Windows
Analysis Report
uPXZIHuz.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- Acrobat.exe (PID: 3040 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\u PXZIHuz.pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2976 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6204 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=17 24 --field -trial-han dle=1568,i ,177177444 5547470383 6,17105930 1299945500 02,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.203.104.175 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524321 |
Start date and time: | 2024-10-02 17:23:01 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 25s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | uPXZIHuz.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@16/55@1/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, TextInputHost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.227.187.23, 52.202.204.11, 52.5.13.197, 23.22.254.206, 162.159.61.3, 172.64.41.3, 93.184.221.240, 2.19.126.143, 2.19.126.149, 2.23.197.184, 2.16.164.129, 2.16.164.120, 2.16.164.122, 2.16.164.128, 2.16.164.10, 2.16.164.115, 2.16.164.112, 2.16.164.131, 2.16.164.121, 2.16.164.66, 2.16.164.18, 2.16.164.83, 2.16.164.74, 2.16.164.51, 2.16.164.58, 2.16.164.65, 2.16.164.35, 2.16.164.80
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, wu.azureedge.net, acroipm2.adobe.com, ocsp.digicert.com, login.live.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, www.bing.com, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, evoke-windowsservices-tas.msedge.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- VT rate limit hit for: uPXZIHuz.pdf
Time | Type | Description |
---|---|---|
11:23:44 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.203.104.175 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Babadeda | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.116434520198066 |
Encrypted: | false |
SSDEEP: | 6:W6hOq2PsHO2nKuAl9OmbnIFUt8B63Zmw+B6WkwOsHO2nKuAl9OmbjLJ:WvkHVHAahFUt8O/+B51HVHAaSJ |
MD5: | 2A919BFA3AFDF97FBEA9D87098BAC804 |
SHA1: | 657704B1EF9E6BF5DC3C750F6FD528FDEBC32DE1 |
SHA-256: | E721F63330D663DB3C909123D6B28E5E626B546A32967075BE9DDAC13E008803 |
SHA-512: | BD38C70F5D224E2561A006B9B314CCE114A9D7392D5B85CBBB9245522E05A1A6E0435FD87A583856863196DE57B3CE215A5556CD06CD962EC7B9AD8A9341CFFC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.116434520198066 |
Encrypted: | false |
SSDEEP: | 6:W6hOq2PsHO2nKuAl9OmbnIFUt8B63Zmw+B6WkwOsHO2nKuAl9OmbjLJ:WvkHVHAahFUt8O/+B51HVHAaSJ |
MD5: | 2A919BFA3AFDF97FBEA9D87098BAC804 |
SHA1: | 657704B1EF9E6BF5DC3C750F6FD528FDEBC32DE1 |
SHA-256: | E721F63330D663DB3C909123D6B28E5E626B546A32967075BE9DDAC13E008803 |
SHA-512: | BD38C70F5D224E2561A006B9B314CCE114A9D7392D5B85CBBB9245522E05A1A6E0435FD87A583856863196DE57B3CE215A5556CD06CD962EC7B9AD8A9341CFFC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.143667399346449 |
Encrypted: | false |
SSDEEP: | 6:W6qV+q2PsHO2nKuAl9Ombzo2jMGIFUt8B6qx5Zmw+B6qxtVkwOsHO2nKuAl9OmbX:pvkHVHAa8uFUt8z5/+zT51HVHAa8RJ |
MD5: | 29E89960807CAF936A6374AB57BD39C1 |
SHA1: | 688043CB598BDC202614AB3C07AA3BBE393BB4DC |
SHA-256: | 97615CED328B0F9B7928933946D9B659B072375BB6B06DFB9B6E7A44179D7F64 |
SHA-512: | B8F1552C2133CB97C36CF530984CCBCE1A6C2BFF729CE07B0EC34F3F20F3A8E2D748457CBDFF678ED21CBFD62986D0C33CA97D1970FF4EF7433195A0C9D59B76 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.143667399346449 |
Encrypted: | false |
SSDEEP: | 6:W6qV+q2PsHO2nKuAl9Ombzo2jMGIFUt8B6qx5Zmw+B6qxtVkwOsHO2nKuAl9OmbX:pvkHVHAa8uFUt8z5/+zT51HVHAa8RJ |
MD5: | 29E89960807CAF936A6374AB57BD39C1 |
SHA1: | 688043CB598BDC202614AB3C07AA3BBE393BB4DC |
SHA-256: | 97615CED328B0F9B7928933946D9B659B072375BB6B06DFB9B6E7A44179D7F64 |
SHA-512: | B8F1552C2133CB97C36CF530984CCBCE1A6C2BFF729CE07B0EC34F3F20F3A8E2D748457CBDFF678ED21CBFD62986D0C33CA97D1970FF4EF7433195A0C9D59B76 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 476 |
Entropy (8bit): | 4.97491519936409 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqXQsBdOg2Hucaq3QYiubEP7E4T3y:Y2sRdsYdMHR3QYhbY7nby |
MD5: | 1C143C7888510EEF2D70C65A73C5EEF5 |
SHA1: | 1AC2851C35A50DE8E2B3B47100CEAC47792F87F9 |
SHA-256: | 3C3D7D733B7954734D5C71C11F8C3703B531CEC66CB4E293443848A0650E8062 |
SHA-512: | 866C5B1666C36D196CBE8124336BDA7EEBBB6F9FFF67A9B616066D8196CE3557D346D8DCE5009BE1261F71FD6B1160CE99AD9C2774D6D9B44F5005DA50C02023 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d1f47bfb-a32a-489f-a4c0-37ea1a1e0ce5.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 476 |
Entropy (8bit): | 4.97491519936409 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqXQsBdOg2Hucaq3QYiubEP7E4T3y:Y2sRdsYdMHR3QYhbY7nby |
MD5: | 1C143C7888510EEF2D70C65A73C5EEF5 |
SHA1: | 1AC2851C35A50DE8E2B3B47100CEAC47792F87F9 |
SHA-256: | 3C3D7D733B7954734D5C71C11F8C3703B531CEC66CB4E293443848A0650E8062 |
SHA-512: | 866C5B1666C36D196CBE8124336BDA7EEBBB6F9FFF67A9B616066D8196CE3557D346D8DCE5009BE1261F71FD6B1160CE99AD9C2774D6D9B44F5005DA50C02023 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6495 |
Entropy (8bit): | 5.243257353824833 |
Encrypted: | false |
SSDEEP: | 192:TUi8h+F8Aj8DRCGwtqzmsLnNreR2ZpjRe4I8qr9jnNI92D3jC+3ETKEAE8eoO1Z:jX8eQ/ |
MD5: | 349334FACDDDDFED9DCFF03D66776C5B |
SHA1: | 381FA38FD190A022A3144F1BFEABD4575858F58A |
SHA-256: | EA3C54A2BAFE58611665865579BBAEF332EB1CE7403CC03F649F0DB676B5FA9F |
SHA-512: | 5D3B2E6FDE54C4582DC0DD62CA24E394CD6199B4514489F64E7A0174A603F199BF8642012C16035CC48491E3FD45F3CD14848B46D1DE9E7ECA452BB120DADE8C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.152762419133268 |
Encrypted: | false |
SSDEEP: | 6:W6Ht+q2PsHO2nKuAl9OmbzNMxIFUt8B68+Zmw+B6SEVkwOsHO2nKuAl9OmbzNMFd:dovkHVHAa8jFUt8b+/+A51HVHAa84J |
MD5: | 333194D23AAE482AC2A3D8FBB43F77FB |
SHA1: | BDA27DFC089728D08AEF96E603EFC571BFE43F5B |
SHA-256: | 3190CE91604D0DB02891E08B724B204876E5976109EE3C0BCFDE252DF213F074 |
SHA-512: | 2FF6FF8D4D76D1C53DB8AAB5A89F2D63715827AA360772B95F9E4C8C15EC753E021FE3F52FC88259FA659F9BF2EABE7466E918EA437E3B1AA5B657787407B777 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.152762419133268 |
Encrypted: | false |
SSDEEP: | 6:W6Ht+q2PsHO2nKuAl9OmbzNMxIFUt8B68+Zmw+B6SEVkwOsHO2nKuAl9OmbzNMFd:dovkHVHAa8jFUt8b+/+A51HVHAa84J |
MD5: | 333194D23AAE482AC2A3D8FBB43F77FB |
SHA1: | BDA27DFC089728D08AEF96E603EFC571BFE43F5B |
SHA-256: | 3190CE91604D0DB02891E08B724B204876E5976109EE3C0BCFDE252DF213F074 |
SHA-512: | 2FF6FF8D4D76D1C53DB8AAB5A89F2D63715827AA360772B95F9E4C8C15EC753E021FE3F52FC88259FA659F9BF2EABE7466E918EA437E3B1AA5B657787407B777 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000001.dbtmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16 |
Entropy (8bit): | 3.2743974703476995 |
Encrypted: | false |
SSDEEP: | 3:1sjgWIV//Uv:1qIFUv |
MD5: | 46295CAC801E5D4857D09837238A6394 |
SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 161 |
Entropy (8bit): | 4.6019309720363095 |
Encrypted: | false |
SSDEEP: | 3:KXt1HcZUV/TrvHrulll11HcZUV/TW1t9aRDcEkG31HcZUV/TgllPyIW:KXtVnVPHW9VnV6ncRAEkG3VnV8/W |
MD5: | F7AC3CE75325A2821BD3E073DAFBB968 |
SHA1: | 0F0DC37BDB98FD4BC0ABC3410DEDB557EDA3190A |
SHA-256: | 1A87D805B5F3C42726D96A40A5D1769426B7FF5EAF00F60BDD6D88A6E01B5ADA |
SHA-512: | BBEAA6C4EBAD9FD220978CF0D60CA2A40EBF89AA8E6B01B3567039B50F8A6883466B98E14774A03D423B6A480B93B04F71383B6A01553F4D11846B8AE8A8D634 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\CURRENT (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16 |
Entropy (8bit): | 3.2743974703476995 |
Encrypted: | false |
SSDEEP: | 3:1sjgWIV//Uv:1qIFUv |
MD5: | 46295CAC801E5D4857D09837238A6394 |
SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 283 |
Entropy (8bit): | 5.168193797962186 |
Encrypted: | false |
SSDEEP: | 6:W6HYm81sHO2nKuAl9OmbzfXkrl2KLlw6HrwQ+q2PsHO2nKuAl9OmbzfXkrK+IFUv:am7HVHAa8/uLRwQ+vkHVHAa8/F3FUv |
MD5: | 79DFA35F4244686D8D57AF23513E3ECF |
SHA1: | 66E279B1C2C3C96A111C9E19A18B3BBDEC3EBB37 |
SHA-256: | 6695327F7E5978B1580E1143C55BB6E2FDF3BE599C71F8C954BC5CBA6FDA7EDD |
SHA-512: | 08938D40BF5411FFF75808A718D90363A6642AEF24AFE6877B658AE7ECFE24EEF9E6106E4B130D06EFA962C795C12E25B760419C5BBA68C5218649CAEE77FC59 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\MANIFEST-000001
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41 |
Entropy (8bit): | 4.704993772857998 |
Encrypted: | false |
SSDEEP: | 3:scoBAIxQRDKIVjn:scoBY7jn |
MD5: | 5AF87DFD673BA2115E2FCF5CFDB727AB |
SHA1: | D5B5BBF396DC291274584EF71F444F420B6056F1 |
SHA-256: | F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 |
SHA-512: | DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16 |
Entropy (8bit): | 3.2743974703476995 |
Encrypted: | false |
SSDEEP: | 3:1sjgWIV//Uv:1qIFUv |
MD5: | 46295CAC801E5D4857D09837238A6394 |
SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 126 |
Entropy (8bit): | 3.6123534208443075 |
Encrypted: | false |
SSDEEP: | 3:G0XttkJcsRwI9tkJcsSaJkG3mH2lztzlkzXlfmH2lG:G0XtqcsqczaJf3mH2lztzl4mH2lG |
MD5: | A05963DD9E2C7C3F13C18A9245AD5934 |
SHA1: | 15A87493591860C6C22499DF3A705ACB3CB466BD |
SHA-256: | F40B7EF0FE0B676871403B8DD21CE42AF8E482DC8B81F09D93CB2C48CCD112B4 |
SHA-512: | E67833950A3DB8D4C27FC851C7DF9AEBB85699024F805E98A2951E9E9FC3B606F10EAD23CE0A3B97484A18A9A52520540FB29787178BFEB9FBD8D46D0AA492A2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16 |
Entropy (8bit): | 3.2743974703476995 |
Encrypted: | false |
SSDEEP: | 3:1sjgWIV//Uv:1qIFUv |
MD5: | 46295CAC801E5D4857D09837238A6394 |
SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 301 |
Entropy (8bit): | 5.119488346322568 |
Encrypted: | false |
SSDEEP: | 6:W6H981sHO2nKuAl9OmbzfXkrzs52KLlw6HzQ+q2PsHO2nKuAl9OmbzfXkrzAdIF2:77HVHAa8/N9LhQ+vkHVHAa8/iFUv |
MD5: | 9255041AED913F507305D7888CC9592D |
SHA1: | C5AD4522FC65BB473060D34314FECDB2BF5068AA |
SHA-256: | 8889E015F22590EF2F6EC3DC46CC6F09CC67C4B299FF2CE5AA3F1E0394CE48B8 |
SHA-512: | 53E4C21231E6FB7DF8C6629A349350ACFCE5A04A9C93B1326470E3B871C5AD73E84F38566FE3B4507A70EF0B6B759B3864136BBA2D841F4BB258A7B2D2841352 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41 |
Entropy (8bit): | 4.704993772857998 |
Encrypted: | false |
SSDEEP: | 3:scoBAIxQRDKIVjn:scoBY7jn |
MD5: | 5AF87DFD673BA2115E2FCF5CFDB727AB |
SHA1: | D5B5BBF396DC291274584EF71F444F420B6056F1 |
SHA-256: | F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 |
SHA-512: | DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241002152336Z-168.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.7520354971043854 |
Encrypted: | false |
SSDEEP: | 384:fstl2oJCDvsPdBKbpIHJUdl39G49k/hC1:UtngvsPdBuZHG4931 |
MD5: | 274DB4789949E95359564F1EAAA9CC4A |
SHA1: | 06058DA86F195DE98031C7B67AAFC3F84B4FDBB7 |
SHA-256: | 56B0508F5C7667063622306C74D690CF218D7920C29C09508624F806EBBDDF62 |
SHA-512: | 41E3BA122F2097F9B1546EF69BF1BAE792C4EE148E728B5457288C42D466B31FAA10293B38A027CDFF5E548B7430684D4BEB404EAEB340B98F73CC9C3A0B593F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444773793665108 |
Encrypted: | false |
SSDEEP: | 384:yeZci5t9iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:FWs3OazzU89UTTgUL |
MD5: | BD0696CD0A8236EFD30BAC0BDC66AD68 |
SHA1: | 2DA1E3562A02935629EFD529F0BF7F7E3089F84A |
SHA-256: | AE93AF97CD9467236F5B38E263CBF71F82DF2AA8D99D9D11692384F4FB7D7BAC |
SHA-512: | 6DFE4ED673D517525A4B53BF3A5F916C90D8A822ECE07B07FB75EC971B10A365C11AFCB5E7B056E16F684A76807873F6E428C307288FFA076838190998D91EA1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.769436607359921 |
Encrypted: | false |
SSDEEP: | 48:7MIp7JioyV+ioysoy1C7oy16oy1sKOioy1noy1AYoy1Wioy1oioykioyBoy1noyL:7NJu+cjXjBijb9IVXEBodRBkJ |
MD5: | EBAAA96FA4C7233BB76447F91A060A09 |
SHA1: | D0B63320FEA9EC0A393CB43935335348F38D65A5 |
SHA-256: | 1D87492E6DDAAB23862281994FE054F51FA8D7E0B2988C2D2A67A6216DA14394 |
SHA-512: | EE6FE0A479A42C64DA2C8573E7F6E2A62645E7BCA2E3BE305731EFEA5BBEBB73810A4BFC28BD8C9CD8FB6DFAAD0B4275F34C62FA13D31885ABDB59D8260DBE66 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | 3:kkFklqq64kfllXlE/HT8k/pjNNX8RolJuRdxLlGB9lQRYwpDdt:kKzaT82pRNMa8RdWBwRd |
MD5: | D50C0E6A59D6A78CB0218B16BF6A4DEA |
SHA1: | C5E27CC33FE405D2CB7E650B559F7E1716CF78AB |
SHA-256: | 059810C64514373103042CD85D3706E679EF05651CF01107A3525954BA9E29BF |
SHA-512: | 2A35331509A43750FC57F5533182554082CA7DDF6EC3A5FA93F80115FCDE931C6D06ECC8C40AC0AEADB335DBCC6EA964A1186364D8F84649AA55E74FDD3240E5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 328 |
Entropy (8bit): | 3.136375242144002 |
Encrypted: | false |
SSDEEP: | 6:kKTgZ9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:rgIDnLNkPlE99SNxAhUe/3 |
MD5: | 1A892FFE1E374A5EA9BC70F36EDCA3A1 |
SHA1: | DA5A9EDBFF4BB71656D6F459DFCFFAD52D5CEB8E |
SHA-256: | 0D76643E35EB4B255E06CFF1BD5FDDD9D58C24678CF78427143B646AE2F84B45 |
SHA-512: | 1A7FD4D94FD89EE88986803CC9E719C2108A4DE13ABD0B79A6A92A58CE83616767687F2DCC73B708461C0C3EA83AB6EE8056A0E790FBFE91BAE46245AC06A362 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3680001156256205 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJM3g98kUwPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5GMbLUkee9 |
MD5: | 5EE6D8F8A34D1DEFB3FA9B58A17A11AF |
SHA1: | F7119F528E68782EAF5D14E3F8637386D8B6C8C9 |
SHA-256: | 675DD905579A63996D60675C8D8DDB0CE3344D5C75D78BFC22F860BADB860C9E |
SHA-512: | 7CB41E32652C66C9A034F248AC283B1FDE8275BD60C0C921784DA255BF740F05D9417444B59A70263D1B2218E22189D2C423CF1867F206DD5233B42860435587 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.3153916951731315 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJfBoTfXpnrPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5GWTfXcUkee9 |
MD5: | 319F893138537A8E373B5BA33BE0C3CA |
SHA1: | 4F6CC4BF26B0850D99DEDECB10F2FFC77025B148 |
SHA-256: | 6FB46BE9F67593D174449F77736EA9BAFED45EF7E78419000C4E10B52C1DB4AE |
SHA-512: | 680B5D7EAE0387F6F7C87BC04ED095D78FA4420030AE613546D5858D2A7E8664178D10DD1EE8CF274B2A90A8B94D33D0B4F6349482EC8E24EA90A1966DD61700 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.293940011699137 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJfBD2G6UpnrPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5GR22cUkee9 |
MD5: | 08B8C658C5F5440136FC9D893FA9AAD7 |
SHA1: | 4499079E9F45B2BDD774DC2488E00C6F2DA53315 |
SHA-256: | 30CB6DB2A0689EE3450F322B2DCD62FB4F60639D1F5E7A523FB87C603FBBD78A |
SHA-512: | 5DF143C12DD432E4F140A4DA4A95128C21779139907585C662905D43943C1ADDBC46D2EBAFFED0EE4ED6745D16AA50B2B1DBB3B932C425903AECF14B3F6F1589 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.354259291645561 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJfPmwrPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5GH56Ukee9 |
MD5: | C4BE41159189B11CB4330FF37BB8B0E2 |
SHA1: | DA6CBAC475C454647555AABA4138190B043C452B |
SHA-256: | D625C795B0F557D327F9C170D94A7D2D025D14293F0047C0B575B171FE4528AD |
SHA-512: | 4D78FEEEC61E13C378AF4BEC74A6BE3CDE1308EF46F9A8A9D92B2BBAB40DA4FD7514CD8D717EA640BCB7A6443E29661B341EF4E51D262E036FB9763AFC5B4D71 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.672755224122253 |
Encrypted: | false |
SSDEEP: | 24:Yv6XIJfd6+epLgEFqciGennl0RCmK8czOCY4w2Z:YvTf8RhgLtaAh8cvYv+ |
MD5: | 96C3D0B65B80C2034EEF704B28860A07 |
SHA1: | DF5E0607D7A97048799AA72733363E3955B8E5A0 |
SHA-256: | DE8E3646A74BFEF60E18BE69D4ABFC84B7D24F6ADA10D23A6F56DD2697E3D700 |
SHA-512: | 64C935B2DD83534008A874D6CFC799AE36C2AB24BDD70F3B832F0F338E1CB705C78E3B690BA40BE806A587AA3079ECA564C03394FB9E708EE81C49484926F5C5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.6623624039893405 |
Encrypted: | false |
SSDEEP: | 24:Yv6XIJfd6+IVLgEF0c7sbnl0RCmK8czOCYHflEpwiVZ:YvTf8NFg6sGAh8cvYHWpww |
MD5: | 3ED33E409AB213DC654119A5B96ED550 |
SHA1: | 585A41A3D4D7DA487189CFA7441278A33897F26E |
SHA-256: | B7A42FBBC49C17B5D1EB4C1E6C36D8FB909AED0C8EA089DF88186446FB86BD8A |
SHA-512: | 6D899FC54F5234536A805C31111321AD1B8A40C60AF596BE7B1C61625D465054E171F3A92D6A423EDFC5DA352560701864FCCF17318CB5FFDB3420D4262B0EBE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.307331350162423 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJfQ1rPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5GY16Ukee9 |
MD5: | B1E21CA664EF6D4958E0CFB3C1EC2E94 |
SHA1: | 4A61EA4CCA377A36E7CF977A52A01D3B151E8416 |
SHA-256: | 812C00B47001278F9FF672D3CA4E4406F4B6A620BE04887BF28237F262DA4BDE |
SHA-512: | AAD684C182DF7156566BD1C4DB63CACB00B09AF90A1C28ED69D13374FE2527FBF665AE97AA624A84F0208D0E94B1FC33802F5BB7F4B7B66961742713FC0AE4E6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.655453369690812 |
Encrypted: | false |
SSDEEP: | 24:Yv6XIJfd6+N2LgEF7cciAXs0nl0RCmK8czOCAPtciBZ:YvTf8Mogc8hAh8cvAj |
MD5: | B2391FA0C4C3EDAA561DD84A162F3F36 |
SHA1: | B85B5B6DF24F91C7ADFC53EAB9C2487B08C5D349 |
SHA-256: | B3EE8DF45ECD3A9381E7DC5ABB51E68B8A935DAAF827903EB37B58C509929E3E |
SHA-512: | 5342704C3FC0F7B7667F2B77FEAE41EBF2D5BF05740D536FDFE26E87A572043334D00BC1BBB8A0237F3A005CB34FAC865E1A99E55494843BC874D41AB17DE62E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.702219843338029 |
Encrypted: | false |
SSDEEP: | 24:Yv6XIJfd6+lKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5Z:YvTf8MEgqprtrS5OZjSlwTmAfSKX |
MD5: | EDE60AD3FDB647850988E708D925136C |
SHA1: | 4B697D9BE3AF5B32D7E33B73B4F9ADE173F4D82B |
SHA-256: | CA66CE4AA042AC25CC5AF2BDC20E903056581910E6A8182E7FAB62BBC2361F57 |
SHA-512: | DFEA3542F275517911DDC25D10C4A030F42FC3B874B8E12C09E2AD814ACD92B66D9DAF81B59B3A9E2AFCAE64B515DEC450C7740C35D0D0E0A5F4CC534471CA27 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3133402694025165 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJfYdPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5Gg8Ukee9 |
MD5: | 078C8AAD9C3BF78254531010ED54A0EA |
SHA1: | D86B255DF232100BA2ED1C9FE0FA623AAADEA165 |
SHA-256: | ED2E37CB0E305026D698CB78FB97F71FCCAB588B773DFAF5C0717D6F2C6C86AD |
SHA-512: | E6571BC0B3709E62BDB59BF0F6DB1B6CFAE0058EDB6E65B7413C18E4199BB2CEE045B236A82E00C44BC66B73ABC85F71F423345364C6DE885C6C6609BBFC633A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.779478169557467 |
Encrypted: | false |
SSDEEP: | 24:Yv6XIJfd6+YrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNw:YvTf8DHgDv3W2aYQfgB5OUupHrQ9FJm |
MD5: | C1C2A475BC8589101C6834CB8E8DCA50 |
SHA1: | 98553370EE563F2CE57F6E6C9F34D6A09A095276 |
SHA-256: | 0D81A8D1C1065BAE4ED24E3C33193FA57EE474DB7FD841BE8BBED8CB219F96E8 |
SHA-512: | C1D212ECB6834A5FE7A6740D2A6B4C30D420BA1CD93BE4487E1C25AD9488DAB4A10E478298C314739F1D8341746A0935DB0F726D36CB9176F4CCC4B56DA7ADA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.296795681376019 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJfbPtdPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5GDV8Ukee9 |
MD5: | D5CC9499679EF6727A52602532790F62 |
SHA1: | C066D930DC31A9A48A206B5A22D9878CF6003787 |
SHA-256: | 965395AED5A9E8F73AFC34EEADA9C6DD99FDF91637CBB3979FA193A4D4762CD3 |
SHA-512: | 922B30E995DD2EB566F6FCE025BF7BA9DAD2B9EA0718A87C0579D0008968860B255DCBFF117C2ABA5ABEF0D4C01A2E3E742B23045EBF125731A224DBE82BC9D6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.29865354990958 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJf21rPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5G+16Ukee9 |
MD5: | 48DFB332A29FD1D9C3B6259CC0AADE17 |
SHA1: | 5792F0228E7CCB79AC223A064EC8022D544ABE85 |
SHA-256: | EFBA86B29C9D414245650B7ED2A86B2F17DAD8AB0AB41D8865211751C70BD248 |
SHA-512: | 45D5E6FECB77677B78ECF8005810E5F3D769081E4A57E457107700F7C7636BD8C097936CFE15E17A377888AC4DEF23BBAD767D4CEF7D0ECB506547ADE59F82E3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.662116683310077 |
Encrypted: | false |
SSDEEP: | 24:Yv6XIJfd6+CamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BZ:YvTf89BguOAh8cv+NKW |
MD5: | 2816D2022AFB16321674C0F328AA566F |
SHA1: | 22414363CD662B35B36194241709D9F382290500 |
SHA-256: | 03D8A3DDC3DF2C3A46DA87CAE31BAE881248A101A15D71101DF573563EC9F5CC |
SHA-512: | AD0A9C1AC9D52E658A8980D4167996EED55BAE47DCF1F4B0F3225359CC87B26B9BA3AA03B23337692788125342F5DCCEFC2DCF2313D5DE8C187CD9FBB96F74A7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.276621738658123 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJfshHHrPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5GUUUkee9 |
MD5: | 46E248EAAD6A5E581ADCDC62884C4111 |
SHA1: | 34A88898055AF0B67566484FA8CAF05D68825E60 |
SHA-256: | 9D7F1F4188D3FEEC141510272550F526AEB9B2D25DA7F14CC2C23638192735D1 |
SHA-512: | 02C1EE1C2B9A4B0F283666EA827314123C5E6A915373BFF8E4B7B0FC6D3D80A75F8DB2896B56B80246E78274D0EEA8B64C308E9EC1072B8A8BF8C5311DD24C8A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.370076740355527 |
Encrypted: | false |
SSDEEP: | 12:YvXKX2Wm1Jfjx6mWQ5GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWoI:Yv6XIJfd6+V168CgEXX5kcIfANhw |
MD5: | CC771CFB99FCC0DD5ECE975A3BB46768 |
SHA1: | BAD3654D0681379D03B72C4A4AC3B7359BC8D671 |
SHA-256: | C9F4C59CE0BF96DB571361ABF72BAF2B26F3A8432E796A0C10F71A67257DBE50 |
SHA-512: | 586B93E8D27159A97AF1DFA92AB70866E14BCD9A54F004BB7D8997ADC46BEC8B618026AC8DA60AFD5199234F5A64170FA9A7D9219B76D8E946867B2C967F193D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.132731960144116 |
Encrypted: | false |
SSDEEP: | 24:YOKZVi5kaADuayE6JvS29CfLFM1XLVnoVYFTp5j9Blj0SDwv27LK2LSNJ9I5lO9b:YOKqqDX68WaL+9ZnoVu9Pij3rIfO99B |
MD5: | F15349031EC09091FD54C1708C0B448F |
SHA1: | 3074DBE7ED01872C7A01F50BE113702F980D0684 |
SHA-256: | 7288A40C1A197962D84EACBC31A9708DE0FB3CBDAA40B38383D9DABA07DEA6A3 |
SHA-512: | 810C0338F8293C15C8B273782A6E53A950BC8DAA8A1C53375D5D6167B49320B31768F1B4DBFEC8D77826BB0D37D2AC4E32A4D0855E723BEE54DADCA89DCDE4EE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.3566032838138011 |
Encrypted: | false |
SSDEEP: | 48:TVl2GL7msncRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22Led5BvP+h:vVmssZnrFPt+ |
MD5: | AAAA5186F1E6F0E0582A54D182A2CA3C |
SHA1: | 6E573D6C2DB14AC03A3F98E131FB62E545E492D2 |
SHA-256: | 393A24932034C9F9795C9CD73A78AD551319F25B9194252691DA73B13C7970E3 |
SHA-512: | C3AC123851B35D0C1327CEC69DD99DABC6D35DECF54752D8EB72A6966CF4375FCE1CDAE2D5B67DCA8C90B51C54E38C906DEED82E4FDA9E4C265D6D5CE6F66112 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.8292926088027233 |
Encrypted: | false |
SSDEEP: | 48:7MoWcRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22Le0BvPxcZqll2GL7msY:7ZZnrF8tMqVmsY |
MD5: | 8A9AA076137A177B1778321EA3E73620 |
SHA1: | 038611598DC9D3F7C722E13DC995742AF6189191 |
SHA-256: | E996FC75DDA2C9C8B15D59F493C46093A084DABC13E774F94E04C8E5DC4DA586 |
SHA-512: | E6FDCFD1D01F32C49722C83C06FADE9468B777275062D5609AE48443949770DAA69CED38DA7E0F137871E4E4AD7B24C324A4045D9443F621DCA99ECFA4C229C5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.501595078528367 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8gjqQlH:Qw946cPbiOxDlbYnuRKLT9 |
MD5: | 16E4F47AA7F9B70D8CF7B546DC1C0552 |
SHA1: | C38DAD7534E288996F813CB88BBF82872F025506 |
SHA-256: | B8596578DE1A8F27DD5BC6391337D403604117A41396C3290959F623FF539CB8 |
SHA-512: | CE9D352BFD0F26595FDD81FE76656FA9853CB7F37F53CF2B73DF43A83C3549A671D624F3F3D2CD1C1A25EAA2F698A5021136B58D6425F255BB0232CE0FA814D4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 11-23-34-758.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.359827924713262 |
Encrypted: | false |
SSDEEP: | 384:yNDmLJAZYTtvEcrd/GVMimVRMTzpCeb9sJVPbvHktuFKr4Bnk2DfNSNq8iwyhZ9u:bAPaRH9E3/ |
MD5: | 06DEAEDB81D09FD8FB5FF668D8E09CB2 |
SHA1: | 28A02BCBD5975117B97A08AFB049F2C94F334726 |
SHA-256: | D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64 |
SHA-512: | 948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.381384929790849 |
Encrypted: | false |
SSDEEP: | 384:b10N8g5a5VWRA6av0c9tHBwtFuJKe5pmnpJtnPfzpy9OYV1KEFwiEpxYtrN6k91H:n/V |
MD5: | F9A5478CD1E76F64E1D5876883CC1213 |
SHA1: | 8FEA69F779AED428A494C8328C6A05A0B4A5D35B |
SHA-256: | 18392835E8EA4CA601F3AF62461495DE181770D1A04550F74276ECD5B300D67D |
SHA-512: | 0A9BE14582A1FCD6B7BCA750EFB224B47A5E5D4F35A0D8AA7FBCD25E620C30AA6963CE9AA920F0AE6D56EB00B365D01B7E48D6A6DB4D72F4060ADB1B3810517C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35721 |
Entropy (8bit): | 5.419637485588362 |
Encrypted: | false |
SSDEEP: | 192:fcbmI6ccb9cb+IqccbdcbIIl3cbXcbWIS+cb4cbIIJzcbgncb0Iqocbx:g6sqGlVS/JCqn |
MD5: | E92D367EC746F73040A48BE3AC76BFA7 |
SHA1: | 46956987C4B5370631F20F4C063E489E79FC4DE2 |
SHA-256: | 851746040D3AB06A57FBA36A16F008544D6C4892F95624F7E742CE9A69D542C3 |
SHA-512: | 096790EE937FF68EAE97398383163A8F093572746AFA39C4C917A8713E086ED1273820423E993C666F69C9524EF4B9C91DD36E9418D0B3DE5C758CD61896EEC6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 543911 |
Entropy (8bit): | 7.977303608379539 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121D1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9UZ+bvHs:O3Pjegf121DMNB1DofjgJJJJm94+g |
MD5: | 5B21A6981E55EF9576D169BBED44BCDB |
SHA1: | B3A14100B7E7C2C01D61B010A54937952D111E20 |
SHA-256: | 9555E661370D1DC26605DAE88BDBC1ABA68038C769BF6E354A256B1A1C4C110E |
SHA-512: | FCA72A5131D8780A17DF65BBFF37FBA88DBEA3B7AE991C3D893B21B9E6C1EED44DC12945C8DA39DE471FAC5013BE71D43E5BBB892994742BC33EF5934469B1B1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLaGZ4ZwYIGNPS:RB3mlind9i4ufFXpAXkrfUs0kWLaGZ48 |
MD5: | 1D64D25345DD73F100517644279994E6 |
SHA1: | DE807F82098D469302955DCBE1A963CD6E887737 |
SHA-256: | 0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC |
SHA-512: | C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xaWL07oywYIGNPUGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JaWLxywZG6GZn3mlind9i4ufFXpAXkru |
MD5: | FFA982D6F2F9B46A1DECDD28BF3EF0E1 |
SHA1: | B1D05ED9BD6A80BD0E3377E9F62B47EF83FCC0C8 |
SHA-256: | 93D954FA4BBEDCDFBC7BF14FA1BB3986056261F4A5035C3CFF229FF16D12B78B |
SHA-512: | BF2931508F2039FFF4A74EC9B2FF2706FCF05DC5D56E22CA9C74B7C4AF9E8B4173419791DE648FD77AE7C4B441734E7C70C964A2B91C816FC98C9BA78BEB7879 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.906605556354574 |
TrID: |
|
File name: | uPXZIHuz.pdf |
File size: | 93'263 bytes |
MD5: | 629274c10e2539158d124e150add83e8 |
SHA1: | 2572737c016f6ef291f19e32a47d2d59b9bb036f |
SHA256: | c2608132fded62398f96c8cd497e21b88f6f50cc69ff03d22d7575448902ff94 |
SHA512: | 731756e5b2789e74ff23d94edc88a0cdbcbcd5ad06a08c6b485dd1a390f2159922bf46ea5fec76bd1f68f4bc0022d7404dd01cf9f83a2f2b650ef86b213fe7e9 |
SSDEEP: | 1536:MkEipjkjrUm0i+6I7Zd2vsiF9FxFOyaMCiujkT/uMYtx1GRuO5whv9GRdMI/:3JQktdd2kiF9FxhNvuwbnYtfGRuD8MI/ |
TLSH: | 1193E079E9EA1D0CF8E3CB678274389E4D6DF01386E4A58530302E566E515681BA07FF |
File Content Preview: | %PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20241002230035+08'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endo |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.906606 |
Total Bytes: | 93263 |
Stream Entropy: | 7.978559 |
Stream Bytes: | 84057 |
Entropy outside Streams: | 5.196105 |
Bytes outside Streams: | 9206 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 56 |
endobj | 56 |
stream | 14 |
endstream | 14 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
7 | c8d2dacdd6cc84c4 | 6a5f511c231acedd94a4f458480650c7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 17:23:45.788309097 CEST | 49711 | 443 | 192.168.2.17 | 23.203.104.175 |
Oct 2, 2024 17:23:45.788356066 CEST | 443 | 49711 | 23.203.104.175 | 192.168.2.17 |
Oct 2, 2024 17:23:45.788429976 CEST | 49711 | 443 | 192.168.2.17 | 23.203.104.175 |
Oct 2, 2024 17:23:45.788836956 CEST | 49711 | 443 | 192.168.2.17 | 23.203.104.175 |
Oct 2, 2024 17:23:45.788851023 CEST | 443 | 49711 | 23.203.104.175 | 192.168.2.17 |
Oct 2, 2024 17:23:46.367894888 CEST | 443 | 49711 | 23.203.104.175 | 192.168.2.17 |
Oct 2, 2024 17:23:46.369587898 CEST | 49711 | 443 | 192.168.2.17 | 23.203.104.175 |
Oct 2, 2024 17:23:46.369657040 CEST | 443 | 49711 | 23.203.104.175 | 192.168.2.17 |
Oct 2, 2024 17:23:46.373270035 CEST | 443 | 49711 | 23.203.104.175 | 192.168.2.17 |
Oct 2, 2024 17:23:46.373364925 CEST | 49711 | 443 | 192.168.2.17 | 23.203.104.175 |
Oct 2, 2024 17:23:46.441607952 CEST | 49711 | 443 | 192.168.2.17 | 23.203.104.175 |
Oct 2, 2024 17:23:46.441792965 CEST | 49711 | 443 | 192.168.2.17 | 23.203.104.175 |
Oct 2, 2024 17:23:46.441806078 CEST | 443 | 49711 | 23.203.104.175 | 192.168.2.17 |
Oct 2, 2024 17:23:46.441854954 CEST | 443 | 49711 | 23.203.104.175 | 192.168.2.17 |
Oct 2, 2024 17:23:46.490499973 CEST | 49711 | 443 | 192.168.2.17 | 23.203.104.175 |
Oct 2, 2024 17:23:46.490539074 CEST | 443 | 49711 | 23.203.104.175 | 192.168.2.17 |
Oct 2, 2024 17:23:46.538494110 CEST | 49711 | 443 | 192.168.2.17 | 23.203.104.175 |
Oct 2, 2024 17:23:46.539288998 CEST | 443 | 49711 | 23.203.104.175 | 192.168.2.17 |
Oct 2, 2024 17:23:46.539439917 CEST | 443 | 49711 | 23.203.104.175 | 192.168.2.17 |
Oct 2, 2024 17:23:46.539503098 CEST | 49711 | 443 | 192.168.2.17 | 23.203.104.175 |
Oct 2, 2024 17:23:46.541060925 CEST | 49711 | 443 | 192.168.2.17 | 23.203.104.175 |
Oct 2, 2024 17:23:46.541078091 CEST | 443 | 49711 | 23.203.104.175 | 192.168.2.17 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 17:23:45.662286043 CEST | 63933 | 53 | 192.168.2.17 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 2, 2024 17:23:45.662286043 CEST | 192.168.2.17 | 1.1.1.1 | 0x6b65 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 2, 2024 17:23:45.669981003 CEST | 1.1.1.1 | 192.168.2.17 | 0x6b65 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.17 | 49711 | 23.203.104.175 | 443 | 6204 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 15:23:46 UTC | 475 | OUT | |
2024-10-02 15:23:46 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:23:30 |
Start date: | 02/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63d040000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 11:23:31 |
Start date: | 02/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff662bf0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 3 |
Start time: | 11:23:32 |
Start date: | 02/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff662bf0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |