Windows
Analysis Report
Smeg SignRequest.pdf
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7296 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\S meg SignRe quest.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7520 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7800 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 52 --field -trial-han dle=1508,i ,159546733 6351119778 6,62145922 4615089698 2,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- chrome.exe (PID: 7844 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// tmsnp.page .link/?lin k=https:// apps.evlua tor.com/wi dc/ggu/Y3J pc3RpbmEub WFyaW5lbGx vQHNtZWcuZ XM= MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7736 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2560 --fi eld-trial- handle=254 0,i,156814 7445466671 3540,67800 7251880413 7637,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BlockedWebSite | Yara detected BlockedWebSite | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BlockedWebSite | Yara detected BlockedWebSite | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | SlashNext: |
Phishing |
---|
Source: | File source: | ||
Source: | File source: |
Source: | HTTP Parser: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Static PDF information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | SlashNext | Credential Stealing type: Phishing & Social Engineering | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
52.202.204.11 | unknown | United States | 14618 | AMAZON-AESUS | false | |
142.250.186.36 | unknown | United States | 15169 | GOOGLEUS | false | |
104.21.5.111 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
172.67.133.89 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
142.250.105.132 | unknown | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
188.114.97.3 | unknown | European Union | 13335 | CLOUDFLARENETUS | false | |
142.250.185.164 | unknown | United States | 15169 | GOOGLEUS | false | |
35.190.80.1 | unknown | United States | 15169 | GOOGLEUS | false | |
23.200.196.138 | unknown | United States | 2860 | NOS_COMUNICACOESPT | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1499932 |
Start date and time: | 2024-08-27 17:58:15 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 34s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Smeg SignRequest.pdf |
Detection: | MAL |
Classification: | mal64.phis.winPDF@35/69@0/11 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 162.159.61.3, 172.64.41.3, 142.250.186.35, 142.250.185.110, 74.125.133.84, 54.144.73.197, 34.193.227.236, 18.207.85.246, 107.22.247.231, 34.104.35.123, 95.101.54.195, 2.16.202.123, 199.232.214.172, 2.19.126.143, 2.19.126.149, 23.44.133.32, 23.44.133.36, 192.229.221.95, 192.168.2.5, 216.58.212.131
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, apps.identrust.com, wu-b-net.trafficmanager.net, clients1.google.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateFile calls found.
- VT rate limit hit for: Smeg SignRequest.pdf
Time | Type | Description |
---|---|---|
11:59:15 | API Interceptor |
Source | URL |
---|---|
Screenshot | https://tmsnp.page.link/?link=https://apps.evluator.com/widc/ggu/Y3Jpc3RpbmEubWFyaW5lbGxvQHNtZWcuZXM= |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
1.1.1.1 | Get hash | malicious | FormBook, NSISDropper | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
52.202.204.11 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | AgentTesla, DarkTortilla | Browse | |||
Get hash | malicious | Captcha Phish, HTMLPhisher | Browse | |||
Get hash | malicious | Quasar | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
239.255.255.250 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
188.114.97.3 | Get hash | malicious | Nitol | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
104.21.5.111 | Get hash | malicious | HTMLPhisher | Browse | ||
172.67.133.89 | Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Xeno Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Xeno Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Xeno Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
AMAZON-AESUS | Get hash | malicious | FormBook, GuLoader | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.262007114042311 |
Encrypted: | false |
SSDEEP: | 6:N7Ha+q2P92nKuAl9OmbnIFUt887HrvZmw+87HrvVkwO92nKuAl9OmbjLJ:N7bv4HAahFUt887z/+87p5LHAaSJ |
MD5: | C423EFFABB178CFD4C2BEEBE98FFE6A0 |
SHA1: | 7036D5D0190B34E1F5E6FE8D40D87A8DAECC73C8 |
SHA-256: | A0C91EAB62326A1AE18FB1066711900064E4ADC490E10A6E1267E29D990987D1 |
SHA-512: | D6D9B808441C019CEA72BD7F4CD361CC218349D9F68CDF73D1FA57B0289DDB345C455BD81697F568EECC983CE3C09EEFE1DDB19A36E36FEEEEE1C17D7B5826FA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.262007114042311 |
Encrypted: | false |
SSDEEP: | 6:N7Ha+q2P92nKuAl9OmbnIFUt887HrvZmw+87HrvVkwO92nKuAl9OmbjLJ:N7bv4HAahFUt887z/+87p5LHAaSJ |
MD5: | C423EFFABB178CFD4C2BEEBE98FFE6A0 |
SHA1: | 7036D5D0190B34E1F5E6FE8D40D87A8DAECC73C8 |
SHA-256: | A0C91EAB62326A1AE18FB1066711900064E4ADC490E10A6E1267E29D990987D1 |
SHA-512: | D6D9B808441C019CEA72BD7F4CD361CC218349D9F68CDF73D1FA57B0289DDB345C455BD81697F568EECC983CE3C09EEFE1DDB19A36E36FEEEEE1C17D7B5826FA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.229887690099951 |
Encrypted: | false |
SSDEEP: | 6:N7Ho+q2P92nKuAl9Ombzo2jMGIFUt887HaZmw+87H2VkwO92nKuAl9Ombzo2jMmd:N7I+v4HAa8uFUt8876/+87WV5LHAa8RJ |
MD5: | 55B22B39A53BB22695B63E6E60EF46DA |
SHA1: | 66E24026EFD818A5369C97E98814A6B3F041E2CE |
SHA-256: | 9C9FB1BCC7BF842B0D1F2AA3B49BC6CAC7B08C22FA376F29541F381A6E422ACD |
SHA-512: | 1C47DC49F1FA4E3698AFA5FA1D1B149F6D48334A6F98C095106F00844AA40D959DE9D3CA83A0CE7BCD29265BFB89CE62443ED36226D675390EFF61D15EB4F1B4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.229887690099951 |
Encrypted: | false |
SSDEEP: | 6:N7Ho+q2P92nKuAl9Ombzo2jMGIFUt887HaZmw+87H2VkwO92nKuAl9Ombzo2jMmd:N7I+v4HAa8uFUt8876/+87WV5LHAa8RJ |
MD5: | 55B22B39A53BB22695B63E6E60EF46DA |
SHA1: | 66E24026EFD818A5369C97E98814A6B3F041E2CE |
SHA-256: | 9C9FB1BCC7BF842B0D1F2AA3B49BC6CAC7B08C22FA376F29541F381A6E422ACD |
SHA-512: | 1C47DC49F1FA4E3698AFA5FA1D1B149F6D48334A6F98C095106F00844AA40D959DE9D3CA83A0CE7BCD29265BFB89CE62443ED36226D675390EFF61D15EB4F1B4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1a938571-9313-44c8-b5d4-4a8dff4598be.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\51a80aea-bbb6-4dc3-9262-9d8b99b9de11.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.054776223441689 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqn8XhsBdOg2HpSfcaq3QYiubxnP7E4TfF+:Y2sRds2GydMH8u3QYhbxP7np+ |
MD5: | CC94E6C9320000ECA7771DF6DB11AAE4 |
SHA1: | FC8A3D0890EEE5BE1A7804E0C318F370FC2293F0 |
SHA-256: | EA46F1CE746D073602B9AB0AC301B34C929CFF9B92D0B7D2FE2B4904A3BABB77 |
SHA-512: | A5886A9269522838097A88A5D588D79D6374899602B313A66CCEF047A8015F9ACAD51037844F65AC64BD32B0BC970EB3E8CC2AA4FC3EE0545FDEBC4526316CCE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5f713a.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.23454656153465 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUtqn2NYs2NZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLp |
MD5: | AA403350A1AB3F0B99772397FD757BBE |
SHA1: | 4C5841D1BACD54EDA5E35140F926FD4209CD326A |
SHA-256: | 8DC67D132D19E36F3F9AEBD35B129BA66AAFFE5533F59DCEDF66364CD0A0817D |
SHA-512: | 9AF7FF4E8238CE4449597DC206E06B0023E7AC810A257C965939F03EE632782F3AD7F7F8EDFE586597A62879DA5F3439A5258B8B410A96DA2A31B5AF60DF4680 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.207704999736731 |
Encrypted: | false |
SSDEEP: | 6:N7kB0+q2P92nKuAl9OmbzNMxIFUt887kaHZmw+87kQVkwO92nKuAl9OmbzNMFLJ:N7/+v4HAa8jFUt887nH/+87hV5LHAa8E |
MD5: | 926CBD1423C7A0BC39D5364BD9CDB531 |
SHA1: | 7576008C85AA8B14687428C0765EDE38CF04E7C2 |
SHA-256: | AE954249302EA4835B0FECF4C969C919F82BE2F1DFBD4835DDA4BC89798F2538 |
SHA-512: | 146A9C65E03307434278AB3B318FB61494C92ACDEA3F4283DD44DC7E85DD8836BE6243CCCC49E7AC435058109DCD862A5653D0B554DEFF1585DC62DA4EEA0BB8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.207704999736731 |
Encrypted: | false |
SSDEEP: | 6:N7kB0+q2P92nKuAl9OmbzNMxIFUt887kaHZmw+87kQVkwO92nKuAl9OmbzNMFLJ:N7/+v4HAa8jFUt887nH/+87hV5LHAa8E |
MD5: | 926CBD1423C7A0BC39D5364BD9CDB531 |
SHA1: | 7576008C85AA8B14687428C0765EDE38CF04E7C2 |
SHA-256: | AE954249302EA4835B0FECF4C969C919F82BE2F1DFBD4835DDA4BC89798F2538 |
SHA-512: | 146A9C65E03307434278AB3B318FB61494C92ACDEA3F4283DD44DC7E85DD8836BE6243CCCC49E7AC435058109DCD862A5653D0B554DEFF1585DC62DA4EEA0BB8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240827155913Z-222.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.984229653861701 |
Encrypted: | false |
SSDEEP: | 192:azkIk7Ck7CkAkzk6k6k6kbkSkeBkvkeDkkkfkFOkXOk6k6kok7tZk1k6kwkLCkWE:pZUMZNBP0F7+CrMbN |
MD5: | B1DFEE0DAF225E30D36903B287E907E2 |
SHA1: | DF6C30765D237D8F6C5DEC6957129CC56B22B515 |
SHA-256: | 73632DE20754B06A30D8CE16D4B77F4F6E2B0839B206147D84A1F1881F6C40F6 |
SHA-512: | 0A4D2931F2B1C87C2E643120FDAD3F89D4BE0E34F4E75041C1EFED6142E47C7227F81C8747F4ECBEF2C11489CE11D814639BA092C759F9B87C8C1ADC904793EF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.2936307824714834 |
Encrypted: | false |
SSDEEP: | 192:/edRBMVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:/eOci5H5FY+EUUUTTcHqFzqFP |
MD5: | C942224913FF6C5B210F3613C75A9089 |
SHA1: | 5932A14BD0645A3D53C9B97ED10D73989EC07CDA |
SHA-256: | 92C2B7A6BEC8577FEA73209E49F2C230C37F5E4DFB898A3425BF2AA85EDC880A |
SHA-512: | 8A6C3C6851CF9E82CCCC2B71904CFE3E122F11972974846D12D8B5414E1D695F1C2307461FB8C09509B4B54F5CA8161A4F4F8737B8449204210405E94959DC79 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 2.2025466315772384 |
Encrypted: | false |
SSDEEP: | 24:7+ttl8MEWewKYnqLazkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wb:7MXhUYnqemFTIF3XmHjBoGGR+jMz+LhS |
MD5: | D8EC091B4D986C5F13914B50373264B7 |
SHA1: | 2590A4834F23D18FC6B3B72577287C3C24F29DA2 |
SHA-256: | 7F3E60B1AEED26D6FFB3C094E818922585DF784657C955C6946015E51461D159 |
SHA-512: | 196EF4941E75067FB832FC12B532906AE4986A9D820DC71446F44B2FE3BB9C5D8455E619237CC93E5458C3E1098DD8428AB1E187A4BB7801EE0068D1CD6359BE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.2478978672539016 |
Encrypted: | false |
SSDEEP: | 6:kKDM99UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:r1DImsLNkPlE99SNxAhUe/3 |
MD5: | 6D7DEB239D271A5F4038267B8131519F |
SHA1: | D1FAC9DC7E22CA7A1DBFE18CC169E79E7AECF753 |
SHA-256: | 4C27D534E96ABDAD6F47F6CC5DECC93AD5169CBAC20FBF01594D0CB220F4ADF0 |
SHA-512: | 2B4309D25FF271200D72084796C94D313655B1B101137A2DA12651725BFB5C5CC7830A16A518CED23F1B6B2317559BB0E3A87C9BC4DADADE2D5A616AE27F7D78 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.026467887142631 |
Encrypted: | false |
SSDEEP: | 3:kkFklBikVltfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7l3:kKOVLxliBAIdQZV7I7kc3 |
MD5: | FA0EFD7D6700F57A6F2C942FE85C7A4D |
SHA1: | 2A5103A9607A18006F47F0F0D35B10653EA0605C |
SHA-256: | 5753D3AAFABCF407F44A861B220636E1DE400F93B06E8501DF59B44C57DC53F3 |
SHA-512: | 7411F1E45D773CFE487E675835ADBDEF401342E41A6129B5C08F5D94C1CFF7929B0C3054AC2F70A20C6CFF44127ABDFCF6C47567DC990E6647DDBA3A2E185C91 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.325221781293856 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJM3g98kUwPeUkwRe9:YvXKX/0YpW7ZGMbLUkee9 |
MD5: | 2D1C34CDEBFB0D8E98A39630A8116237 |
SHA1: | 50FDBBEEB958E262FD22AB440F2E928101DB7A68 |
SHA-256: | 96CEAB3EC0C805EFAFC760F367FED505098F5D96E70363A10FCF3D1A9B358003 |
SHA-512: | DA4898E9DF6D806E40108C386CD5EAC6BC2682A6524B8D7FFFF4A4A7741C49740B66CE63A753B096F74F8647B1F6A514EDC0070935677A33AFFA6B1FF356FB57 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.262342777115941 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJfBoTfXpnrPeUkwRe9:YvXKX/0YpW7ZGWTfXcUkee9 |
MD5: | 7E9358B3D77E533BD9770F658BFACBE1 |
SHA1: | 142D568704572A9ED4DD7751B35C17DFB59AE930 |
SHA-256: | C539323BC1F3B81A7DDD7B6C5E219AD0CF27B83700097143A5B15ED69BA0886D |
SHA-512: | FE1376CCD9B15BEE86B6CF6D5A49E41710342CB2724D142C2B29D656156EB420628DF2E8C8DAD4C678E472F711E6AF4F722879135C1BB5CCC5B98AB0B933CC37 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.242102104772937 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJfBD2G6UpnrPeUkwRe9:YvXKX/0YpW7ZGR22cUkee9 |
MD5: | FDB50D00A2B3C24A89E259FB3B421C36 |
SHA1: | 55CD373804ADC1EFFA6411F7B77D9397F5CC125A |
SHA-256: | 3984E1F9565A0AB43B704C8CCB671D8FE9916855D1F9C47AD9B3D74138F9D0D8 |
SHA-512: | 5009BEDFEB1638F9E0EA2418D4554CD5D9E187A54D9F813B285DDE2C9F63DAB110B6DE191C865285E360DE997B463CC761E4A6E6F614719E18C6FC8D87F5EB3C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.302776357017149 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJfPmwrPeUkwRe9:YvXKX/0YpW7ZGH56Ukee9 |
MD5: | 2DAB9015286D2871DC69AD8439CEA21A |
SHA1: | 0A6321DB66BE2F2A403FC9BC6B8F13FC52B05F6E |
SHA-256: | 8873E817420BFB57BF3358E1B606A04E72C7749BB60F1EC5EC3978ED014C8F07 |
SHA-512: | 8C915F83ABD484C380B9CBD8A63E99B94143F5016E4F6E48720868E0328E6A6C2FC0CCF95F7E8821CB74549330E21D5D3A9A173ACF438311FF8C0D919C8F51AC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.661255282964882 |
Encrypted: | false |
SSDEEP: | 24:Yv6X9i+pLgEFqciGennl0RCmK8czOCY4w2G:Yvn+hgLtaAh8cvYvJ |
MD5: | 9BFD5ECE21B360007CA91443722C26CC |
SHA1: | DB38D9E16931B2C1B7118E7DA993F08BE04EDEAC |
SHA-256: | E2301674759E77EFA95223D5646781D620E4464890740EE8E7D7B7136F6005A3 |
SHA-512: | 8F0D19515984B10949D66500EEBB2D64B5F8F9754E676AA87A31B851492E11672E2E01D3591759D2725B859FA9746CF6A9BBCFE2ECC6A77D133E929A3B974ABC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.6477204031117685 |
Encrypted: | false |
SSDEEP: | 24:Yv6X9ioVLgEF0c7sbnl0RCmK8czOCYHflEpwiVG:YvnoFg6sGAh8cvYHWpw/ |
MD5: | BD8AC578A201BAE52A0C03D5CF4A6A1B |
SHA1: | 4B424B8FC27EFE77B99AF81CE975EB92B5C7CCE3 |
SHA-256: | AEB8C7BC97D180F7CB18E34CC4A18E150B8AC23EE29E4F7090881FD64957DFAA |
SHA-512: | F08BEF6814BC2287DE8C51AC3E72E234DD9ED45D6FDDFE328B413E39B8CCF4A61E8C5B897E6C0D84A150F35951219DC0709146EAD786F956DADB86357C72A61E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2496048357982 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJfQ1rPeUkwRe9:YvXKX/0YpW7ZGY16Ukee9 |
MD5: | A20D6F2CA12D42D0540E17BDABF8E5C5 |
SHA1: | B9055439DEBC15B3F501C2D9DCC2C8EB0C3BC357 |
SHA-256: | 769188DC0F4F4DCFD29DE62EEB2104212DEC8B160753E3F253518302ECCEEE93 |
SHA-512: | 1A46A54D39D5D0298FD5779E3556FF0D3E055EB8EA44AF8CC3E190857D0B365BFE56AA5A4C9CF7155830D1CC34849193E0048410BF0FB89F3914F9B4A709FAD9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.642271508798411 |
Encrypted: | false |
SSDEEP: | 24:Yv6X9it2LgEF7cciAXs0nl0RCmK8czOCAPtciBG:Yvntogc8hAh8cvAk |
MD5: | BAD920970D494F2E7E2DAB4C189EAAD4 |
SHA1: | 87998B368F20BEEE12EA8C65E9FE1E432A634CED |
SHA-256: | 2A238D20D4A10E622515CFA0D419AB1DA524062C711D1E74AFFFBA9145CE4BCE |
SHA-512: | 1A925BE6AFC60C9AC88BC075D95B3633E32156BE9B23D7A5DF4344230F6FF58F24CE27A601E2B8D77FD9BB061932F7D6D7DC35C1D99F4E8B7031089C08DE727C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.697094264373928 |
Encrypted: | false |
SSDEEP: | 24:Yv6X9iFKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5G:YvnFEgqprtrS5OZjSlwTmAfSKI |
MD5: | B8030E548C439D8EAD1C868482435C36 |
SHA1: | B720608CCCC591308CFE229641CB4A047338A519 |
SHA-256: | 0D9DCB70F35AFDD5EB321BF6924F9ACFCF9183B50DF08EDCA1F06D957BDB3242 |
SHA-512: | D7BDC198821763945016BAE580FA987D523A66969CBD93DEF54EFD496C27DB4EDC4BC55BD91BCD4A172692165BE1850DF2B18C078AB484456C45BAC45C5AE5EA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.254720699790742 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJfYdPeUkwRe9:YvXKX/0YpW7ZGg8Ukee9 |
MD5: | F19237959B3EA742B61AE3085D03582E |
SHA1: | 9C8E39F62A49804B90C7142E27647CFFD4273CFA |
SHA-256: | 90555C8B7D75053BC3CD26C1E5C88770DB28BD90DC22E809478B3F268E69B149 |
SHA-512: | B285FBFF4F412B61657E73DFAEAF98A877EA599C6D46099FF5A66D374CC4980C611A6CE41A2293075CF2D59E8C855C5B8558F9B5248AF7D5F5D65990BC199AEE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.775056774892128 |
Encrypted: | false |
SSDEEP: | 24:Yv6X9i4rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN+:Yvn4HgDv3W2aYQfgB5OUupHrQ9FJI |
MD5: | 1FFAFE471CE5B9264AF8BEBF8AFB062A |
SHA1: | 6EDEF1DE3CBFA0AE170FBEA9775BEA3D3BFF5949 |
SHA-256: | 11F029690FC9D85242093773D0787F1C0C1D402C4B22099D5FC66846915985F4 |
SHA-512: | 014693AF57974629961E99D1369E48FC30350C2A2ADCBB9EE0672428375D38558370DCD8D24E6254D9BCDC643E466065D8B9DF2887F64A57A799E734DA8E0625 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.238578995404186 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJfbPtdPeUkwRe9:YvXKX/0YpW7ZGDV8Ukee9 |
MD5: | 83ACDA7A92100A95AD9B940B8DBDB69A |
SHA1: | 47B22F98BF3CF4C1A08A0284AA9E2680A5EA009A |
SHA-256: | 757371CD716901AB66D287185537EDC1848E463162CE55907F5114F09B4B57F8 |
SHA-512: | BA3BFC31D5DF6508C6C1560E0EDAD57FC09A0624FB485B3CC1B6A5F05A31E75C055B76A0A50BC499D01F44A7226B59ACA00A3E1DBA3EE30174AC608F817184C6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.239921347141799 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJf21rPeUkwRe9:YvXKX/0YpW7ZG+16Ukee9 |
MD5: | EBF84B2A25FD6A0673C7444A1790EFC9 |
SHA1: | 8E236C5A954FE71D42C2A76E4BC651AE3CCBE085 |
SHA-256: | 61FFC7DAE0DCC2AC730A3B61A0EEC89FC98DB99A00498F9817A22D3B7A4CF985 |
SHA-512: | 7ED88EFF959D3B41222665F3DACEFA741FBB774C448CAC9A820A0459ACD07208845514B64F3E9968A8E4A386A4DEF502EB38BC54ABFE7D7675B341C49CB5032A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.650638299892009 |
Encrypted: | false |
SSDEEP: | 24:Yv6X9iiamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BG:Yvn8BguOAh8cv+NKx |
MD5: | A61992BD2BC82576806DEFED6976D963 |
SHA1: | E56D07CEBBB35C45B7F1B286534AE915494D619E |
SHA-256: | ED713E069AB8BF187E0AF51C0425EB6DF62B1938D35F872F653492BC0D95DEC5 |
SHA-512: | 31443795E16F4E3D5D384776536C826ECE72CD304FBF9F00AD1D25F2B76F05B6D04066A1311D14B4AD39D4F8ACB2748CE18EF9772BE8210B2DAE4BE08F9AAE42 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.215377379759185 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJfshHHrPeUkwRe9:YvXKX/0YpW7ZGUUUkee9 |
MD5: | 3D440BB9DA1AAB29CCC71213106F36F4 |
SHA1: | 536D11E3AED2EEBBDD4A00B067BC634D1F8971CF |
SHA-256: | 74E50E4050BF755B2DEC4C1E1AAD5522A8D4CB697FA585FC484A4DEA736B4E37 |
SHA-512: | F888857B803B1870F56A8B1D3B22EAD11D3BCF5C85E696FCF7152905F2D57280BA1383826F31E26740293F182D7038C92A7E7C2EA7C7BAEA26C5E9246B93AB6C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.360797805667195 |
Encrypted: | false |
SSDEEP: | 12:YvXKX/0YpW7ZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWa:Yv6X9i1168CgEXX5kcIfANh/ |
MD5: | 2515FB71C5237BF220BB424810E585B9 |
SHA1: | 1F2439B8C3F1CAB7D2897DA1446ABE979370D6F6 |
SHA-256: | FE5DBACEBAF42761F563565813E4A15D341FDC2218F5BBCC97E8353914B86662 |
SHA-512: | E3945745A7DF95FFCD95DFEEC36AA8ACAD5357A9E5C36EDCA324D4C7C8ECCB7172410CF2E530764F6C9B138A0B0CA8EC2BC59D5E5CA7BE291239D72C338614B2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.139660112519737 |
Encrypted: | false |
SSDEEP: | 24:YWnIORbLYTKaf1ayPCN9yTTBcZHYvtjp/Jaj0Sj3Mb262LStPZa45tzBtU9Cc6Ja:YGqxG9yPByY5pB82H7Ps4PTU956Ja |
MD5: | 574192FCD2C321A0806FC387FC16AB99 |
SHA1: | 741138BE7F7E2BB6515DCC70B929ED2F88DC0560 |
SHA-256: | D64A609B64486AD63F048C6F4E085960B771AE2134D954A0829CFB2337DB6A67 |
SHA-512: | B6CA50EFFA6B0971CCC2B381284351DC26A97BE827AF423153B5F2C78D2D58ED4037BC5504EE32FB2D85FA21CB5E33F3CCBF68F7B7B61D06F648EE36CDDCEEE6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.0030248139537683 |
Encrypted: | false |
SSDEEP: | 24:TLKufx/XYKQvGJF7ursB1RZKHs/DsDXyhndp1yuVOLXA/LXRILXRfnBXndF:TGufl2GL7msvgOiChL4uVWBX3 |
MD5: | E371E491C2BF727BDED8A09B9975789A |
SHA1: | 8F19BED8E3E6605D316741F14CDF027DBAC36A7E |
SHA-256: | 737489ED80B5257DB2D0F7EFCC79D1C98EACEB084E3293E78969A5FA134D2FFF |
SHA-512: | 2BAE22D0E98651A485A5B490040ED441B8BB25B742859D01B25D63E3BE7EF4D5972730BAEE037C26455696210968254D6694F435489C84E057ACD69FC8EA759F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3651472198687646 |
Encrypted: | false |
SSDEEP: | 24:7+tg1RZKHs/Ds/SpFndp1yuVOLXA/LXRILXRfnBXndsnqLhx/XYKQvGJF7urs7:7MYgOVpFL4uVWBXiqFl2GL7ms7 |
MD5: | EBD10CA02DC557677A24CA4E856CBE9A |
SHA1: | 153A858FB1CC31DF101E4CB7746740C8F1DEDE8F |
SHA-256: | B64D2BEB8A7C8150B0BE111A3D50F6FC3BF21CF8A5DD6CDF5F12B80D9A92795C |
SHA-512: | 2354622371EF9EF6BD1005F8843AB2FFD3DCD94FB1957C4B00C76FF7D493D23175F9E390B3A0A4C890B0090DBE7E334AE32716CB689B82B0D5328DC8C25ED321 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.53559722477471 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8AAXYle:Qw946cPbiOxDlbYnuRKrw |
MD5: | F9C66639F54BF25F5DE2A32678A480D7 |
SHA1: | C4D60413F063CF7F311651629A547770FD06D2FE |
SHA-256: | 6172708A13A5C4E29BC3F4C812B5AD7F6424AB03E1F161673557DA9CC3D00FD9 |
SHA-512: | 040E0FE4611F809EC2DC0FA205359B36E72E09E3A8FEC19D52C3B25915353915398E13D7C04AC5BAD345B01AE5D276E8C7935CF52DC2EF0C435CB03A65B0EBA2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 7.992281805285832 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHti:Cjc7BcePUsSSt0 |
MD5: | 2256FEA23D2D4664E820C92F0FC7AAD5 |
SHA1: | 7C2E5E9A99CF177FD5F3F1C6D19552CDEB382EDB |
SHA-256: | 664AFEAA76A656A4621F345F69C89F0D56924E935928D2B4486C058E8302FDD9 |
SHA-512: | 0B638C4E84A94CB7BEBA54811BA1CF472DEAA8F45F5BC89C45C9531D7F1A9929EA99FD85248048D1E728768AA1E8CA996BAC74B93A4309B0047AD4341E055422 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.040148334362102 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROODdKW/LAW/LvuLCSyAAO:IngVMre9T0HQIDmy9g06JXzdN37mlX |
MD5: | 1AEC28BF77E979EB5D761B6FC7289EC2 |
SHA1: | EE5576E1FA57AAB137C1CA4C14B70D371B3EB5E0 |
SHA-256: | FA07A831C67B46313778FE4D774EC71247CEA2847CDD559C472192A0334AA25F |
SHA-512: | F4F395D9320EF60A2251377778CB4E8F8F98B322552D9FCC0A27682B76665CBA39283C7D3BB0EB41A8E85ECB7C845D7D04F19AA1B6A6D4A51E663E3D425F0263 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-27 11-59-09-598.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.3293801742548705 |
Encrypted: | false |
SSDEEP: | 384:dZkZ6ZVZirwrvrvMrHr6rErArFrrRrvrBroxtxxE/EjEqEGEhEoEbmTJTpTHFFus:dqwXIMLDMzuAURrFjd0HTG0RhGNf1dDf |
MD5: | CA31135243C52A51096DBAD9C008AB93 |
SHA1: | 01AE7D6E2D49E262620D03ADD72BC49BF237EAC5 |
SHA-256: | 00C8AF2708A574091A7E061CCE6C201C132090D484E2B51B2C56E7CC036961F5 |
SHA-512: | 7A1A6531D3613C6165179D1E9C6C5C0273517996D47FA6EF0FD1F738EBF3344D709815ECE686C1F7FF3534765A6E39F6A0DCBFF4D89A3151803F4505DFB2349A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.405741135393271 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGb1:5 |
MD5: | A776C2D64F169DA9A5AEADE2528F2335 |
SHA1: | C792B2800754DB324E3A7E9A396C390B76E1BD7A |
SHA-256: | C0C62FDFBC0BD447DABAD474556AFBF32A202DB67496EA962F805E6A24110587 |
SHA-512: | 50C48AAF6B520536CD38A2E47F0FF0A0D4A1798BA10678000DF71972C7267121BABF541033AAF77AB716D8AEDD428C26F159941A43488005254A300AF82800D1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/2wYIGNPRmOWL07otGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:OwZGDbWLxtGZN3mlind9i4ufFXpAXkru |
MD5: | AA6641E4BFC58F44E603CD0EE74AE8FF |
SHA1: | 29F99293E45449226D99AE893FA31E428BA80BF8 |
SHA-256: | 0C9CEF808C626D2412A4548C0F78FAFD52A30D49C36E1ED1CDA2BBF0E1B5F2F1 |
SHA-512: | 65C9820CA8747BB78292D34D7AB4D1F26F73CA4D7DF2C97F3BD87D777B8D00E981AF6CEC2D078AF5BB660EEDE1480608EC701B6F55A1521C6390F42FFDE6D0A2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/IkwYIGNPQbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07mWL07oXGZd:zwZG2b3mlind9i4ufFXpAXkrfUs0CWLk |
MD5: | 9431A1C2A3C1BEFE8F3925B1B333DC34 |
SHA1: | 4E77620153F74BE80B9D533FD16826A276113460 |
SHA-256: | 9C81A3C6CA676D3D45D2C43A2204E3B78DFB3C0082A1748B67CD9F95AD419ABC |
SHA-512: | 56AC05EAAAD17DBBA09E224C4472D1792C5B038ECB976E9DD107817999ACF7E8A217D0E6A61983777569426A7493661CF2CE16FF6753FE8517EFA360B52C871F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.66829583405449 |
Encrypted: | false |
SSDEEP: | 3:So6FwHn:So6FwHn |
MD5: | DD4A3BD8B9FF61628346391EA9987E1D |
SHA1: | 474076C122CACAAF112469FC62976BB69187AA2B |
SHA-256: | 7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486 |
SHA-512: | FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98682 |
Entropy (8bit): | 6.445287254681573 |
Encrypted: | false |
SSDEEP: | 1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L |
MD5: | 7113425405A05E110DC458BBF93F608A |
SHA1: | 88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF |
SHA-256: | 7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46 |
SHA-512: | 6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 737 |
Entropy (8bit): | 7.501268097735403 |
Encrypted: | false |
SSDEEP: | 12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa |
MD5: | 5274D23C3AB7C3D5A4F3F86D4249A545 |
SHA1: | 8A3778F5083169B281B610F2036E79AEA3020192 |
SHA-256: | 8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97 |
SHA-512: | FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14456 |
Entropy (8bit): | 4.2098179599164975 |
Encrypted: | false |
SSDEEP: | 192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ |
MD5: | 32FCA302C8B872738373D7CCB1E75FD4 |
SHA1: | DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1 |
SHA-256: | CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6 |
SHA-512: | 57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.97714529695486 |
Encrypted: | false |
SSDEEP: | 48:8/2d3TvjOHgidAKZdA19ehwiZUklqehRdy+3:8e3dwdy |
MD5: | EB58660D5D4547AF5A2CC2D310F06536 |
SHA1: | E5595B223138130A5537502EC645AA10BF503DF3 |
SHA-256: | 990F92D4F106D88B79681AAAA7118EC46AC72340AF74506130C58B9B94F2308B |
SHA-512: | 8ECD0E12C380EA0F273889014505AAA2810AC2BE44DAC1772A15A7EA7FDA34DA31977D79CFEB920FCD4C78E96CFD25EC4752B60C2029287010C91EB53863397D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9917030693800246 |
Encrypted: | false |
SSDEEP: | 48:8C2d3TvjOHgidAKZdA1weh/iZUkAQkqehgdy+2:8t3X9Q/dy |
MD5: | CA301F812F57947ED5709FE7BB066CC2 |
SHA1: | 8873CA1C315E3CF7099805D08A2C66CFE31D452C |
SHA-256: | 17EE44E17C91297EC922F29608DC438D87C2C71E1E5142F3FCCF8AADC6EACE15 |
SHA-512: | 6A00CE31DA5143C4DC70ECD154EA3649CAC66F4BBDF27AC2168C92BACB1C1197BE9874657C57760AB894043D1DD4B38B5B1C6EAC12B0D27A61445CC3DCC00511 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.005077479182944 |
Encrypted: | false |
SSDEEP: | 48:8xY2d3TvjsHgidAKZdA14tseh7sFiZUkmgqeh7sGdy+BX:8xn31ncdy |
MD5: | EA8A00CFF8963BBF31CE6E56487513B9 |
SHA1: | 904BDF7721CBD7954970508E365212D243F4AD85 |
SHA-256: | A67E369A25CD866D98EE5F7D02ED09D029C6CD0373129EAE9DF753DEE9662D54 |
SHA-512: | 5168A0F7C7C8C0CB64700A520C956FB2A1915FECDE3EBEDE4084113EA86A4E7703D92DF2F009235D6FB88FD5C957874715C1F251E0687FBCCE5FB7B8545CF068 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9906963537149474 |
Encrypted: | false |
SSDEEP: | 48:8yb2d3TvjOHgidAKZdA1vehDiZUkwqehEdy+R:8yS3Uudy |
MD5: | 550E24AA3997D8928A2C2DEC593E8252 |
SHA1: | 798A179482C99082C8E7E981317544E226212666 |
SHA-256: | BD9C1FF687E1768BACE9F0AE284714A12BE0985389C2E05EEA8432EE1975A3F2 |
SHA-512: | 50C70B9A62DB085F3366532693EE3E70CA3AAFA942756F70FB8ADFBBBB22CD4274F815C29CC53D72800B0D77BCFFF9D90A66C87DCCDCF44E3F1AD8212BA48744 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.980966023738085 |
Encrypted: | false |
SSDEEP: | 48:8i2d3TvjOHgidAKZdA1hehBiZUk1W1qehCdy+C:8N309idy |
MD5: | BD78710F50E81B040F953C6598A763DB |
SHA1: | BAEA805C5E5689F88F100C188A769A8645BA80E5 |
SHA-256: | 949F2794A8D7FD6AB8A0E291A9DD7646DCEFA18A6A43EEDFBEFD817097CDD714 |
SHA-512: | 8B16CA4BCF5989F12C433E9F70ED5C13DBA2C096F69A94D343F2F1A706A280515AFF5F15B2978303B80EEC9BAC4C7FFBC2ADDEA328E241C6E7212ED6F3BB21A2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9905920549934506 |
Encrypted: | false |
SSDEEP: | 48:8N2d3TvjOHgidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbcdy+yT+:8A3aT/TbxWOvTbcdy7T |
MD5: | A1FF323896366832981F5B60277DABDB |
SHA1: | 8416CA243ACE911009F66776D0E9A10F68B17003 |
SHA-256: | 7624B465DC90F676AFF06C56FA54AC9AD53B1C74AF2543C90CBBBBC4CAA29FBA |
SHA-512: | 6756EE98138FC996AD9822BCDA730AD87CC381F1C4A373E26D96A47FD5C39EB07001D97BAA85BD1DF26C66A5DD86A8C6B0FEEFA451A1EB64EA9F1F0FD2CDA686 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 315 |
Entropy (8bit): | 5.0572271090563765 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR |
MD5: | A34AC19F4AFAE63ADC5D2F7BC970C07F |
SHA1: | A82190FC530C265AA40A045C21770D967F4767B8 |
SHA-256: | D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3 |
SHA-512: | 42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765 |
Malicious: | false |
URL: | https://apps.evluator.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 452 |
Entropy (8bit): | 7.0936408308765495 |
Encrypted: | false |
SSDEEP: | 12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK |
MD5: | C33DE66281E933259772399D10A6AFE8 |
SHA1: | B9F9D500F8814381451011D4DCF59CD2D90AD94F |
SHA-256: | F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016 |
SHA-512: | 5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3 |
Malicious: | false |
URL: | https://qahey.teaf-c.org/cdn-cgi/images/icon-exclamation.png?1376755637 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4402 |
Entropy (8bit): | 5.092676476273466 |
Encrypted: | false |
SSDEEP: | 96:1j9jwIjYjUDK/D5DMF+BOis9MpA2ZLimQrR49PaQxJbGD:1j9jhjYjIK/Vo+tsqDZOmQrO9ieJGD |
MD5: | BE697F2521822A28441A32AA12ED349D |
SHA1: | B4D13B45C567D83689D75C11D312488BBE787A51 |
SHA-256: | 7BAEA57F0FFC139624A527A9D9312EC85A3440391E3DD9C2E971124134497C9C |
SHA-512: | E340B1D328E462D8762D947D2681AFC1E584FC04892C7A7E16886D0DFC29F387EBD59410E3BF3672887EEB0E486E893DCD6120BB89405E886FD7CC40684249FF |
Malicious: | false |
URL: | https://qahey.teaf-c.org/VdrOrhOG |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 24051 |
Entropy (8bit): | 4.941039417164537 |
Encrypted: | false |
SSDEEP: | 192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk |
MD5: | 5E8C69A459A691B5D1B9BE442332C87D |
SHA1: | F24DD1AD7C9080575D92A9A9A2C42620725EF836 |
SHA-256: | 84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091 |
SHA-512: | 6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42 |
Malicious: | false |
URL: | https://qahey.teaf-c.org/cdn-cgi/styles/cf.errors.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 452 |
Entropy (8bit): | 7.0936408308765495 |
Encrypted: | false |
SSDEEP: | 12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK |
MD5: | C33DE66281E933259772399D10A6AFE8 |
SHA1: | B9F9D500F8814381451011D4DCF59CD2D90AD94F |
SHA-256: | F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016 |
SHA-512: | 5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.764215127264455 |
TrID: |
|
File name: | Smeg SignRequest.pdf |
File size: | 23'434 bytes |
MD5: | 609192a8242e10bb7fdb1daa294b2f4d |
SHA1: | 5158d75d9317bd56881b30385abe220a1b36a525 |
SHA256: | cddbf9c1c1de14e5f50f254ffad6d28f6a485283d25b83342a593df577bc52a3 |
SHA512: | 7c0e7fb4746376a2c03e77f882416a282e58951ec9863eb487f49a07184e6a5f3a21fb69a71e72847a2fdcf62bc54d72f6c18153d563b99fa532976ebfa689df |
SSDEEP: | 384:RaV97XlRKtEyyGIOOvK5bCRbuWRKpNjr8CUSzsBvy+n7CUSiM:Rs97XyRtOi5bC8WRKr0jBvrs |
TLSH: | E6B2BFF8B49A0C8CFCC792129DB63C5D85BDB2A38AC5355630354F81EC08D8979659EF |
File Content Preview: | %PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20240809174348Z).>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endobj.4 0 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.764215 |
Total Bytes: | 23434 |
Stream Entropy: | 7.963762 |
Stream Bytes: | 19102 |
Entropy outside Streams: | 5.130497 |
Bytes outside Streams: | 4332 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 32 |
endobj | 32 |
stream | 10 |
endstream | 10 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
7 | 1838e6d894726a06 | 9a89ccaa141abedea8eb2aa9a3fc5539 | |
9 | 0000000000000000 | 2341b247a5d4b9368a6fb189b667c8b2 | |
11 | dca66d5155599ac4 | ceb3c68b0a65e38427782232d0899215 | |
13 | ccb26971757d92cc | cb87815411998bae8d5e8925c029f951 | |
15 | 5d4d11295929557d | 4205a02791ba6e45c52e65eb5788d8b6 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:59:06 |
Start date: | 27/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 11:59:06 |
Start date: | 27/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 11:59:08 |
Start date: | 27/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 11:59:08 |
Start date: | 27/08/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 6 |
Start time: | 11:59:11 |
Start date: | 27/08/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |