Windows
Analysis Report
Session_74085.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7588 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\S ession_740 85.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7776 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7976 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 80 --field -trial-han dle=1552,i ,877291531 5826890772 ,853808315 0746886622 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | IP Address: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.78.188.188 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1500127 |
Start date and time: | 2024-08-27 23:14:45 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Session_74085.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/51@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.143, 2.19.126.142, 162.159.61.3, 172.64.41.3, 23.22.254.206, 54.227.187.23, 52.202.204.11, 52.5.13.197, 192.168.2.4, 2.16.202.123, 95.101.54.210, 217.20.57.38, 23.219.161.132
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com, wu-b-net.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Session_74085.pdf
Time | Type | Description |
---|---|---|
17:15:48 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.78.188.188 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher, Tycoon2FA | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | LummaC, Vidar | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.251021122479032 |
Encrypted: | false |
SSDEEP: | 6:N70jMIq2Pwkn2nKuAl9OmbnIFUt88702ZZmw+870pxkwOwkn2nKuAl9OmbjLJ:N70QIvYfHAahFUt88702Z/+870px5JfC |
MD5: | 4B0813226AA6ABEF59C073166BAF119D |
SHA1: | 2B6FCA79DEA3F36E92B7D39CC27B2CC39C00A3A5 |
SHA-256: | 35491ED81221CFA4F8AD2B0B30B7D9B8E19E290090985E7E8D51A3577D79EACF |
SHA-512: | 66E058736DA4A57AE0F2A1C2DEAD19C6A0E1353A77E240FD9A8CCB8CE8F89364B778E27AA1D50B730451AC8FC930F8E2D53C8F8A3F1166A199A26C2D2D261262 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.251021122479032 |
Encrypted: | false |
SSDEEP: | 6:N70jMIq2Pwkn2nKuAl9OmbnIFUt88702ZZmw+870pxkwOwkn2nKuAl9OmbjLJ:N70QIvYfHAahFUt88702Z/+870px5JfC |
MD5: | 4B0813226AA6ABEF59C073166BAF119D |
SHA1: | 2B6FCA79DEA3F36E92B7D39CC27B2CC39C00A3A5 |
SHA-256: | 35491ED81221CFA4F8AD2B0B30B7D9B8E19E290090985E7E8D51A3577D79EACF |
SHA-512: | 66E058736DA4A57AE0F2A1C2DEAD19C6A0E1353A77E240FD9A8CCB8CE8F89364B778E27AA1D50B730451AC8FC930F8E2D53C8F8A3F1166A199A26C2D2D261262 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.229517691539044 |
Encrypted: | false |
SSDEEP: | 6:N75a3+q2Pwkn2nKuAl9Ombzo2jMGIFUt887u0Zmw+87SVkwOwkn2nKuAl9Ombzos:N783+vYfHAa8uFUt887u0/+87SV5JfHA |
MD5: | D9A2B56A1144E68085F0E7C04E4EB704 |
SHA1: | A0C8CF81C2B3EA25520CC361CB66CDC3253D773B |
SHA-256: | 5518C9537845478E8563AB67B62FCCAB9718FD4A41A39A3FCB7638F1D3E9112F |
SHA-512: | 8C5BE4F1C0E80FB3872DF675CCEED198532B13D5B3A4E4E56D7782D5F13D645AD5ADDF4BA0D84C463A576CC441FE61627150F08369BDE507078572D64B5A0AC9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.229517691539044 |
Encrypted: | false |
SSDEEP: | 6:N75a3+q2Pwkn2nKuAl9Ombzo2jMGIFUt887u0Zmw+87SVkwOwkn2nKuAl9Ombzos:N783+vYfHAa8uFUt887u0/+87SV5JfHA |
MD5: | D9A2B56A1144E68085F0E7C04E4EB704 |
SHA1: | A0C8CF81C2B3EA25520CC361CB66CDC3253D773B |
SHA-256: | 5518C9537845478E8563AB67B62FCCAB9718FD4A41A39A3FCB7638F1D3E9112F |
SHA-512: | 8C5BE4F1C0E80FB3872DF675CCEED198532B13D5B3A4E4E56D7782D5F13D645AD5ADDF4BA0D84C463A576CC441FE61627150F08369BDE507078572D64B5A0AC9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.957570101121775 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqrhsBdOg2HMcaq3QYiubInP7E4T3y:Y2sRds3dMHv3QYhbG7nby |
MD5: | A51F6C00B6C8FEC534F70B104789BECB |
SHA1: | B873548C0FEF3D3B96137370EE7C7DB1881752B2 |
SHA-256: | 25163B271ADEBEEF596001A0DA5CA4D63B4DFC3B0F1776BC384832E342EED32B |
SHA-512: | C70437B43676D95DC53971730C577E459720700C4BAC998E77DEB176EE18F7F371B44E99708266647B30514810295B9012B32EEB54E43B13BF9F2263E77C7201 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f39db160-1837-4a71-9411-953386254915.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.957570101121775 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqrhsBdOg2HMcaq3QYiubInP7E4T3y:Y2sRds3dMHv3QYhbG7nby |
MD5: | A51F6C00B6C8FEC534F70B104789BECB |
SHA1: | B873548C0FEF3D3B96137370EE7C7DB1881752B2 |
SHA-256: | 25163B271ADEBEEF596001A0DA5CA4D63B4DFC3B0F1776BC384832E342EED32B |
SHA-512: | C70437B43676D95DC53971730C577E459720700C4BAC998E77DEB176EE18F7F371B44E99708266647B30514810295B9012B32EEB54E43B13BF9F2263E77C7201 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.252097266587524 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7k50mpPj4eX0mGPZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goD |
MD5: | 41850A000D3156763E1DF251A0C4EC4C |
SHA1: | 295EC4043BDFCECC50DFE078F4D260E53DDA90EA |
SHA-256: | 432D0B820FC04BDA46037EA795AE69B40D8DF35FD8C48ACC3A35CEEF0059C6C6 |
SHA-512: | 1EEE3DB7E8E9F66C112A10FF6CE9426FDA6273DBEC633C8FB3A0DA585BA2DDD4EE80309F1968CCDA6744629212046937547B541B0BB8D41565EAA94B762B9176 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.254307862075553 |
Encrypted: | false |
SSDEEP: | 6:N7/tJ+q2Pwkn2nKuAl9OmbzNMxIFUt887xZmw+87yNVkwOwkn2nKuAl9OmbzNMFd:N7//+vYfHAa8jFUt887x/+87yNV5JfHP |
MD5: | FA74C7EB33EEF3729B423D511921FFA3 |
SHA1: | C1CC925FC69618B4A58B13EBC2EFE307934DA94A |
SHA-256: | A631AFD7960ECB1DABA3387ABD670A84D531077B887E2DF619BF8DBF4FA2F8E3 |
SHA-512: | 9C05C4175A90CF7A3EF5753FE76C8130407DFE1DD4A25E4341DEE6A71CFBF98D2E776CDBB633A7A061F0B64BAA2FE6C27B239CF2A69989148884A45A9E89EC0F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.254307862075553 |
Encrypted: | false |
SSDEEP: | 6:N7/tJ+q2Pwkn2nKuAl9OmbzNMxIFUt887xZmw+87yNVkwOwkn2nKuAl9OmbzNMFd:N7//+vYfHAa8jFUt887x/+87yNV5JfHP |
MD5: | FA74C7EB33EEF3729B423D511921FFA3 |
SHA1: | C1CC925FC69618B4A58B13EBC2EFE307934DA94A |
SHA-256: | A631AFD7960ECB1DABA3387ABD670A84D531077B887E2DF619BF8DBF4FA2F8E3 |
SHA-512: | 9C05C4175A90CF7A3EF5753FE76C8130407DFE1DD4A25E4341DEE6A71CFBF98D2E776CDBB633A7A061F0B64BAA2FE6C27B239CF2A69989148884A45A9E89EC0F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240827211539Z-154.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.504013475072779 |
Encrypted: | false |
SSDEEP: | 384:XzUEHiVuLnMLgy+odHwq98rM8YgRGnLSn5Ohfhta4QD168PxtRRwcpflb:9C1ql |
MD5: | 1D97EE04E521EDD6D9E2B885C4E165B8 |
SHA1: | 05182CADF7274D67B9E87240FC9C67D8BA94E2E6 |
SHA-256: | BF8CFA439DD3E680D9C6FA907D70E487966863E534329D06B16BF26C54C1B4AD |
SHA-512: | 5291C68273B3DC3E44107181028CAD1748B838F735EE2E97D1029F4949C96F0ED2A5E63F1BB50E76381C41A61AFFEEA7A4494DAEB2E8EDD82115DE25355B5301 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445348471386374 |
Encrypted: | false |
SSDEEP: | 384:CeEci5t4iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:sfs3OazzU89UTTgUL |
MD5: | 5BC2C4D2D2DD8DF2034B5D6950BEF51F |
SHA1: | 8FC9C1E67C3C1CD89E38E2D0276AB167A1FA5BD3 |
SHA-256: | B13EA5EB574CA2AD4DAA17987A4148FAD88D391E6825DD7D225D88270AD64E1B |
SHA-512: | 78E0DF96444EB3E3EED8321015DCE0E19B0B383FE7C08666A6C41B854A9B9655BFB817B376D03FEA835695A1C486453FCA04D3A3A9012521867E04C3AE297D01 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 2.213872529883958 |
Encrypted: | false |
SSDEEP: | 24:7+t2mnuwK7qL7zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9MO:7MjnC7q/mFTIF3XmHjBoGGR+jMz+Lhj |
MD5: | 4B1BAFED5E057EA6ABCCA2CF51D0B0D7 |
SHA1: | 0112E5B2C5D9C46F3D403695251AD0A58918BF28 |
SHA-256: | D338F621FFBD1A1728B804C198ACD12A294AC0977BDBD3A154C2B92A0286AF0A |
SHA-512: | 62FAD8813BC9FAEA27B62EB83D92C2FC6D84EDCDF1FF6D4B1CBD8D7E1017C5756810E768A696A2CF37619ED62BD42DB560F0F3918A1DC4E42A705534EB23860E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.137989037915285 |
Encrypted: | false |
SSDEEP: | 6:kKXj49UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:bDDnLNkPlE99SNxAhUe/3 |
MD5: | F359CFB5475E05A7DEE063C129BAD0E8 |
SHA1: | 9E2915D5DE899E0135B882F088344FC557D0EA29 |
SHA-256: | D5F348F1C3363F225CDFE34D404BA6DB1EDFD167BBDDB83390DA1FB5D16615B6 |
SHA-512: | 49CF0D464395BB2C413FF8FA137B1D8CAD446F8C71A93D2953E0236E7AD73ED9C435231EF5DC07793E19FC3EB02D71799E41A4B57C9534B27A2270CD4D62FA19 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.026467887142631 |
Encrypted: | false |
SSDEEP: | 3:kkFklaktfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnklc:kKaxliBAIdQZV7I7kc3 |
MD5: | 119B0447E42C90197CF61EC409AF2550 |
SHA1: | 6F2B216B14C9FBE3D4E977BCF4593374A7512599 |
SHA-256: | 844F303186863559395CCBBA7110AE7EA101C7BA676EA71B7E61860A6FC9B5B4 |
SHA-512: | BF5CCD4C39FF3AFF61151986FEAC2F1E9A372BB2394AFD0E39CF977EFDD83D7250D8E89B0BED5F300852BD139BA6C1EEBE89ABBF787551F5DCED20421358223D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.365038507337115 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJM3g98kUwPeUkwRe9:YvXKXuIlLTWZc0v/GMbLUkee9 |
MD5: | 7E552FA6F7DDF63D83F05434FB211B88 |
SHA1: | CAFA240AB7401F8BFE7544B5582280C7A889BE29 |
SHA-256: | B651D1A330347761A9C4A3E2E2B9388488CE99981A409BA5A5B9753CA08B0441 |
SHA-512: | 8B1C3962683EF259E205C89C854F39BA49A98D0A1B7E6B95C90C2C7CD723B6661A51E5932DBBD548BE4436A8B310E747FBACAB21B1DF1C84D606EB8CBEAD8122 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.314762160640761 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJfBoTfXpnrPeUkwRe9:YvXKXuIlLTWZc0v/GWTfXcUkee9 |
MD5: | 350488C8F391A1411F3A0525E17DB0C8 |
SHA1: | ACFCBCFDEAF1B62B6543D1AE5CA024EDFAEAA3F0 |
SHA-256: | B0747D93D5413FFB6B3148BCA8544D553F4192C18178C4B07F521D5EEEF26A70 |
SHA-512: | 30DDC88F0F8C1650DA66607D769BD0425D99BD17D3AF0CABBC0FF725F9AF50B84ACA0A9263A2A9CE45C91CE1B0494890806B72A0FD82F1A34FFD4AC792C3B28B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.294248729778163 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJfBD2G6UpnrPeUkwRe9:YvXKXuIlLTWZc0v/GR22cUkee9 |
MD5: | AC4D8ACF91853C5697DABF5BFEFBBCDF |
SHA1: | E40A0F84B95CD20550CC1F323347E13F77B6B7E5 |
SHA-256: | 505DD71009D7F24A34AE21E332518BF89BEC5422BCB56678A8E30632CD92FFBA |
SHA-512: | E1E77348F0AC4372CA875AD6C10C3AD9C95EF4C2CD4AC124E7D28DEF23B97624D089A6B4EE89084F7779AE5B30C545C6E4B8F7A30879628FB19A633BEB7A5E40 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.352107789708413 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJfPmwrPeUkwRe9:YvXKXuIlLTWZc0v/GH56Ukee9 |
MD5: | E74630E570E3153745AD0320719A24FB |
SHA1: | 11A183FA66E2595EDA953DFC4D9635138191271E |
SHA-256: | 24FB9EADD1B0821B66C1117CC0C06E0A9B0C9EF01005F1D171DDAF9641C4F9CF |
SHA-512: | D29B2A87540D926B2222DDABFD7EAD7F3AE449524D7993788C47F54A0E3264E63F13F5C1A33896D8857E56BE4355E6363A2E3DDCAD78F478761E79B5C81051D7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.666079288879271 |
Encrypted: | false |
SSDEEP: | 24:Yv6XnRTWzvkpLgEFqciGennl0RCmK8czOCY4w2wK:Yv+RachgLtaAh8cvYvK |
MD5: | 734612558F6C4327C46B96A28331E636 |
SHA1: | 61FB8CC723111437AE8411965B886A99741EC757 |
SHA-256: | 22F7DFCDEF106171B9B599169B3F3C60CA42B91A38C86AF60E7EF2633638951D |
SHA-512: | 813281F9FEC3B9C92D9DA6D80F905FF68D5A621EB4113247621A3F4556A5BC42614C2C877AF1BAAEDDB261915EB97A34CD07D9832597765B0A3C8184E8E2ECFF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.656365586613853 |
Encrypted: | false |
SSDEEP: | 24:Yv6XnRTWzv+VLgEF0c7sbnl0RCmK8czOCYHflEpwiVwK:Yv+RaWFg6sGAh8cvYHWpwc |
MD5: | 4F75E2E4F8389C6A2C3475A705045DCB |
SHA1: | 9655E359BC8994CEFEDC516A225737B675C22113 |
SHA-256: | C4B926CDCFA3AEA5AE15E4B9ED3040410FBDD26DD5462E232E071E76F1484C0F |
SHA-512: | D43E5D49D95BB300261CEF00AD12A6E541CB777C411F83790FBD9E7811C35F100B483230A0DEE548F733D355B44117DEDFABDF7A6286C6799D3765A4BAEF5A33 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.305726325738302 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJfQ1rPeUkwRe9:YvXKXuIlLTWZc0v/GY16Ukee9 |
MD5: | 4FBABAD2A0EB9562FB7C7E0CB159CA8B |
SHA1: | BAFEF452EFC155CEAC9C98C6FEAAAAB10617639C |
SHA-256: | 9149C7117BD2FAB4AC271FB3FE97814BEBBE5680A74B6FA1DA7BA85CD4EED2E8 |
SHA-512: | F2D913B9A27E120C07B1DD00040831BDD59DB96A3BA57EBAEA81DFA592FE635DA8EE758353B92BDFBB7A70687366CB9E06219F29C89F7F7BA310B58C5B235C4D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.649446708060146 |
Encrypted: | false |
SSDEEP: | 24:Yv6XnRTWzvL2LgEF7cciAXs0nl0RCmK8czOCAPtciBwK:Yv+RaDogc8hAh8cvAb |
MD5: | 3E80235D5815AC67FE6A9E7B118C2510 |
SHA1: | 9895918526D1CA0975906AEC2996867C8B2C1F6D |
SHA-256: | 87DF845E60138D25C992C53CE350FD5B2C1ED12866C4B8618401A750FDE81A7D |
SHA-512: | 0C729DD8E83E7F4C993BC7C482B961EF4EDEDE46A75D14C400D42B98C0B664328B8CBD187BEE2041D715E76D9F249EAF2C53AA0FFE48A649A68D7573D8A4AFED |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.703755075192118 |
Encrypted: | false |
SSDEEP: | 24:Yv6XnRTWzvHKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5wK:Yv+RaPEgqprtrS5OZjSlwTmAfSKn |
MD5: | 97CABC6DA9A1F983CB1D8E1A485D728E |
SHA1: | D3E3811056C73854D14956B542BFDABA158D0EF3 |
SHA-256: | D2AA0F325AE2AA7CC8B37FB2D75CB1D606CAB8B230929CC49AAD09B4A2E88193 |
SHA-512: | 5367EF33D94AE69A6A00CB0AA9B0FE607AA85352B03FFFDACE11DD1FAA7AA6EA20180639E2A0F9C478B83D8EB0D0737286D85C335FC16342712A357F4571BAED |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.307079468659761 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJfYdPeUkwRe9:YvXKXuIlLTWZc0v/Gg8Ukee9 |
MD5: | B355E68681D4DA0C29117EC124AB582B |
SHA1: | 0387F08B1C292C157E990AC4CB8A3F6E25009D11 |
SHA-256: | 5360106810D78346CF7B15FBCAB488CE0F2C40319030E75FD86CCFD1C16F0E21 |
SHA-512: | 8517657FF9C3C0921B7F925582B54DF88F75B2276421878B2E4C31CAE754672BC78DFCEFF32B2142D97B3E76E9FC8B4A0410D7837934118339E9AE56EDD0E41D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.781361333857597 |
Encrypted: | false |
SSDEEP: | 24:Yv6XnRTWzvarLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNoK:Yv+RaSHgDv3W2aYQfgB5OUupHrQ9FJn |
MD5: | 8872D27008BC1CADBCDAA42DD7175BB8 |
SHA1: | E3B34687A281B4CA46A1C16FF5B803AFD4B08A93 |
SHA-256: | 7CD661786D486FFF5E9924A393AF4D8E82ABB1149E91CA60B471F33F6380F78F |
SHA-512: | A810B96B24ED42731FCEABF05B801BD87064F048A961DAAFD3892D26F8C4292389BF5BE5CC4E9956E7D365D5139F0AC40A4B0971A73D29362668ED7E397DAE98 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.290577910191632 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJfbPtdPeUkwRe9:YvXKXuIlLTWZc0v/GDV8Ukee9 |
MD5: | DDFFE8E3DB4808F52D2B0DB063FA4A5F |
SHA1: | 368815A83692DB9A9724882F8E45A41E56389C02 |
SHA-256: | D4ABD208CAFF10BA629F1CF0A80CE8A1713082BA30D9D78DA4400A569AAF10EA |
SHA-512: | D5413EC05ADDEAB42B281306BAFB395F1A7DFE6847E0FFE9DC631A8F0E9440D3FDE2DB50B881F6A52A2B84B1A924EB3A72D3D937F4D0CD69C617A26CEEF52A85 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.295327353246223 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJf21rPeUkwRe9:YvXKXuIlLTWZc0v/G+16Ukee9 |
MD5: | B3EEE01D8071E00D8F9119B341922F3D |
SHA1: | F682ED7F5A4504ED5E0364DFB1CC4652951785B7 |
SHA-256: | 217D2B3545485AEE55E7621392BD561F48C67DF00F89200C442E0108E60161B8 |
SHA-512: | 17E0D8EE2E064BFDFC07A3649C9D7C30B2F1EB6F165A52FF73409F493C30FF76072304D1BCB7BAD79E0C6FFA60FB7A08D685D2BEADE2E399151CED1F8F8351EA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.6554910701953105 |
Encrypted: | false |
SSDEEP: | 24:Yv6XnRTWzvAamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BwK:Yv+RauBguOAh8cv+NKC |
MD5: | E9884F9DF486656A0DF2A013B6EE116B |
SHA1: | CE25F0BC9E8B9D3E137ACA70052DD9A76BCD9BD8 |
SHA-256: | 61DA04E5E116AAD99C0142C780F93DE7492B341D1476782E8707A0408925FA0B |
SHA-512: | FF15EB37D7D446D1288A7FE16C2E6F21C90925AE835FB1B2B3DC426688AFE52109D73922AA9CCD7D4765488254EA5549521BC95690A4F2177FB063BDA887AEF3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.273283911936503 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJfshHHrPeUkwRe9:YvXKXuIlLTWZc0v/GUUUkee9 |
MD5: | 97C3DCCF69A2CDF660DA88035AB1E462 |
SHA1: | D1D4975C98535FA07F609D44EC86A92551F11D50 |
SHA-256: | 6AFFF2EE466A99E2ABE6EFD1F8EB5C7C34E63261139B249C27B9A9D42D1C0DA3 |
SHA-512: | 61E2052365C966DB35D534CD94AA6E040609AD2BBA53737688B33B2ACE7639406C49F088B07EEB5CD6431F942A3F0F42D2D20557C4E4EFB50345B38A97C580C9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.376422514532964 |
Encrypted: | false |
SSDEEP: | 12:YvXKXuIlLTWZc0v/GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWsK:Yv6XnRTWzvv168CgEXX5kcIfANhxK |
MD5: | 80E4B21A8CBEB9B58DE01E9E7AAA581A |
SHA1: | E5C2975B41EE2796B28CC0EE1A4A9652AC38EA28 |
SHA-256: | F8B563E4F89D93B926290C53C0569BECB7E8DA9673E9A4652B5EF42A66B2F810 |
SHA-512: | 403E5BF054B1FC786C36449DD0145787A46D7C53E77A921E6F04868761AAD132D0362FA3AB12F3299BFCD7E3F7849117CEA36B6F9BC7BBC031701654EA2CA9FE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.142965328163282 |
Encrypted: | false |
SSDEEP: | 24:YaB3gK7Ea79alMayS7y8p3Y7VzqLWw7OCuK9yqg70l247A9mK7GoL7BIS7ujixR3:YdLLs/Kf7e9mDixVaVegNd6i99Iv |
MD5: | D3E1E7122BD561CB66B4E3BC67E03FFA |
SHA1: | CE0F7B4CD4EA852B65A90205515C6C02BB55E9A5 |
SHA-256: | 9CED46DF363311E0ACC30A931CFE8A2E6494029DA87EE8543C1905B3F4FC1108 |
SHA-512: | 37FC0FEB0C65832152316D652944E01270B2968C98B85053C9FDFB183900385B8E8BB77BB5F8B9CD09E64AAC3D2C07853C4EEF7CB74FE177BFEFEEEAF4A9A360 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.186208437845991 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUnSvR9H9vxFGiDIAEkGVvpb:lNVmswUUUUUUUUn+FGSItH |
MD5: | D089420B1F42F466C1F27C3A8670B3FA |
SHA1: | 06DECDB2175119EC9EA38495C0178B70D7E693F2 |
SHA-256: | 2DDD40236A2569CDBF0FBAA35C52088F7C683EE35864BA472DEC3C3A09A56BAD |
SHA-512: | B8343BFDC7F1FB7955629E9E515D03C729EC51987412E8A8DE16A6EE2E5282360CA566E8435DD0F3B2034A1A57993769B332E815C4DE61873CD424A3DC5E9691 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6049100311293276 |
Encrypted: | false |
SSDEEP: | 48:7M4KUUUUUUUUUU7vR9H9vxFGiDIAEkGVvcqFl2GL7msE:7kUUUUUUUUUULFGSItaKVmsE |
MD5: | E37A494BFB9DCF6F87D72D2273EDBE36 |
SHA1: | A261E6AD4ACA0B182A16A084C5DAB128DD51663A |
SHA-256: | 24D049BB05C4CAF02CCC4808D8CE625F8BD0C57D6526B7F1980D65BB0189C6A4 |
SHA-512: | EA574F04ACD1591124031A31E29202DC015329D2419A18251EAE7D6F26297494F8C18438FCA7945FFE1B6D30EC76F0F517D6C29697BB84803F31B317600553CB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5162684137903053 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8AAe7aCH:Qw946cPbiOxDlbYnuRKRH |
MD5: | 36E4CA19397A27113835ABD8AA5B18DF |
SHA1: | 8ED9103ADC54007BE1FA465038D3943395D0D461 |
SHA-256: | B4F6230A1A064B9B446B94DB1628CB418650563FCAFEDD294E47ED0D6E6FF35D |
SHA-512: | C2A70ED336771E9A7C174997FBF752D295EDC7668CAAA5970198555DE365E174719E108AA574B99F22ACD9B449A9E8533895C27BAA4E29452F588DD4F324E6AA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 108058 |
Entropy (8bit): | 7.99199742595327 |
Encrypted: | true |
SSDEEP: | 1536:Ovj3fXvOA7zO3qgSPp67cNtHbKpPBXrzyUVLOhCyhrzDDvc4DZsRMRa5rVaJNEhi:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJcq |
MD5: | 0178C6EE26590A8ABFC1CBD5BB5C335F |
SHA1: | DBE042C4F652E96C34BC10FDCE2ECD8485077158 |
SHA-256: | 922CE47ECFC6144A881C2C9A06EE99F73DA4506E8F796FCC79E982599B364E33 |
SHA-512: | 310E5B93360ED2394B097A464A38692D58E51C4000D13C07DF1A07743160F2F2399F3AEAF26EEA8AB8C4DE780E91F7BE1B0CDF8438637C0EC825A34C21EF5E22 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.091453819841356 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOhw2RH8oqn2RH8oT/yLCSyAAO:IngVMre9T0HQIDmy9g06JXRw2k2ElX |
MD5: | 43C8D1FA7D65FF4242D60558D0D1863F |
SHA1: | 85AD6FB27DFA6121EB31A8059B2B447A6D077F56 |
SHA-256: | 3E20963B243818A0FF2AE3784459A24F4D7C9D3C995F69242259660D6EA7DA58 |
SHA-512: | 9461DD12F03B340E42DAB577F0A95C9E982911721EB12A28FC38B8BD2C0CEA1DE6C64BAAF8A35A06385B279CB53A99BAC9DE13EB3917242FB4A120583AFB50B8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-27 17-15-37-470.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.363675683440152 |
Encrypted: | false |
SSDEEP: | 384:iDfiffeU4yVFohMTo+Z+8erDAoEE3fwJgb0eQk+5n6U+4JfU8DHn+p+n2YeTx+uM:fr5 |
MD5: | 0938220ADA5D51EEDF354B9E5DD86DDC |
SHA1: | 7C480AFE24F5D8CC8CEE77659ED8DE539128AE00 |
SHA-256: | B5EAAA52DFC8BE28EE0993ADDD76118D7EC003742F7F1056E7B3DA7E6FED4ECC |
SHA-512: | CC71ABC743C9A23B488AD31258B7ABBE0D8DDCD01C2AE0FCA500964C2E4B9AD702C7427206F882851B369519DF31CFBDA94FA1CB35D08CDE221359A05F91BBEA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.393007944482326 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r1:B |
MD5: | 5D916370059912A6DA773501F8D82777 |
SHA1: | 7E80EF9C6C8E82B656D68EFD9B47D8E238077509 |
SHA-256: | 4EE3F9D498E6A594EE93487A7F824D9E0E67BC2F4C5A428D2BE18F0CCCD37823 |
SHA-512: | 19866A1FB12DF87B2F05FC8E9F4F27950A2E3FD482B53C13754E80738B37B6D4439BBB2A6A64EAC3F41DAE58D958B2DFB77FEFEABB1C84B230594FE7D249F13E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7ouWLaGZ7wYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLaGZ7wZGk3mlind9i4ufFXpAXkru |
MD5: | 13F55292D0735B9ABD4259B225D210FC |
SHA1: | 810CC5D545BFA11D2825F6E1DFA69176794DA7EC |
SHA-256: | 8C3FFEA68963D108599E8C5AE20DE6E9C473BF33197A03A9A7DDCD0F25A6C7F6 |
SHA-512: | 4F54EDA9EB61172A5243DAA718CFF42A0BF079CC0FA7BE3553CC8B79772763B49F530DD6B54A9D595C4F46B8416ADF7D5C8DAD58FC43A5C651258E669DC375DA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.66829583405449 |
Encrypted: | false |
SSDEEP: | 3:So6FwHn:So6FwHn |
MD5: | DD4A3BD8B9FF61628346391EA9987E1D |
SHA1: | 474076C122CACAAF112469FC62976BB69187AA2B |
SHA-256: | 7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486 |
SHA-512: | FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98682 |
Entropy (8bit): | 6.445287254681573 |
Encrypted: | false |
SSDEEP: | 1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L |
MD5: | 7113425405A05E110DC458BBF93F608A |
SHA1: | 88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF |
SHA-256: | 7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46 |
SHA-512: | 6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 737 |
Entropy (8bit): | 7.501268097735403 |
Encrypted: | false |
SSDEEP: | 12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa |
MD5: | 5274D23C3AB7C3D5A4F3F86D4249A545 |
SHA1: | 8A3778F5083169B281B610F2036E79AEA3020192 |
SHA-256: | 8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97 |
SHA-512: | FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.551686368008415 |
TrID: |
|
File name: | Session_74085.pdf |
File size: | 107'041 bytes |
MD5: | b457e0bb0d2136c36f275833b76830c4 |
SHA1: | cc21ef5e3e2948ac8e909a3eb4cfa1ff5a87a247 |
SHA256: | 4fdf086638b8015ec11ac712f2377af9355b66bf53a058ffeeb5a688387ec5b5 |
SHA512: | 6b5754c864b2a721979f8686d6ccedaba00999d300db0461b0cc8d7fd44c04d9042ec73c4848465f89d3acb2f68a0cd5a4be2fad7ab89e8657abf41cae0227b2 |
SSDEEP: | 1536:idiY2pRL5jqjRttPXKunDsYDTPp5c4otuN074vjWP1t:uQLUZaID55cR57YK |
TLSH: | 6AA39D31F3EBE7289B1B088D463E3D3B532596C189E25113413B4D8296A1FBBD947A7C |
File Content Preview: | %PDF-1.4.%.....1 0 obj.<</Creator (Mozilla/5.0 \(Windows NT 10.0; WOW64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Vyaparapp/10.17.3 Chrome/108.0.5359.215 Electron/22.3.27 Safari/537.36)./Producer (Skia/PDF m108)./CreationDate (D:20240826174736+00'00')./M |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.551686 |
Total Bytes: | 107041 |
Stream Entropy: | 7.529926 |
Stream Bytes: | 102735 |
Entropy outside Streams: | 5.228852 |
Bytes outside Streams: | 4306 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 19 |
endobj | 19 |
stream | 7 |
endstream | 7 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
6 | 698e969f979e5a24 | be7109be9bd5b7158795afb9e5b2cc2d | |
8 | 00233b43273b2b00 | 9bfbd613789d88ade2755cdf9c923370 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:15:34 |
Start date: | 27/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 17:15:35 |
Start date: | 27/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 17:15:35 |
Start date: | 27/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |