Edit tour
Windows
Analysis Report
SIGNED Insertion Order_Greater Orlando Aviation Authority_082824.pdf
Overview
General Information
| Sample name: | SIGNED Insertion Order_Greater Orlando Aviation Authority_082824.pdf |
| Analysis ID: | 1528312 |
| MD5: | f0a3a0d0eaf4e8ec4c3a1f50d2b53994 |
| SHA1: | fbeec6fdfb3662057ebf30a71db767ca76c4e1f9 |
| SHA256: | 61040822f1d26d557f19ca92ff0ee30645780493495fc33b8f2071728fcd2d44 |
 | |
Detection
| Score: | 1 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 60% |
Signatures
Contains long sleeps (>= 3 min)
Potential document exploit detected (performs DNS queries)
Classification
- System is w10x64_ra
Acrobat.exe (PID: 6992 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\S IGNED Inse rtion Orde r_Greater Orlando Av iation Aut hority_082 824.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AdobeCollabSync.exe (PID: 6388 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 6376 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=638 8 MD5: 8A41FC5F946230805512B943C45AC9D8) 
FullTrustNotifier.exe (PID: 4596 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\RDCNoti ficationCl ient\FullT rustNotifi er.exe" Ge tChannelUr i MD5: 92366A2F482926C3D0DD02D6F952F742) - AdobeCollabSync.exe (PID: 1156 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 6532 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=115 6 MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 6772 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 6704 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=677 2 MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 3548 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 5872 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=354 8 MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 6220 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 6172 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=622 0 MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 6764 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 676 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=676 4 MD5: 8A41FC5F946230805512B943C45AC9D8) 
AcroCEF.exe (PID: 1732 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 3660 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 52 --field -trial-han dle=1568,i ,444827907 6508102644 ,749812487 5219791671 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | Key opened: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Key value queried: | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Process information queried: | ||
| Source: | Key value queried: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Virtualization/Sandbox Evasion | LSASS Memory | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 2 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| x1.i.lencr.org | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 162.159.61.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
| 2.23.197.184 | unknown | European Union | 1273 | CWVodafoneGroupPLCEU | false | |
| 178.79.208.1 | unknown | European Union | 22822 | LLNWUS | false | |
| 184.28.88.176 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
| 52.5.13.197 | unknown | United States | 14618 | AMAZON-AESUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1528312 |
| Start date and time: | 2024-10-07 19:10:52 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 31 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | stream |
| Analysis stop reason: | Timeout |
| Sample name: | SIGNED Insertion Order_Greater Orlando Aviation Authority_082824.pdf |
| Detection: | CLEAN |
| Classification: | clean1.winPDF@47/39@3/44 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 184.30.20.134
- Excluded domains from analysis (whitelisted): ssl.adobe.com.edgekey.net, fs.microsoft.com, armmf.adobe.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: SIGNED Insertion Order_Greater Orlando Aviation Authority_082824.pdf
| Input | Output |
|---|---|
| URL: PDF document Model: jbxai | {
"brand":["Trade & Industry Development"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"GREATER ORLANDO AVIATION AUTHORITY INSERTION ORDER Issued August 23,
2024 Due North Media 3112 Blue Lake Dr. Suite 110 Birmingham,
AL 35243 Travis Gipson tgipson@duenorthmedia.com Prepared for Greater Orlando Aviation Authority One Jeff Fuqua Blvd Orlando,
FL 32827 Kevin Thibault kevin.thibault@goaa.org +14078252625 Jay Cassens jay.cassens@goaa.org +14078253884",
"has_visible_qrcode":false} |
 |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\723a1632-47d5-467b-a0de-083d4bd7966e.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.953858338552356 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 4C313FE514B5F4E7E89329630909F8DC |
| SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
| SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
| SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 0 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 4C313FE514B5F4E7E89329630909F8DC |
| SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
| SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
| SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF49002b.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 0 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 4C313FE514B5F4E7E89329630909F8DC |
| SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
| SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
| SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d7229420-af39-4fe8-9071-ee40295cfb18.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.986637938041183 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 379B4244B04246DC4795F73D682D22B5 |
| SHA1: | 534F15A282F479F2FFEA10A17BB5971B0B91CC84 |
| SHA-256: | 783744B2002DBB63D089C047E1DB2C08D14AC34C3483ACA55C12F21A3EAE0F9A |
| SHA-512: | 1BF07F4C17F57B71FF76585DC4992087FD56F574A00EA4498810AD20B5945F4080D13E5F85BA48015C0F27B51B3DEB78F03622F0C8E632C752101C12E995B147 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.28109187076190567 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 44DE53AFD534939D2FE8867C9FB6121D |
| SHA1: | DD01BE4A4C61C59CCDD1B0D681FB5B75DE428BE2 |
| SHA-256: | 5F878491B045B11EE037D2B20E00F74CE0A072BAE10A191D06A7D44F4BFF2408 |
| SHA-512: | 8ED2CBDEAEA258657F6CF24AD0CC151F4A3FE3D8949BB59144525DA74E9381E439E0BA0DF4133FA42AB39AE255947515D5286DDBED8887E7C9AFE00DE0775A27 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-10-07.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2020 |
| Entropy (8bit): | 5.177233795896022 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8926307C3BF77982DB175920851473B5 |
| SHA1: | FD2DA68AE3E8FF1411B69B7F9D7D923AB97DE2EF |
| SHA-256: | B1AEB2EF6366A8AD554F79CC41988E06C9132D43AEE38DE6948857EC3F9023CC |
| SHA-512: | 8EEE3664BEFBBE2B33FFA14610F806D33E2A08A1FA4042A040280CED99EC0165AA6D9DEA6BDCA56866601747F4023493090EEBAC3AFE5FA4E904066EB4EB337E |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.28499812076190567 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 839FFFCB27D87327161B5A6286CB16C9 |
| SHA1: | F943A413655C775C1BB1B12229F0F6E2C5DC96E3 |
| SHA-256: | FAAA65372906F2331065D5A638B663B08716C13D8B5C6770002081477931B96E |
| SHA-512: | BAC55A87FD055D2DBF44AA744328EBE8A19929F83E25F6B6AF4974CFBFCFF84D12823ECD28F26857A1A60D543AEAC627345793AB67BAF5B305802B9194373A99 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007171143Z-651.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65110 |
| Entropy (8bit): | 4.717780387158649 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 50A172A940CE5920C7A22ABFBE9C3AAE |
| SHA1: | 6FC87EAD741043E824C6EA6A75ACCF5A77896A1C |
| SHA-256: | 066BCFB0A5456C0400828D47790F7DEDD242E8BE7E2DD5F68EA59B2EC84D86BE |
| SHA-512: | CC886DD56A6C324EEEDAEEF63276E212736B54065B7902F9FF1C4A1FD10F758BA5941D7BA93AA4CFEDA4CC0213FFF4B8EBF595EB461166B7188A09DAC626F96C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 57344 |
| Entropy (8bit): | 3.291927920232006 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
| SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
| SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
| SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16928 |
| Entropy (8bit): | 1.2140426017686226 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 172485992FB22259E7A5B96E7DA0814E |
| SHA1: | 52F46EFBF56A1AE0E1643489619B9BC5EDFAEF93 |
| SHA-256: | C0A726D27FE786E8174528598F0E8C7E2F43672C13BF033A12E80B18C4D212BC |
| SHA-512: | 368D4AA1ED5945A0D6D5CDCF13093BB00CDAAD40C5F1FD51EBC15EEAAABDAD3BE93E1BC9DDD8BE5D1BCF67A341EB4F06DB83292CF44BE29DAE92670725A7CEC5 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 94208 |
| Entropy (8bit): | 0.9951370817377893 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | DCD066A1C8CA38D94ACA4E5DF6CA20BF |
| SHA1: | 0C670E7CB31FE1CFD952082C3629AD8861BFD799 |
| SHA-256: | E484D26709945669E18A3D0A7F95E3EA943D4170736EDD8FEDFE3F69A7B8D25E |
| SHA-512: | C07D385DB9B836F106E1951FDCD911D7FFF44AAE6EE7406CA665B211236E8ABE3395789E10200644343779983E9AD7B5E484B3B1567CA6EAB890A88E4FF9500B |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.28499812076190567 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 1C379A6F46D3B3246C1011660F506713 |
| SHA1: | 153FA22B238B945443ACFA9F439B13228726E615 |
| SHA-256: | 590BC0D3862505A5EA63A97BEEC6067C8A95BF6EE29F5C91EBC1A8019C305D17 |
| SHA-512: | 6DD4948FB5C52FD40D590DF5B9766A642EDFE5E01807110B16F7607521478249EDBF6A1D9F38E3917EAF4B6B2BDCF6F927C2E4141C14AA6A1E661AAFF48DE1C6 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1391 |
| Entropy (8bit): | 7.705940075877404 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
| SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
| SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
| SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192 |
| Entropy (8bit): | 2.7234941003697 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 3FB148C89B20B714FECAD9E0B793FC93 |
| SHA1: | D692A8ABEAD7F3174AE6FA08011B947139DCADEA |
| SHA-256: | F5E6B4DF53E08E1FD915F298D063B04607C999ED3A354518425FF57F6A448AFB |
| SHA-512: | E47819581661A378B1EFF024BB9BC22FDDE877B39173A4D633AE12F51299B84777AE8951B16970BC7B7E802E67E5B4A946993AE54D96B5432ADAABB23E94CF3E |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 290 |
| Entropy (8bit): | 2.9844219596585932 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 3C210AF32EC2D94B0546FCEDF472534F |
| SHA1: | B79421D6636652591E31E8B6497461E72582A012 |
| SHA-256: | C99FAA0307CB6999B3969A00637D55AF6C2CA29CC8E70E7691A317B3936A4078 |
| SHA-512: | 37C831AB6F509C3C6CF0234121D5395770FF5E0F62BB6B38ACAF822F6857EC0F7A5E8767BD22A1E229B7163CCAC2D372C381282922FA896F6AAA120F2E66F802 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.397001807182446 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 28E8E433046A060811BDB27BE55A88F9 |
| SHA1: | F17E50F606FA54E0A803DD22517A192B5B3E60D8 |
| SHA-256: | 50123F13C7AFA2D455F1BB97F745CABB851A1E660F760E5D6307D1BAD45F9923 |
| SHA-512: | E68466ACCD38855D5C8B703450FB94607BEF37D21075D1AFD5443C43DAD80AAB05CD893AF1E4A70D3DCBA56845ACE4B34E580EC4B2C9194D8261638E0740CF16 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.347195581287212 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 62906CD9317CC6943243AF15185D88F3 |
| SHA1: | D20F446AC5D6BBB163D5BE2DDCA2DAED18E91A98 |
| SHA-256: | 92DAF2D85CCEFEC1C63A7A2626BBFDC3E9FA58FB176D46B4CCCB9454FF158CA9 |
| SHA-512: | 2F3643BB776099C0304353035996DAB85BF522BA72A9BD1E6C8481BB1C6939171D807AC4EB215E37DC716F14702F795B6A007AD82785AD58B471F69820950921 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.326393329256417 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | C12B582AC8F8A412642551B621FB3E22 |
| SHA1: | 8D9E8F10A97F067918C69F67881A4EDE3054830A |
| SHA-256: | 63BE613E2D26C30FDFFA9D47009F285FBDE6C955BF1911F09E8DC2AC936ECB69 |
| SHA-512: | C70AEAD90296B700FDE8856CB80B6E9B792B47B26D0C5E2C5D3AE8B169686CC6DFB9F0279D4B3EA3B3240DCAF1B496DC4FAC52653F81812C58680AC056A9E71C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.386562291392397 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8C5E9DBFC0D5253EEF75003D3016C4BC |
| SHA1: | CC1BBE3807464C0290786B0C36A43432A2E82238 |
| SHA-256: | 78A1641B309CF34F6FB2F930450ACFD65ED3723225F9677D4EEA6BA3A2077D0D |
| SHA-512: | 9DF22F6A219E7896578470B2060F4469B53E87FC92D17AA61184A99CCB8690194324052D3A7FB04D2BBBC60F7CDB3D7B82957E58CF1D6488E2708F47C5050148 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1083 |
| Entropy (8bit): | 5.685152616351556 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | D577FB30E4A3BE2B4154B1D109CD8E70 |
| SHA1: | 265103A65333579FED7AE1C69830A7627722948A |
| SHA-256: | D2C2EE03E2EED34AE54531F89814CA412713FF249BEDE8A4C08DF83823BF554B |
| SHA-512: | 19F52FD07313BDB2093DE3AA6C497D7CF1487191E0106D925AD3CD431431788F54881522C1274CFD0D04C4A7354855570D9F57CC7997476AB3459FB07391571C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1050 |
| Entropy (8bit): | 5.658042467153405 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | C65F6C8F18907D0901DB3DD0B099AD49 |
| SHA1: | E6DEAAE59CC13E79C87FD1578CB4603A8AE06FF9 |
| SHA-256: | B495DA4C400905F123BCDDB696E8F761974A38DF1BEE6CDAD2789E340AE34FE9 |
| SHA-512: | E4F6E795A30A278586AD3676CE55214D5D0B394E4F4ACFE994151315B0EAB36E657FB462D5E3542B7B67A1E201AD1D0FF2FF9D5AE91F6D1D4C5363CECD4B88B0 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.338039888066888 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | FE87AB97BDC7E78EE49DDC12E74BFFAD |
| SHA1: | 3536BAEBAC36B6C88CB79A8CF3D071FF086A7968 |
| SHA-256: | 0B67E6724A8D04D5DE09A9A9D148DFE42342C5455BF9B285BF926A2E348D302C |
| SHA-512: | E1714E51471ADFF753B52DEE80AA381428077F66CDFF131F507387988C848257F568051A8F5F5109F2C8DD2F93C3B1BF651362D6104805391106BA7627940D83 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1062 |
| Entropy (8bit): | 5.694516821998921 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 78CD0E9012A6F53471203DB3A593613D |
| SHA1: | A8AFD99C7EA72A22B61BE82E1BE37DBB202A37AC |
| SHA-256: | 72AD53E49D6876F7FA9FB9566AE71F46360C971CAAD0C0B73B143FA8F22C37C3 |
| SHA-512: | ABD0956FE10E39959C3B45E2434D058696F12B4A101242322E94FE48CC6ECEC24E22F7BC141AA6DC50CE8FEBFC97EF571ED5A7C9908E3CBD5C3628C554C3459E |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1164 |
| Entropy (8bit): | 5.7030098672902385 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 1F1F45CF98B3191C61BF3E201495A4CB |
| SHA1: | 4F6CDC63395235CCDD25144712A4DB8D1150F1C2 |
| SHA-256: | 9EB4032D76CCF6EA8B361810CDCE735C49EA7E0D368F4DE428FEE0DBA2AA380B |
| SHA-512: | 5FA43FBF2DFCB55F39C4E1D88A0AC34554D7F508F302953B3D7B357CB4D24CA97D9908B03F49F15934A468FF978646EBC65E892013ED7B00562ECD20D1C09694 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.341302013337721 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F40B6051AF1E9011C23666679C570545 |
| SHA1: | 66C8337F0BA6A91FED1A174B614F2C3D16B46E41 |
| SHA-256: | EC7D5F9AFF83BD3B318186EE807B2AA1F3EABC756C456524718B6225D57A2CC8 |
| SHA-512: | D322EE1B708213B25AC864DC9BA45204CFB4EAC6C5A27A9492D255C1DE03ACC54FC943B87B7F8BC8A23CEBD16F167B638EC68285C9C2B5931465E82F1F759CEB |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.77743866335041 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 79EE82F2B483716054F402B81E9BB34C |
| SHA1: | E7D9D181E032574EF6D4A074E5595346521CB0E4 |
| SHA-256: | 90A41B910EA4DD4C79C9C542C21B08EFFB2BBE69523E08EA79A5996CE42389CB |
| SHA-512: | 7B18230C1996294B19B70308D312F67CD78F9FEC0F4912754DBD942C02EC4DD6776BDB363172AB74F1A5414AEC1C14D1900DE0F752A8B33E1ED1B554A2D91D2D |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.324565248376961 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8D31C9067ECDFD742F8590A5827E7E4C |
| SHA1: | CE73B3A0C7B6D1DF8928DDB50198980E93308A29 |
| SHA-256: | ACA1AB5AA1F83D5A1B50DE15E6FDE3105573649A7ECE48CC6DCD2C6A0AB3FF37 |
| SHA-512: | 1AFD6EAD1D0C0A6BB19778C8F65A6DFFF3BBED2F97C4D70F6329B29A45F070F82E4B22C17D462B0F39AAD64ECBC4204ECA632AD4FE18FEE77B42C449D560D81E |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.328203869622346 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | CF7856BCCA4898A649880DFAFE52DD2D |
| SHA1: | 8EB5C787B21CA75E9373BCA72580B9A98CD675BD |
| SHA-256: | F7691A4BB4555E6C34E60DAA293355D338E1929A25DF84A482942F528E21AD22 |
| SHA-512: | E1AAE09B9A8414B41A56CA8C24B9F9A16A18B46CEE8B2D53CC8EDADDCC7D25C2574D868A7549627D22429DAEFB5981B7E5C4A933186626A94377390E3A94D3AE |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1082 |
| Entropy (8bit): | 5.690018632781956 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8DE22000018AF64812C1D481ADF291DD |
| SHA1: | 2987C41F1A319A217E9D786157168CBB9876C8A5 |
| SHA-256: | 5CC0C2F600BA5D5C1C166394318818DCB3BF799B769C5601813D5C9A69F3327C |
| SHA-512: | 2403D2D9010FEA8002C24BFC9D0B4A223692F5F0FF9E9942A09AE169E5387E7641ED91E30C895A55672141CF3A83A0A59EDDD39C4A5CFA8D42F3F768440D9F73 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.304003674103731 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 800956FE7FF73A14993DECD79B8D3511 |
| SHA1: | 293F928C1AC9A7651425CEF1BF80391DCE392EF0 |
| SHA-256: | 5CA82A2741F3002586FE8391B2464211D0E94D95E1DCB0384F9095AE52A6B129 |
| SHA-512: | 5F3BA4266ED30F124E92E6B10574563F2C33EDB88B1813E554921F4A815FCCF908D5CDDF7DC6B6C0CBCC798562DF7715FD0F36B8E20FB32D967D2C7EB8C12D62 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.378017272928043 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B76ECB518A2DB7407FAC72B05119AC54 |
| SHA1: | 89801F3FA7F3B117A3544E1B2AF39A5D573BB188 |
| SHA-256: | 7E324E83348088FD7C46ED34147F9C353AFACB6B9EE6D16BF4B0F35AF04F3019 |
| SHA-512: | 7959412E14C3CDBB0C373D4B16803095759868F0ABB24F65C8753F1D0E6A7E1997A3D9285616B8D7ED368FEB49782D68C093F966C2655CCA293A60162FFF25C4 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2818 |
| Entropy (8bit): | 5.123475647107806 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | E09D0AF4599C33C0D31219704CC83ED6 |
| SHA1: | 215670122767D925D7DFFC9A625059F182F8CADE |
| SHA-256: | 9867642E5A252A323E88BCDFD5BF398D9A88A0343C8FD7AA1E8CAB2239457D78 |
| SHA-512: | 404C6A1308B7E0FE38409469022EAED8D7404D1D4A82B79D19D627359FC04A7A585B3AEFA7592525A366A26D3140FEEBFA9086A2A63F989F2DCBE6E4F8B0CBC1 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.994944111813099 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | FE9C07617065744F52D59D8D44A3ACEA |
| SHA1: | C9BA3A58E974742E97245023318EF43FB5473BBD |
| SHA-256: | 95287C476F4FB80F362A7E32AD4D7131822FE7214D187A72A46392E4B7122892 |
| SHA-512: | 9D1C73374660635DE435AA06B6B79D67DD16A80269D7EBDFC9B672761F9644FCCEA9FAB477B29FD20725A89B3F3DCC35BCE0D445864A529F3408A185AEE07F97 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.3600557052418527 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8ABCCA934070EC43497BD7F5FAEA701A |
| SHA1: | 9EB44FD5B8241F38D7A74D7D29D191053143405C |
| SHA-256: | 62384DB7961023ED64B7FFA2C5E0892EEB85122AF318BE4FFB1A263B4F10E26B |
| SHA-512: | 453B6ED92CC3FB6C744A4667A136596A7B126B7FC17D0804437FBF9CB84B89BEECAE63A8E60989D3AF622848A8BFB84C5FC0341436E729BC817C36E860C9A357 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5024069929195045 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 2112942C665165792F0C100F23448FE2 |
| SHA1: | 36B210B3C954F84E011D6E83C4CFA9662DB101B2 |
| SHA-256: | 1647B7B12611CFF5504A5EE61C17C35683ECA4482D6812EC6D3EB78842091C7F |
| SHA-512: | BAEB3397DCAA2808A3C1F848464DACADECAB574CE7D3FFE3A9CD132C58CC5E5E7CDD33E44FCE49C53B30545428116B1EAE5618BDDE4E51F22C8A9CC134C5A3D7 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 13-11-41-825.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.353642815103214 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
| SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
| SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
| SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.4134696405049745 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | A56A5E501FD8606CBC3A5D5567F60380 |
| SHA1: | A9D3D64ABCC5491BF92877B65C95B10947A987A9 |
| SHA-256: | 624481146397890C69F9E4130A82AA2AA50745AEFA676BFC90417D50B3466F5B |
| SHA-512: | 603D8D3437B8C3977D89E250D8B31179655D5E0E3CDE948D2E730038DC562244B6919C6C6CDD9A65509D68F23ABB625A515B3BFE2C80AD9F67CD0C6E5C62105C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 14456 |
| Entropy (8bit): | 4.2098179599164975 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 32FCA302C8B872738373D7CCB1E75FD4 |
| SHA1: | DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1 |
| SHA-256: | CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6 |
| SHA-512: | 57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.932793207081275 |
| TrID: |
|
| File name: | SIGNED Insertion Order_Greater Orlando Aviation Authority_082824.pdf |
| File size: | 343'205 bytes |
| MD5: | f0a3a0d0eaf4e8ec4c3a1f50d2b53994 |
| SHA1: | fbeec6fdfb3662057ebf30a71db767ca76c4e1f9 |
| SHA256: | 61040822f1d26d557f19ca92ff0ee30645780493495fc33b8f2071728fcd2d44 |
| SHA512: | 876ea74e34830fd5cbc7d0d4206b7fb6be10b0ad5304bcca5c4d7259c4f096dabba97e9431dfb521fd30190b1cf66caea6475742305a5014a1fd1e4ddd6f84f5 |
| SSDEEP: | 6144:PuSZXG8QQVf8+dKKjJvXSw20vqkxCsu5kSZXG8QQVf8+dKKjJvXs2A:WSZXFQMdZjJaw2Luc5kSZXFQMdZjJk2A |
| TLSH: | AC749E31F99D4CCCEDC7DF6A81A9788B0A2DB52395CD3481016D8B06B585FC9BB436CA |
| File Content Preview: | %PDF-1.4.%.....1 0 obj.<<./Type /Catalog./Pages 2 0 R./MarkInfo <<./Type /MarkInfo./Marked true.>>./StructTreeRoot 3 0 R./ViewerPreferences <<./Type /ViewerPreferences./DisplayDocTitle true.>>./Lang (en).>>.endobj.4 0 obj.<<./Title (Greater Orlando Aviati |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.4 |
| Total Entropy: | 6.932793 |
| Total Bytes: | 343205 |
| Stream Entropy: | 7.992400 |
| Stream Bytes: | 210361 |
| Entropy outside Streams: | 3.535155 |
| Bytes outside Streams: | 132844 |
| Number of EOF found: | 3 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 453 |
| endobj | 453 |
| stream | 47 |
| endstream | 47 |
| xref | 3 |
| trailer | 3 |
| startxref | 3 |
| /Page | 5 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 2 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 13 | 0000000000000000 | 4864e9741d9823177f45f5a3f0ae0e7f |  |
| 14 | 0000000000000000 | 3e3936ff97d88954c43fe175047396ff |  |
| 19 | 0000000000000000 | a0621da4acbf224c097fab5f9fd78c84 |  |
| 26 | 48d8f0b4ca685646 | 4678a0be54b9c545d4ef713f2cfc7e76 |  |
| 27 | 0000000000000000 | f5650170ee134898d13089d5c1e40033 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node