Windows
Analysis Report
Crystaphase Pricing Increase Notification - For BP - 15Dec2024.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64_ra
- Acrobat.exe (PID: 3728 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\C rystaphase Pricing I ncrease No tification - For BP - 15Dec202 4.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6804 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 3952 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 64 --field -trial-han dle=1572,i ,436676111 8859515717 ,139408118 7680043648 2,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - chrome.exe (PID: 7404 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// uniqueinte rnationalo nline.com/ n/?c3Y9bzM 2NV8xX25vb SZyYW5kPU1 UaDZNMnc9J nVpZD1VU0V SMzAwOTIwM jRVMzYwOTM wMDE=N0123 N%5bEMAIL% 5d MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7604 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2080 --fi eld-trial- handle=194 8,i,874357 3594670315 975,505515 7744585797 366,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 4512 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// uniqueinte rnationalo nline.com/ n/?c3Y9bzM 2NV8xX25vb SZyYW5kPU1 UaDZNMnc9J nVpZD1VU0V SMzAwOTIwM jRVMzYwOTM wMDE=N0123 N%5bEMAIL% 5d MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 1960 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2168 --fi eld-trial- handle=196 0,i,167452 1270719294 7683,16265 4436205122 26316,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Process information queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
www.google.com | 142.250.185.68 | true | false | unknown | |
windowsupdatebg.s.llnwi.net | 46.228.146.0 | true | false | unknown | |
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.68 | www.google.com | United States | 15169 | GOOGLEUS | false | |
34.104.35.123 | unknown | United States | 15169 | GOOGLEUS | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
184.28.88.176 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
172.217.16.206 | unknown | United States | 15169 | GOOGLEUS | false | |
172.217.18.3 | unknown | United States | 15169 | GOOGLEUS | false | |
2.23.197.184 | unknown | European Union | 1273 | CWVodafoneGroupPLCEU | false | |
142.250.181.227 | unknown | United States | 15169 | GOOGLEUS | false | |
64.233.167.84 | unknown | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
199.232.214.172 | bg.microsoft.map.fastly.net | United States | 54113 | FASTLYUS | false | |
18.207.85.246 | unknown | United States | 14618 | AMAZON-AESUS | false | |
23.203.104.175 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
172.217.18.110 | unknown | United States | 15169 | GOOGLEUS | false | |
204.11.58.229 | unknown | United States | 394695 | PUBLIC-DOMAIN-REGISTRYUS | false | |
172.64.41.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1523653 |
Start date and time: | 2024-10-01 22:17:47 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | Crystaphase Pricing Increase Notification - For BP - 15Dec2024.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@43/47@3/137 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 18.207.85.246, 54.144.73.197, 34.193.227.236, 107.22.247.231
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, ssl-delivery.adobe.com.edgekey.net, ctldl.windowsupdate.com, p13n.adobe.io, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Crystaphase Pricing Increase Notification - For BP - 15Dec2024.pdf
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brand":["Crystaphase"], "contains_trigger_text":true, "trigger_text":"REVIEW PRICE INCREASE", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.116017004059413 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3446A9E3E1B0D62C237503B25116C3B6 |
SHA1: | A071DFF7D97492A9477534D9896DC3641EE853E0 |
SHA-256: | 54C809E879184022A46963450E6D71A8B460B644C074C5E29288AEE8A54D5FE1 |
SHA-512: | 929D16A14BC500DEB922DB4171FE27C91533A79D386D0A536376AF84206AA8008C0141F11FC5D267D49F444A9CDCCB17BA04DD81F16EF69A85F613853073449E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.171796043963308 |
Encrypted: | false |
SSDEEP: | |
MD5: | A17409B90109C4A40C81853BE1B407A3 |
SHA1: | 143E45E405014BF1C481701DB34377B81801858A |
SHA-256: | 18E3C8E9176885A49AA9C6F73576EA2838DEE172C61FA7FB4605072305990A43 |
SHA-512: | 54DD8303CA17179025461AF83A1284EC369A03D7417B09BABEC8BE5823FBBBA96FEE07F9536A127454550B841BEC86960BF84F38658AC2DFC9DF7DA56401C2FC |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4874da23-60c9-4f9d-9c71-3992fcb9fca9.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.990736323980579 |
Encrypted: | false |
SSDEEP: | |
MD5: | D968A511AD8973554A0DF2F4CA9934F6 |
SHA1: | CCBA9083B2793424ED2DB94C04862B095DBBD30C |
SHA-256: | F2F5B5A4C914331D7A5710B5B6A3AF24260B79F12B5D7B7F508C161B394ED9EB |
SHA-512: | 33F2305EF899C21DA39F7D269FE9019C383FB984303920D8755904C175EB3D357A51CC7809ACDC43E9D9361AC5FD74F02F945B074AAF3EF4B65D3BB13D63D155 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | D968A511AD8973554A0DF2F4CA9934F6 |
SHA1: | CCBA9083B2793424ED2DB94C04862B095DBBD30C |
SHA-256: | F2F5B5A4C914331D7A5710B5B6A3AF24260B79F12B5D7B7F508C161B394ED9EB |
SHA-512: | 33F2305EF899C21DA39F7D269FE9019C383FB984303920D8755904C175EB3D357A51CC7809ACDC43E9D9361AC5FD74F02F945B074AAF3EF4B65D3BB13D63D155 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.2322766553051405 |
Encrypted: | false |
SSDEEP: | |
MD5: | 15A1CB9D64E99B78E47D841C2F3B622C |
SHA1: | 77E104F88EF7112AD12B6E90DAE5B4E427A0E124 |
SHA-256: | 7DDD0B7ED62444A34F384355E41670AB8588E284EAF68B2052E86FDF3874763B |
SHA-512: | 6D629F5FE656E79CBB1A823337D9135A05343E9C47E88923B9A10EBD3CBDAA97B9B2CD8EE38E0265B849B0FE3265E23EE862D748EB2C21060A1B5ED87F91345B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.156564152526849 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7F563520EC0D83F7EAEC1A93238177ED |
SHA1: | B17086AD5BA26A81BEA4ECFBEC3EB33F0DD17DE4 |
SHA-256: | 4ADE510F5D30CF4D3EE7B4B7C9DB3C0914484D916B7487C7A4BD5CC8D4FAD90D |
SHA-512: | C707FD4CCE2B43864EF65D5DF79D13DB5D9F9112369F0E2D3AFABF9645EBD078BF6104B9FA17207E21C84811D514A5AC52E057C25F93CC2777BAA724B7CBABEB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241001201821Z-158.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 0.6207148477221602 |
Encrypted: | false |
SSDEEP: | |
MD5: | CB4CAEE72F3171A2FC1D42E679700C65 |
SHA1: | 543CA4D1BC480F59950AD8DCC3B1AFAA8ED0AF34 |
SHA-256: | F3B2D0DA9A4EE74DC6BC5269D5CA3B241926D4D775EB51CA90E117FE1382E771 |
SHA-512: | 1DF5E1D076BBABF35061C99441439ECC86523DD9B0CEED1C8EB1416549403E8A00A7C4E7CA27E9A7CB1D5C2922030584A2593C0ABBBF1A6891F04DE7D7F1BCE8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2142460985823047 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3B7B55E840D899FA3053D663163C8F00 |
SHA1: | D40AF775E07D1A6AD246F0E6E35B43A789BE68C2 |
SHA-256: | AD0EEF2473016C5B027DDB57B2F0B9F5CA5052BBE9BFBFDFE175B7ED7149DA90 |
SHA-512: | 3811FF2125FD510D41EF8DAE23CD4DC55B806E70C06428A3E41359FC2ACE25B573997C52C265F404514FF3E1BABCD06AAA82622A2CB347AB425CE735CB86368E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7295832789134082 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8D3C7AB86E327ABB502FBE1AC17F8C9C |
SHA1: | 957E859BCC9D4B9FBEB658EB4C067130F60ADED7 |
SHA-256: | 73BE1E5E91F1D6D3E8298B5052CA0AA2E27634AD7DE00A6169A2128DDEC1D586 |
SHA-512: | BF979C7FFE59501F9D397745950DA709B21F2E18938DF7FCF4F200301AB5DF4458784DFDEF63D6B026F595DF31BA884F3D4E108A8974B8D1E09831A5F4737F36 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.247897867253901 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6651DB4B8ADC6D9E46515C4A42FBE8E0 |
SHA1: | 0F621EB0B4BA41C01266F3F5CF21B4B963D7C39E |
SHA-256: | 628A60F41842DC53FF3F7B29009B0441B3102998A9AC9038AAC76736CFC53658 |
SHA-512: | 2927D5193C5160DEA8026BAB13C9DD94864DB8834601827A0C872CC585D2F57C4367E0C6E925E25C7489C16E6C6862C7F536135AD52E91380E89DA9509D5E3C2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.378567939828419 |
Encrypted: | false |
SSDEEP: | |
MD5: | D3DD2D6D6F85696B5E501FA8F4B167B0 |
SHA1: | A5C9AD1A44BA090910434B351A697936C7730F90 |
SHA-256: | FC841A22BDACA4A5E7A297C1FA3DAC0AD1C16CC689A2B2918942367771A76425 |
SHA-512: | 38921C90B84AF3EFFE08F7C24CB05463B54702EF0E870FB4F006C870F83B1D7D9335BAC17FDBC09184782FAD04997E80E08E2EB2404163D065C82820F1644280 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.327875087936197 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4486C461F4773D8C6170E8B0E27F79DD |
SHA1: | 6C28956D9F88166F0CA09BDAE94ACB2AB06BAD9E |
SHA-256: | 5DED834448C5854F6CC28BD8B0CEC6E2C55BE9549F2B4A9D03EB5A9AAE720A7F |
SHA-512: | 58DE2A19B2A26412DD21068F47DC197D1FA07B516A330E227A61F7EDCD3082234B716AAEC41CF7FFF4E52703B520619F41487492268034553EF9E8113BF90ABC |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.305725181513266 |
Encrypted: | false |
SSDEEP: | |
MD5: | 166314DAFC870A74964940311176E733 |
SHA1: | AF76815506FF743A90CA1C68590EF225032F5B5E |
SHA-256: | 2737EB76291652F7919A49667422B3F2C86059BFEE3514DEF9CDEC44A2A9E64B |
SHA-512: | D3C2125DFDF89FA0A8F7B45CDDA64EED6283C7F81616A21A999D45D7A6530CB07A6FF217AE1E4C022498BC3BE196FEB64F0B3E573266CA5485161E345C1DAD12 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.367481621675071 |
Encrypted: | false |
SSDEEP: | |
MD5: | C170CA09E545CC140AADFD298967054A |
SHA1: | 1081F6B7537F51CD20C29996CB9DD8C2152BDDAB |
SHA-256: | A2AA599DAD25BFBB0A18F725383314AF4757FA137FC997AA352884140A420819 |
SHA-512: | CA3CD63AD6BAA99AC973C257298576E25D80189F67D0D5D6A847E5F200C270FDF5DEB2C90A8229B7C8F1516A785705EAFE98920A27C7530498F43AC08AB19479 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.671808460380383 |
Encrypted: | false |
SSDEEP: | |
MD5: | 76B123CB5389EC96522C63CB9E98F248 |
SHA1: | C64EEE08A1EBCFB55FD958DB530019AE58470647 |
SHA-256: | 1E5DEA99C8D0B5FAFF9B855ED44F69569B1BE99F6388596BB358134CAE158AA1 |
SHA-512: | DBFE897A751B73BA40BC68424134D1B4DE584572B8CC46BE93ABDF20D4BA450D35988F9C7B6AF7AF9B95A0B0FE2FA0EBE4ABE449CEE07614C1543ADCB42C705E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.657378388238603 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7E8F2F07B5D9E1A932FD9A28C466A180 |
SHA1: | D9CB8820C1D66EEA1E9BA8B9E2D7832647EB9977 |
SHA-256: | A39BAB6B0F2D1C2B803884914277D0783B6A89716BBA863ACA55019B9FB79E17 |
SHA-512: | 78BF6693C53A49FB21181812255AF6BCB159A909F8B0C90F8E7029730F327E60ECA821B3B70BC8212AA31896392E294177254436213133959A959CA7BD61D707 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.318840603395479 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9AA7598A2D51728354E6134BEBF1182E |
SHA1: | B1549103379E74F755CF6ED296061AD9575C0248 |
SHA-256: | 5C15FBD215CBFAC61CE34D8251C9A1A51FB5FEA6E8587C7F272302420F026607 |
SHA-512: | C03B64C974F4D696AD4A78B22C177E0342EF84FA982405158CD3EAA69363139385AFBA23A509C80F3A945815EC85E31CF0253398C3CDB8654241450AE0BE88A5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.652052951019464 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6133CBDA9648140014D018DD66304B2E |
SHA1: | 74DB62B42A0DC27740DCA528FADFD6BE38EC6F08 |
SHA-256: | 97DE38C5BC6FF677B12344A0055F275D244A2B9A5A92B783C4B8959225152ABF |
SHA-512: | 8B73D3F08F5023ECC064CF8DF8EACACBD7894F7231DEF46F4EFB092D8ADD3CBDBF88527A983D8C36478BCCE2BC7E463D6C14ACE7FFEBF12208F9F93C38D9D074 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.700375766534486 |
Encrypted: | false |
SSDEEP: | |
MD5: | FCB087BE92273E945C1638E97AC05709 |
SHA1: | 63359B89191592C59ABA25D118E948D44B875C9B |
SHA-256: | D90CE036722B27038C016FEEA6B96D898F4C86666D84ACF0CC7977A71C6B0D0A |
SHA-512: | 2831434C7EBDAA762D7A082D2B95023197BDC6892A4F1921A14B22C8B342CC3AFEEA24D2055EF8F94285E7EF517F98014C9FF1339400736993912B1A16C34C60 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3231015248644615 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8C580CFADDE2238A9B33BF27E4C3A0D6 |
SHA1: | 10315300C8331498D49E660E08357CF77D60237A |
SHA-256: | D23F1772E10263B04301B224F1EB90A59ECE8CA273E8B1E36013E84242206253 |
SHA-512: | BDBEEE13D14B946789649E38FF71ACFC403147822200876553B89E862EEFE8444E79B5867344D0C7A1D5182B07B763E756B226103B1C26B8821F9395A2B8C621 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.773719698284406 |
Encrypted: | false |
SSDEEP: | |
MD5: | D88EF26AAADBF1FD82B725EFB342C24F |
SHA1: | 10642CA918134CDA54E17670A5E9BC7F57DEF62C |
SHA-256: | 71038A46504B7B1DA2C07CEAF61CEF398CA44AEC3B1C2F120AD14637B4ABB6E0 |
SHA-512: | ECBCD9422C0AE6D344458C9A18D1E07B7D0AF6B5B7961D98DD0C44C9499001A36F1513383391F2745CF117547993824A8409085111AE3C37B42863548AEF0F3D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.30648984917156 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2EAC98DFA60DBEDC8B59E1DCF3D27763 |
SHA1: | C28FCEC89E47D81F92046105EDFBAC1A1590B129 |
SHA-256: | 79FBD8328F57A4C12879833C1F954EA2CE67DC0EFD8E031EF2162CCEA2F0F555 |
SHA-512: | 23A5C8E63A6077366FB37EC8FD8389E40B4E569A895A835744F42642A36694593B1606B89BEB6971E069FD698826831598DDC96D8AC444141AEE246C703903D8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.310190929087891 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9A4749C60EF8F35511E65519FD218140 |
SHA1: | E40AD19170B8C1C32AF5A1CD2AF8C3550CB32D38 |
SHA-256: | 3E24029FA9BBB0D5328A1B1ED6A87BE4FBAF38BE2517EBC4723182A38B9052D4 |
SHA-512: | 3265579E875BDC2B56DFF7EDB23C38938336B3CF3597AB4105C73A28E4B3FE9D3720CD50BF67BAD8CB89A6D3C38D04C631723CFD776AF704188339639CF445D5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.659479055956363 |
Encrypted: | false |
SSDEEP: | |
MD5: | C3D5A3188497C2A5937BADFD6B17F441 |
SHA1: | 23630882421901258FD6981802A305A8BABD8D1E |
SHA-256: | 4D9D11B49BD19290EA64B10BC0A8EEE2EDB5574D300C8AC417D3E3B9FC59C367 |
SHA-512: | 01A7667C33A89499802F608831C815491A76242EC7934F793BAC9D4275C1ED3216B75E26F7BD264510621BF0F3189FCBE2A47E8E58C8E4CE5C61BDA3B94F7AA2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.286627984896321 |
Encrypted: | false |
SSDEEP: | |
MD5: | 67F117D8B97DFB9D08281A88C4FAC50E |
SHA1: | 681565CEC3496FDED8A0CA55D407F42AEDA2EA3E |
SHA-256: | 8C52729E53202762A795117539607C7FD8F8A7C9AF4AC7A6B45B2BC1556F49B2 |
SHA-512: | 209E16AAC0D410122B28D555E92AC1F8DDAF96BA4DBA678C0929F8A8F6788A54D1AC0E15C1213A9D0B90EBA9ED46D1F08BAF706E617837B7F64BE3F32192FB6E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.369155805275993 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9494F9F1F25C0EB559C83D62977760DB |
SHA1: | B9ED44543754B21A859D6C69A263CF9661FEE7CD |
SHA-256: | 600442FD985DBA8C071D55D6D07FCF41E92AE2727D3DF827C6B4C2641A0A2C29 |
SHA-512: | 9B8A06C0835167809E842F13788DD6ECD380CDDB60DA539A2AFFA138F5AA5AB80CA3DF10B0EDBDD5891DFE671F6E59AACB84040219E68340F7DC97DB8AEB19A4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.139183164391028 |
Encrypted: | false |
SSDEEP: | |
MD5: | ED99F391125BE538D06B4EAE857DDC42 |
SHA1: | 0831F3440B7C65041FA3E04ED6A4749DBC5A357D |
SHA-256: | 554D6A08E6756EFFF5FD46AB2A369A0575E30C3DC705D440915064645D58D3F7 |
SHA-512: | BB46366944D64C4FB7CA8293BAE3E4E8A927C8659B89F6704AC89971C08D6180102DFEC39700F15D4F33316071BAA95B4C18DAF2161B803B93C24E2298876D9F |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.987758218277619 |
Encrypted: | false |
SSDEEP: | |
MD5: | D9E4E94B92DEEA41E7A0FAB899CCC783 |
SHA1: | 203BAFE0C479280D470B1B47CA2ABFF2F696E459 |
SHA-256: | 26C7751B2FB9A500AB487D211A4A8CF191022C31834F60AC784C0EBDFBC215F9 |
SHA-512: | 10843839B07C91051BF12DC25B4AA6EE1A3032A769AAECB062BE4CD2F7B107EB4DDA20609F3334DF3B41D142F6DD50B089723CDC68A8DD885461B190E59AFF4B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3437502660830096 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7ECFA91606645775F6D599C7C4DDB775 |
SHA1: | 3200412B4AC9901823FB37718646701DF428AFA0 |
SHA-256: | AE520BAEA62012CDDB23A1F63F3E954D889BBA455CB8E82A8EDA6CF86417ACEA |
SHA-512: | C0755C7181CE1177061400F8738CD458D994A3223A4CEC5FCB9165884CA243B1C1FB1AD37F0F1931713FEE2E65020F1BFB740CE0D7A23C19205E59AA94B428C9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 16-18-19-541.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.41694877562262 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9AA1013DE61AAEC204F33C7323E270AB |
SHA1: | C476CC4954C7D065380CD7F91DA1B378FDD8485F |
SHA-256: | A3F2E1FF1C52FC2FA4A0FA6C93AC2758C4BC8CE04904B2DA59CB30F578F9391B |
SHA-512: | C81A5423FD8CA4E9AE83C8493BF39D41BC404BBEB764518AB507A17EE110EBA5E7F46FF2373C8476F25F0F401EAA30689E9028FAE5A7C9200970C2FF7E27A3A1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1D64D25345DD73F100517644279994E6 |
SHA1: | DE807F82098D469302955DCBE1A963CD6E887737 |
SHA-256: | 0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC |
SHA-512: | C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | |
MD5: | 867BDB4816CA7DA521446D3E303B83EA |
SHA1: | 9DDE1D42F56FFFDD9C6EF758641A4321FF78DD95 |
SHA-256: | 20121E1A1954EB63892ADAB2CD9A00439F6D9E54500813C9F6E84BBDB62D1C24 |
SHA-512: | FB5FEDEC4DE8566B1739F19CA336E4517792270F65F04AA05559A1074B09C0009E4AF0596B00D51DC815847D981CBD2A4755B242A284507E4E318070712E8AAA |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1A39CAAE4C5F8AD2A98F0756FFCBA562 |
SHA1: | 279F2B503A0B10E257674D31532B01EA7DE0473F |
SHA-256: | 57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95 |
SHA-512: | 73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9847270154049474 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3B27BF0DC558CF8B4B7F57B53BC2E218 |
SHA1: | F000F1401240CE9D6A491B11DD3209A87D45DAF9 |
SHA-256: | C27ABCC18767C14F599EB8DFF73CEAAD823A29AB9D1322C6465B6878F6DD50E7 |
SHA-512: | DA92EDC5F6B469556B4849DC6F92B3ADAD5B3BEC02AEFCAC919EF48824D0C0F512078F0C802EB03BE4927836AEA5E3858EB53EF43DBD350D52F50718432A5FCE |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 3.9999581625077756 |
Encrypted: | false |
SSDEEP: | |
MD5: | 853521512C0301FD315E413EA9162F3D |
SHA1: | 97D770DCEDE1E4F6D20A34C741BE088A4F50049E |
SHA-256: | 70940A3727482F57295EEED291AD6BF767BACC3985D88313D5650304D478D386 |
SHA-512: | 2F9CB1FC1CBA4BD302E2D897B90A9D6409D4CBB13FD0D5EF2C6124A634DE4C25CF8FDEE34AC067620FDB51EB053F1058E65A3CF442EEBF015ABEC63F1D5A6365 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.00935866621079 |
Encrypted: | false |
SSDEEP: | |
MD5: | AA6F2317B87F9B7354A92D4B55D70019 |
SHA1: | 0D9DFCC1E23E1B6A06E405BEC91090B393999A29 |
SHA-256: | A8C2054F57620991923E977E05CBBFE58131457EA33683834DC0C2E3714CD052 |
SHA-512: | 41053550C70A7AA47CC2FE35F8AE216DF703A5751F6280F21F835E5510142350445D6FFF66149DF8E7D4C3FDE6210FDD53AC3AB1C97EF3AEBB99EC375E4BE07B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.998704796235776 |
Encrypted: | false |
SSDEEP: | |
MD5: | 46772B9BC1917EED2C3144570F99A117 |
SHA1: | 3A61B7379C0FE09D1BEC6590D31F5F42D171A5B8 |
SHA-256: | 38EF6F5C90EC32305C5E7DEA546AD657D0312E467291123F3C458275245B7B68 |
SHA-512: | 4DB25A9D0CB462D789C73B29D4BBF84E4784EB4DF4AF274306C2A0DF6B1FABCB36FCC43FC54F7BA9911B2962BE664E6CF3884A1046854E7D5F387995CF9D0A26 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9885904212578103 |
Encrypted: | false |
SSDEEP: | |
MD5: | 34EA41F5B5A07CFE7BE704CBBD68C2FB |
SHA1: | E24512E2CDB1FC1C2A1B7615909FA0878A8BDB59 |
SHA-256: | ECF2FA8A0D5501A760BF1AABBAE8D5D7FAC9CB819F6D69C43834073DBE2B3D65 |
SHA-512: | 3B17FD9B48890BF84625EBD2CEC6D7F14DF39F7BD78D2693ED096B991AD4AD692AD6C6FCD7AEBCE4AF1E478EC2E2150733315D6393509BA92F80F5BEEA102555 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9978957578849985 |
Encrypted: | false |
SSDEEP: | |
MD5: | E37C30541C1B3692FE14FF60355EB892 |
SHA1: | D3306D75CD60AA32013D6810E5317F92099CD43C |
SHA-256: | F030D246C96C4F0F69AF9A2898B44BAAD071C1DB8E3FB93B9DFDEB8FB06CF1B0 |
SHA-512: | 2C40C41956ABAB6836C067EB5A10814F217BFB6E6E417C3C03F9DA8CEB633E37457C368A30BA7668AAC94CA05B2775D0B2B7644785D59C4414BA801C3E3857E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 68B329DA9893E34099C7D8AD5CB9C940 |
SHA1: | ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC |
SHA-256: | 01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B |
SHA-512: | BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09 |
Malicious: | false |
Reputation: | unknown |
URL: | https://uniqueinternationalonline.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPU1UaDZNMnc9JnVpZD1VU0VSMzAwOTIwMjRVMzYwOTMwMDE=N0123N%5bEMAIL%5d |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 355 |
Entropy (8bit): | 7.3264100582849885 |
Encrypted: | false |
SSDEEP: | |
MD5: | CB50B952A1A41C3358018129E081D511 |
SHA1: | 9B3CE22F173597240FD0C22FF649F3FFB9C6EA99 |
SHA-256: | 791B5CB893932898C350D1EC9888EE9C2FEAEA002431D12E9A1BA29331813BE0 |
SHA-512: | 85FDCA12AD6D67DC0CD578FE0D6A8D892D40976422E50BBFAA631425B19D118780731F6E35753A762260E05326562C4D3824295160F0865DB784DAEA62156B79 |
Malicious: | false |
Reputation: | unknown |
URL: | https://uniqueinternationalonline.com/favicon.ico |
Preview: |
File type: | |
Entropy (8bit): | 7.92782806174368 |
TrID: |
|
File name: | Crystaphase Pricing Increase Notification - For BP - 15Dec2024.pdf |
File size: | 312'431 bytes |
MD5: | 5f18350c3c41665fb08135a75c9ad220 |
SHA1: | 4380f4a153d734b50f68170c242f95904d33970c |
SHA256: | 036e795f64a81d6c8413251b3c2c493c5bd8a0c0806cc3924b6b8b425a4000a6 |
SHA512: | 00900760d8d0fd1ccf92af748885820ebc3e93ac65573bf78f8ca052833c4f355001df226bd3bfce4cc924ebbc7afc6fbd41d25514a236da892c868cc633c3f7 |
SSDEEP: | 6144:uMXFX7yy/69t1eqlODM8oTyISx////////////////QnJCqMQ8LAYH1HFkZG/da7:ucX7yy/w1eOOZmzSSJkLAwrfdU |
TLSH: | 856402668A34145CE4B00277AF596025B76CB37629C419CA3F3FDDE7436EA84FA1F029 |
File Content Preview: | %PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 34 0 R/MarkInfo<</Marked true>>/Metadata 89 0 R/ViewerPreferences 90 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 3/Kids[ 3 0 R 14 0 R 28 0 R] >>..endobj..3 0 obj..<</Type/Page/ |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.927828 |
Total Bytes: | 312431 |
Stream Entropy: | 7.936737 |
Stream Bytes: | 301721 |
Entropy outside Streams: | 5.173566 |
Bytes outside Streams: | 10710 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 48 |
endobj | 48 |
stream | 16 |
endstream | 16 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 3 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 4 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
16 | 0000000000000080 | 2fbe4e4536f42af976383b3735681870 | |
27 | 0000000000000000 | 26102c6085b0219d2ef77a8882637cc4 |