Windows
Analysis Report
00b9978f-ff57-4ab4-9bf8-ae8853d3346f.pdf
Overview
General Information
Sample name: | 00b9978f-ff57-4ab4-9bf8-ae8853d3346f.pdf (renamed file extension from none to pdf) |
Original sample name: | 00b9978f-ff57-4ab4-9bf8-ae8853d3346f |
Analysis ID: | 1523630 |
MD5: | e7a4e4a027a5fdfc75a6e33716f2a365 |
SHA1: | ca62581ed80eed4d05d72993fab0b0d47643d934 |
SHA256: | 0dd0e3e2412f594d5d3e2af9389b9489fff5cba60ac4ce66d7c802580f17455d |
Infos: | |
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6476 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\0 0b9978f-ff 57-4ab4-9b f8-ae8853d 3346f.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7016 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5288 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 80 --field -trial-han dle=1708,i ,430467413 4217149286 ,536206679 2861887805 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.41.168.139 | unknown | United States | 6461 | ZAYO-6461US | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1523630 |
Start date and time: | 2024-10-01 21:32:46 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 6s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 00b9978f-ff57-4ab4-9bf8-ae8853d3346f.pdf (renamed file extension from none to pdf) |
Original Sample Name: | 00b9978f-ff57-4ab4-9bf8-ae8853d3346f |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/47@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.149, 2.19.126.143, 162.159.61.3, 172.64.41.3, 54.227.187.23, 52.202.204.11, 52.5.13.197, 23.22.254.206, 2.23.197.184, 199.232.214.172
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: 00b9978f-ff57-4ab4-9bf8-ae8853d3346f.pdf
Time | Type | Description |
---|---|---|
15:33:47 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.41.168.139 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | LonePage | Browse | |||
Get hash | malicious | LonePage | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | PayPal Phisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AsyncRAT, Neshta | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Captcha Phish | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ZAYO-6461US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LonePage | Browse |
| ||
Get hash | malicious | LonePage | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PayPal Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.238346974070727 |
Encrypted: | false |
SSDEEP: | 6:dYeQ+q2Pwkn2nKuAl9OmbnIFUt8cYggZmw+cYhMSQVkwOwkn2nKuAl9OmbjLJ:dVVvYfHAahFUt8crg/+cyMSI5JfHAaSJ |
MD5: | ED89F263AC0E22271632D69878EB4EF0 |
SHA1: | 6E952DD9AB11AF6B87BDD4CB6CE4D1D616F6ED9A |
SHA-256: | 1EF148712B0652D30E434BA2293233C5E5BD09F5D06FB110E71AC635492757D2 |
SHA-512: | E0A15422E63C3AC76E70075396184EBC61C134AD3EE3069DC40F48C09EA5F4662A7B013C19F48C7CE6D8764EF44D2A6762BC66108D99DA294E3EB9AD7714894F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.238346974070727 |
Encrypted: | false |
SSDEEP: | 6:dYeQ+q2Pwkn2nKuAl9OmbnIFUt8cYggZmw+cYhMSQVkwOwkn2nKuAl9OmbjLJ:dVVvYfHAahFUt8crg/+cyMSI5JfHAaSJ |
MD5: | ED89F263AC0E22271632D69878EB4EF0 |
SHA1: | 6E952DD9AB11AF6B87BDD4CB6CE4D1D616F6ED9A |
SHA-256: | 1EF148712B0652D30E434BA2293233C5E5BD09F5D06FB110E71AC635492757D2 |
SHA-512: | E0A15422E63C3AC76E70075396184EBC61C134AD3EE3069DC40F48C09EA5F4662A7B013C19F48C7CE6D8764EF44D2A6762BC66108D99DA294E3EB9AD7714894F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.13457065751251 |
Encrypted: | false |
SSDEEP: | 6:d2qM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8cetZZmw+cetMMVkwOwkn2nKuAl9Ombzz:dy+vYfHAa8uFUt8cetZ/+cetNV5JfHAv |
MD5: | 718AC2C8B1D3F2E6C502C2AE6CF5DD10 |
SHA1: | 56F752D7534E281019EF48064D823794DB8C859A |
SHA-256: | ECC0F3C721EA8169B6D256DBD490704A0B95CCB6DB2EDF26DC2A0777AA6AABFE |
SHA-512: | 5AF5F307F609927A38D3E6416C304122B110DE32EA1D79399D61012BA0FA3407AD676EBA745D6B17F917A816B715DDBDBE89691C1A48A7EB011742222EFD90C4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.13457065751251 |
Encrypted: | false |
SSDEEP: | 6:d2qM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8cetZZmw+cetMMVkwOwkn2nKuAl9Ombzz:dy+vYfHAa8uFUt8cetZ/+cetNV5JfHAv |
MD5: | 718AC2C8B1D3F2E6C502C2AE6CF5DD10 |
SHA1: | 56F752D7534E281019EF48064D823794DB8C859A |
SHA-256: | ECC0F3C721EA8169B6D256DBD490704A0B95CCB6DB2EDF26DC2A0777AA6AABFE |
SHA-512: | 5AF5F307F609927A38D3E6416C304122B110DE32EA1D79399D61012BA0FA3407AD676EBA745D6B17F917A816B715DDBDBE89691C1A48A7EB011742222EFD90C4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\037fc4a7-a959-4efb-837a-36bd03dadccb.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.9578626600426565 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqMAXhsBdOg2HCcaq3QYiubInP7E4T3y:Y2sRdsjpdMHN3QYhbG7nby |
MD5: | 99F306FAEB3E46B23C5FEEF7D5D2A4B3 |
SHA1: | 6AF35EBD48C285BE4F68B8F28E3EC1B1616E905B |
SHA-256: | 76796E2742EFBDA33668062E73125EF6DB5EDE51078C0A3E760E4EAA4CEBF124 |
SHA-512: | 0DC876D2B5F0C4765476FEA1E1C41710F77EA11DE27F5C46B68EDD7C4C82C62AB12584CE6C18F010ACAC5CDCC1CBAB2C59FBF59045885D47AA0ED7376FFC07AA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.9578626600426565 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqMAXhsBdOg2HCcaq3QYiubInP7E4T3y:Y2sRdsjpdMHN3QYhbG7nby |
MD5: | 99F306FAEB3E46B23C5FEEF7D5D2A4B3 |
SHA1: | 6AF35EBD48C285BE4F68B8F28E3EC1B1616E905B |
SHA-256: | 76796E2742EFBDA33668062E73125EF6DB5EDE51078C0A3E760E4EAA4CEBF124 |
SHA-512: | 0DC876D2B5F0C4765476FEA1E1C41710F77EA11DE27F5C46B68EDD7C4C82C62AB12584CE6C18F010ACAC5CDCC1CBAB2C59FBF59045885D47AA0ED7376FFC07AA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.25351868599199 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7XyyA9FZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gow |
MD5: | 66BC684953E17411901A9998FF7C3F80 |
SHA1: | BC3D7F7DC35DE99518CA1106B81D4F70BFE62B36 |
SHA-256: | AD14873D1EF39EF64D3ACE133CB24E0B53EE863881F5969CB5649792ABF19B52 |
SHA-512: | 0DFF1DD195501102481E8BF1F4623B85EB931623C7F8D683FB7CFABE06320B15FF94383181B310B50D4112BA5F1769FB089990AEAC8829772B77CE30C6BC4691 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.131935764518419 |
Encrypted: | false |
SSDEEP: | 6:dhldtMM+q2Pwkn2nKuAl9OmbzNMxIFUt8chVUWGXZmw+chGSMMVkwOwkn2nKuAlG:dhH/+vYfHAa8jFUt8chVUN/+chBV5Jfv |
MD5: | B08A73161FBEF4F8EB4FFEFFB85FE339 |
SHA1: | 9FBD79CD6A846C894FF9ED4F052D7B6C0F8C6AE5 |
SHA-256: | EB34673BA829EBAFA8B126856BFA65BC1C11B78D32E4E8B3C9004E73644F12CC |
SHA-512: | 41FC36F5DA98757077AB7291F41995E7D1A1FADC8F5224D78E1A1C766F9BB21C55E38FE9382597691DBC198314E585929C5099F0C3716A199BE88B07755E827F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.131935764518419 |
Encrypted: | false |
SSDEEP: | 6:dhldtMM+q2Pwkn2nKuAl9OmbzNMxIFUt8chVUWGXZmw+chGSMMVkwOwkn2nKuAlG:dhH/+vYfHAa8jFUt8chVUN/+chBV5Jfv |
MD5: | B08A73161FBEF4F8EB4FFEFFB85FE339 |
SHA1: | 9FBD79CD6A846C894FF9ED4F052D7B6C0F8C6AE5 |
SHA-256: | EB34673BA829EBAFA8B126856BFA65BC1C11B78D32E4E8B3C9004E73644F12CC |
SHA-512: | 41FC36F5DA98757077AB7291F41995E7D1A1FADC8F5224D78E1A1C766F9BB21C55E38FE9382597691DBC198314E585929C5099F0C3716A199BE88B07755E827F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241001193344Z-160.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 2.2164020692562554 |
Encrypted: | false |
SSDEEP: | 1536:DxfFCZkZD7Zhqa3hOLOpnL7Z3ZfekZvhyhXmZYRL+OWvRLEnWvRLmaRi/iVabbAB:mzM0i |
MD5: | D7E713320DB45CE8F036956930609166 |
SHA1: | D050DABDB4AAD5BAED21A150A6AEA5756DBD6654 |
SHA-256: | 1D0C457E180C5F24E766C8CC599263FCD0791B2D0ACEBE19DE515929B24DCC38 |
SHA-512: | 0C94201057E26E6BF0CA394A7BD9AC69ADB977037025F0F2737E111A56AB81ED77AD8299C25D49D435488B7A8069F16AAA3AF55019FB3E0E8B837B96DDB53CF4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.4449987562095545 |
Encrypted: | false |
SSDEEP: | 384:yezci5tAiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rXs3OazzU89UTTgUL |
MD5: | 209ADAB87BB8328D10F5BA26891B437D |
SHA1: | 04CAEEBFBDE463FDF924D9B292F11F5A1696E25E |
SHA-256: | FD7C84AD24AEA35116ADF3E635F9F5227C248B6C00D58B1CAA38C58DB124E5A9 |
SHA-512: | 96F9CBFF286E243C25FA51D09FE61090D58CA2481DE222DF7AA8285050DD505DA846CCECA989101E9ED77C57B54D1CC0744F64A95C07A3F7EE0F59FB146059C8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.773489469658045 |
Encrypted: | false |
SSDEEP: | 48:7M1p/E2ioyViioy9oWoy1Cwoy1KKOioy1noy1AYoy1Wioy1hioybioygoy1noy13:7WpjuiFZXKQ91b9IVXEBodRBkN |
MD5: | 9564554C9FC6311EF8355BE4B2B07D60 |
SHA1: | 3F21C05A35D0E5F1E1C8BBAF797DCEBE7B628754 |
SHA-256: | 481ED50406AE0677F174853C128C9359DC0B9463CB03A0104F174D20BF11A580 |
SHA-512: | 65617CA670A9BF0FDD872E61CC076AFF58CAAD65C5C654812497742DE5C78D77C8F422A1B4C2D4C4AD93819C5A1751C890555618BB0D07BB9AD9C2A65EF4F111 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | 3:kkFklW06sXfllXlE/HT8kjNNX8RolJuRdxLlGB9lQRYwpDdt:kKPIIT8WNMa8RdWBwRd |
MD5: | 91DBADFCAA1F331173815D37E21983B3 |
SHA1: | 79F25A27540A19DE2931E57FF73E3E688AB6C4FD |
SHA-256: | AC1B9BAD9231134D4E822901D770F4880F73E0F6641AEDB1B274F32B394A5BE5 |
SHA-512: | 4E609FDCA21A4FBC29DF75F1330B546BAA7B926A5B7DABB5E8D960F105758DB69DC73BAB2BC70D96B98CF592366276D0866878E34A178BA9AF105A91C7167E40 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 328 |
Entropy (8bit): | 3.2357027453026816 |
Encrypted: | false |
SSDEEP: | 6:kKrl99UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:GDImsLNkPlE99SNxAhUe/3 |
MD5: | 16F777D7BB79E2E035C25716DF311525 |
SHA1: | D0FA1CFAF694CBCF69477B147623E9B81CFA6EAF |
SHA-256: | 693480BDE5E2C3D4BA25C5553BDBF4B4B1F709AC613669039C5AC67CCD2F1C72 |
SHA-512: | D4EBEF6AF60A88A00D1D67A47DD3651E3A0C1A430205018CBF9036F289E74FB0D81812400549C63B7DC8AF3A328CAE3C0C0E1622C5A880E6E1DB1E7BBAF7DF99 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.364631018883706 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHAFd7oe9VoZcg1vRcR0YZKoAvJM3g98kUwPeUkwRe9:YvXKX4oeEZc0vwGMbLUkee9 |
MD5: | C1D6D5052D468386BF369AEA001A3592 |
SHA1: | CFAE2B2B5684AA4A69B60A35FABC502240B25D38 |
SHA-256: | C7F6918ADDF2280011DD86B1862ECDA3A469A5D469C15F5DCF54FBDC5272D6BB |
SHA-512: | 6DC3A50F7D6E0220E04269A954C03CB1D3A0F75E41E80F8DEEC653C6ABC4967F129B4E094E2A4DF1D43318459E33C5CD7616FAE69D0413594162F4C22F02C7FF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.31380692248883 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHAFd7oe9VoZcg1vRcR0YZKoAvJfBoTfXpnrPeUkwRe9:YvXKX4oeEZc0vwGWTfXcUkee9 |
MD5: | 1781D202E5A366E0D2FA80D103358241 |
SHA1: | 4C4BED0C89C0CD6E909790CE92269AF9AE46C56C |
SHA-256: | A0DC56416646B017D035B8686E231890A898BEC5E767D5D6D28A1481016C2202 |
SHA-512: | C5801DED77C12834AB594A0E2DA9424F016BB68AE881AD3167EE6662761B49111402F73AFF6305DCBA56EE07A425E52F488B63565F08F04AE92D28FD4A284D51 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.292801957883906 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHAFd7oe9VoZcg1vRcR0YZKoAvJfBD2G6UpnrPeUkwRe9:YvXKX4oeEZc0vwGR22cUkee9 |
MD5: | 610D91132834063612A32A61E0FB9542 |
SHA1: | B61ED30902D062B51CC99D4043FBA4F574E0CA39 |
SHA-256: | 0E930C6AF024FB7EB6096529E3D65C4CD02709669AF2AD8A7F0779A60117A9BB |
SHA-512: | F6C8F531C7ABA9A3B926D3FD4EF19C8488472894336F0D4BBD32DED93349CCE6DF0CA814439650F1F1763077B77C27D3495FBEDAA4F7894B7F75B235BF3866C4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.3516860034145335 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHAFd7oe9VoZcg1vRcR0YZKoAvJfPmwrPeUkwRe9:YvXKX4oeEZc0vwGH56Ukee9 |
MD5: | FA9919C8ACFBFA8EB829A088FC4CAEC2 |
SHA1: | C89069D76302A1BF107F2EDA254BB3DECDC446B4 |
SHA-256: | 14D524CA29F3382C1827A7189F4E85BB946F73000205B81AED40F1A14C550ED9 |
SHA-512: | DFC7123DE98C67D94A20B342C6F1AB391BCFC053634B135F02073543A0D8F0C8874554185D2C8678313D6B55CFAD920E58E933CA9DAE99E38E8F46710C1AAFE8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.669608541347478 |
Encrypted: | false |
SSDEEP: | 24:Yv6XbzvtpLgEFqciGennl0RCmK8czOCY4w2On:YvMVhgLtaAh8cvYv9 |
MD5: | 720555AE060FB4B7E6555929DE2CC45A |
SHA1: | E19180EA307AE431567CE9EEB73DC7FA250488E3 |
SHA-256: | F0DD65606DEFB03D473C1322AD98A2923FEDCF2B3DA5548116C96F6420B029F9 |
SHA-512: | 4D79131205FE5DC9FE70C969B006E2A2889DAE9802327AB6945EC404B62AA287862F01955D08113287613A603D12E92ADF3602BEF642BD83D7840442B063E98B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.660555610440477 |
Encrypted: | false |
SSDEEP: | 24:Yv6XbzvxVLgEF0c7sbnl0RCmK8czOCYHflEpwiVOn:YvM5Fg6sGAh8cvYHWpwv |
MD5: | 26FB0FED4A92759AED18BC7E658F8490 |
SHA1: | 0594EB458EFBEF4D713701CA4E532833B2A74569 |
SHA-256: | 278281CD96CF5DC0B61DCB6122747FE3C3D78A54128EE4482441906B3996E077 |
SHA-512: | FF5B273B29828A591FE3FD9BC42D8D225F87E16ED9930DCDFAE26A8FAFE96835A518B5F676C19A492E85CCC787CC618F36A47ECABA50D4A1562D6898A9C445A1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.303085692134397 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHAFd7oe9VoZcg1vRcR0YZKoAvJfQ1rPeUkwRe9:YvXKX4oeEZc0vwGY16Ukee9 |
MD5: | 9AABF23B04457D9E1173742D3C3EC520 |
SHA1: | DEB8F1D5B808DAAA19F98A0E0F19E3513BBE7B68 |
SHA-256: | FEDFDCE2D767A34957BA24D6995BE338179895C13D603832AD982D42C0EA7BC7 |
SHA-512: | 2E5767BF99774C33E82DE5488BF43C9804DA401C36030ADF392050890D3FB5F4437632F98E4EB32C964F41F764B73B9A6C627937C24158549FC0989A2142D327 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.652998681240662 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xbzvg2LgEF7cciAXs0nl0RCmK8czOCAPtciBOn:YvMoogc8hAh8cvAI |
MD5: | F6514492266EF8B046C8DCD9C482B6DF |
SHA1: | 01B8E293530FC885C2E03DEF10DC3ABAF686763E |
SHA-256: | B05EA9DD4C64ED9DFC417C2111EB0D03DDDDB271EC1BDAE253B7699762E7F03F |
SHA-512: | E04AF358F6F7D4E20D0EA1FF2AB5281DA8DACA795C7981A201B4956A0171FB17D240A94DB02CC71F840638189170B788FD1A3E2C377E8113D8F1F1A7099B6E68 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.703827900100015 |
Encrypted: | false |
SSDEEP: | 24:Yv6XbzvoKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5On:YvMgEgqprtrS5OZjSlwTmAfSKs |
MD5: | B2067C6F7328B3FF33FE1A7C4D307AAE |
SHA1: | 2FD6734BD719D0FE9C24EA9B237FE799E3266A9C |
SHA-256: | DFB7C2AB1906ACBD9A3E453145FD66FE40DA1D7BE90FD523F83882DF09EBF018 |
SHA-512: | 32E6FDA39B2088210B3CF7E9DFA8E9AFB76E050D818DA886FEBE5780C1E7C62D0B8FE800C0D6755F9862B7BB198DFB9603BA28D0CF096C847F963596428C5066 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.304967239976617 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHAFd7oe9VoZcg1vRcR0YZKoAvJfYdPeUkwRe9:YvXKX4oeEZc0vwGg8Ukee9 |
MD5: | F9BE2DA085A1B8502694A388E8E6F026 |
SHA1: | 84C569381D4610E7DBBA8E67B551F5C8A2A8D664 |
SHA-256: | 4CD1DB7BFA74FB556AF424493B25B36F7231274BFBF88D78CE32FBC7564D20D5 |
SHA-512: | F3114C9641BD5884A0B3CB12458172419EECC05C3DE29CCC15282E95818FF36D69FBEDB377F7A1063B55BA8F111D7B6F1E7F3F98687B58309A196C78B609BFAB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.783188679322687 |
Encrypted: | false |
SSDEEP: | 24:Yv6XbzvHrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN2n:YvMvHgDv3W2aYQfgB5OUupHrQ9FJs |
MD5: | B6AD3E2B4CB4DCC00116B3DD5D115362 |
SHA1: | 7528CA356C15605820C8EB66E8EFABB5C52AFEB8 |
SHA-256: | 15F86CC8078BDA70CF9F061F6C4458377CC7D989EEF9C11FAEBB01B85FE51E32 |
SHA-512: | 85C957CAFE08D5E90A6DDEF0A3CA3CA35600E83954E78027553BB9082D3F920329C033404FA0EDF93134A300DBFC2234D4BD127385693B81A3659FA5F7755699 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.288480198544112 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHAFd7oe9VoZcg1vRcR0YZKoAvJfbPtdPeUkwRe9:YvXKX4oeEZc0vwGDV8Ukee9 |
MD5: | CB95F3FEB03BBD3EA72C8EF890A8DF08 |
SHA1: | 3330DAF8BEC7A53045C754742B3AD49B04F41BFE |
SHA-256: | 4C5FF20AAB0F942EB369FD46AE704DFA8D1A3C0B13B509D6FACAE75C5560AABC |
SHA-512: | 6B840908C4DA5B5DAD06480E49CB56357F189EFAB7B7EA9ED7C48692E910126FF83128BBC46ACDB2CB86C9CDBFF3D15CAE606C824EE766917EC7668CAB69108D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.293200405199434 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHAFd7oe9VoZcg1vRcR0YZKoAvJf21rPeUkwRe9:YvXKX4oeEZc0vwG+16Ukee9 |
MD5: | 96D352732AC338354214AE04AEE31D1B |
SHA1: | 9C71B6EDB13236914B6D68F2B26A8412BFB1248F |
SHA-256: | C1A037951E55EB1C05C2AA1CC1A59B0B2C07ED18D04B57434F5FB7EA0DD8102F |
SHA-512: | 0DFA8B70B04C153B09294062C7FF192FFE7B8A1DBF9FC5327BC437BCAFBA161371D4CAD31E1F23504F5F6C4DCE4DDCD98A192AA6A5ABDC0706F8A98D2B0ECE7B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.659869865048997 |
Encrypted: | false |
SSDEEP: | 24:Yv6XbzvVamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BOn:YvMhBguOAh8cv+NKV |
MD5: | 5F702B3A20E2757E49478493DD5E5F06 |
SHA1: | 4CCFFF7C33A834B4E691FAAD69974CC502697AD4 |
SHA-256: | 99F724DC5C09BF9CFC03BF46C0C0F8367F69FB75D4744ADCA0D2FE688EDF9505 |
SHA-512: | 45C5C9D69EADF327004CA497D864BA81E70B9897170F261DD24A7F5C2A51EA9B0FF96B394CC6326DD2633115DEDFF62698FD63E55AD0753A018121A452F887CF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.269874953663676 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHAFd7oe9VoZcg1vRcR0YZKoAvJfshHHrPeUkwRe9:YvXKX4oeEZc0vwGUUUkee9 |
MD5: | 2B4093CD59CAC6240D3A9E0ACB111B00 |
SHA1: | 467A33F2A553925AFE6E0FEA6AFE52F525C3E066 |
SHA-256: | 4E577625E6B3812BA9E519DA548AEE86F9926DD346463A25F8232B3A00CDA96E |
SHA-512: | 023F3BF9956DF8566C12CD597C171C9E9B8DDD1B9F35551081AE5010EEF773BAB2D8D5DAA2EE88D1651D4AA5C1FAD71DDF5170E67DDA191F14E115AD282965A8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.374677489861222 |
Encrypted: | false |
SSDEEP: | 12:YvXKX4oeEZc0vwGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWSn:Yv6Xbzvm168CgEXX5kcIfANhvn |
MD5: | F927387EF6F7970E39E62E359FCD674B |
SHA1: | 155ACD77CF857C6C424F41D8CC849A3CF54EE417 |
SHA-256: | 99E811B038233E4850D4D11E16047E7788807AEC73B8DB74F49A90543863A2CB |
SHA-512: | 7B95CF991E52427B8ED149E4937B9D0C7C19E962DEA38CEB7B6EE0A6EA236E84A786C944C705C29370230C4846A852D8F8BDBF115CD8072B4AE7A69CE5FBA107 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.127710174122899 |
Encrypted: | false |
SSDEEP: | 24:Yby1nNGa2w83ayNb37nCNzHM0Ae7xbEbXsfXjfVj0SdS5Z2pcTx2LSPoW529o73E:Y2P8v3SrMet+ofZCLVoW49o70 |
MD5: | 014898CFC2C1C47388E2CE200561A68F |
SHA1: | 81A1BD2368D6A20FD89A8A57BC20DFB7AFFB3F3A |
SHA-256: | 4B08BBE295E6323A1815211F4A4350D990E72596699D207730151A85517D5E8D |
SHA-512: | 2036AD9A4693E84295928D0499FADDFED7A38D11FE051E32A5657260D09F697CF97050E2665D9E1C6E357CA98740CB9F75538C097B6EA7EF4E594A351CFFBCF3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1882793273014114 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUdASvR9H9vxFGiDIAEkGVvpxe:lNVmswUUUUUUUUdA+FGSItde |
MD5: | 0337CA390971696A3A9DF66320FF3773 |
SHA1: | BAE58A7C0AF014EAF5B5C7F4F2830A91358ED1E7 |
SHA-256: | 66BC9C3F249D0E380203DF1F705C854ABBACC34A263226BCCC6DA343283F6D40 |
SHA-512: | DC4CB6AD382F510486EDF68145A6BBA868D004A93C7BFA94610E64DB257F8FC156409792600CBF4D8DA8B59E8CD79F02201B490B52D3EE4D10D6F1B67299C1A8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6084421885249205 |
Encrypted: | false |
SSDEEP: | 48:7M6KUUUUUUUUUUdyvR9H9vxFGiDIAEkGVvLqFl2GL7msW:76UUUUUUUUUUdeFGSItBKVmsW |
MD5: | 910E2527A2AF17E8A1A006C308C89A6C |
SHA1: | B952DA22AD8E3036B79FDE19F7113CCFD6AEE533 |
SHA-256: | A6F56980C270CD62770F940B2E7BB8D0100150C619EA7821D260E7880C4C3E7A |
SHA-512: | C8D7CA7C14B37AE1FEA52655475A4E7CC6066B5728CA6786B3D9A22BE9333470750589F687D859DCC6D674BDF501F0FF1CB2820DCBA10450D55FA260AEB16722 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5213298467083405 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K80QRqT9:Qw946cPbiOxDlbYnuRKf |
MD5: | 86ED78D16B9DD8A69A40063745C44BD0 |
SHA1: | 2B5EF5B769FBC41902D68641E03FD2E6ADBF4150 |
SHA-256: | 6787A8D2304F1E61A38906E65FD4BECFC52EAB9CED27C0B5F2CED21D1EC65FAC |
SHA-512: | F48E0E2C7F12DCDC5F191188E4D54ACF46BFEEA485B5517840FB2FD17345A88B7A6E07AD67EE7F467AD0DB7C8229F33D245AA696E1FE1F11594D5E49DB0671F8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 15-33-42-144.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.3508913252558425 |
Encrypted: | false |
SSDEEP: | 384:HPx6JL43vghvo55YMBEJ1ubDA3JGQkA6rwtHB93F0srvsZVe8ZCk7K76j5bktCiO:36ap |
MD5: | 0FCB821B91155B2E30C4940BFD73D610 |
SHA1: | FDB2A546690ECA3607665E75C88267EFBA236241 |
SHA-256: | 766E867327BA760A801D903B645EE7F859FDA1C05559A6BA1427585520565BC1 |
SHA-512: | 820EE570897720C5CFCAD1BB2FC5D88B2751432E438C64AF8B36CEBD6879360893932F9913D94AEC57619F64E45A21F003A1CBC39DF231E45EA7014F170C2F74 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.384327659248067 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r4:M |
MD5: | F8F0E1A6088FB6D24B757BD14A95A64A |
SHA1: | BE1878443DBFDFEA0F88051A940E004EB5C938D5 |
SHA-256: | E1CE52035F138443F9EAE6B4D78F34D1BE79BA412E20BA410BABBFAD8F580A73 |
SHA-512: | F61791DFDD845FA6E337CEA4B0B9C22CCE2B3FD94A90DF1BFFE29374ACC580FE98D9CF06BCB2E68098465B4B46E387C3F0F172638494D8744A07BD4380723BBA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/nZXYIGNPpeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:fZXZGeWLxYGZN3mlind9i4ufFXpAXkru |
MD5: | 8B9A388440CFE3BFA95587E34B7BE149 |
SHA1: | 64B74497856A696252797E130D819CB147870A77 |
SHA-256: | 63DE1DC0683CEFDE940AE3FD2970C7BB91A507B13EC28F75F9C51039831CB82D |
SHA-512: | 6B21038A24D4AAFCBB371D84CF0B76019ACD6A9F70E5D30E9FD491989DF2999C884E0C49273B66C1D6D6E2C369FF28A04F9805079B025B0D77CD857DCA61457B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.927736670993783 |
TrID: |
|
File name: | 00b9978f-ff57-4ab4-9bf8-ae8853d3346f.pdf |
File size: | 34'418 bytes |
MD5: | e7a4e4a027a5fdfc75a6e33716f2a365 |
SHA1: | ca62581ed80eed4d05d72993fab0b0d47643d934 |
SHA256: | 0dd0e3e2412f594d5d3e2af9389b9489fff5cba60ac4ce66d7c802580f17455d |
SHA512: | 5a345f69469e75638de0018b8e248c9997d8bee223fc1d84c72bda13ed6cc7f7cf49ca8e9c568ef1a22153f74ddb90340cb08dcffb1f5dd596d6b377a53edcfe |
SSDEEP: | 768:hEreR3waX1KgEIF9Dj7iXCgl9kcHOTOlvOxaXj/xiD:x5KFuySWpHOTOlmUj/xM |
TLSH: | 9BF2E17046282EDCD80625349EB3398BD6BFF50005DA39511624EB5F381EFD8AB716DE |
File Content Preview: | %PDF-1.4.%......1 0 obj.<< /Type /Catalog./Pages 2 0 R.>>.endobj..2 0 obj.<< /Type /Pages./Kids [4 0 R 11 0 R]./Count 2.>>.endobj..3 0 obj.<< /ProcSet [/PDF /Text /ImageB /ImageC /ImageI]./XObject << /XIPLAYER0 6 0 R./XIPLAYER_CM1 8 0 R.>>..>>.endobj..4 0 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.927737 |
Total Bytes: | 34418 |
Stream Entropy: | 7.971377 |
Stream Bytes: | 31123 |
Entropy outside Streams: | 5.169891 |
Bytes outside Streams: | 3295 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 20 |
endobj | 20 |
stream | 11 |
endstream | 11 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 2 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 6 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 1, 2024 21:33:52.259677887 CEST | 49743 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 1, 2024 21:33:52.259710073 CEST | 443 | 49743 | 23.41.168.139 | 192.168.2.4 |
Oct 1, 2024 21:33:52.259776115 CEST | 49743 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 1, 2024 21:33:52.259977102 CEST | 49743 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 1, 2024 21:33:52.259991884 CEST | 443 | 49743 | 23.41.168.139 | 192.168.2.4 |
Oct 1, 2024 21:33:52.834717035 CEST | 443 | 49743 | 23.41.168.139 | 192.168.2.4 |
Oct 1, 2024 21:33:52.835053921 CEST | 49743 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 1, 2024 21:33:52.835081100 CEST | 443 | 49743 | 23.41.168.139 | 192.168.2.4 |
Oct 1, 2024 21:33:52.835956097 CEST | 443 | 49743 | 23.41.168.139 | 192.168.2.4 |
Oct 1, 2024 21:33:52.836153984 CEST | 49743 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 1, 2024 21:33:52.879579067 CEST | 49743 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 1, 2024 21:33:52.879664898 CEST | 443 | 49743 | 23.41.168.139 | 192.168.2.4 |
Oct 1, 2024 21:33:52.879933119 CEST | 49743 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 1, 2024 21:33:52.926959991 CEST | 49743 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 1, 2024 21:33:52.926969051 CEST | 443 | 49743 | 23.41.168.139 | 192.168.2.4 |
Oct 1, 2024 21:33:52.973356962 CEST | 49743 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 1, 2024 21:33:52.976217031 CEST | 443 | 49743 | 23.41.168.139 | 192.168.2.4 |
Oct 1, 2024 21:33:52.976643085 CEST | 443 | 49743 | 23.41.168.139 | 192.168.2.4 |
Oct 1, 2024 21:33:52.979352951 CEST | 49743 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 1, 2024 21:33:52.979372025 CEST | 443 | 49743 | 23.41.168.139 | 192.168.2.4 |
Oct 1, 2024 21:33:52.979445934 CEST | 49743 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 1, 2024 21:33:52.979445934 CEST | 49743 | 443 | 192.168.2.4 | 23.41.168.139 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 1, 2024 21:33:47.160933018 CEST | 55409 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 1, 2024 21:33:47.160933018 CEST | 192.168.2.4 | 1.1.1.1 | 0x2c9f | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 1, 2024 21:33:47.169823885 CEST | 1.1.1.1 | 192.168.2.4 | 0x2c9f | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 1, 2024 21:33:47.899944067 CEST | 1.1.1.1 | 192.168.2.4 | 0x3d4c | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Oct 1, 2024 21:33:47.899944067 CEST | 1.1.1.1 | 192.168.2.4 | 0x3d4c | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49743 | 23.41.168.139 | 443 | 5288 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-01 19:33:52 UTC | 475 | OUT | |
2024-10-01 19:33:52 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:33:38 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:33:39 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 15:33:39 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |