Windows
Analysis Report
FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- Acrobat.exe (PID: 6916 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\F ormSubmiss ion-report -damaged-p ropertydp- 46359-24-0 141-03.pdf " MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6248 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 2864 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=17 48 --field -trial-han dle=1584,i ,157437150 1844579278 3,20503933 5180258956 8,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Window title found: |
Source: | Window title found: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false |
| unknown |
x1.i.lencr.org | unknown | unknown | false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1523258 |
Start date and time: | 2024-10-01 11:14:55 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 44s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@15/30@3/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 199.232.214.172, 184.28.88.176, 52.202.204.11, 23.22.254.206, 54.227.187.23, 52.5.13.197, 172.64.41.3, 162.159.61.3, 2.23.197.184, 95.101.148.135, 2.19.126.143, 2.19.126.149
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
Time | Type | Description |
---|---|---|
05:15:37 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brand":["Metropolitan Police"], "contains_trigger_text":true, "trigger_text":"Enter a postcode to find your address", "prominent_button_name":"unknown", "text_input_field_labels":["First name", "Middle name(s)", "Surname", "Date of birth", "Gender", "Equalities", "What is your ethnic group?", "Which one best describes your White background?", "Telephone number"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | RMSRemoteAdmin | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.1782420510774365 |
Encrypted: | false |
SSDEEP: | 6:+QL+q2PRN2nKuAl9OmbnIFUt8DdcQG1Zmw+rdSQLVkwORN2nKuAl9OmbjLJ:vyvaHAahFUt8B4/+JjR5JHAaSJ |
MD5: | 1DBEBFC85BE36DF8E26B31ABB6DC016F |
SHA1: | 2F30FAAF5EDC9E61EC4B6E1E4404872C1A71C98E |
SHA-256: | 0D0C31AF142F5064B62D7765644102960E905D6265B314709EFEEB6BF0F62C5D |
SHA-512: | F492D864158571E3EFE82557C20FE4144D5722F289175B37A1256FC143E1F1CFAC007CA3744494A3C3EF2104F4AC95B5EAC233E8E5B4DA5E35605B4C2A65C831 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.1782420510774365 |
Encrypted: | false |
SSDEEP: | 6:+QL+q2PRN2nKuAl9OmbnIFUt8DdcQG1Zmw+rdSQLVkwORN2nKuAl9OmbjLJ:vyvaHAahFUt8B4/+JjR5JHAaSJ |
MD5: | 1DBEBFC85BE36DF8E26B31ABB6DC016F |
SHA1: | 2F30FAAF5EDC9E61EC4B6E1E4404872C1A71C98E |
SHA-256: | 0D0C31AF142F5064B62D7765644102960E905D6265B314709EFEEB6BF0F62C5D |
SHA-512: | F492D864158571E3EFE82557C20FE4144D5722F289175B37A1256FC143E1F1CFAC007CA3744494A3C3EF2104F4AC95B5EAC233E8E5B4DA5E35605B4C2A65C831 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.187286919560248 |
Encrypted: | false |
SSDEEP: | 6:qIq2PRN2nKuAl9Ombzo2jMGIFUt8uZmw+CkwORN2nKuAl9Ombzo2jMmLJ:7vaHAa8uFUt8u/+C5JHAa8RJ |
MD5: | AB8645CB5B0AB8239711986323CDD97D |
SHA1: | 1087489DF011E7D724C2B8828A09AC4DA4111130 |
SHA-256: | 8D915345374D8EF7E9C8EC0113ABEF0DD87A833D1ED65B1DC57A055453B08411 |
SHA-512: | 90ACC84CB69A8E7E47B04B57BE9114A3CA05CE6B8D03BEB90A2CEB2A55DE514E013B8280B3797AFB8B0AE0303BE7AD1DD588471BE43415150C32708D1859117C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.187286919560248 |
Encrypted: | false |
SSDEEP: | 6:qIq2PRN2nKuAl9Ombzo2jMGIFUt8uZmw+CkwORN2nKuAl9Ombzo2jMmLJ:7vaHAa8uFUt8u/+C5JHAa8RJ |
MD5: | AB8645CB5B0AB8239711986323CDD97D |
SHA1: | 1087489DF011E7D724C2B8828A09AC4DA4111130 |
SHA-256: | 8D915345374D8EF7E9C8EC0113ABEF0DD87A833D1ED65B1DC57A055453B08411 |
SHA-512: | 90ACC84CB69A8E7E47B04B57BE9114A3CA05CE6B8D03BEB90A2CEB2A55DE514E013B8280B3797AFB8B0AE0303BE7AD1DD588471BE43415150C32708D1859117C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1fcfe33a-203b-4e7f-b829-ccf262e979f6.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3283fd62-021c-45e2-b3ee-653b975511a2.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.974671280395791 |
Encrypted: | false |
SSDEEP: | 12:YHO8sqHpSsBdOg2H6caq3QYiubrP7E4T3y:YXs6XdMH13QYhbz7nby |
MD5: | F75B0A627B66DDF5C281495FB68D7224 |
SHA1: | F1709A0B78BAC7977B4EAFC604028C486EDD671B |
SHA-256: | 614FE53213CDF87D8B7E0276C0399E1735E70109A85835A4311EC0E18488BB13 |
SHA-512: | 8BBBD67DFBE2EA908149C8FB1D8422F578C3853466622B9F50190504F2B6C22A64A1DF0F3302CD05EBF83C0ACF24366A6D6B8C4695E3B560113505521F51FB57 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF4769cc.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.23405513150064 |
Encrypted: | false |
SSDEEP: | 96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xe1Rtw:OLT0bTIeYa51Ogu/0OZARBT8kN881Rtw |
MD5: | D5D009727A32007E039E059FAE235AE1 |
SHA1: | 1BBC67D4E068D5E5DB63BEF80D2A761F5B1D3E7E |
SHA-256: | 8F6DE95B185BA559965CBC352451527F26B627E7CDFCB6A657D47E4CA0A51B00 |
SHA-512: | 9637836D0D7D1EDC5E8DBA25D1DF4A2CA10F886DAAD09FE28C887369BF3A8308B8B4DCE72EE8E926185B84A4CDFACADB13F336E0DC7026C32A179FCD9CDD20D6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.217841091865283 |
Encrypted: | false |
SSDEEP: | 6:AMq2PRN2nKuAl9OmbzNMxIFUt8PZZmw+BFWFkwORN2nKuAl9OmbzNMFLJ:dvaHAa8jFUt8PZ/+BwF5JHAa84J |
MD5: | 50BB1BC7AD3143CD00B3D2229F39B0D6 |
SHA1: | 120A3ADF85BC894CED6772739B0ECDA5A84CA446 |
SHA-256: | BC8C59C4DA7FD122E578A021086DCF663B1FC390B7EFF17E605E55D57161354B |
SHA-512: | 06AC93FA723CA20BB1ACCF26BECD4AB15188DAAC225605AF2D2A8A623B18865E9E6B388C6C9FB88DCAC7DEE3F9A47DA30228A6B4BECE3BA78416E9AAEFF191B4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.217841091865283 |
Encrypted: | false |
SSDEEP: | 6:AMq2PRN2nKuAl9OmbzNMxIFUt8PZZmw+BFWFkwORN2nKuAl9OmbzNMFLJ:dvaHAa8jFUt8PZ/+BwF5JHAa84J |
MD5: | 50BB1BC7AD3143CD00B3D2229F39B0D6 |
SHA1: | 120A3ADF85BC894CED6772739B0ECDA5A84CA446 |
SHA-256: | BC8C59C4DA7FD122E578A021086DCF663B1FC390B7EFF17E605E55D57161354B |
SHA-512: | 06AC93FA723CA20BB1ACCF26BECD4AB15188DAAC225605AF2D2A8A623B18865E9E6B388C6C9FB88DCAC7DEE3F9A47DA30228A6B4BECE3BA78416E9AAEFF191B4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241001091528Z-167.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.0705737776829454 |
Encrypted: | false |
SSDEEP: | 192:7Ie6XpJg+NsvLBcwDDskqLAcDahaS3aezW:ce6ZJg+NsTB9IkqLA4axaezW |
MD5: | 52F45CD0D251C7971941D89F33CB04ED |
SHA1: | 1D6CAE0C204C89A7FE18F1B98D0CCDB588DDB8AB |
SHA-256: | E4A053F9EA5B8C79F0C559F912C7D43789CFA5A7F3A50FA9971AC10913146EEB |
SHA-512: | 9FAE5F64227E0E299D1B7064E6988B5484129E79B2B872A6341B733A41BC18B45F14DACB5FE622EFCC77367D326EC3219EC911C59F3B11229B561C60051E0D8F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | 192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.214794785190883 |
Encrypted: | false |
SSDEEP: | 24:7+tke4qLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+U:7MMqLmFTIF3XmHjBoGGR+jMz+LhX |
MD5: | 05BCCB1A676CE8D8080728A6CAED2A2D |
SHA1: | 306171C066F880D9748A3A6F1720B3E2345422B6 |
SHA-256: | 31324EF8BDAA017CF81D76F5D7C036EAF8257EA581C1A7EB26153A7B31971A92 |
SHA-512: | 84BB3B9F19E7933CA5D549779ED0D18CCCF7B9E80CDFD302CFF596B74261498B3F2E669889EEDE5D04419594374ACD24B7360CB3196D583FA578EA8D1F80A552 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.742553200765872 |
Encrypted: | false |
SSDEEP: | 3:kkFklF0J6N/XfllXlE/HT8kywNNX8RolJuRdxLlGB9lQRYwpDdt:kKFhT8UNMa8RdWBwRd |
MD5: | E8FBC550A3FD1C16300739B3EF3D4610 |
SHA1: | 0D693F59A590BD35CD8FCD202397D577D06058AF |
SHA-256: | 94BB0675A1A7471249493BD6C8909E2BFAEFFE8AA6EA5426592A6A7AA308A7A1 |
SHA-512: | 3746314F68779B94346FF6E507B7ADF4401E4C064D2C5FA00F7092B8E8348D7C7A415F61C434715C28E72E81A7E5305AA7FB7E3373A0B12EEE22472CD7220643 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.245596380966818 |
Encrypted: | false |
SSDEEP: | 6:kK/b3D9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:7aDImsLNkPlE99SNxAhUe/3 |
MD5: | 13F8CD86637C738660523E29DA60E20C |
SHA1: | 70A92A3FECF2BA00C684D616AEBFE5CB532523E5 |
SHA-256: | 3928079CDDCACA501A1EE3BFCE24978459B796113C6E34EB8D111189368180CA |
SHA-512: | 9087B7BD583FB500E2F5055542BA7BCA717E9BAAC84C07B2EA6A099B6B84F0795062DB7AF902A402F231C753584CAB2987EE71AB3021808C3D77DEA3882D12E9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2145 |
Entropy (8bit): | 5.083094399376899 |
Encrypted: | false |
SSDEEP: | 48:YuAiESAuYCjWbj2CjxjZ4oijxi+0jPjrVbjBgajF:PDWP2ERaTx3y7BPBgMF |
MD5: | D3DC22233FD166E8D130B36BFC1FE0A9 |
SHA1: | 23EFED8128A91A0ABA5EB3910D1EE5838F562C36 |
SHA-256: | 8C100DC0ED4FDD2D0E847BACAA4D23FB08662B904484EDF0B7F7492E1FBDF840 |
SHA-512: | F8EAD5C202A88420E98A580B37E5E5D16ED51704F5BCD79E286FE3E2FFE20C26D5EE9E8CEBFF73F7A9983E0C9C17A33770478C8721062177BAA15974034C05AC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9882492613444732 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs67Y9QmQ6Qe9/W0IcLESiAieF/W0F:TVl2GL7ms67YXtrZUcI8Nh |
MD5: | 65E8265409EA16824232FB9DC7B475F9 |
SHA1: | A1DC74B194B705E1506EF9B1D43692FAC3A1E16F |
SHA-256: | 6A9CC591E2696BB23BD901D0A0708AC31C28D61C4D9C0A7E114EC852D6AFF153 |
SHA-512: | 785CB2D3A601DA0428598BB2EBF6BE32A0B11DE1BD36B2C79C85E513DA2E020BA7DDF81FCEC6C859D957B873D18F98C204DB2E9864448DC288EFAC8871DA89AD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3423330134547817 |
Encrypted: | false |
SSDEEP: | 24:7+tZASY9QmQ6Qe9/W07cLESiAi0mY9Qn2vqLBx/XYKQvGJF7ursW:7MZlYXtrZ3cI8KYrvqll2GL7msW |
MD5: | F433B583F628922A02DD35C865BD5B0E |
SHA1: | 84556AA92E991519F5AFA5A45332554BE78BCC33 |
SHA-256: | 73DFE8EDF9061F993E1BCFA1010EE6F05863F7DB680053F99E958459B4A5FDCF |
SHA-512: | 1D92D3E1C67351419FD8DF0E553A6B5520ED8F0EFF9D4EB365B4BC8B9DD4CE17500E4812205FFD69CEE48544BF26506E3BF02DF873DD78BE4093D630DF22F56F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5085442896850614 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K80QRWfUK+WH:Qw946cPbiOxDlbYnuRKtJ |
MD5: | CB1BD4D1AF8E825907CF937867130068 |
SHA1: | AC7CECF058598D235BFD4E4DB66BFF4342C9D660 |
SHA-256: | 80164B47CA20731EC40AE4A96EC5F98F75073D9A3657AE15CD6D9A63DAF4B348 |
SHA-512: | 91792C9852F134D992FBFC8AF5F9C93FAE3F8305B7A378327A7CB7344CAE9C2AD8AC0E256249E592CA54DA8EE0B100CE32A2AC1247D4520B6A2242CF2B0A94E2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 05-15-26-330.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | 384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15100 |
Entropy (8bit): | 5.329392001796822 |
Encrypted: | false |
SSDEEP: | 384:RQSdH1+NHmntLIcten5A5/s5Fy3RyznJ9CpN/jvTyDDZXpOcUXFxO9OXKVngPOOX:2Ev |
MD5: | 4522DC7B6DB3BA3C8D27F7D406639E80 |
SHA1: | F8B2C39F1AC17CA30BAA9BECC4E1BC5AAD32069F |
SHA-256: | 782C8F651E7AE16887588AECF2391760648E08553B36F4F6592CEE45FD301FDD |
SHA-512: | 7AE303B6E119A0BE9B09D6789B3F6EC410C1AB82FEB9C8305F5E4BAEBCB1BD109E6778901B4A23474617345B46F0147E44BB93945F71E0EEDE3A13E5DE4B871E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.417332173639684 |
Encrypted: | false |
SSDEEP: | 192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbWcbgIXZcbR:fhWlA/TVcXm |
MD5: | F4DA85E7FBCC8497FF960A4686175A00 |
SHA1: | BFA07821DA997819E98C44F065B7560D85128A61 |
SHA-256: | 50E658E07E0C2DEDAF06DF8AD717D0D7E7D45EF3FB7265A2604E95F47AC6246C |
SHA-512: | DD0E8B48EA0858A1CF4FB0E96B2F91777C405E4891618337163227A06D1C1DF0F839F0309FB1E3D152C38D7E4F867BE276A223762E547695C372C6A0F5728CE2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7ouWLWGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLWGZtwZGk3mlind9i4ufFXpAXkru |
MD5: | 10A49704C14307DA643931E434B5697B |
SHA1: | E996E599F73A447A0DDD62C5AE25D98E455CD406 |
SHA-256: | 7DFF110E0508DCB08CDD725C082D138112BC38D486E2F1C4756ABB54A00221A0 |
SHA-512: | 11F98663DF844ACE77C4E712DAE2EF3A999F09B31DB69E36EE4A4EF57B840FD948434EC628E02CE990B6620B57C494105C54FD3177B92B505E3D2568E105E4FC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje |
MD5: | 716C2C392DCD15C95BBD760EEBABFCD0 |
SHA1: | 4B4CE9C6AED6A7F809236B2DAFA9987CA886E603 |
SHA-256: | DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8 |
SHA-512: | E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.881287028587071 |
TrID: |
|
File name: | FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdf |
File size: | 47'517 bytes |
MD5: | 5f26d37fc2324b1e087248e81b41514c |
SHA1: | c70bf79893f944f93d94abed0b83c0009219464e |
SHA256: | df1e0e548c7f156bf751d8d33c599de8aa0f43b7c81187bd31f08e018f7b7a5a |
SHA512: | 1a85c962580b075b019b1c42b5ba6469e5a6ab2f1e89ae4c8d3256b18539e23185cec9161dfe84de8c6a12bb574f37fbd644dca1a0631e0e3b53070348909ed0 |
SSDEEP: | 768:0fjJeTbdCpxL4yrDe5PwVPqzzHYcAKrjSGKjG9j0a8lWp91MIQdOreoN:a0TcpxLZrq5PwhqHYHGKjN/Ip967k |
TLSH: | 7E23B057A16B1CF488C6D3D1BB15CE57FAFB9052271AC3E0383498573C0DEDAE12562A |
File Content Preview: | %PDF-1.5..%......20 0 obj..<<../Type /Catalog../Pages 21 0 R../AcroForm 22 0 R..>>..endobj..3 0 obj..<<../Length1 15500../Length 8725../Filter /FlateDecode..>>..stream..x..y.t[U...OO.......=.E.r.k.;.%...d.-NsdK....QIp..Cz .0......0...dX 3.2K`h..0.!..,.... |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.5 |
Total Entropy: | 7.881287 |
Total Bytes: | 47517 |
Stream Entropy: | 7.969169 |
Stream Bytes: | 42147 |
Entropy outside Streams: | 5.095852 |
Bytes outside Streams: | 5370 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 37 |
endobj | 37 |
stream | 36 |
endstream | 36 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
13 | 8080808080808080 | b7391b04b280252ae80da07afdec59a3 | |
14 | 4db2aa8594905c45 | 9cdb8d992e880b768215460bbde7be04 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 1, 2024 11:15:37.164036989 CEST | 63198 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 1, 2024 11:15:49.721736908 CEST | 60565 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 1, 2024 11:16:03.086545944 CEST | 58704 | 53 | 192.168.2.16 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 1, 2024 11:15:37.164036989 CEST | 192.168.2.16 | 1.1.1.1 | 0x39f5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 1, 2024 11:15:49.721736908 CEST | 192.168.2.16 | 1.1.1.1 | 0x9aeb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 1, 2024 11:16:03.086545944 CEST | 192.168.2.16 | 1.1.1.1 | 0x6226 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 1, 2024 11:15:26.059946060 CEST | 1.1.1.1 | 192.168.2.16 | 0x5a54 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Oct 1, 2024 11:15:26.059946060 CEST | 1.1.1.1 | 192.168.2.16 | 0x5a54 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Oct 1, 2024 11:15:37.172260046 CEST | 1.1.1.1 | 192.168.2.16 | 0x39f5 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 1, 2024 11:15:49.729231119 CEST | 1.1.1.1 | 192.168.2.16 | 0x9aeb | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 1, 2024 11:16:03.094157934 CEST | 1.1.1.1 | 192.168.2.16 | 0x6226 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:15:22 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7776b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 05:15:23 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7066c0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 3 |
Start time: | 05:15:24 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7066c0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |