Windows
Analysis Report
CountsDavid.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6504 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\C ountsDavid .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2260 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7268 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 20 --field -trial-han dle=1640,i ,910037124 8233742910 ,760298396 0999666297 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | IP Address: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.78.188.188 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524538 |
Start date and time: | 2024-10-02 23:28:10 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 13s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | CountsDavid.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/51@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 34.193.227.236, 107.22.247.231, 18.207.85.246, 54.144.73.197, 162.159.61.3, 172.64.41.3, 88.221.110.106, 88.221.110.91, 2.23.197.184, 2.19.126.149, 2.19.126.143, 192.168.2.5, 23.200.0.21
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Report size getting too big, too many NtCreateFile calls found.
- VT rate limit hit for: CountsDavid.pdf
Time | Type | Description |
---|---|---|
17:29:15 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.78.188.188 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | Tycoon2FA | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.190323332389389 |
Encrypted: | false |
SSDEEP: | 6:W8Mr1M+q2P92nKuAl9OmbnIFUt8B8OWZmw+B8O5MVkwO92nKuAl9OmbjLJ:zMr1M+v4HAahFUt8Gb/+G2MV5LHAaSJ |
MD5: | 4D71ED2D3A48CCEF48CB002825291F4E |
SHA1: | 104FBCF342B4CFFF5D406D71E5A958B617ACFE95 |
SHA-256: | BD010A6C5FFF516C63FF01E76D5A08B231D5458B36E1D5DBA9564A0FA3039413 |
SHA-512: | 5309DBE4B865B48D221888BF286D65EAAF66A6DD0B65A30010827B89A731BE4DF4313D24F3BF2195156A1DAF1839FD7D299394C3E2B310AD2FFAB9955B4A9337 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.190323332389389 |
Encrypted: | false |
SSDEEP: | 6:W8Mr1M+q2P92nKuAl9OmbnIFUt8B8OWZmw+B8O5MVkwO92nKuAl9OmbjLJ:zMr1M+v4HAahFUt8Gb/+G2MV5LHAaSJ |
MD5: | 4D71ED2D3A48CCEF48CB002825291F4E |
SHA1: | 104FBCF342B4CFFF5D406D71E5A958B617ACFE95 |
SHA-256: | BD010A6C5FFF516C63FF01E76D5A08B231D5458B36E1D5DBA9564A0FA3039413 |
SHA-512: | 5309DBE4B865B48D221888BF286D65EAAF66A6DD0B65A30010827B89A731BE4DF4313D24F3BF2195156A1DAF1839FD7D299394C3E2B310AD2FFAB9955B4A9337 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.16864054049922 |
Encrypted: | false |
SSDEEP: | 6:W8DFIq2P92nKuAl9Ombzo2jMGIFUt8B8S9Zmw+B8SPkwO92nKuAl9Ombzo2jMmLJ:zav4HAa8uFUt8GS9/+GSP5LHAa8RJ |
MD5: | F23E4EC87D23A44474BDC08C40CE057C |
SHA1: | 34B1B925AC656B06203D345FC9C685E59DFC7DFE |
SHA-256: | 83B0DD8F28BB7B930FA6CC5A3EF41FF2555975E8BAE41C6758322D1E08F4DB4E |
SHA-512: | 1DB720380F6990761063988A94FBCA22058588F18F5E2545086596A284024A23CAF705705D655C65C8C17B4D4AADE5123B08601D2DF55AAD04FE8D4BE3148FBC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.16864054049922 |
Encrypted: | false |
SSDEEP: | 6:W8DFIq2P92nKuAl9Ombzo2jMGIFUt8B8S9Zmw+B8SPkwO92nKuAl9Ombzo2jMmLJ:zav4HAa8uFUt8GS9/+GSP5LHAa8RJ |
MD5: | F23E4EC87D23A44474BDC08C40CE057C |
SHA1: | 34B1B925AC656B06203D345FC9C685E59DFC7DFE |
SHA-256: | 83B0DD8F28BB7B930FA6CC5A3EF41FF2555975E8BAE41C6758322D1E08F4DB4E |
SHA-512: | 1DB720380F6990761063988A94FBCA22058588F18F5E2545086596A284024A23CAF705705D655C65C8C17B4D4AADE5123B08601D2DF55AAD04FE8D4BE3148FBC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\378f3379-a775-42b4-8c8c-512de2bd81fc.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.052535727629826 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqaPhsBdOg2HXcaq3QYiubxnP7E4T3OF+:Y2sRdst6dMHW3QYhbxP7nbI+ |
MD5: | 5F173174631721182F205AFC08659E99 |
SHA1: | E9BB648FE3C1185A6B75744399DB2FAC32B67466 |
SHA-256: | F3410F189832E2106D5A0E693070FC7233CD694DBC662D48BDDBFE9854446718 |
SHA-512: | 09D08CD6F3DD3BEFF3A9CDAFBE9215FEB47F74A283FFA6625EB44313230FA9440DA774A44040977D227F42AD7FBB68DE343ACD403A473BAE15A5DAC0A055DBFD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.052535727629826 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqaPhsBdOg2HXcaq3QYiubxnP7E4T3OF+:Y2sRdst6dMHW3QYhbxP7nbI+ |
MD5: | 5F173174631721182F205AFC08659E99 |
SHA1: | E9BB648FE3C1185A6B75744399DB2FAC32B67466 |
SHA-256: | F3410F189832E2106D5A0E693070FC7233CD694DBC662D48BDDBFE9854446718 |
SHA-512: | 09D08CD6F3DD3BEFF3A9CDAFBE9215FEB47F74A283FFA6625EB44313230FA9440DA774A44040977D227F42AD7FBB68DE343ACD403A473BAE15A5DAC0A055DBFD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.236205923506478 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUcNlwGGmGZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLQ |
MD5: | 746074A30578EAE608704FAEC0620732 |
SHA1: | 74985DB683D6C48A91D819AC54F7515740E9462E |
SHA-256: | 7045F73A3222F2CAF43F115F4DAADEBAAEECA167137BA02FE8690163A33FF130 |
SHA-512: | EB59535A3F10820BC404C14100277E773BC0CCE69AB512F8700993AA5A382AC20BA8C6FD83304AFEFDA2125B7CEE74BD692E4BA7CB279702840BDDD5ADE254D8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.174353876711386 |
Encrypted: | false |
SSDEEP: | 6:W8fOq2P92nKuAl9OmbzNMxIFUt8B8KjZZmw+B8zNkwO92nKuAl9OmbzNMFLJ:zGv4HAa8jFUt8G6/+GB5LHAa84J |
MD5: | 848E2FB1954B971C9F43B3574201ED73 |
SHA1: | 0D799D66391C941404CB4388544F791C8C6EE656 |
SHA-256: | 9BB7D270FB61C770F9C639252F578353491D53FCDB02D2F605F17DD90C1D364A |
SHA-512: | 5E92F42CD1DD40026A5E1E728193697707CA6DF1C5B15149DADB9C2D054D088DF9DDDD4C976F969C08F316B185C121EAAEA1AE7D5A500871B2418A7FDACD40CE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.174353876711386 |
Encrypted: | false |
SSDEEP: | 6:W8fOq2P92nKuAl9OmbzNMxIFUt8B8KjZZmw+B8zNkwO92nKuAl9OmbzNMFLJ:zGv4HAa8jFUt8G6/+GB5LHAa84J |
MD5: | 848E2FB1954B971C9F43B3574201ED73 |
SHA1: | 0D799D66391C941404CB4388544F791C8C6EE656 |
SHA-256: | 9BB7D270FB61C770F9C639252F578353491D53FCDB02D2F605F17DD90C1D364A |
SHA-512: | 5E92F42CD1DD40026A5E1E728193697707CA6DF1C5B15149DADB9C2D054D088DF9DDDD4C976F969C08F316B185C121EAAEA1AE7D5A500871B2418A7FDACD40CE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241002212906Z-154.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 2.091628374869816 |
Encrypted: | false |
SSDEEP: | 192:mwm/Ws72N01qOOCSnNmi+aK0269dUfBKC4Sma0mkLsQPYDvJz9HNoKnp:mADOSV3+aKe9dOxn0mkLnPYDBz9HNom |
MD5: | 7B5326B0F8D1C12E51D2F06CBBF7A386 |
SHA1: | 2EB1F2A1C61F0B8A0B570F037A8E795B6D565E52 |
SHA-256: | B09B6E1DD86FC92D11DCAD9DB98B78355CA59CFC289E73FABD459063E5FA2D59 |
SHA-512: | BEAA160BF2A23B55A5BE9129BD425EE9F6C16D8DCD09A9EB76D3CFC0D52DDFFE10E5D7C4A0F024182AB8638F5908C976862599A933FA9D00539CA07DB1E1093B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.2935198045261167 |
Encrypted: | false |
SSDEEP: | 192:PedRBiVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:PeYci5H5FY+EUUUTTcHqFzqFP |
MD5: | 30BBE62C15F41D8C6F3CB11FADA4217D |
SHA1: | 204A8916A511CCCB66C59C06660478291545279F |
SHA-256: | B741FA4EB4358081A7DA6CFAB9730A8729A947C267C0305B78332E9B032A5095 |
SHA-512: | 4D0A576DC00D5361F8AFCE5E90DAD7F70544AD106D4842BC3C3D5BD0D89C4EBCA3216852A3B0CB6D39875516DBECB135AEF0BA4D75802804934E880F82BF0BF3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 2.2119969283022822 |
Encrypted: | false |
SSDEEP: | 24:7+thE25wK6pqLKzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9e:7MhH6pqOmFTIF3XmHjBoGGR+jMz+LhM |
MD5: | 5A2BA6FDD83E78D6F391079133B28671 |
SHA1: | 038B689D031D17C2A6B9DCC55D4C52A06378540E |
SHA-256: | 6F9F62E06769815B110D53E9CF217A615F28EC71E12763717CE572D7FEFDEB38 |
SHA-512: | E472CB5E981B156ACD17F410D58BDA57B433A22C5D146EADFBD96B5ACC45AF130BC6390C3441FC2CE5BCC2F6F80821869B6639099768D3D5318E3FAC33E9512F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.746484906506307 |
Encrypted: | false |
SSDEEP: | 3:kkFkltqT+kN/XfllXlE/HT8kVl1NNX8RolJuRdxLlGB9lQRYwpDdt:kKTTpQT8AVNMa8RdWBwRd |
MD5: | ECF3F679F022F8F819197C3B188E09B9 |
SHA1: | 5E9BABD1DDC22809C24033789F6518BA185EF001 |
SHA-256: | 2C38239C14891A2BDB0143ABFAB10713A58E52E8244788AFC9D3F9B94B967FDC |
SHA-512: | 47991ABEB52A785A8957C87D8A772FE1DDF82EBD56359B446915C7DA2BBD78E1AD30D5BFC06D663F281EA5C70FFD0601D8491A46423818538B61B146B628F2C5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.1440865988908953 |
Encrypted: | false |
SSDEEP: | 6:kKnmT9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:vmqDnLNkPlE99SNxAhUe/3 |
MD5: | D95CD47CAFAD38AAF4894D62693C98FE |
SHA1: | 3047D12074205206B2D94DE4FFDBC5E1314FD9EE |
SHA-256: | A2DBEDAA6C2E33210AEF470FBE82753CFF25F84506B7BD1F57383DCB6CF47F1A |
SHA-512: | 7B097C52BB22D140284E916D0DC7C71EC9ACDF0097A4EAB520B44C5B0DF574ED874DCFF6D62EA7DEBD17CE02A8BA64FB0D4A6E5812D1B70882CA1DEE95AE0D18 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.326903519855955 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJM3g98kUwPeUkwRe9:YvXKXZc9UYpW7VGMbLUkee9 |
MD5: | C3BF5D91CCA06C5B6C6A6A00BD4CB0BA |
SHA1: | C6C24FD3EF89DB2E959A796E19C75BE2EBD30CA7 |
SHA-256: | 8AD753DD4B47E556316D7E6C34BA2118B94C6010691960260CC803EFCC242A2D |
SHA-512: | EE84752297746B5F72C5EAB84D420218BEC90460638E64926A6A9CFBD995EBE1155FF4532D1E96842BFF325B1BAA87E24EEC6630B99BF883C82F7A2A76A46A80 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.265015387799734 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJfBoTfXpnrPeUkwRe9:YvXKXZc9UYpW7VGWTfXcUkee9 |
MD5: | 5D018041299FD1D4D3F509AFB5877208 |
SHA1: | 9B0A20E29A709C4316D35299B9C8FAB9079B7B47 |
SHA-256: | 3C7992294E74C27B1EAA156EC5FC43AD3995D7E8685AD038A2F63B71B44AF97B |
SHA-512: | AED1DAD8E951DE7100F616FF6F521DDF198802923D6076BB2CBE006F7A449A797C923332C04BC65D95FDA253DF69F886D1E83BE946B009BBC2DB8FA602F32628 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.242865481376803 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJfBD2G6UpnrPeUkwRe9:YvXKXZc9UYpW7VGR22cUkee9 |
MD5: | 7FF5EE6853A1DEECE93F3CDCACDC6026 |
SHA1: | 09C0EF78A4727EFA40E415522A062F82D47A4F13 |
SHA-256: | 2350AD14320768AA2C28A68AAF7C3B198F42F95C6489AB63FE28400E4EC300A2 |
SHA-512: | 05DB612AE837C2091A35FE0967E08E50AECE4B055839BE5B4DE3541A5AA7C06A73FDD460E92942EBC2565C6973760FEB645AFD89B51DDFE7DCAE4BB677E85F9E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.3045171039498475 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJfPmwrPeUkwRe9:YvXKXZc9UYpW7VGH56Ukee9 |
MD5: | 2DF6076C9D812ABA0E579C7488FBBFB7 |
SHA1: | 5ABBDC600E77B6367B955CB83224596C9A6A750E |
SHA-256: | 53C5505532DF78C91D618731AD86009091BDA8E0066EA740381D56FC7E47D44C |
SHA-512: | 230BD0419B2376F2044237102CBE08EDE08FB605D3F6EFE7BAE3698934021B1108945171A9D06DF33382E9905D411C839B65039E964161F62EDB9DDB9FAB9D51 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.6623089981695625 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZcPi6pLgEFqciGennl0RCmK8czOCY4w2Sr:Yvv66hgLtaAh8cvYvd |
MD5: | 7C1828DDAB3AF192A4C4A782079E4973 |
SHA1: | F9C51B510A73F3D269F2E29FE74BD06D30AC0803 |
SHA-256: | 87FEE398FCBFA4F9F708C6874EBBCE6CDA5022D5D8E2FB2EFA9B4B97BFA0E136 |
SHA-512: | CF0E624E29B9557877716DDD841A7DD9BFB0AD1E082D007B24A43E3AAE8E8E4C061EEEFA064B634CDA7CE33106E12D3D0AD2DF71902337489208847196FB68F7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.64844187213689 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZcPicVLgEF0c7sbnl0RCmK8czOCYHflEpwiVSr:Yvv6cFg6sGAh8cvYHWpw/ |
MD5: | 4ADBD5B605471B163233B5CDB20ADD1E |
SHA1: | 85BF7320F30AC72A5061F749364050722350D3A7 |
SHA-256: | 558E2C342E4E54BCC767B02F2D522B3DBDC67AD2A5083A75D0B1B65492B9035D |
SHA-512: | 2F8D7DF32BABB55D119196398D39C711E9CECF4E6D14317F93F9A51519FF9C697DD3CADB83BCC44883C128CA1BB16AAB78546BFAB30A67AE19D2FD8B7B579AA7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.252295752034621 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJfQ1rPeUkwRe9:YvXKXZc9UYpW7VGY16Ukee9 |
MD5: | 2F4436A8109D521E6D08BE96BCE44D22 |
SHA1: | AAC6AEF85D5E3F0222B8CA2EABDD1C35FDDA7EBE |
SHA-256: | B42103BE62DDEC635C0AC8CFE4D8211169680B385D7896CBEE2D92509F4435DF |
SHA-512: | 7D30445394AA3173BFC3B2BD2E3767F984CF0C8D3ECFF4DC6008010621220B58849384ED735890658A1E6B50A55BBD1448C9F74A36149117CDA201E3CD5FA281 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.643454437675418 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZcPiB2LgEF7cciAXs0nl0RCmK8czOCAPtciBSr:Yvv6Bogc8hAh8cvAY |
MD5: | 7A67CC94EE17B1D7BDDA4A0EAB947FAB |
SHA1: | 2E71C3C1BB129BA29B23EDC49FBE0238D700EB03 |
SHA-256: | 722883AF9F8B5B27AC0B9C8E5684A0C69EF5C8BEAF563C97411EA5AAE5E159AA |
SHA-512: | E57969BE595A6F039D344FB2B24BBC19AA81DE2FC0FA2359D59A784D91F956A293A0519D53339DC50EA75F1FCD430B17147BA6EC836DAB7C8407969344363DB5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.6970826731325 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZcPiBKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5Sr:Yvv6BEgqprtrS5OZjSlwTmAfSKM |
MD5: | 3D3681578BF860D0E900D5BB31873C78 |
SHA1: | 5F966E3222B4E2F00D5979F3878E53246265FE6D |
SHA-256: | 204264693CE05E42671793817704EF8741F2273EC1D8C64416266A1A9B9C88CB |
SHA-512: | 60CEDB1804B7A9766358BB5C37A9F703707702DA70A6351D4DE20EB4ABB73EDDED6D20CE8CFC1F9313A085F80168E90EC72A509C68301F0494683C22C2FE88C6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2589498511114945 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJfYdPeUkwRe9:YvXKXZc9UYpW7VGg8Ukee9 |
MD5: | 7DECC2D1C0DE61AD0B01CA1B68CDFE1B |
SHA1: | F8C83CB0B070DB7FE1D897592F3E71C364D213CC |
SHA-256: | C5AA92F89C157E2A98F6DF4661C1CB66A0F8E1FB2997CD51BAC79761CA1C4F76 |
SHA-512: | 8E5F0B84FEEABC0C2188DF0AE6565DD47220893DD3D56B9B17EAF590E15B628A8AF4EF33489FFC412592869BC2250BB8913CC131CB150908953CCBB8AF298E1F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.772639192840698 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZcPiMrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNKr:Yvv6MHgDv3W2aYQfgB5OUupHrQ9FJM |
MD5: | 849781C907005498884A8637A1836701 |
SHA1: | 5F718B8C4876E7FB942F6ED391F021D4A661A65D |
SHA-256: | 1C9532FA0647585363B26CD3D3B9BF3FDA8A3B45F1ECA23E3CC96D0284B279C6 |
SHA-512: | 12FA6FF14859107FD2DAA6E36CE16193888E25E6AFB3E281EF4FB4D36460A5B9A8019669CD38D6E579C4F1C2626D4C97E00628D5ECA7081A250B878F2BB43CC2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.242779080392839 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJfbPtdPeUkwRe9:YvXKXZc9UYpW7VGDV8Ukee9 |
MD5: | 35EA60B64749A36D16DFAA7BD1112A42 |
SHA1: | 58E68883C48066864205565497ADB051175D3241 |
SHA-256: | 7F0C840289322426D494A9349491D762B9EC10C902D774B3D82FD56F3B123E29 |
SHA-512: | 027AC8E6F3818129E9187C949167321E37E3FDFD39485BE8D4021855B2AF629661229A1E91D0FE8C44E1EF52F1B790736AC142E759C1185312FF6C51E6BFE4A4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.244179969900328 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJf21rPeUkwRe9:YvXKXZc9UYpW7VG+16Ukee9 |
MD5: | 1C98CC7001855D196664C8FBAD4C47BE |
SHA1: | EADE9A4384DDD0B7B794D3346345009AF4593888 |
SHA-256: | B0D72396688AC9C0AB1BADEB205A7277D1FE3BF7D1D321BF0D25211AC994CEB9 |
SHA-512: | B9D202A56612238BDA946C9C21EC802311F4DEF56C80143DBEEAFC5A70985A75CB6C43D0DD2A0A915B241EDF77CFAAD50B32EDBD20B4B261BA24DF9DC0DB3095 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.652658889825535 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZcPimamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BSr:Yvv6oBguOAh8cv+NKl |
MD5: | 548E5798BB40461AD5F61DD0BCEAC44D |
SHA1: | B4C12154BE88679A3B0BAA070B4AAB26BD17BA84 |
SHA-256: | E59C246F68EFF7486BD1E9F85511EFB76E23484B739946470ABEE4FBAE7FB54A |
SHA-512: | B1714526E59E97E09FDB92D79169378F4CB12595F9EFDF1F9F9BE32DF249C957BD8E5CC516CC4A097E59C1AA8CE368B218024C70CDC888EE0C7EFED65DD975DE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.219073604596552 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJfshHHrPeUkwRe9:YvXKXZc9UYpW7VGUUUkee9 |
MD5: | B8229B058476F63992F563AF72397B27 |
SHA1: | 0A7BE1C3D5809AB58F32677B67715885E0B7E619 |
SHA-256: | F317E440D55AB4B78CEDB285AE47FB3D24F3DC3F9E4FB227EF684D385016E851 |
SHA-512: | 3CCBB447F79BDDF4312D7B000E4FF9C398801464D3477E8113CDA3CBADC12C8EE3EE08C7F79D14531226F4666B9EABCC60AB0C4FB4249B8FCB6E85695A445FD6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.355030743664162 |
Encrypted: | false |
SSDEEP: | 12:YvXKXZc9UYpW7VGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWGr:Yv6XZcPix168CgEXX5kcIfANh7r |
MD5: | DEA89A4D9F108C754B2844222DE73DAA |
SHA1: | EFCF0EFDEAE350893940E2AC43FCBE1C7972A167 |
SHA-256: | D764D82DA3CDBB16226B67439675CF0D9B609D9ADF6A5E34964EFC27C8F7914D |
SHA-512: | 2B24C24C2F6DE808A85D914824F074E98326409EF74ED519DD71476AF5FF34186D675DFD82A6E4E9CDC65AFC8D25BE0E0BF30C57FB03FB85E9524E676A032D19 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.137321018046282 |
Encrypted: | false |
SSDEEP: | 48:Yq1/S9g/TEqj21of0VqCk5skqrcn9DApH:L1/cSTEqj21ofKqxLkacl |
MD5: | CA1B3630F4D0F93CD57C71E2DB964C52 |
SHA1: | 769E8C3C40E4232A0E529003A31D9CDF8EF7661E |
SHA-256: | 0D6D9A074EC33C1C2A05E999E2C6869D314D55EB2AA87D0FAE598A9F56A29908 |
SHA-512: | 0794B8872A8587B18948B30B8F4145F0441B4CB8570FB302A28EA47D62AEE630F97F7A8C67BB65C98CC884606B26EBE036682949F15190645DEAF0009C1536CD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9954129253098863 |
Encrypted: | false |
SSDEEP: | 24:TLKufx/XYKQvGJF7ursB1RZKHs/DsgpduVe8R1cSF:TGufl2GL7msvgOsKdusicS |
MD5: | DBEBDC4384DFF4EEAD55F71C69E89362 |
SHA1: | C2A4C6E42CEFB71BC24CE5DB45F35425A82D54F3 |
SHA-256: | 4F2E2417695EA89FEC1F5AA4F43124C0C219E6BFEDF5DD92B236F983DB452C9D |
SHA-512: | 923FE41118DCF39579818AA6636DF288269ED9DBCE848785D1D3A7D3EFFF89E20E95A21918A9387E3A938FFC9475A4B0CE67B153A0403477AFE092C71C7DE690 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3567784251637383 |
Encrypted: | false |
SSDEEP: | 24:7+tpn1RZKHs/Ds/SpkpduVe8R1cS3qLhx/XYKQvGJF7ursR:7MngOVp+dusic6qFl2GL7msR |
MD5: | 5F2209A5E50E6D2A8964E802C70958A7 |
SHA1: | 31D94B8FB850F2C2986BF3958B35E60CFD13C891 |
SHA-256: | D8EA7A7104B01AF6E985FAA78BE4DA4EA28ED2FAEB4C0F11642D30F3B580A252 |
SHA-512: | 365C85F52743FC956E88A056FAE4DDDD024937286E5F121329B7F75B853F94441FDABC0B7980A3D63160BC6BE141AB07898A0D034CB4CDDF4DE0F37ADEA81C57 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5030768995714583 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8gjqWww:Qw946cPbiOxDlbYnuRKLD |
MD5: | 33A735F7BF2C9489E2240A9CD60D1774 |
SHA1: | 4588BCF218BB8D20CDBF59CA04A4233CB13BFF07 |
SHA-256: | E94BBD58BD126005134FC249556933841F9FB991D4471DCB0E1FEDED6A0A0F7F |
SHA-512: | A70860674C529EACB7E4A19BF16FCF642415985D9994FFE58EACB3A625E25861C41C4CF3D305404EC04D688EEB81F0A9F1CF656F2B4C6CB37EA64B6B0513E763 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.028909898582472 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOtN+VKh0N+VKhdLCSyAAO:IngVMre9T0HQIDmy9g06JX3vwvJlX |
MD5: | A7A814EC020B23CDE6F340C8BA482ABA |
SHA1: | 0E1A51AC69B1A21A19DF44778A750823FFD6428D |
SHA-256: | 68DC5F6FF54234EA333EDEA5577D36719DA73EA27917745C88CB701356F7BBBE |
SHA-512: | 77F47B7FB576BEDB88B8843F68A8AD92132DFD4B86B29FB99EE35D7B87F3D7F3216BE1FB3969B382C8784F7B2100785411767C27692FFDBCF8178A7C309E4524 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 17-29-04-767.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.3436228955630645 |
Encrypted: | false |
SSDEEP: | 384:j26Dy+nK378UK20V8RtPC8y6SpO6wtqY2gfzVZV5Epd68A1duFpj4j4dEK06BksK:I1V |
MD5: | 0EDB1E6BCEA1F44D40F47BF89FD07C95 |
SHA1: | 8503CD8DF307E89EF338C0448591165BD3DB0E45 |
SHA-256: | 867A7A4AFB87B99B18176FD9D3EB0B1105D0498BCA367D26A7FC3C94CA090218 |
SHA-512: | CDC4D60AAA2950A5ABA53A39CFD7B08CA435268F8E193C1E3A6920536FE34F7BA7ED05C4BDD5019219A07E90B6975C988E54C75006791271B55D987D2CF01C7A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.39073253367966 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbS:m |
MD5: | 606CF521C27303278C401D65A720AB22 |
SHA1: | 4B4AACF312252098919D96D06F7F1771DCAA5006 |
SHA-256: | 2D3E7B107FCFF9A190A11587483F2BC4447792CADA072C9D05F691252F59BF1C |
SHA-512: | F8CBA17D86037335F1627A8B3B843BDB0D5F2832696130D6EEB8C397442AD5A0911F954AAB825322EF5B7C88635E69591BBBE0C5C65478F6D89D3E6A5C92076F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.66829583405449 |
Encrypted: | false |
SSDEEP: | 3:So6FwHn:So6FwHn |
MD5: | DD4A3BD8B9FF61628346391EA9987E1D |
SHA1: | 474076C122CACAAF112469FC62976BB69187AA2B |
SHA-256: | 7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486 |
SHA-512: | FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98682 |
Entropy (8bit): | 6.445287254681573 |
Encrypted: | false |
SSDEEP: | 1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L |
MD5: | 7113425405A05E110DC458BBF93F608A |
SHA1: | 88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF |
SHA-256: | 7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46 |
SHA-512: | 6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 737 |
Entropy (8bit): | 7.501268097735403 |
Encrypted: | false |
SSDEEP: | 12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa |
MD5: | 5274D23C3AB7C3D5A4F3F86D4249A545 |
SHA1: | 8A3778F5083169B281B610F2036E79AEA3020192 |
SHA-256: | 8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97 |
SHA-512: | FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14456 |
Entropy (8bit): | 4.2098179599164975 |
Encrypted: | false |
SSDEEP: | 192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ |
MD5: | 32FCA302C8B872738373D7CCB1E75FD4 |
SHA1: | DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1 |
SHA-256: | CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6 |
SHA-512: | 57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.894931685181117 |
TrID: |
|
File name: | CountsDavid.pdf |
File size: | 53'052 bytes |
MD5: | 05d8ae994a3bbbdb319216934d6ebe39 |
SHA1: | 85e5469e39e8b3cfb89e2f3f3c0fa23010475bf0 |
SHA256: | 43b146176ad126f44e6bde8c91618078096823ed286b376c985ff16d220caaad |
SHA512: | 1dd0ab68e5123f87e29f9a929f444c4acdff3b87385670c1adc1e0c4fcb3a4bdfd6c84cb330a0662179924843b908539541ff3faf08323e28b81f70286a96644 |
SSDEEP: | 1536:aBdRxOEJVf40bhluilTXwsy0vFt5B24XHlh6ULgAB:abRr340b++jh9BnFoQB |
TLSH: | F233E0FDD8660C4CE8E34BD6C5B77E99681CF22346F47A5234350A41B8395C4BA31EAB |
File Content Preview: | %PDF-1.4.1 0 obj.<<./Title (..)./Creator (..)./Producer (...Q.t. .5...5...1)./CreationDate (D:20240930191758).>>.endobj.2 0 obj.<<./Type /Catalog./Pages 3 0 R.>>.endobj.4 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None> |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.894932 |
Total Bytes: | 53052 |
Stream Entropy: | 7.935925 |
Stream Bytes: | 49274 |
Entropy outside Streams: | 5.057219 |
Bytes outside Streams: | 3778 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 29 |
endobj | 29 |
stream | 7 |
endstream | 6 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 2 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
14 | 398991bac3cffcc0 | fe9c2fe3c1be7b80f77f3cdfd21509cf |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:29:01 |
Start date: | 02/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 17:29:02 |
Start date: | 02/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 17:29:02 |
Start date: | 02/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |