|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
| Category: |
dropped
|
| Dump: |
LOG.21.dr
|
| ID: |
dr_42
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.2315557309094265
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOR+WXln+q2Pwkn2nKuAl9OmbnIFUtD+WX+HZZmw9+WX+HNVkwOwkn2nKuAl9Omt:7R+WXl+vYfHAahFUtD+WX+HZ/9+WX+Hi
|
| Size: |
289
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
| Category: |
dropped
|
| Dump: |
LOG.21.dr
|
| ID: |
dr_49
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.2315557309094265
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOR+WXln+q2Pwkn2nKuAl9OmbnIFUtD+WX+HZZmw9+WX+HNVkwOwkn2nKuAl9Omt:7R+WXl+vYfHAahFUtD+WX+HZ/9+WX+Hi
|
| Size: |
289
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
| Category: |
dropped
|
| Dump: |
LOG0.21.dr
|
| ID: |
dr_43
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.2320241919061905
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOR+W2DM+q2Pwkn2nKuAl9Ombzo2jMGIFUtD+WtAgZmw9+WYe6DMVkwOwkn2nKuA:7R+W2Q+vYfHAa8uFUtD+WtAg/9+W76Qa
|
| Size: |
333
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
| Category: |
dropped
|
| Dump: |
LOG0.21.dr
|
| ID: |
dr_48
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.2320241919061905
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOR+W2DM+q2Pwkn2nKuAl9Ombzo2jMGIFUtD+WtAgZmw9+WYe6DMVkwOwkn2nKuA:7R+W2Q+vYfHAa8uFUtD+WtAg/9+W76Qa
|
| Size: |
333
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1ebdd796-aed7-4439-b3cc-59bbdbe946d9.tmp
|
JSON data
|
modified
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1ebdd796-aed7-4439-b3cc-59bbdbe946d9.tmp
|
| Category: |
modified
|
| Dump: |
1ebdd796-aed7-4439-b3cc-59bbdbe946d9.tmp.22.dr
|
| ID: |
dr_51
|
| Target ID: |
22
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
JSON data
|
| Entropy: |
4.962508976798726
|
| Encrypted: |
false
|
| Ssdeep: |
12:YH/um3RA8sqkuXhsBdOg2HUgcaq3QYiubInP7E4T3y:Y2sRds97dMHUL3QYhbG7nby
|
| Size: |
474
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
| Category: |
dropped
|
| Dump: |
1ebdd796-aed7-4439-b3cc-59bbdbe946d9.tmp.22.dr
|
| ID: |
dr_52
|
| Target ID: |
22
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
JSON data
|
| Entropy: |
4.962508976798726
|
| Encrypted: |
false
|
| Ssdeep: |
12:YH/um3RA8sqkuXhsBdOg2HUgcaq3QYiubInP7E4T3y:Y2sRds97dMHUL3QYhbG7nby
|
| Size: |
474
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
| Category: |
dropped
|
| Dump: |
000003.log.21.dr
|
| ID: |
dr_44
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
data
|
| Entropy: |
5.2549506767098695
|
| Encrypted: |
false
|
| Ssdeep: |
96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7LKECOKDZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goG
|
| Size: |
4730
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
| Category: |
dropped
|
| Dump: |
LOG1.21.dr
|
| ID: |
dr_45
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.18669603470385
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOR+WXpPDM+q2Pwkn2nKuAl9OmbzNMxIFUtD+WXYGUEAgZmw9+WXTGFwDMVkwOwH:7R+WXpPQ+vYfHAa8jFUtD+WXYGUEAg/c
|
| Size: |
321
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
| Category: |
dropped
|
| Dump: |
LOG1.21.dr
|
| ID: |
dr_50
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.18669603470385
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOR+WXpPDM+q2Pwkn2nKuAl9OmbzNMxIFUtD+WXYGUEAgZmw9+WXTGFwDMVkwOwH:7R+WXpPQ+vYfHAa8jFUtD+WXYGUEAg/c
|
| Size: |
321
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250402235835Z-186.bmp
|
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250402235835Z-186.bmp
|
| Category: |
dropped
|
| Dump: |
icon-250402235835Z-186.bmp.20.dr
|
| ID: |
dr_14
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
|
| Entropy: |
5.5782183811965
|
| Encrypted: |
false
|
| Ssdeep: |
1536:j5SL4IrS0uDhK70hTZ4jBF0dpoE2ugAl1tFV7S:joL4IrSJDhK70hgF0dpZZgAbJS
|
| Size: |
65110
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 15
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
| Category: |
dropped
|
| Dump: |
ReaderMessages.20.dr
|
| ID: |
dr_33
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 15
|
| Entropy: |
4.445238806650977
|
| Encrypted: |
false
|
| Ssdeep: |
384:yezci5tYiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:r/s3OazzU89UTTgUL
|
| Size: |
86016
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
| Category: |
dropped
|
| Dump: |
ReaderMessages-journal.20.dr
|
| ID: |
dr_32
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
SQLite Rollback Journal
|
| Entropy: |
3.774690274602866
|
| Encrypted: |
false
|
| Ssdeep: |
48:7Mxp/E2ioyVgioy9oWoy1Cwoy1gKOioy1noy1AYoy1Wioy1hioybioymoy1noy1j:7qpjugF/XKQDGb9IVXEBodRBkQ
|
| Size: |
8720
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
| Category: |
dropped
|
| Dump: |
2D85F72862B55C4EADD9E66E06947F3D.21.dr
|
| ID: |
dr_36
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
Certificate, Version=3
|
| Entropy: |
7.705940075877404
|
| Encrypted: |
false
|
| Ssdeep: |
24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
|
| Size: |
1391
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
| Category: |
dropped
|
| Dump: |
77EC63BDA74BD0D0E0426DC8F8008506.21.dr
|
| ID: |
dr_38
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
| Entropy: |
7.996028107841645
|
| Encrypted: |
true
|
| Ssdeep: |
1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
|
| Size: |
73305
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
| Category: |
dropped
|
| Dump: |
2D85F72862B55C4EADD9E66E06947F3D0.21.dr
|
| ID: |
dr_37
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
data
|
| Entropy: |
2.7543291572487476
|
| Encrypted: |
false
|
| Ssdeep: |
3:kkFklAlL1fllXlE/HT8kiQal1NNX8RolJuRdxLlGB9lQRYwpDdt:kKZ4T8EaNMa8RdWBwRd
|
| Size: |
192
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
|
|
|
| File: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
| Category: |
modified
|
| Dump: |
77EC63BDA74BD0D0E0426DC8F80085060.21.dr
|
| ID: |
dr_39
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
data
|
| Entropy: |
3.287136292755414
|
| Encrypted: |
false
|
| Ssdeep: |
6:kKPmcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:XmfZkPlE99SNxAhUeq8S
|
| Size: |
330
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6484
|
PostScript document text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6484
|
| Category: |
dropped
|
| Dump: |
AdobeFnt23.lst.6484.20.dr
|
| ID: |
dr_13
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
PostScript document text
|
| Entropy: |
5.182478651346149
|
| Encrypted: |
false
|
| Ssdeep: |
1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
|
| Size: |
185099
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat
|
| Category: |
dropped
|
| Dump: |
IconCacheAcro65536.dat.20.dr
|
| ID: |
dr_34
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
data
|
| Entropy: |
3.3450692389394283
|
| Encrypted: |
false
|
| Ssdeep: |
1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
|
| Size: |
243196
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
| Category: |
dropped
|
| Dump: |
ACROBAT_READER_MASTER_SURFACEID.20.dr
|
| ID: |
dr_15
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.362261877437326
|
| Encrypted: |
false
|
| Ssdeep: |
6:YEQXJ2HXw0M+5dVoZcg1vRcR0YPVUoAvJM3g98kUwPeUkwRe9:YvXKXg+5kZc0vaVGMbLUkee9
|
| Size: |
295
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
| Category: |
dropped
|
| Dump: |
DC_FirstMile_Home_View_Surface.20.dr
|
| ID: |
dr_22
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.311616381148604
|
| Encrypted: |
false
|
| Ssdeep: |
6:YEQXJ2HXw0M+5dVoZcg1vRcR0YPVUoAvJfBoTfXpnrPeUkwRe9:YvXKXg+5kZc0vaVGWTfXcUkee9
|
| Size: |
294
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
| Category: |
dropped
|
| Dump: |
DC_FirstMile_Right_Sec_Surface.20.dr
|
| ID: |
dr_20
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.289875876506412
|
| Encrypted: |
false
|
| Ssdeep: |
6:YEQXJ2HXw0M+5dVoZcg1vRcR0YPVUoAvJfBD2G6UpnrPeUkwRe9:YvXKXg+5kZc0vaVGR22cUkee9
|
| Size: |
294
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
| Category: |
dropped
|
| Dump: |
DC_READER_LAUNCH_CARD.20.dr
|
| ID: |
dr_16
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.349233734198103
|
| Encrypted: |
false
|
| Ssdeep: |
6:YEQXJ2HXw0M+5dVoZcg1vRcR0YPVUoAvJfPmwrPeUkwRe9:YvXKXg+5kZc0vaVGH56Ukee9
|
| Size: |
285
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
| Category: |
dropped
|
| Dump: |
DC_Reader_Convert_LHP_Banner.20.dr
|
| ID: |
dr_29
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.8419063595812855
|
| Encrypted: |
false
|
| Ssdeep: |
24:Yv6Xg+mzvnpLgEGycjycR84bNerISIedJGWQxiE5iODneLKnlYMfNcX5bpEsrArn:Yv2efhgly48Y/TWCjiOumNcXwKOpkUr
|
| Size: |
2129
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
| Category: |
dropped
|
| Dump: |
DC_Reader_Disc_LHP_Banner.20.dr
|
| ID: |
dr_24
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.2977793234980055
|
| Encrypted: |
false
|
| Ssdeep: |
6:YEQXJ2HXw0M+5dVoZcg1vRcR0YPVUoAvJf8dPeUkwRe9:YvXKXg+5kZc0vaVGU8Ukee9
|
| Size: |
289
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
| Category: |
dropped
|
| Dump: |
DC_Reader_Disc_LHP_Retention.20.dr
|
| ID: |
dr_26
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.302558999811268
|
| Encrypted: |
false
|
| Ssdeep: |
6:YEQXJ2HXw0M+5dVoZcg1vRcR0YPVUoAvJfQ1rPeUkwRe9:YvXKXg+5kZc0vaVGY16Ukee9
|
| Size: |
292
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
| Category: |
dropped
|
| Dump: |
DC_Reader_Edit_LHP_Banner.20.dr
|
| ID: |
dr_28
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.828122923231729
|
| Encrypted: |
false
|
| Ssdeep: |
48:Yv2eSogbN48l/GiyLVzyODVHKOkQLcSmjWAr:G2Ig54Y/IVO48OkQASmj
|
| Size: |
2080
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
| Category: |
dropped
|
| Dump: |
DC_Reader_Home_LHP_Trial_Banner.20.dr
|
| ID: |
dr_27
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.323102126553304
|
| Encrypted: |
false
|
| Ssdeep: |
6:YEQXJ2HXw0M+5dVoZcg1vRcR0YPVUoAvJfzdPeUkwRe9:YvXKXg+5kZc0vaVGb8Ukee9
|
| Size: |
295
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
| Category: |
dropped
|
| Dump: |
DC_Reader_More_LHP_Banner.20.dr
|
| ID: |
dr_25
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.3043638224460965
|
| Encrypted: |
false
|
| Ssdeep: |
6:YEQXJ2HXw0M+5dVoZcg1vRcR0YPVUoAvJfYdPeUkwRe9:YvXKXg+5kZc0vaVGg8Ukee9
|
| Size: |
289
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
| Category: |
dropped
|
| Dump: |
DC_Reader_RHP_Banner.20.dr
|
| ID: |
dr_17
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.290491023128937
|
| Encrypted: |
false
|
| Ssdeep: |
6:YEQXJ2HXw0M+5dVoZcg1vRcR0YPVUoAvJf+dPeUkwRe9:YvXKXg+5kZc0vaVG28Ukee9
|
| Size: |
284
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
| Category: |
dropped
|
| Dump: |
DC_Reader_RHP_Intent_Banner.20.dr
|
| ID: |
dr_23
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.287880928213115
|
| Encrypted: |
false
|
| Ssdeep: |
6:YEQXJ2HXw0M+5dVoZcg1vRcR0YPVUoAvJfbPtdPeUkwRe9:YvXKXg+5kZc0vaVGDV8Ukee9
|
| Size: |
291
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
| Category: |
dropped
|
| Dump: |
DC_Reader_RHP_Retention.20.dr
|
| ID: |
dr_18
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.293168059422049
|
| Encrypted: |
false
|
| Ssdeep: |
6:YEQXJ2HXw0M+5dVoZcg1vRcR0YPVUoAvJf21rPeUkwRe9:YvXKXg+5kZc0vaVG+16Ukee9
|
| Size: |
287
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
| Category: |
dropped
|
| Dump: |
DC_Reader_Sign_LHP_Banner.20.dr
|
| ID: |
dr_30
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.841638202887507
|
| Encrypted: |
false
|
| Ssdeep: |
24:Yv6Xg+mzvfamXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOBE4:Yv2efBgBG48j/SiyLVWOAlNkUr
|
| Size: |
2028
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
| Category: |
dropped
|
| Dump: |
DC_Reader_Upsell_Cards.20.dr
|
| ID: |
dr_21
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.270242879841403
|
| Encrypted: |
false
|
| Ssdeep: |
6:YEQXJ2HXw0M+5dVoZcg1vRcR0YPVUoAvJfshHHrPeUkwRe9:YvXKXg+5kZc0vaVGUUUkee9
|
| Size: |
286
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
| Category: |
dropped
|
| Dump: |
Edit_InApp_Aug2020.20.dr
|
| ID: |
dr_19
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.273238172716334
|
| Encrypted: |
false
|
| Ssdeep: |
6:YEQXJ2HXw0M+5dVoZcg1vRcR0YPVUoAvJTqgFCrPeUkwRe9:YvXKXg+5kZc0vaVGTq16Ukee9
|
| Size: |
282
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
| Category: |
dropped
|
| Dump: |
TESTING.20.dr
|
| ID: |
dr_8
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
data
|
| Entropy: |
0.8112781244591328
|
| Encrypted: |
false
|
| Ssdeep: |
3:e:e
|
| Size: |
4
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
| Category: |
dropped
|
| Dump: |
SOPHIA.json.20.dr
|
| ID: |
dr_7
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
JSON data
|
| Entropy: |
5.135383986084842
|
| Encrypted: |
false
|
| Ssdeep: |
24:YPWwsF8paLmaylhObsACUndq1sxqx38DZ5qjCj0S/ow7Qt2yLorP2LS/yCekC+sF:YfSn0C9cbUHUhQPYlT+s9Uf99vO
|
| Size: |
2815
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
| Category: |
dropped
|
| Dump: |
SharedDataEvents.20.dr
|
| ID: |
dr_12
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
| Entropy: |
1.1877811132378462
|
| Encrypted: |
false
|
| Ssdeep: |
48:TGufl2GL7msEHUUUUUUUUZqvSvR9H9vxFGiDIAEkGVvp1qv:lNVmswUUUUUUUUZqv+FGSItZqv
|
| Size: |
12288
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
| Category: |
dropped
|
| Dump: |
SharedDataEvents-journal.20.dr
|
| ID: |
dr_11
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
SQLite Rollback Journal
|
| Entropy: |
1.6076758288569815
|
| Encrypted: |
false
|
| Ssdeep: |
48:7MlKUUUUUUUUUUZqTvR9H9vxFGiDIAEkGVv3ZqFl2GL7msS:7fUUUUUUUUUUZqDFGSItdZKVmsS
|
| Size: |
8720
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Temp\MSI41091.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\MSI41091.LOG
|
| Category: |
dropped
|
| Dump: |
MSI41091.LOG.20.dr
|
| ID: |
dr_31
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
| Entropy: |
3.5441332632710916
|
| Encrypted: |
false
|
| Ssdeep: |
6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8g+ClEgnf9:Qw946cPbiOxDlbYnuRKLSgl
|
| Size: |
246
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-02 19-58-33-446.log
|
ASCII text, with very long lines (393)
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-02 19-58-33-446.log
|
| Category: |
dropped
|
| Dump: |
NGLClient_AcrobatReader123.6.20320.6 2025-04-02 19-58-33-446.log.20.dr
|
| ID: |
dr_10
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
ASCII text, with very long lines (393)
|
| Entropy: |
5.345946398610936
|
| Encrypted: |
false
|
| Ssdeep: |
384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
|
| Size: |
16525
|
| Whitelisted: |
false
|
| Reputation: |
low
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Creates temporary files |
System Summary |
|
|
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
| Category: |
dropped
|
| Dump: |
NGLClient_AcrobatReader123.6.20320.6.log.20.dr
|
| ID: |
dr_35
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
ASCII text, with very long lines (393), with CRLF line terminators
|
| Entropy: |
5.341595029508729
|
| Encrypted: |
false
|
| Ssdeep: |
384:wLHWQAlYrx+23EJdjgp2Gk+O+1Ww5JFTwnG8iWsYlAL9XQiL5NYOcJcdQ6ALUTTv:SO8X
|
| Size: |
16601
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
| Category: |
dropped
|
| Dump: |
acroNGLLog.txt.20.dr
|
| ID: |
dr_9
|
| Target ID: |
20
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
| Type: |
ASCII text, with CRLF line terminators
|
| Entropy: |
5.388816022544104
|
| Encrypted: |
false
|
| Ssdeep: |
768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rw:s
|
| Size: |
29845
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Temp\acrocef_low\5a7552bb-da3c-41aa-9681-c733a1f8baae.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\acrocef_low\5a7552bb-da3c-41aa-9681-c733a1f8baae.tmp
|
| Category: |
dropped
|
| Dump: |
5a7552bb-da3c-41aa-9681-c733a1f8baae.tmp.21.dr
|
| ID: |
dr_46
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
| Entropy: |
7.9736851559892425
|
| Encrypted: |
false
|
| Ssdeep: |
6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
|
| Size: |
386528
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Temp\acrocef_low\6db44be4-5a13-4511-b339-bfcabe51fff6.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\acrocef_low\6db44be4-5a13-4511-b339-bfcabe51fff6.tmp
|
| Category: |
dropped
|
| Dump: |
6db44be4-5a13-4511-b339-bfcabe51fff6.tmp.21.dr
|
| ID: |
dr_47
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
| Entropy: |
7.98639316555857
|
| Encrypted: |
false
|
| Ssdeep: |
12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
|
| Size: |
758601
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Temp\acrocef_low\ddb3ed44-4b96-4a1d-aa88-1dc6153953fe.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\acrocef_low\ddb3ed44-4b96-4a1d-aa88-1dc6153953fe.tmp
|
| Category: |
dropped
|
| Dump: |
ddb3ed44-4b96-4a1d-aa88-1dc6153953fe.tmp.21.dr
|
| ID: |
dr_41
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
| Entropy: |
7.97605879016224
|
| Encrypted: |
false
|
| Ssdeep: |
24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
|
| Size: |
1407294
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\AppData\Local\Temp\acrocef_low\ee2bc06d-00ce-42bd-a3c4-c93c3c8b3848.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\acrocef_low\ee2bc06d-00ce-42bd-a3c4-c93c3c8b3848.tmp
|
| Category: |
dropped
|
| Dump: |
ee2bc06d-00ce-42bd-a3c4-c93c3c8b3848.tmp.21.dr
|
| ID: |
dr_40
|
| Target ID: |
21
|
| Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
| Type: |
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
| Entropy: |
7.976496077007677
|
| Encrypted: |
false
|
| Ssdeep: |
24576:/WnjaWL07oXGZvYIGNPZdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:ujaWLxXGZvZGH3mlind9i4ufFXpAXkru
|
| Size: |
1419751
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\Downloads\0eeb750d-9ed2-413f-b0c6-959ff19ca55d.tmp
|
PDF document, version 1.4, 212 pages
|
dropped
|
|
|
|
| File: |
C:\Users\user\Downloads\0eeb750d-9ed2-413f-b0c6-959ff19ca55d.tmp
|
| Category: |
dropped
|
| Dump: |
0eeb750d-9ed2-413f-b0c6-959ff19ca55d.tmp.1.dr
|
| ID: |
dr_2
|
| Target ID: |
1
|
| Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
| Type: |
PDF document, version 1.4, 212 pages
|
| Entropy: |
7.772787495481444
|
| Encrypted: |
false
|
| Ssdeep: |
98304:9DPTZKFSYe+RuLBJ6abUNL0PiD5h35MAuMwlo0I/O97rtV3:ViSlV8ai0I5hp3uoM5rf3
|
| Size: |
4194304
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\Downloads\4f2f1917-e547-4ff9-8132-7c772a7dcf0f.tmp
|
PDF document, version 1.4
|
dropped
|
|
|
|
| File: |
C:\Users\user\Downloads\4f2f1917-e547-4ff9-8132-7c772a7dcf0f.tmp
|
| Category: |
dropped
|
| Dump: |
4f2f1917-e547-4ff9-8132-7c772a7dcf0f.tmp.1.dr
|
| ID: |
dr_0
|
| Target ID: |
1
|
| Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
| Type: |
PDF document, version 1.4
|
| Entropy: |
6.836685399649578
|
| Encrypted: |
false
|
| Ssdeep: |
192:QI5/sZ+jZXXa6X3MSQWX0BF+1X7ddJX3YOV:QI5EZ+FXXRX8SQWX0BFWX7ddJX3b
|
| Size: |
13314
|
| Whitelisted: |
false
|
| Reputation: |
low
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Creates files inside the user directory |
System Summary |
|
|
|
C:\Users\user\Downloads\downloaded.pdf (copy)
|
PDF document, version 1.4, 212 pages
|
dropped
|
|
|
|
| File: |
C:\Users\user\Downloads\downloaded.pdf (copy)
|
| Category: |
dropped
|
| Dump: |
downloaded.pdf.crdownload.1.dr
|
| ID: |
dr_3
|
| Target ID: |
1
|
| Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
| Type: |
PDF document, version 1.4, 212 pages
|
| Entropy: |
7.740878404368568
|
| Encrypted: |
false
|
| Ssdeep: |
98304:9DPTZKFSYe+RuLBJ6abUNL0PiD5h35MAuMwlo0I/O97rtVrXGs0I08ZPw+Xh6IrK:ViSlV8ai0I5hp3uoM5rfh7prMLk6Fmg
|
| Size: |
6307345
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
C:\Users\user\Downloads\downloaded.pdf.crdownload
|
PDF document, version 1.4, 212 pages
|
dropped
|
|
|
|
| File: |
C:\Users\user\Downloads\downloaded.pdf.crdownload
|
| Category: |
dropped
|
| Dump: |
downloaded.pdf.crdownload.1.dr
|
| ID: |
dr_1
|
| Target ID: |
1
|
| Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
| Type: |
PDF document, version 1.4, 212 pages
|
| Entropy: |
7.740878404368568
|
| Encrypted: |
false
|
| Ssdeep: |
98304:9DPTZKFSYe+RuLBJ6abUNL0PiD5h35MAuMwlo0I/O97rtVrXGs0I08ZPw+Xh6IrK:ViSlV8ai0I5hp3uoM5rfh7prMLk6Fmg
|
| Size: |
6307345
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
Chrome Cache Entry: 230
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 90", baseline, precision 8, 16x16, components 3
|
dropped
|
|
|
|
| File: |
Chrome Cache Entry: 230
|
| Category: |
dropped
|
| Dump: |
chromecache_230.2.dr
|
| ID: |
dr_4
|
| Target ID: |
2
|
| Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
| Type: |
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 90", baseline, precision 8, 16x16, components 3
|
| Entropy: |
7.115733025898197
|
| Encrypted: |
false
|
| Ssdeep: |
24:OJf+oo0XxDuLHeOWXG4OZ7DAJuLHenX3l3Xb7Cf9:UfquERArCl
|
| Size: |
851
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
Chrome Cache Entry: 231
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 90", baseline, precision 8, 16x16, components 3
|
downloaded
|
|
|
|
| File: |
Chrome Cache Entry: 231
|
| Category: |
downloaded
|
| Dump: |
chromecache_231.2.dr
|
| ID: |
dr_53
|
| Target ID: |
2
|
| Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
| Type: |
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 90", baseline, precision 8, 16x16, components 3
|
| Entropy: |
7.115733025898197
|
| Encrypted: |
false
|
| Ssdeep: |
24:OJf+oo0XxDuLHeOWXG4OZ7DAJuLHenX3l3Xb7Cf9:UfquERArCl
|
| Size: |
851
|
| Whitelisted: |
false
|
| Reputation: |
low
|
|
|
Chrome Cache Entry: 232
|
PDF document, version 1.4, 212 pages
|
downloaded
|
|
|
|
| File: |
Chrome Cache Entry: 232
|
| Category: |
downloaded
|
| Dump: |
chromecache_232.2.dr
|
| ID: |
dr_54
|
| Target ID: |
2
|
| Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
| Type: |
PDF document, version 1.4, 212 pages
|
| Entropy: |
7.740878404368568
|
| Encrypted: |
false
|
| Ssdeep: |
98304:9DPTZKFSYe+RuLBJ6abUNL0PiD5h35MAuMwlo0I/O97rtVrXGs0I08ZPw+Xh6IrK:ViSlV8ai0I5hp3uoM5rfh7prMLk6Fmg
|
| Size: |
6307345
|
| Whitelisted: |
false
|
| Reputation: |
low
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
|
