B079118CA364BB75A5E95439EFFDB409AD58C9E44B0F86E8DFE61B05367667DEF5ED8E913F309204B98E6C6C8550B9025 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241223152210Z-157.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 0.6543637615523437 |
Encrypted: | false |
SSDEEP: | 96:A8FM2Cpb5+MSMLMx7K9NIxUhjXa/DMMWMMR:bm |
MD5: | D95792C74ED2C2C2A92C459C73423521 |
SHA1: | D45AE6EB05FE40778C2F0B779B7C15E20D806917 |
SHA-256: | 626C68CB32BED9CC3842C6A9E1B4EEC7C706E05DE881F97BB29DD136B29F70CF |
SHA-512: | 2C9F137B76C03E2D92DC974888AF049CE739E1A106932339F50230A4A6A0C8218378D593531A62D68B7F34BB930C34FEDD8BB66E12F38EB7443EC5AA66A5BA7A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7386214950254377 |
Encrypted: | false |
SSDEEP: | 3:kkFklHkNvfllXlE/HT8khBtNNX8RolJuRdxLlGB9lQRYwpDdt:kKxQT8o5NMa8RdWBwRd |
MD5: | ED3F0E0D486FA3D59D1E88BD83475192 |
SHA1: | 3426E29D9EB76809269E8EA6F01AC3D60EA32A9E |
SHA-256: | CAE0819E2F3609E1951C3CD8C8C8A27FD9521B8B81BAA0D349C542C3436E4AAD |
SHA-512: | 94149EE49E5CF81037FACA33081AF54D7428E45FE713287C3DFE3348EDA52D296582DC796F152374427E440CCDA4DDCB57B3F9F9761B5A043AA9CCB9F66FF64C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.1501841598665044 |
Encrypted: | false |
SSDEEP: | 6:kKRN9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:uDnLNkPlE99SNxAhUe/3 |
MD5: | 6B5AA5CD7D94D634A510ECA4D3DCC4B2 |
SHA1: | 052E6830C7F736BD739FA6C5C2BB73C4969671B6 |
SHA-256: | 2E915818389167B2760B61CFE5D83BD975A9FDCBEB1E54A9A073EC67311A2645 |
SHA-512: | 2606B631086A2642ED479B4FF127BE1529227B84FCD33E3929E3104F38CEB980582DEF505716CA383CC305327D01DAE4DF7FD2FCED4AC964E6D5087CDAE2CF57 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.339795649013964 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJM3g98kUwPeUkwRe9:YvXKX1ix1YpW7O/8sGMbLUkee9 |
MD5: | CECB26DADE3907B80C45347B1FFC2321 |
SHA1: | E33274C651902DD0A48D370C5D85F1EF65B74427 |
SHA-256: | 82AE6283F2B5313E5E898858FF873493B37480CB63AFE4C704BF5389957CE864 |
SHA-512: | 6B57024D92552FD1D3EA3510340340E3FB98536CE1A8A107F738833CBDE35A0A7BFA213971179013F44642336AFF808527748CE3211358943680FC2E18CFD279 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.277045360268896 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfBoTfXpnrPeUkwRe9:YvXKX1ix1YpW7O/8sGWTfXcUkee9 |
MD5: | 579478C941278C52B3A73915DDC86F31 |
SHA1: | 9F931EE67A1FBFC52562A0687D1B1C61C313B807 |
SHA-256: | C512603EBC2F20692A38447F46F74A3BA1BCE480E4A8B5A705D1C5C936BA1ABE |
SHA-512: | 145773A3FE6908BC973DA0C32358845BCD91AB406784AB571502BFA19C8144E30DFCE2173FA8A58212FC904325339D1B3A6BEFC0EC06B2E6F0DA31B352EF32E6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.255079189160315 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfBD2G6UpnrPeUkwRe9:YvXKX1ix1YpW7O/8sGR22cUkee9 |
MD5: | 3FA9DEE3592F2958D7DE56E81A1CC4C9 |
SHA1: | A649E632D324FB6437797127407755EC2449FBF8 |
SHA-256: | 6D0454CEF7AD0BB784C9C170E481BEB8C245F0F166CE44AE8110EC9EA37026DE |
SHA-512: | E58C3CF891F9452F9B31EB1B6AB3C4A9D4008C87C5BE594909F30AB1B42819FA9F9FF02EC03AA77202F2F2A5436ADBAD48EE4C8EA71F84FEFD66CD0CE260451D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.31786158851691 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfPmwrPeUkwRe9:YvXKX1ix1YpW7O/8sGH56Ukee9 |
MD5: | 2F6C0D433AFFC824551F1C5DC210ED1B |
SHA1: | 7894323B5905192FE0C592D4C26EDBC9626C91FE |
SHA-256: | F3174275D3F80DEE6D606906E2A98EFC8DAE44DAE96807F0E4CEBCE5F351DE8D |
SHA-512: | 629CAE2C295F008E06DED72CCEDFE0DBA0EAC3AF0BB945E7D195FE4BCB420DFE15044AE4ED83E0371159660E0547D3AEE9003D1F4ADEAA6A49460AC40D91D1D8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1123 |
Entropy (8bit): | 5.685778581599014 |
Encrypted: | false |
SSDEEP: | 24:Yv6XMwiO/spLgE9cQx8LennAvzBvkn0RCmK8czOCCSq:Yvbnxhgy6SAFv5Ah8cv/q |
MD5: | CD25258D6AEB74B9D1EDADEF7F91C22E |
SHA1: | A76C3C1C33F4C086E4384038339242FC501CA2EB |
SHA-256: | 494800D0E223026EB044A9E6FAA10DC0BB429412E06460D12B45E95BFFF99564 |
SHA-512: | B684B74269E5C0AFAE9C4A9E20E4F2A3591B87032C1586932C6A47211AD5E6743C342B38D1007FCB2465C6F9CBBEB1C8428C3A82C7D0C37B90626B409B75102A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.261711370652775 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJf8dPeUkwRe9:YvXKX1ix1YpW7O/8sGU8Ukee9 |
MD5: | 31F50BE75C0B2F50C1026119BB685207 |
SHA1: | DC7B3ACF1336D3D5AE29B43F32A7FDDAC0D2127C |
SHA-256: | 3C45B4A0E5B7590D5135D9D8107355EEB17B90D9393F2D3F13D24471DAD9219B |
SHA-512: | B3F55F9AA6BF306407783642E6978584BE1E5625A71C5A07D73D7234EAE4EF84BC5970FA96405211000F68574EA0AE0412399EB90DBDF41B70E739951F699EFC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.262164895438321 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfQ1rPeUkwRe9:YvXKX1ix1YpW7O/8sGY16Ukee9 |
MD5: | E4A1A479777B6B52E06BBD8FAE5C7E1D |
SHA1: | BFFA9D1D2006B90D040BE495CE5F08CDF4EDDB51 |
SHA-256: | 98D37604D4C805354A72644DACE41132A39452603A49720CD3068FEFA99EC60E |
SHA-512: | 8270E2BC84624C1DA842A41FF2EB9700B05100F4A5153FF599A17B48A692AC2813F0CBA9BB706BBEEECB5A58936A4F87AB58494BCD05A974C5D9F6EFAB84B4FC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2830993622664035 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfFldPeUkwRe9:YvXKX1ix1YpW7O/8sGz8Ukee9 |
MD5: | 610304F9C1B8799705C91ACC90893C78 |
SHA1: | FAE7FA412EF7C445F8B43E17BD9CDF67E1DEDA15 |
SHA-256: | 3862AABC2AF9CEE3CABDAE8E663CE168D75B8130721C8F9D4F4DBABE10BE01B5 |
SHA-512: | 19E5EFB4FEF4B1D472B9F1B757BD817FB80DC68977082D638D4F3F375A2F705F388E8686242866DB9DB5303B8E03B54E0CC92BD7CC3621B7632D6DAB333E5005 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.290831638612789 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfzdPeUkwRe9:YvXKX1ix1YpW7O/8sGb8Ukee9 |
MD5: | D5A5165685A71E6F30A452FD48666670 |
SHA1: | 9EBE1C32F360945D3E7284F4B4AC9D9565AFE775 |
SHA-256: | 6B800844A7FF61B9A36A838E634B9DB181C62960685B0627AB52AD1E346DF863 |
SHA-512: | F7C0FF983EB9980FCDF84DC3175CC5C504FCFA6A42EEE22757DC230242B18A03C1985B0E6C86C409B957CF64F36F2F98D9545378EEF2F2C8D0F5B53D7362DF6F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.270276998851291 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfYdPeUkwRe9:YvXKX1ix1YpW7O/8sGg8Ukee9 |
MD5: | DEAB7DBA5AFD23C6C005FEE0A6D28330 |
SHA1: | 4E350A75016EF9CE1469A6966203C85CB1C4FEA7 |
SHA-256: | 856943C7E93695366EF18CDE51FDF59AC8CFC28D5AD2674A31023131D9E6AC9B |
SHA-512: | 609A9B5F1DCA977D498E05BBBF8FBCB3A881955200220CDAC10BFCFA75B454EE2057F443D54805A38FA2710B3C658C18C6AC860B8B37C641F13F58421128D547 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 284 |
Entropy (8bit): | 5.25638543302088 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJf+dPeUkwRe9:YvXKX1ix1YpW7O/8sG28Ukee9 |
MD5: | B177846450DCA1FF32C459249F96EFA7 |
SHA1: | E1D6D5BCB7D02C6768800C44BDABF02E8A6C6E58 |
SHA-256: | C8AA5F2287EED433CE31EF0C0AFB3C059B91D8099944334DF29902A32015072F |
SHA-512: | 06DA913CD94FF3BDAA363F2964B78CED2FA8BA03E61A17637C95B7A45773672B5905EEEB38872BEF4F0D06044DF48F19803A45729B34DD2682DDB973565203C7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.25402837831999 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfbPtdPeUkwRe9:YvXKX1ix1YpW7O/8sGDV8Ukee9 |
MD5: | C7525C7855BCFFA80675F3270197971E |
SHA1: | 1A56F8E54ECA3C2B93E265906501322FE7DBCFAA |
SHA-256: | B81D3F0D5AB88E3B6573789549D4D0AA495D73579621934BF97F77A2C6E8699E |
SHA-512: | AAA664F7658B8447D56EC6E3F51D5FCF983D2A33D9B7907168A06A932CBEF6971972B893EF1C62B5165F9CD470B146F5E2EBF1EBB70380E8AE8EA051B95B830D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.2546404367902815 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJf21rPeUkwRe9:YvXKX1ix1YpW7O/8sG+16Ukee9 |
MD5: | EEAA833F6854AB82F2F3FDCDA16C13D7 |
SHA1: | C25AD26486C67A21167030B7730BE98830B24074 |
SHA-256: | 2DD3180410764310ACBA37DD97B32EB1DA25E0156FB1B3101D0F165CAA58B2AC |
SHA-512: | AA8DF42FC275028B39C01C43543CFDC9B232BA27B4757E8648A3CB8DBC5FF559BF7271D6F7DEC82C75AB75DF548ECB2F38C3DE27F3616040FAE4B3B68D0A86D7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1090 |
Entropy (8bit): | 5.658657376659423 |
Encrypted: | false |
SSDEEP: | 24:Yv6XMwiO/YamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSq:YvbndBgkDMUJUAh8cvMq |
MD5: | D95535F62379BDD220B90E2AB00001E7 |
SHA1: | 3DFFE2F1B6B5C540B21743CCA967EA38056A9205 |
SHA-256: | 53B861CAC6FF6FCA7B0DBFC7C5505489A79586D99277B6D5D88483548CC12AE2 |
SHA-512: | 611D1418D48171831F3E256CA7F6B1884134EC4CE90197CB998764FCE58D9E0D450164A37F034C30431920C95ECF8738F58E0720B9F02625671E5F2EA720AFA9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.2300811433013035 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfshHHrPeUkwRe9:YvXKX1ix1YpW7O/8sGUUUkee9 |
MD5: | 5302B904901E30334270DE3ECB62CA78 |
SHA1: | 7CACFB61C94A09BDE74E68465EB2F67C6EF081BB |
SHA-256: | A3B57B739A7A0A3A67BAD9EFB5074869C084EA56B98F55418A54858C8AE35228 |
SHA-512: | 916F6391BC34B0C21AA7FB7739738B804C18875411E89F2A60C40AF57C8FAEF579DA9602DBDF6D57010C2988507FFC7F257A0A8DDD4D88820F55A076DFAC275C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 282 |
Entropy (8bit): | 5.247737902369069 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJTqgFCrPeUkwRe9:YvXKX1ix1YpW7O/8sGTq16Ukee9 |
MD5: | 09C192550B37728417828BDDAF12F24D |
SHA1: | 993B75B233E7890DA669D292C7AF67A71F8C421E |
SHA-256: | 66F9A53307F085A9452FADD66CA3E5D46CEA6BC998A1ED0C473A1B4BC1ACDF2F |
SHA-512: | BEBAABB7439B2016EAA50A0AA2DB322156CC74DDB493DAD0CD147E0D941F33F716DB0DFAA06E40C4E05C1F219D30E3BA4F3EEF6B615E49B50230D8A12045470E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.138953130620453 |
Encrypted: | false |
SSDEEP: | 24:Ye5IVAamyayrMHq7EKHJhx2K2baT61r9gjP1j0SoHA1CM2ixQ2LSyCfvxo3b75vp:Yro6rHnNT66P5kA1XNxQ0gvxo3vl9zzX |
MD5: | B11EDAAAB4DB0ECB0B1703A0AD7A0006 |
SHA1: | 00726DB97D50AF5EF41E2451A5424BFCDC00A3DC |
SHA-256: | D1BF0E225014785A71387F94915FE49255708FBF1C59098857C72E7215A9CF25 |
SHA-512: | E1B70177504956DBC089F8FF496DB09AF8BE65AE3647F72A8FCC51FA443440F9A4DD94BE9E4EB8AB9BC05C9E1597965005AF81B730D4B93B30B15489A340183F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9843836272890555 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sp2cZm4zJwtNBwtNbRZ6bRZ45cZmF:TVl2GL7ms6ggOVplZxzutYtp6PDZ+ |
MD5: | 6909A25ED821D46FFAF474F91B11DD55 |
SHA1: | B5E3ADE060816213F9A95963C4A63CEB4456613A |
SHA-256: | 8497AEEC2D2824E42E3225DC1F89EC24927E381F092A7B7ADD23A0B1B01412E3 |
SHA-512: | CF0C5B78436F52C4D5834B106C844DD1B161E1064D539C400078EA4EE5673F3D526602E64E1F2357577656C458E7DDE75CE8604F6985BBA68F441EA480155F9F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3391147551084948 |
Encrypted: | false |
SSDEEP: | 24:7+tcAD1RZKHs/Ds/Sp2cZmPzJwtNBwtNbRZ6bRZWf1RZKgqLBx/XYKQvGJF7ursI:7McGgOVplZqzutYtp6PMxqll2GL7msI |
MD5: | 8B4D7A9CD571AAF6FA59A1EB0F7E2B5B |
SHA1: | D2832221C63503DE9F262744BCB2766C63EA2D82 |
SHA-256: | 65EC9DD55E58237E8FA6FFD0399EE66192B81221047AE14D90747D0BBF141A21 |
SHA-512: | B74C69FE98177E514DAA0688C483678488C60B1F453DAA4FF8FB6DDB7B972BB86DD39B18527EFF0B2CC25CD5181058AA99C6C7CD31B3F6B8DDCAAE2847A5FFE4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgIfvNlcUcKN8sUP4ORn3ZFUhqiUYyu:6a6TZ44ADEIfFlFTN8DdUheK |
MD5: | 4F98FCC4821409022C520CFB8CE4B356 |
SHA1: | E5BCB371F28711C69E4B684BBB81D4D066964F9A |
SHA-256: | EEABAEF9594E1A0BF3689D8F7C91D0DBC774E82A6B28DB6A84E6F0903AEA89B2 |
SHA-512: | 3A99AE1A7685DAFED55D2992F7795D31B2498FC1E31CBC49FE5BE4CC8321E59A1E6EB07FBD139FE79F431EE9AB4DB416D856730BD9BBD372934BAEFD525E04A6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.488233466829981 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rOlAadNGlrCH:Qw946cPbiOxDlbYnuRKDlcrw |
MD5: | 399770E7A61C2B4205AD273AF6DFE9BB |
SHA1: | FF22032F5C2A32A6A1AF8B143F0A8472F8FBB01C |
SHA-256: | 8A1C97981EB7BA8B41BD082C55692966C38EC3BF0603D382E273E15C74F37E31 |
SHA-512: | 2B0BC116704E021B017BC9C2F9E4FE34C463E91A3D5096881FC77B1765BBCF61DFC14078D23303D3FB6E9CC25F3DA572FA963C21EB6FA8288D5AF63E167888CB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-23 10-22-08-492.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.372230021741286 |
Encrypted: | false |
SSDEEP: | 384:9M6hyMzR+LjNpa9ArhEhrgBgdgYgsgHgONOV9DoTEg6yCINeZoAZ5yhEP8P671tL:rUG |
MD5: | E8927A3E921230DDC8912830E3FD161F |
SHA1: | BB2B7673B51A0E6526EE85D5AC1B4BCE4A594B0A |
SHA-256: | E5462543C4ED0BAA42AEA1A8A72CCB08DE4D79F2A9E5441E7E5CDFB5F3AF970A |
SHA-512: | 4833AFAF916D22C4FAE693FAEBDF9A91A0BD705F3CA21FE3C710DA273F3BD5B7AC70397E5120BAC3894E93645D7EEDE1E8BA3D6E36756E0FB1C4F88F1C5ED3BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.392586544639601 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbO:S |
MD5: | D7F6045F0551B4EE93BBA98CAF9E2DB4 |
SHA1: | 45EF57EBF40FCC2EE5C46B0F34D37F7EB2844738 |
SHA-256: | 28A3546AD377AD64E8F006AD56C9D6E8D73DE127F6EE8ACAA7054C1A4D5754FF |
SHA-512: | D2648FF3F46026B569F62B500BDD14779193BB054C8EDEF5B15A976E26282EA0318A972093477F98E29DA846B57E6B0208F31543F8A17060B6E71F8A5AC68D0F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7ouWLaGZ7wYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLaGZ7wZGk3mlind9i4ufFXpAXkru |
MD5: | 13F55292D0735B9ABD4259B225D210FC |
SHA1: | 810CC5D545BFA11D2825F6E1DFA69176794DA7EC |
SHA-256: | 8C3FFEA68963D108599E8C5AE20DE6E9C473BF33197A03A9A7DDCD0F25A6C7F6 |
SHA-512: | 4F54EDA9EB61172A5243DAA718CFF42A0BF079CC0FA7BE3553CC8B79772763B49F530DD6B54A9D595C4F46B8416ADF7D5C8DAD58FC43A5C651258E669DC375DA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.083483043085971 |
TrID: |
|
File name: | P.Adv Form TRC informatica S L.PDF |
File size: | 17'340 bytes |
MD5: | 338659c5c845c1b4ee71d329afca0111 |
SHA1: | 674d363398114e54251bebcaa4318d4d1f1ffdc7 |
SHA256: | e26f58e78aec2dae8304aed66550caa4beb14f8a030e5b68ce9820d107ce40a9 |
SHA512: | 5cec36d10a5bc0658c1ec4be8d77cc1a1688db2e1db0f6a054c783838ebe67e972522ab67b111e69f54045c640f0818a468a68a46197508fd0869d4f130d3994 |
SSDEEP: | 192:NC0ctplGtjqFAUW4Bk7M/IPFua4cbhGbjd68UsnImzRySXD8TeOuIc5aco5YP:opwtj6AUPawwRhGc8UsnIm3ITIIcQc7 |
TLSH: | 1F728FADCF353141D817673DAC9D78A58E9250DBA5D024313A2C8EDF2FD0E835A522EB |
File Content Preview: | %PDF-1.6.%......89 0 obj.<</Filter/FlateDecode/First 467/Length 987/N 62/Type/ObjStm>>stream..h..V.j#I.....$.3.......'vb.O.mw....7....x.:s..=j..`R...'.%..I%.+PA.R....d.Y..X...-.&.C.?.....\b2L^...d.Dbq+..D"N....... .B.@..<YO1....%.(...H +$8...........:.X . |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.083483 |
Total Bytes: | 17340 |
Stream Entropy: | 7.104252 |
Stream Bytes: | 14679 |
Entropy outside Streams: | 5.533814 |
Bytes outside Streams: | 2661 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 22 |
endobj | 22 |
stream | 10 |
endstream | 10 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 5 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
78 | 0000000000000000 | fa92cc5ea908033dc86111c7973bf46e |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 23, 2024 16:22:14.934237957 CET | 54251 | 53 | 192.168.2.5 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 23, 2024 16:22:14.934237957 CET | 192.168.2.5 | 1.1.1.1 | 0xb3de | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 23, 2024 16:22:15.267401934 CET | 1.1.1.1 | 192.168.2.5 | 0xb3de | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:22:05 |
Start date: | 23/12/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 10:22:05 |
Start date: | 23/12/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 10:22:06 |
Start date: | 23/12/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |