Windows
Analysis Report
Project Proposal.pdf
Overview
General Information
Detection
Score: | 21 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64_ra
- Acrobat.exe (PID: 3460 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\P roject Pro posal.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6908 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7140 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 40 --field -trial-han dle=1592,i ,178942903 7944289965 3,10121711 5948630250 15,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
Phishing |
---|
Source: | OCR Text: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Process information queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.159.61.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
93.184.221.240 | unknown | European Union | 15133 | EDGECASTUS | false | |
2.23.197.184 | unknown | European Union | 1273 | CWVodafoneGroupPLCEU | false | |
184.28.88.176 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
34.193.227.236 | unknown | United States | 14618 | AMAZON-AESUS | false | |
23.203.104.175 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1520707 |
Start date and time: | 2024-09-27 18:34:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | Project Proposal.pdf |
Detection: | SUS |
Classification: | sus21.phis.winPDF@16/33@3/62 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 34.193.227.236, 18.207.85.246, 107.22.247.231, 54.144.73.197
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, ctldl.windowsupdate.com, p13n.adobe.io, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Project Proposal.pdf
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9ae4f645-8b3a-4eb2-8697-0d20a2421e37.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF536c14.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a4e8113b-9dd3-4b28-b3f0-7ccf031b1cea.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.983035572001025 |
Encrypted: | false |
SSDEEP: | |
MD5: | 286472F2393F8160EE75E3B86890B87E |
SHA1: | 78D0BF06DF946A62C8987EA6E0AFF2A0472DCDFF |
SHA-256: | 37274D18893602EA53EBEAC84CD79C3C1A7FFE449467944A1EDF106A1BB54CE5 |
SHA-512: | EEB96B841E41A1250BFFE50EF766B68A94D7BDEFFD7307972D1D0E3D6FA232A62EEF77A922E381691609150B2326D7C33EE8A94DD4E39B03DD39E8B0CE84F160 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240927163441Z-164.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.2925990705762151 |
Encrypted: | false |
SSDEEP: | |
MD5: | BFB9E7D7B55AC1CA7ABE3A792FDAA54D |
SHA1: | 7F5A1653EEEFFEFAE2E8ECBED64F32313CE623B6 |
SHA-256: | 824C9F6E61EF26FDADF6044DB4F6D04EC374248AA0483981C38121819DB82A72 |
SHA-512: | FDCF8E02CA6D786B1971A156FAFFBF113F7D20B9FD0C4D1848C6BD30A54B8E31F874B22519301DF4791728CDC9BEE1F3C261EBC4717715B04827A26963535426 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2146106549268527 |
Encrypted: | false |
SSDEEP: | |
MD5: | D3DC7248232634953AB37E054755D48A |
SHA1: | 6E8EB2A675DF64BDA9DD5EBDAC2E5FDF6A8882B5 |
SHA-256: | A333A066E70CB4FCC0AC743F0C94FCE650896D835B8462AA2ABE33F3E3CF0E1A |
SHA-512: | C9D7F94696452A7AA16500421AB86897E2353CD7DCB627FA9F8A2302FBE3C996D41E101E0786B06EC1163D08B7A2EFBEFADD9D1004572DB532E92D2246279D38 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.779094196322516 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4277E6E0B770E58A76F2B7FC7EAC21C8 |
SHA1: | 283A4BFFA3D69A6192CEB0614BB8375860CB15E0 |
SHA-256: | 9FF6654434831F06B322BDF501BC1321FE06134E6A7342CC8EEA981E6CBF37B2 |
SHA-512: | B07DF2918937D3843DFAB99D1D524FD445520ABB27AA006B6250084D3FDD80E6C9D1C85A8BA9788E9D421F562EDDF73ED52FB620684448D6587CF15429BA0A34 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.1356875516282017 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9D166FF7591C7B98848237E1187327BE |
SHA1: | F969DD82B432446A7147683D1029E97AE9EEE8FC |
SHA-256: | 4E88FF39848E46C08FB5A2A6F14FEFE26208C60F08E8BD9197C88CEDFCCF3A02 |
SHA-512: | 2F2956F6DF3CB1A260CAD20D5FECAAE76F7147A535234F5BDF47F0E54AB9FD963141CE768740A060779F9F16FED4F91E0369AABC7EB6A71F60E6244B1880D87A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.374308695278147 |
Encrypted: | false |
SSDEEP: | |
MD5: | 337071C4BBAB58F88981D34423A77B2E |
SHA1: | 5BFA953B5CE9B3C55A58DE051751763ABC201811 |
SHA-256: | 6F5CCF0404A5894C5DC6597D99C848DC543BE0F31F15DB418494F9D6E42E1D51 |
SHA-512: | CABAE13245CDE006641E23396F606ADF7AD9D7CFCCC82511DE32744D4F2FF783795FCD66063E2F0874B64A96C979626759D9C81A2D80A1B6B09DDE5AEF4AD23A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.319567666001472 |
Encrypted: | false |
SSDEEP: | |
MD5: | 36B1A5D41A2A54575F6D5E3DF36B01AA |
SHA1: | 5AC5831EE45C74E6CAC8539A9A1B68F637B805E5 |
SHA-256: | A3B52DE9EA9FE074838BAB36AB88ADA039263D1EAF841A3D2489FD2AF3CCC370 |
SHA-512: | DD1300237EE52D6C1CFDC58A62908069484DE4974B220099F074A0598B2A616196F21CCF1C1FBD4AE3ADBD7379822889E5368AB066AF9203362166E7A2B8AE6F |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.299339307709135 |
Encrypted: | false |
SSDEEP: | |
MD5: | 86248E8868B91C6DD620C0DFF2038D21 |
SHA1: | A7DE7705046A5A0ED0D4A191D5BE3451CB595007 |
SHA-256: | 142115022C1E74DAEE0117D961A2E66EE7A0E036A34E88402FFF5428F7EF984B |
SHA-512: | B4CF47F92CD7B699BF41BC5F0BA43D1ACF241C9DE6B2A71DB530FD534CE8F2191C85340F06B1B50BAAB15126821B748EB7F3BD4E95EE738078ED722882A1F180 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.363072929947597 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4F82A1525F2C6BBA4163FB46586C600D |
SHA1: | 813D4C5200CD27CA0B15ED937416C22C7D81C131 |
SHA-256: | A2854BC404FC97672908FD9097BF3BAEAB36DE7524D97F5FEFD7E94CF6C3FCC2 |
SHA-512: | 830CCC5E9339F70D43364E898238A332CF5CD96CE96A0E2CC62EE61C4D016EDE68BD752A275A86703F8EEE2232470E0C6615F6BE500D4D81AA71D39DECEDBA35 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.669404676887532 |
Encrypted: | false |
SSDEEP: | |
MD5: | A76BF8A959B37594AE63484C7B105053 |
SHA1: | 85B4F9BE2D7226965930A2770689AA4AF9D912B5 |
SHA-256: | 2C8892833A87A3807587A2FF14554A4ED9103211DF0949616B57D372A49A2493 |
SHA-512: | D7AB69D14B80078208AEC19E64E7E2D95D06DD5AFF75870FFCE0442A9B215A2C0ADF14B03FCEC412CF6B8381C907EFBE18AC30548A53F94F3CC17196974298BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.655396083552249 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2EFEAEBE08A97AED906BEB6185CF44CC |
SHA1: | 7540B0D82143542E0419427DBE9BD6EEEEA491B3 |
SHA-256: | D7941ADA57344DE4A71ED1EF0D61B6C035EFF99E80552C396D4A201570E4350B |
SHA-512: | 7A4D46B521B1AF24F841EC16864C4B20CDE410C9C956B0A159B4D5D8D1BCF5C34EAEA7D328F1FA6EA37ADC7C14BF67BA2CA53685921F9EBD41E629113919DF6B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.311471123966177 |
Encrypted: | false |
SSDEEP: | |
MD5: | 41DD2493F63D3BB8AA522FFCB1D0AC88 |
SHA1: | 6C5DE9141E032B41F22222A2C57A597151B30CBE |
SHA-256: | 7C4B5CEFA2D08D95AAB5D5C498A29A20BB1237203D1E0B067E2E169BC7F9C771 |
SHA-512: | 883698E79F0E8D00D5EA91A76DD83B749BD26502E4F1A05611A8A1244989D52B5DE06B59A20D597FE06067B764A73C7FB38C6ED468997F21B56FFEBC99BD5A02 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.65177656653879 |
Encrypted: | false |
SSDEEP: | |
MD5: | AA378F2E94E4ED6CA4C0FCDA92959F18 |
SHA1: | FE3FDF815FE2017124D788D9675487008C9A8BF3 |
SHA-256: | 15D975481EDA427DEFACF26A525F51D8676885FFB92F396B3374E63242CA8310 |
SHA-512: | DF59713D9AFA5DA205A44A8C794234F09D6AA9B0FFC0A45D1D19207718E9EA37707745B6E5B93618D76D14C54BA842888DBDB0AE85D46A0241EEAC39E9DD9EF2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.699633002080685 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6485C22D7605E043608FDC2B1B600008 |
SHA1: | FFFCD3048211305481BBFC495D067DD803C9A4A5 |
SHA-256: | 16503EBBCBAAEE222022235539379EC377A09654A2CE2C8E9FD3D8B5294076A7 |
SHA-512: | DD3AC4C5FB29B4C6F6373031CF5004941AE92867ABC74EEA432215004AD3AEFB797921228009C90972FD6E501A711AC7FDFE69500661EC370B42427219C94D63 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.315346313843105 |
Encrypted: | false |
SSDEEP: | |
MD5: | C1089E5FF03E59E57E7D1FBDBE94CE95 |
SHA1: | 9595D577AA475C121A5BFFC4ABE6E8EF7EDDF500 |
SHA-256: | AAE6A7D0069247997173DD340FC782CE5F5079DEAFFED625F68167D5CC1D606E |
SHA-512: | 27E4264A95FC15FB3898F80E9008C002E2E9BF6942673A9D7D371F891AA4ED7247A11C9A8EE082C17B2CD4845AFF6B0BDA5AA1607A41C39D6B1BA80BE96234AE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.779048488295255 |
Encrypted: | false |
SSDEEP: | |
MD5: | B5F6ABCFB7B132E6DC013F87351FE91C |
SHA1: | A51F752FA25CE25D407346B1AD762994597B7C9C |
SHA-256: | F5A2FB83DF2ACEF128B481D8E07630C7CD28FB1B9A71CE29F97E84BDB7090F7A |
SHA-512: | 2CA452E1F99D3923DBD7F019294E876A3B1B3DCA8A561D736B551BE1F55BFD7AEA1CBB7C127F7A3B64CF64E2BDE30F0F040DD59C29F220471017B8F2E221306A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.298787938569592 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7C7570572501D2D75FD3B80DBFAEA013 |
SHA1: | 7A77D7E1B2C9F089D3CE609F05AFF041CBBA74EB |
SHA-256: | 944CF62B9805BB3EA82D2E955764BAC51036105E88010D232132C90A6DCBD0CD |
SHA-512: | 719F1FFA24188B7D0F97DA059BD884C0331012CF73C51B2D1DC4F7F7AC8A7DD6F6E00050DC4A54A888B5B1C7287C5EA3DA6B5DEF362EEA6647F95AEE4A30DC5D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.301731924693789 |
Encrypted: | false |
SSDEEP: | |
MD5: | 80561FE71936BC431F45FA702E2CC2B8 |
SHA1: | 742A41E80CA4A4F292900A14DDC79AEB38E277A2 |
SHA-256: | 832F109912CF448B1E5329174C4CC5F1C02F9A9725EBCA3D0B3AF2A02AA80301 |
SHA-512: | AE65B29197093F265A318E199B9540AA58646DDF5621BDB40AB04A852B2A2EBD29C1AEC46D1534C8B60C2A01D2747A06D0C4B94D2F4FE833B1EF77F76B0F70A7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.658026078804235 |
Encrypted: | false |
SSDEEP: | |
MD5: | B005995A0F5A7EA44968784404F8FCA6 |
SHA1: | F674702BB0A7E45AABAC0C23405F5C569DE7ED8C |
SHA-256: | 308A56CBCAFB0FFA4F5FD601F286257D624DFAADCBBA84F2556EBC692F42CED6 |
SHA-512: | B0D7D22CA61899412880AFD27366C389C8FFBEA713FE3AA850BB0E747291B8E77D87223FA9B8FA3F41EF91A57719E31EAF66DC6FD62F0278CE554AB92D2DA0BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.279886655155687 |
Encrypted: | false |
SSDEEP: | |
MD5: | C831D30A2EFE0E3AB5C9B80F2C23FCEE |
SHA1: | 4D21AD4EBA8A6F9C3B1E2402E745D8CA4144F71E |
SHA-256: | 0A408809F4488D666FAEC9F12FE0D096D5EAAEA3B798029BC45394532B109388 |
SHA-512: | BF5BC6C4923BAE9825B838E333FE41BFA3FCB47D354AE352964F2377F431D9B07855E4482ADD85FF411EC5BF2A91A7A72A557FC94CE99E5CDD2892A99C8E5E4E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.379450072507449 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2266A367FBD9DA89FECB434007542B7F |
SHA1: | FA8CE92E0CB1A92CC412BF871169C5D66783FAD8 |
SHA-256: | 5E35528972D92A92F592A86F963E8C5CA75AD2081843EA9602DAF5B0F51A6F47 |
SHA-512: | C77D1352DE470E1665A32D2B97F5A8EEBA409E61B4559DC195922342DACC802EF24B7DB0E9E78BA5875674CEE6F52A299418DAFC4F4271EABD0AA341597DF204 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.141145613512559 |
Encrypted: | false |
SSDEEP: | |
MD5: | BF2710F934FEC03A6966B5D1FFA6F5DD |
SHA1: | 0138EB38363D3EE048BB0DA73AA12F02E4248EA5 |
SHA-256: | BD4C6074B366B56393146D09D02649B9A155CE697D3BF5CF0B7856FFE1A693C5 |
SHA-512: | 08AA829B3279BB5B6EFBC9DAAF11CB913D45A09B7A612282995C6161EF0B5B591ADF59F50C253F8C7A6CB28CF38F40122E3C60F571F605B8DB82E9E8883BE677 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9887229626332673 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1D412E0241217FF826D110BF3DBAD4CC |
SHA1: | 3B8FD10B189374CB61E42D49DEA3DE95A4705972 |
SHA-256: | 4F3CB21759BBB67CB5203159B4B5737E41C5B1B8539A633D7986EE2E840558D8 |
SHA-512: | 042DDF5268C855508FFA8C7D80F5879FC07BEEBFD29DE5BAAE98CDA570AD3DC000EF5E09D143764CC844E9DEB8E01B244FE76EB99FD3F6FFF249E3BBF7E3507D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3455695064934743 |
Encrypted: | false |
SSDEEP: | |
MD5: | AE9ECF8C57AD11C3426E251C48BFF41D |
SHA1: | 707716363643E4FA7A0EBA32C0F04E5E84E2767D |
SHA-256: | BECDD44FA856198D7F61E07E3E937568C92DCABB99988B7612C8624FDD3E2865 |
SHA-512: | 9814B7C70A2020980970DEFEC95510C753ADCD61E06207DB87748664D7DA8EDEDC1D5F262232CAE442D77625879C5D03B6EBC84FA4CD0C2FE0716397C89C9F27 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5162684137903053 |
Encrypted: | false |
SSDEEP: | |
MD5: | 95FD38A5DFAA14F020780EE5544BBD03 |
SHA1: | 85AC8BE857D51F1CC738B62BE9C7E08963EA244B |
SHA-256: | EE7D2DD1F1C6118252217E91F9CB5C08FA8FE9D7D92A1B0DDE90828FF969AA4F |
SHA-512: | 4086E96A5EDB418839BDE09E65106E625474785E9A7C808E0EE3A0E3D0FFDCD4AADC1939E5BBB3377905793A3A4DC28956BB48711114493A464829FEFBDA72C3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-27 12-34-39-704.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.426831002605378 |
Encrypted: | false |
SSDEEP: | |
MD5: | 184757F54D23766C378BB6305003AEA8 |
SHA1: | 9DA91EBA63F4FEDEEBC95040089E72ECEABCF809 |
SHA-256: | 0176E465170F9018174F01C724C1CA7F073AFDFE3E2580B953FA4BE704FF0E87 |
SHA-512: | 4372D8C78A2DAADC9AD3BE72EF023AFDF67144340E4D2814018C37BB55371A55B9576C1BCA41974407AE6F969EBF19D604B629DED16BB164101F427DA501363B |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.450651836961248 |
TrID: |
|
File name: | Project Proposal.pdf |
File size: | 49'747 bytes |
MD5: | 9b85f102a4d5abb6260746d762e6a242 |
SHA1: | 5d1e77baa5e6ec00f8938e9dc88a51920751193e |
SHA256: | 1509d336bc7fd7a8bc6e3ae8b888c305df17a1d3fbab3419c2b8867e799138b5 |
SHA512: | ac20ec3af45b4180d588a1a30d38498c57f0a882c6955afd0a60442db295cffb7c85de67cd4098d2cdf9638fad3715012b4ddbbe84b04f1d4aa4f4b95a816ad9 |
SSDEEP: | 768:y2IlLI6rn0Bs7dvi1YNrq30QxQEyDcd4NqIWCrQrn2vgvLal5G3Z8SKdYLbISnQY:gXdFW3WEFu4bqvkC5u6SoYgSiXd22G |
TLSH: | B8231D1389089B86E1294694BE071E6D2F067B0DE4C235FE316E4EDB3F607725C9E16E |
File Content Preview: | %PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 12 0 R/MarkInfo<</Marked true>>/Metadata 26 0 R/ViewerPreferences 27 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/R |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.450652 |
Total Bytes: | 49747 |
Stream Entropy: | 7.442087 |
Stream Bytes: | 46499 |
Entropy outside Streams: | 5.386085 |
Bytes outside Streams: | 3248 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 17 |
endobj | 17 |
stream | 6 |
endstream | 6 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 2 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
10 | 262a2b3333330e2b | 707b479c5943387e3261c14c6055ebf8 |