Windows
Analysis Report
New Vendor Setup Form (1).pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6672 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\N ew Vendor Setup Form (1).pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AdobeCollabSync.exe (PID: 1472 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 6532 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=147 2 MD5: 8A41FC5F946230805512B943C45AC9D8) - FullTrustNotifier.exe (PID: 1868 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\RDCNoti ficationCl ient\FullT rustNotifi er.exe" Ge tChannelUr i MD5: 92366A2F482926C3D0DD02D6F952F742) - AdobeCollabSync.exe (PID: 6352 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 5428 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=635 2 MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 1088 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 4592 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=108 8 MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 5236 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 7056 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=523 6 MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 2680 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 7140 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=268 0 MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 2992 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 3192 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=299 2 MD5: 8A41FC5F946230805512B943C45AC9D8) - AcroCEF.exe (PID: 6484 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 4508 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 48 --field -trial-han dle=1524,i ,864876094 9684156529 ,172497805 9203320753 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | Thread delayed: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Virtualization/Sandbox Evasion | LSASS Memory | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 2 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.217.172.185 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528507 |
Start date and time: | 2024-10-08 00:20:41 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 13s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | New Vendor Setup Form (1).pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@41/59@2/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 95.101.148.135, 184.28.88.176, 54.144.73.197, 34.193.227.236, 107.22.247.231, 18.207.85.246, 162.159.61.3, 172.64.41.3, 2.23.197.184, 2.19.126.143, 2.19.126.149, 23.44.133.36
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: New Vendor Setup Form (1).pdf
Time | Type | Description |
---|---|---|
18:21:36 | API Interceptor | |
18:22:01 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brand":["Atrium Hospitality"], "contains_trigger_text":true, "trigger_text":"Vendor SET-UP REQUEST CHECKLIST", "prominent_button_name":"unknown", "text_input_field_labels":["Embassy Suites by Hilton Huntsville Hotel and", "Vendor W-9 form (Current year)", "Electronic Funds Transfer (EFT) Vendor banking information", "Form Property Name:"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"The following forms must be completed and submitted to Atrium Hospitality Accounts Payable Vendor Department in order for a vendor to be added to the master vendor file. Vendor Maintenance Form Vendor W-9 form (Current year) Electronic Funds Transfer (EFT) Vendor banking information Form Property Name: Embassy Suites by Hilton Huntsville Hotel and Please send the signed and dated completed forms to apvendors@atriumhospitality.com The following documents must accompany a request for new vendor or a request to update Vendor Records. Failure to provide this support will result in a delay in the vendor receiving payment or Vendor Maintenance. 1) W-9 Form (2) ACH Form (3) Bank Letter or voided check", "has_visible_qrcode":false} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.217.172.185 | Get hash | malicious | PDFPhish | Browse | ||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.218957090966429 |
Encrypted: | false |
SSDEEP: | 6:e3L+q2P92nKuAl9OmbnIFUt8muoKWZmw+FI+LVkwO92nKuAl9OmbjLJ:WL+v4HAahFUt8m6W/+hLV5LHAaSJ |
MD5: | 3B44C0E8DA76431C84988508AAC5578B |
SHA1: | 2AA1B5B98C1ADA1D4A039804841B0BEBA8265FFE |
SHA-256: | 9B5139C5E72CF82D75342F95B88EDE3FAA18B570A6DD9C30A8DF711D0CCD147A |
SHA-512: | 511C8A37C40B576D0F5E4A534DDABE76C60953305515C2ED8350B061DEB0E2CF7231BB87A8D75AF753000BC60B1F5FF62704E0BB7C2977DFC4DF57B39F0C8FF9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.218957090966429 |
Encrypted: | false |
SSDEEP: | 6:e3L+q2P92nKuAl9OmbnIFUt8muoKWZmw+FI+LVkwO92nKuAl9OmbjLJ:WL+v4HAahFUt8m6W/+hLV5LHAaSJ |
MD5: | 3B44C0E8DA76431C84988508AAC5578B |
SHA1: | 2AA1B5B98C1ADA1D4A039804841B0BEBA8265FFE |
SHA-256: | 9B5139C5E72CF82D75342F95B88EDE3FAA18B570A6DD9C30A8DF711D0CCD147A |
SHA-512: | 511C8A37C40B576D0F5E4A534DDABE76C60953305515C2ED8350B061DEB0E2CF7231BB87A8D75AF753000BC60B1F5FF62704E0BB7C2977DFC4DF57B39F0C8FF9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.146078822038354 |
Encrypted: | false |
SSDEEP: | 6:nBO4q2P92nKuAl9Ombzo2jMGIFUt8YPuRJZmw+YPuRDkwO92nKuAl9Ombzo2jMmd:Btv4HAa8uFUt8P7/+PR5LHAa8RJ |
MD5: | 4A2D88D6BF0FF7282BC72F983282B02C |
SHA1: | 4D13E3D9C140F704E64639F7A0E8854FDB4E8872 |
SHA-256: | D3579F82B538D48711CAE2614681A0B2CB39FB2CCEFE35E78EF18E374750A7C4 |
SHA-512: | 1EE3D9940FEA99577124C2C433BD6924163D176D4595615850AC8E686BB0F03E37A9CA0AF1F0E6F5812BF7327C8F024B1A89BF2C7C435D94F3DF346C09E620DE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.146078822038354 |
Encrypted: | false |
SSDEEP: | 6:nBO4q2P92nKuAl9Ombzo2jMGIFUt8YPuRJZmw+YPuRDkwO92nKuAl9Ombzo2jMmd:Btv4HAa8uFUt8P7/+PR5LHAa8RJ |
MD5: | 4A2D88D6BF0FF7282BC72F983282B02C |
SHA1: | 4D13E3D9C140F704E64639F7A0E8854FDB4E8872 |
SHA-256: | D3579F82B538D48711CAE2614681A0B2CB39FB2CCEFE35E78EF18E374750A7C4 |
SHA-512: | 1EE3D9940FEA99577124C2C433BD6924163D176D4595615850AC8E686BB0F03E37A9CA0AF1F0E6F5812BF7327C8F024B1A89BF2C7C435D94F3DF346C09E620DE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9bdd16a5-4475-4469-b51f-d73b141b3b18.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.060555479443108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqCZhsBdOg2Hycaq3QYiubxnP7E4T3OF+:Y2sRds5gdMHd3QYhbxP7nbI+ |
MD5: | F3C04766430A66A9C9D0BCF86530B908 |
SHA1: | 49642D4746CAE4628931932AA4DE5C74BD5B3304 |
SHA-256: | 25D2EC21FCDEA0D34BD3B15D4D89CA17732320575E45FE2AC411E52C65DAA54F |
SHA-512: | 76D5FDC91786704EB8AB35573977D1F5E485D1EEC7877BF4C8F07A3637B63557BFDA9F475B64E5D6D8E361C2E18AD10AB256CB035690B7612F5D75A8309A66FE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.060555479443108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqCZhsBdOg2Hycaq3QYiubxnP7E4T3OF+:Y2sRds5gdMHd3QYhbxP7nbI+ |
MD5: | F3C04766430A66A9C9D0BCF86530B908 |
SHA1: | 49642D4746CAE4628931932AA4DE5C74BD5B3304 |
SHA-256: | 25D2EC21FCDEA0D34BD3B15D4D89CA17732320575E45FE2AC411E52C65DAA54F |
SHA-512: | 76D5FDC91786704EB8AB35573977D1F5E485D1EEC7877BF4C8F07A3637B63557BFDA9F475B64E5D6D8E361C2E18AD10AB256CB035690B7612F5D75A8309A66FE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.236226886199951 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUNBBMjGMP0tjGMZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLg |
MD5: | 2C9E11F033D9978F1EC645AA01A8EB38 |
SHA1: | 8C4E84791342754C564D56DBD7B59E61DD3D1C92 |
SHA-256: | C28C54477FBEFA431D4868046008B51113CEBC18A5F7FEDE8F46F6571D3837A1 |
SHA-512: | 0B272D51BB3E651405A03FF53EC5F2C6F128C2842090C6EC60AF1A96D7DB63BD9EA739795529D59C23702C314A665B848E77158AD817874C5998C089EDA57DD3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.165162780566674 |
Encrypted: | false |
SSDEEP: | 6:nj44q2P92nKuAl9OmbzNMxIFUt8Y9RJZmw+YuDkwO92nKuAl9OmbzNMFLJ:jnv4HAa8jFUt8a/+R5LHAa84J |
MD5: | 1B727FF71223591B7EB72BFC4DE299AE |
SHA1: | A178FADCBF2805736290697AE299C1B2A68EFEA1 |
SHA-256: | 2085C1FC423B789D00428E06B7C606EA6E058532E63CEBA4A4C4BB8FB48CE330 |
SHA-512: | 930DAA3E9149F4403532A516F0D656EE529E484A7D180787D127F72D9C268CB9F3ADABD83B4B062C38AF25234466C52C8C6670F80A1D7182BE64CE27DB910726 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.165162780566674 |
Encrypted: | false |
SSDEEP: | 6:nj44q2P92nKuAl9OmbzNMxIFUt8Y9RJZmw+YuDkwO92nKuAl9OmbzNMFLJ:jnv4HAa8jFUt8a/+R5LHAa84J |
MD5: | 1B727FF71223591B7EB72BFC4DE299AE |
SHA1: | A178FADCBF2805736290697AE299C1B2A68EFEA1 |
SHA-256: | 2085C1FC423B789D00428E06B7C606EA6E058532E63CEBA4A4C4BB8FB48CE330 |
SHA-512: | 930DAA3E9149F4403532A516F0D656EE529E484A7D180787D127F72D9C268CB9F3ADABD83B4B062C38AF25234466C52C8C6670F80A1D7182BE64CE27DB910726 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 0.08728080750134917 |
Encrypted: | false |
SSDEEP: | 3:lSWFN3sl+ltlFlo1Xll:l9Fys1fo |
MD5: | 863BB379B267B2404CB64A3BC9B4A650 |
SHA1: | 139EDCE2C64569B81175543D1DE743EF474F4432 |
SHA-256: | F7C1BC02F430EBD015E45159D9FD9E18643C4CDCCBB7E7733A248C8393CAA88C |
SHA-512: | 6AFF907DDAFC78AF2186F58D7102A88527BCE5473D72C03607EFC49C56ABAA157191D391A1ED9350CC058E9BB37040C29DBA9E3A668F640DE0100A639F1D2F51 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.28499812076190567 |
Encrypted: | false |
SSDEEP: | 3:7FEG2l/XnvlXFlFll:7+/l/X9X |
MD5: | B36E0C46C38A4DD96B44ABF78B223D45 |
SHA1: | 86A5613DA151A355AEC8A97692984D8798B25506 |
SHA-256: | 96C999B11F2DD96EDE35AE38F10DEF85CD49308FFAB52098BB7A11AE1E2C1236 |
SHA-512: | C4A0E2537728E2981B9D7E4497C3A535898CA8933131CD6953692583CDBDCCEE85439883ED324987759A64F4DDCDA033B829CCECA75B6D667F342FD956CBEFB6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.06022429994991284 |
Encrypted: | false |
SSDEEP: | 6:Gz2PKh2PKbL9X8vl/UFl/Ojl/gZl/KgufS8f8/8il:7KcKVCcl/8cl/xufd8T |
MD5: | 2B6ECB9BC4AB0C66FBB149FDB1C2E708 |
SHA1: | EC2A5287AE0758EEA40B320533B6508101AC4E10 |
SHA-256: | 3412618991B4CDF7A42E8AAE1A9995D348771127FFD0EE10200A4F215482D9F9 |
SHA-512: | CB73A58E3D6AD0947BF43AAD5D52A917FCAF4E917B3732EAAFB874D75DB04FD0023B957E7A1BC6915D9BFBDC7617E05E73C4A08446816B32A262CE58A03503C8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 119512 |
Entropy (8bit): | 0.962315919686845 |
Encrypted: | false |
SSDEEP: | 192:vAY8S4TaQ3SiQmFevC9chlR38s4jd5D0LTwmcZG4N7aQ3SiB324mH4q4WiIaQ311:Yu4BAsAr4NZx5U4K |
MD5: | 38A27A313C89DBC12250BB0C157FEB17 |
SHA1: | C493795B6F09D1FC31EF65C2D9DBBBC6135CB76B |
SHA-256: | 3E49E3E6194F4381748FA7ED309B889D5D19260143970189D253538968A6341A |
SHA-512: | EA1C75999AAAB74F58E6C0C06B603F63095BB6B7F19A138EF6FC758E02485A21F30F22E1B65316104113B536B58277B3CFE6E965BC56598BF9E81A6E41AFA71E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-10-07.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2020 |
Entropy (8bit): | 5.184405762303542 |
Encrypted: | false |
SSDEEP: | 48:Lu2q2flEiMeLiMeLHowRcwJw0njwfE+otu9zE+oGna0E0i:Lu2q2NEiXiXH7r+0E8+op+oGna09i |
MD5: | 0DB6403524BBF70344169849C234CBD4 |
SHA1: | 7E99FEA8E22C5A8C1C2428221E45F7BBF3AE59E5 |
SHA-256: | 6160EB96B0E2DF26430CFCD15DA651B8CBF0D1F6B86DFBF655EFC44EF0D03071 |
SHA-512: | 913F48B88EF44841DA6E4702D85ABF072AA321D01A3C4B4087C5E491B5E402CF51580CC2FE2B3D3FFB326F8C6250E9A9CBF8C3FA0651088067C35B1E438A8D1E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-10-08.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 400 |
Entropy (8bit): | 4.9154996100328 |
Encrypted: | false |
SSDEEP: | 6:t+AecrA2Z1dLEnF0NOWTvjCivjYMnjUi+AecQNAEf7f1dLEnFTTvjCivjYMtR:BecL1dLEmkIC2YUBecy9z1dLEJC2YA |
MD5: | B51A9B6C5089D7A5926FA12CA732B6D2 |
SHA1: | 1C6CFF08481FEB0374839EC0321CB5A4A0F06493 |
SHA-256: | 1EC3378773616C980DA634050F49781078398BC0CC5C0FA42DBFBF0C66F684C4 |
SHA-512: | 7A5536F869FD9C549EAF183095E8DE30FF60C7D4890B0685F0B6A961EAF19E4BDDEBB99267DE9B66BE6E5E165ECAB6EAEFDBF3C146E89E161EDFDC4A51950F05 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.36835287347338636 |
Encrypted: | false |
SSDEEP: | 24:TLi7egbVH5hCAZIlE/F7iMXBxIV24bMo1Jllew:To1ZhCW0QfxHQd1 |
MD5: | F391306DD8BAA3198B26D3C80A906E19 |
SHA1: | 6CD1B24D186F1CC68BF9097177DA5676C4A56422 |
SHA-256: | 62604481C477AF3F8813122011B9CEC6DDEE9A3992F3FAFE236E3E92FC62E680 |
SHA-512: | 5AD524078462D761F0F01933EBFC3714B44C93296BD4EDAB34B59CB833D1D9334CE830E196D2BD2BDA82837914E91B2B53E848EDC9BD04B7EDCC31D7DFD9DD53 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.28499812076190567 |
Encrypted: | false |
SSDEEP: | 3:7FEG2l/sfXHlFll:7+/l/mX |
MD5: | 5699F78C9758177B4A398607E0E030D9 |
SHA1: | BA1A4644452A8E3C3B1109782D36005223396153 |
SHA-256: | A59B59958A9DE605D80F4720C40F32341EC2433CACEAF8E19051B66279FFF32E |
SHA-512: | 1B53128723E415046416A9938F95E3A01E75FF17708B3EE2ACE7397F99F13321B0DCBB0DBA2CE81A1C234580D721B64E2E74FA89560686A19DC0D217EEFF0F6B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007222153Z-557.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.2817531146957999 |
Encrypted: | false |
SSDEEP: | 192:7yZaKNBpzsGsh1pfAq9TnzBXRo87KP7MNhWJ:7ywkpCrzsDihw |
MD5: | 7AF178E88EFD5D51B59535F51978CB48 |
SHA1: | FC09E40B1D75AA9FBC75EC8C30C9F47FD9C46C7A |
SHA-256: | 9EF52B7DCAC61AC3DC89D1B89348956D6F2C44234800CACE2323C0CC934A9BD5 |
SHA-512: | EF81FC47C5B1E3E886D4806FE0ED8E61D080D799E31922079C68FC55DD7B1B8244649554BADAD1D587BE7D3849D6A63A35FE62E3BBFE778761B2DA09237343EC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.293396857874779 |
Encrypted: | false |
SSDEEP: | 192:/edRBGVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:/eUci5H5FY+EUUUTTcHqFzqFP |
MD5: | 91601BBC3677DB9834BECC24318AD3CC |
SHA1: | CE72912344427A173555C0ADD971A7623EACEC1A |
SHA-256: | 20A12CEB4CDD754337B5C8D377C157BF3249F63B3B3F3DB2E9F7FFBA9C2897B6 |
SHA-512: | 35FE8C6B68BBA103B627F880B313AD143D9D824D90C4D5C54F755C29507112A1B905F50C62E7A696776AD3F5D58E3F3012793CB0B7C3E1A27604DDEEC3BE303A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 2.200660004465043 |
Encrypted: | false |
SSDEEP: | 24:7+tjiMEWewKuqLazkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmfB:7MjrUuqemFTIF3XmHjBoGGR+jMz+LhJ |
MD5: | 1DF733A238B1DF428EBEC2BF62C6B895 |
SHA1: | 2C34E50237A5504B1E3F07269CF722235E680D12 |
SHA-256: | 2419262B19EE6B3D84BC93885760F92AD0FCD83A532935362F0FF98010A51416 |
SHA-512: | B51E164ADC4FCA0C47FAE7B41F1116A4CBF8ED2D02DBBE94A665976DA349F22FE8C0BB863BBA4A2FCFB372E5453CB9F18EBA004F8022092025F4EAE9E31A9A59 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 0.9951370817377893 |
Encrypted: | false |
SSDEEP: | 192:hxoGsTzoU2uCTaUxmaAxNoGsTzoU2uCTaUxoALZWLGjZ5Pj5vHAxNoGsT:hZgCeNgCaN |
MD5: | DCD066A1C8CA38D94ACA4E5DF6CA20BF |
SHA1: | 0C670E7CB31FE1CFD952082C3629AD8861BFD799 |
SHA-256: | E484D26709945669E18A3D0A7F95E3EA943D4170736EDD8FEDFE3F69A7B8D25E |
SHA-512: | C07D385DB9B836F106E1951FDCD911D7FFF44AAE6EE7406CA665B211236E8ABE3395789E10200644343779983E9AD7B5E484B3B1567CA6EAB890A88E4FF9500B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.28109187076190567 |
Encrypted: | false |
SSDEEP: | 3:7FEG2l/NAv/lFll:7+/l/N |
MD5: | B69EF77B9B9372FB97BC938CE229E088 |
SHA1: | 39BA998FCE5A6F655D4FD8281F492BB7ED998E28 |
SHA-256: | 901F96CC32581921A11C774C3CC8487088565BAACE4D35AF32BE9EC2FFECCF17 |
SHA-512: | B29C5DA9A994CDBBE8EA2EF7A2D57448F648CF9A45C7D209A634773E7F902F8BCA3D69851F7F5E94BCD96D9885E5A97E5F5F0D9EC9F44061B89B538EA4908D96 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | 3:kkFklZkN/XfllXlE/HT8kjXh/XNNX8RolJuRdxLlGB9lQRYwpDdt:kK4T8qxVNMa8RdWBwRd |
MD5: | D36FB66E41309508B1CD1AF698971B6F |
SHA1: | 583283F69D553F64112FC9F850D2A36832ED504F |
SHA-256: | 08D09C0FBB41E942A5D212B458E4404D93DBAACCAD4359F4B980EC4DBE397CB7 |
SHA-512: | 6C385457EAB876635526CEF65B3287A3FE2D048CAE04AC79F25686DA0E51A55771FC21093660EB98EB12F8578756378605570C28EF713A9E0094B57E60524CE2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.321942690018879 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJM3g98kUwPeUkwRe9:YvXKXaUYpW7qUBGMbLUkee9 |
MD5: | 0E6CE6336DEE5F9965C94200566FBBD5 |
SHA1: | DEC02951A747FEEC343DD0FCCB7DADEE5AE21395 |
SHA-256: | 2E14C580445A10F202A843D79FD8ED3B97BA6967B4C5C7C64119218DABF5FF4C |
SHA-512: | 0BBC4EDA7B90CC2B1D830871F742181FDB17951F4204DDA3F95DABD4FB0F7B9BF8CDA8FD7AA5A62EC1D00D58C0B043AE794A5FE4BE74C85B25AE617F8634F647 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.258506168785907 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJfBoTfXpnrPeUkwRe9:YvXKXaUYpW7qUBGWTfXcUkee9 |
MD5: | 2053A0EB88B01E564E096F5962644CC3 |
SHA1: | D99C5F95E0B4BFA5E5E81BED037AFF3416735DC6 |
SHA-256: | 7EEA2CA91533C580B6AD50F050308755CCA3384A9C2B07689BBBEEE1863CEE25 |
SHA-512: | 0E364A42B6377071335F2A9424E4A12F8DE2680136CBABAC84A9A4B0C0D0F04EAE698AFD107E3FC8C9508B5F36A3FE1509BAB37EED28AA69346FB0D1375A5904 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.237773962700577 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJfBD2G6UpnrPeUkwRe9:YvXKXaUYpW7qUBGR22cUkee9 |
MD5: | E5753CF97849019E6D22C2A67373E15C |
SHA1: | 92700E2794763FE05C84518E22E180C8C949ECBE |
SHA-256: | 17920BD587AE3F63A349EF445FA7AA7714DA6E1699205412918723D69A256F8D |
SHA-512: | 188D8A2420C7723613637D3B7FAA7C8D4A1EAC6061843C0894AA53719400CEF866699DD2B93DD711EC0E1C29F0D7F8149CBDCA953552B7A108B1093B1453F935 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.299382209907963 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJfPmwrPeUkwRe9:YvXKXaUYpW7qUBGH56Ukee9 |
MD5: | C760954E7184A66C456BB8F49CAD4B53 |
SHA1: | 5D7B328DE2B9E2A12AE90C8058F5896578F8EA57 |
SHA-256: | E035AADFD71B940B3F22B701DD2719DD13FBAC2120CD2C3E408D1DBFA71C8343 |
SHA-512: | FA4F26512819BCB33DA388FE37ED1A7AC8D5E3FC6CD4AAD045231528ABCE551D98E876C7E87CAB0973C31A4A4C40341D91043944856187F955F5E0D5AD3E9384 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1083 |
Entropy (8bit): | 5.675058082374647 |
Encrypted: | false |
SSDEEP: | 24:Yv6XuiepLgE6c3UDx7nnl0RCmK8czOCY4wgSFJ:Yvmehg1JaAh8cvYvFFJ |
MD5: | 747117D6F7F858133CA8BBA02EF8B2A8 |
SHA1: | 9A3658B1689DAA18CD7FBA63E6573D497328EA29 |
SHA-256: | BF231659BF523676A0C54ED4B1EA9C7FFCA3A41CBCF88C34A8624DA84EE840F8 |
SHA-512: | F6FEA161AAAF52BE57CEEEEAA1BF031817279E6605D168BC5B2D11A612D8F01131D5271314F73EEDF4E0B6B7E4D5241587619F052394B01488886788B4C27111 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.6462935150509335 |
Encrypted: | false |
SSDEEP: | 24:Yv6XuiIVLgEF0c7sbnl0RCmK8czOCYHflEpwiVoJ:YvmIFg6sGAh8cvYHWpwFJ |
MD5: | 675F2EF667BEA1D9F9E09F2C7D6B58CA |
SHA1: | 2A8FF36CFB2E2F8486019C404891D33666F65CF7 |
SHA-256: | 49C001C1929102616474A26D48A8B594F0D1D79D353B023A772E55BDDDCD5B55 |
SHA-512: | F6B8D617513C004EA903CDAE26E2BBD452177B7EA37D03F4A04DBE5913DE45B720FCA1F97026BC88BB568962D3AA7C64437AFC117D382F9B0EA8DE63B42CC5BB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.243498723191749 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJfQ1rPeUkwRe9:YvXKXaUYpW7qUBGY16Ukee9 |
MD5: | 327B3EF1E1C00B1972E991C3AA047FF5 |
SHA1: | 45632B5A1127775934BB0C10AC00D954DDDBA853 |
SHA-256: | 23DB8B2EEE321C7E4BCF0E56447801275ED4A1F24A4E71A5D821216E03085637 |
SHA-512: | 840EA7019A314E15127ED869D495A8D97E55A038B4D923752EC15970CC85FB58BB79F8518CC0C06CFEDD7EE6F46BE46B92C56D84C2B628FEA734B271FDA14662 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1062 |
Entropy (8bit): | 5.683663704727535 |
Encrypted: | false |
SSDEEP: | 24:Yv6XuiN2LgE4cq/S70nl0RCmK8czOCAPtciGSFJ:YvmNog9ohAh8cvA3FJ |
MD5: | F2CF077C37FFAD6BB5FDA67B7615EF4F |
SHA1: | EBC6F630AA93953921B4E0922D04C6189A777782 |
SHA-256: | 4C28CE7ADE74BF58025A5248C40B72B2FFBA7C896EF61080769CE1160BB58C3F |
SHA-512: | AED4F05A90850F8B5986B9DBA4A222D59688E4C51078B430BF756117BFB9E297B02F8EAD6B9EAD0B6D1EBE989152C50615C5E6ED52C89A8263FEF50B72BF1955 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.695383975912937 |
Encrypted: | false |
SSDEEP: | 24:Yv6XuilKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5oJ:YvmlEgqprtrS5OZjSlwTmAfSKWJ |
MD5: | F7D92C6ABF0DA807FA6205645125F5B2 |
SHA1: | 9C7EABA7D96AF87665B3FCD5171E279A7FEDE31F |
SHA-256: | CF2976C3EB524384FFF7BA5877343C9432A0991FFA308161554703B5ED533A37 |
SHA-512: | 663762D7B4310CE3B225D592E361D121DD039426B507E2298EFFFA874ECC7B5A03F57441BB24FC85F3417E76A73DC223E133FA1946E79DF18FAC2356BEA97B3F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.249107018274576 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJfYdPeUkwRe9:YvXKXaUYpW7qUBGg8Ukee9 |
MD5: | 63CAE4D7C81C25D31038C930264DD6C6 |
SHA1: | B7EB6087C32DAFDE547AE1BC36E510650C3FB023 |
SHA-256: | 5759D4B1AC91970018FDFF92682B7A4837D8842C008D53557BC3642590814AD3 |
SHA-512: | 25DDF5EFED76631285589A2B63C1B397E8A681E752CBF706A46ABFF3F2857EF403DCFFFAFA7F5D94D9E08661155FF525CD647A44534C2D5E59747348CB9FA85F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.771004789011649 |
Encrypted: | false |
SSDEEP: | 24:Yv6XuiYrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNw2:YvmYHgDv3W2aYQfgB5OUupHrQ9FJW2 |
MD5: | 50BFDE366144BC85B7BE3D0B0A528719 |
SHA1: | 4A9C765ACB2C38DF37620607F6C08C7F8D12A5F3 |
SHA-256: | 76F52F8B24BA2BB7332103BCBC6D35118E838D8C7265D78E29D06095F21D6575 |
SHA-512: | 98115F41D034A88E6A1FB920462035E247DA81285149815D194426EF478D30FA0F3BD65D32ECA11BF2E6587799D8EC083E07D999DA37101ED8C9A40B4258F138 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.233003895891569 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJfbPtdPeUkwRe9:YvXKXaUYpW7qUBGDV8Ukee9 |
MD5: | B2C8D531B1161F6744AFD5EF4F799BFB |
SHA1: | 0C6D3A911F2E67593217270F2A1C659E70657B10 |
SHA-256: | A90FC382AFC12647FE92DBAC8DA2DB4077D2074ECD36758FA9F32C7957F95236 |
SHA-512: | A14212F51621A82EB0014DA14A565DC648920C42D64F4614CE2C137669C2E9F026FB75577B73894B8F3894BFC1369A78AA1931DFBDA8A919B72E4F4817E5D5E3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.234268545893814 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJf21rPeUkwRe9:YvXKXaUYpW7qUBG+16Ukee9 |
MD5: | C6A7C904E6F37589E557FE4BC89D9EFB |
SHA1: | 6050D7FBEF18D597C506E89F64DDDC90C1B431F5 |
SHA-256: | F6F54AFE50A4356FBEF40A1018F8FE8A40697080706EBAE57F51408B04D620C9 |
SHA-512: | 4ADFF7A8D673BB1B8C84FF1FB87D5FA77BAF566A0E2B014033249C8A325CFBC2A90D979A7A2A60CD078550FBB14327DD6740C96554221521825AB86AF177A4BA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1082 |
Entropy (8bit): | 5.679138297370147 |
Encrypted: | false |
SSDEEP: | 24:Yv6XuiCamXayLgE7c9O47Naqnl0RCmK8czOC+w2E+tg8GSFJ:YvmcBgZNOAh8cv+NKMFJ |
MD5: | 8F8D5C983F195C4FFEE6609E35F88832 |
SHA1: | 837613690D774FDE38C43074550EC153605773C4 |
SHA-256: | BD36C88CF191474DB8F00C6F27B4ADADCC87E460594539DE9DFB9F0F512ADE7D |
SHA-512: | 29E122638021EA4C59DED65FEF727F2792C0947C63ECEE72AD1AE35FF5C7BED1D8C096C4548533BD6B8379E9D549EF0650A09EF755BA400DA3B27F7F22F30E65 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.207844432438167 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJfshHHrPeUkwRe9:YvXKXaUYpW7qUBGUUUkee9 |
MD5: | A04E056F5483BD57A9A14AD269353FA6 |
SHA1: | 6100909D7D0647C01CF2358935CE2EC6AFF9B62A |
SHA-256: | F522493B6DA77EE6BF29E0B2F55A1E5F1844378FBBC1C5F8B3CC80B9AD503E2B |
SHA-512: | 9FD204AE25C203D0CA2FD73A300A16AF10FEF0D5C6A9515F654C0F639473CE54DB674CB13719BDAACEECAF88F3279371717802599BE0D63A491633B7CA229A7C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.356265466240517 |
Encrypted: | false |
SSDEEP: | 12:YvXKXaUYpW7qUBGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWEJ:Yv6XuiV168CgEXX5kcIfANhFJ |
MD5: | ED4BA1E0531788796C6CA570FBB7756B |
SHA1: | 5EC46100F9EAD168915B33FE5D74B8160DB636F2 |
SHA-256: | 573D4A429B8B4CBD86CCC60F77CCA817E72079E118F619CB988DE42DBFDD1FE8 |
SHA-512: | C9FF25ACF62BE9600D2E2B3501DEB10E94AB076E972B5674A5E9CC0447D6A5F2F51DFEF0881BE7ABF5295DE58DBDE2D56973FC5F75A4238E45E7943248558EF8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.132125859421983 |
Encrypted: | false |
SSDEEP: | 48:Y3hCLhjRcpjBjoY+UHOFyHZ3NG0rklVJ1+jqA6Lun9YLvfE:ACLZ2pjBr+UHOFyHZ3NG0rMIjqAcMYLk |
MD5: | D58D39118D386F1CC0CCEE75BC4C1095 |
SHA1: | 82B884DE9D5A7646CBCE4DC6A44DBC822DD6FD53 |
SHA-256: | 1CD1BF9ABD042B7A840975A4A2776D9BC824B23BC2DC901B9C98F90AC70160DA |
SHA-512: | 778D695E98035127AF66C7ECE3971DF72F83F41763807E84DBA473FE523D180F94DA322784E0F83A01D17B7EDC96E4A96A2F92BC976937ABE26FE6345BEDF006 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.122587178519227 |
Encrypted: | false |
SSDEEP: | 48:Tll2GL7msCQAFAyTAOnZU3ZE1m3Adc3ul/3g:fVmsMCfrPwyeNw |
MD5: | F1CFD7B0D614D7D28947BF0D14CCDB32 |
SHA1: | 162736B8F739E414756BC08C99F611DDAB1BFC6A |
SHA-256: | 5FEC2781961DA7CE6E5EBD5E70E88B3F225F9925FD495755A493C70815840C5E |
SHA-512: | 8360A502736CD709EBEA945792F59CC2FC38FE64013A79D13B6C2079DBC90C9C59DD66575700B8090F0BCF51A03D22FC8AE37150D84C7521940E6FC4E606EF1F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.4480436581441047 |
Encrypted: | false |
SSDEEP: | 48:7MiAyTAOnZU3ZE1m3Adc3ul/3Gq1l2GL7ms6:7IfrPwyeNW6Vms6 |
MD5: | FC16D769099DA18E2591DB667E915F1D |
SHA1: | 6D1D1A3DC199F414FEA1B2283B83B8E3237D16EE |
SHA-256: | 851971C9AF3ED67E4FD148D8B27B103E657D3B8AE303F660D701CF60680C9218 |
SHA-512: | A1B5A2E122C579FC7D491C9A5F414AC6C5190ACC3E8F9B6B70675564C6E8F5C72155F97E3FAAC351E45AA892F37A7E2DEBE5DCFD482503DE3F3150D8C82C8FEB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.4965336456103326 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8yQRqFQlYH:Qw946cPbiOxDlbYnuRKTiYH |
MD5: | FB9C9E2D69173E6436159FF857280DCD |
SHA1: | 18D3A96AFF484D1848D4DA07E9A195F1B423CA01 |
SHA-256: | 880EE49ED5DCAF948EB28AD9483E9C3CCD7D9DC10F79F6B18142E9E978FC4F94 |
SHA-512: | E8233419B6EBF33BEB822C1553B1E2ED1A054183F150F46C938C13B163D4B8CE6BED19AA248A7DD491A76E046B4A88550A7D33D2777B526B8ED3F45BA4DE9DE2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.0645273377563065 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROO/CCSyAAO:IngVMre9T0HQIDmy9g06JXqlX |
MD5: | F58D5C277415F8A86E9D1D42A518B80A |
SHA1: | 9F045FDB4B8F84352F7B1E416558E6CEB065F3CF |
SHA-256: | 43B4603FCDA62203D88932A78D6C8C39327D1C6741EBC87374F93875D3016F72 |
SHA-512: | 1638506AAF09AF6C48B9501CACB14111353D82DBE5F398CBFF701AB404ACD623CA6744A82F13E03A9D9736C9FF464FA659931C0DAE2D1B1E0E59BC22930633B8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 18-21-51-088.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.318136156577099 |
Encrypted: | false |
SSDEEP: | 384:KLikOkxkmkqkNkilRpRURsRnRxR6v3oZoPoJVSVKW/WWWybW50WaWwQdXNXjXvKF:XPa |
MD5: | 45BFEEA466147FF581ED2E3C381A8A40 |
SHA1: | DE150B0D1EC6151680687C8BD9CC06BBA93173E0 |
SHA-256: | 52BE775B6B39BAE59F97A52B9D0142068BDEAAA1F7CAD42F61DE7A2C6B2A457D |
SHA-512: | 3010CE14CB39F84DF7AB15EECE7E838A9D17D2D7C7EE73F4EA975D3F51E40E71A7A6EDC5AA6BD6893CFD08C7953F48006C061D4AF892F8B6DC0C5782E48B2635 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.399101907464125 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGb7:n |
MD5: | 82CFAC9E0D65168688FE8ED777BFBD6A |
SHA1: | 4DAA3FD6F0D9541BC28F2842F032F71EDD15C0F7 |
SHA-256: | 9CCB5F34B2E3135D85333B4DAF7D464B89D47F493E36FEB454EF50C60992D02D |
SHA-512: | 836218BCD6742A5B56567731085A295DD5FC0838A309B75D94C5B7D59A70DC9B4E15458F8A7EB8A009CB1C29F9A8AA89930102504500BFDFE9A2836F41A8B9CA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:6D0WL07oXGZuwYIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:c0WLxXGZuwZGh3mlind9i4ufFXpAXkru |
MD5: | 8BB0FA47E49F27DE069D5487A9A84EF3 |
SHA1: | CE5CEA72D4D36F77C3057920EA61D280E66C6067 |
SHA-256: | 59D05E069918050C54C570005FAD7FB3918D9882759A54BDA30EA71A199893D1 |
SHA-512: | 6C015030D629B0E262B47194D38D48B327FE18F7836210CAE6A71800720D7563FEA529F71596A11CD3A833490F0097D69EB96C80E64AEAB410759B45C5EEF24E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/VRbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oXGZnYIGNPJF:tRb3mlind9i4ufFXpAXkrfUs0qWLxXGY |
MD5: | 9543A6C1DE815E938F6AA0F90F2EF0C6 |
SHA1: | 62B527E0463D71548862DE000950E638F3721582 |
SHA-256: | 8A4B4F588D79D2AF9E617936932D8264DF9017D80A68F8D39E5EA36B14D76F1D |
SHA-512: | 50A26B895BA1F40B2ADE59996A1A89EBAFE67CB9F7B4F3A029382B6966E75F8BAD3551D25F29391C58A7EDC206F7DAF1D07F68F5E458E3A5D02556EACA377B0D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.66829583405449 |
Encrypted: | false |
SSDEEP: | 3:So6FwHn:So6FwHn |
MD5: | DD4A3BD8B9FF61628346391EA9987E1D |
SHA1: | 474076C122CACAAF112469FC62976BB69187AA2B |
SHA-256: | 7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486 |
SHA-512: | FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98682 |
Entropy (8bit): | 6.445287254681573 |
Encrypted: | false |
SSDEEP: | 1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L |
MD5: | 7113425405A05E110DC458BBF93F608A |
SHA1: | 88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF |
SHA-256: | 7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46 |
SHA-512: | 6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 737 |
Entropy (8bit): | 7.501268097735403 |
Encrypted: | false |
SSDEEP: | 12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa |
MD5: | 5274D23C3AB7C3D5A4F3F86D4249A545 |
SHA1: | 8A3778F5083169B281B610F2036E79AEA3020192 |
SHA-256: | 8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97 |
SHA-512: | FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14456 |
Entropy (8bit): | 4.2098179599164975 |
Encrypted: | false |
SSDEEP: | 192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ |
MD5: | 32FCA302C8B872738373D7CCB1E75FD4 |
SHA1: | DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1 |
SHA-256: | CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6 |
SHA-512: | 57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.751398901511949 |
TrID: |
|
File name: | New Vendor Setup Form (1).pdf |
File size: | 1'174'035 bytes |
MD5: | a5e16d4ae1897b79c40b974a9a87cbb7 |
SHA1: | 459c04f1ef78bc954f79ae72005c6535367ce7a6 |
SHA256: | bde712d7f3521fb86d53826f9de2b96d744cd6692f3334fb80861dd4cc299c7c |
SHA512: | d2cccdae23fbbb5e7404bb2a8038f08abc68b000297f0038b4fbec562e549963ee447825e45475b56dd06b4df621fc9fa248c8376ef5bee7a187c7934258dc30 |
SSDEEP: | 24576:6ikxQKzB2kq1/EBsWRY6RGOFNSbdRjBRz:6ikxQKVjq1/EBlY6XFMbd9BRz |
TLSH: | D545CF3CEAE9EA8DF4B2C374A6745AD057CDE33777246551386C0B460292D80F6CB39A |
File Content Preview: | %PDF-1.6.%......184 0 obj.<</Filter/FlateDecode/First 345/Length 6572/N 37/Type/ObjStm>>stream..h..[.o.I..W.1."..~...N.L|.y\.LfV...j;...W.g........VK..L.n...t....b.H...J..@*3..Ri.Vk*..ZI.....a.D.2.......9O..x.R.b.{j.#u..@Z.Ujz....@......%D.n.+%4..H.,!#.._ |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.751399 |
Total Bytes: | 1174035 |
Stream Entropy: | 7.853497 |
Stream Bytes: | 1012050 |
Entropy outside Streams: | 5.027659 |
Bytes outside Streams: | 161985 |
Number of EOF found: | 34 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 651 |
endobj | 651 |
stream | 303 |
endstream | 303 |
xref | 0 |
trailer | 0 |
startxref | 34 |
/Page | 34 |
/Encrypt | 0 |
/ObjStm | 11 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
5 | 0000000000000000 | 1f0a22aa294e2ed6c93668e7c43ab78a | |
6 | 0000000000000000 | 1f0a22aa294e2ed6c93668e7c43ab78a | |
23 | 080c4d0c1d551f16 | 822931cf5760766cfe6d997939e8d2e6 | |
117 | 080c4d0c1d551f16 | 3efa89bcf6eb73ab6e89ff77ee163500 | |
118 | 0000000000000000 | 966d56fdf2e97fbe4244afca77c7842c |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 00:22:02.015521049 CEST | 49780 | 443 | 192.168.2.5 | 23.217.172.185 |
Oct 8, 2024 00:22:02.015553951 CEST | 443 | 49780 | 23.217.172.185 | 192.168.2.5 |
Oct 8, 2024 00:22:02.015738964 CEST | 49780 | 443 | 192.168.2.5 | 23.217.172.185 |
Oct 8, 2024 00:22:02.015881062 CEST | 49780 | 443 | 192.168.2.5 | 23.217.172.185 |
Oct 8, 2024 00:22:02.015891075 CEST | 443 | 49780 | 23.217.172.185 | 192.168.2.5 |
Oct 8, 2024 00:22:02.560108900 CEST | 443 | 49780 | 23.217.172.185 | 192.168.2.5 |
Oct 8, 2024 00:22:02.560450077 CEST | 49780 | 443 | 192.168.2.5 | 23.217.172.185 |
Oct 8, 2024 00:22:02.560462952 CEST | 443 | 49780 | 23.217.172.185 | 192.168.2.5 |
Oct 8, 2024 00:22:02.561661959 CEST | 443 | 49780 | 23.217.172.185 | 192.168.2.5 |
Oct 8, 2024 00:22:02.561738014 CEST | 49780 | 443 | 192.168.2.5 | 23.217.172.185 |
Oct 8, 2024 00:22:02.568284035 CEST | 49780 | 443 | 192.168.2.5 | 23.217.172.185 |
Oct 8, 2024 00:22:02.568439007 CEST | 443 | 49780 | 23.217.172.185 | 192.168.2.5 |
Oct 8, 2024 00:22:02.568536043 CEST | 49780 | 443 | 192.168.2.5 | 23.217.172.185 |
Oct 8, 2024 00:22:02.568547964 CEST | 443 | 49780 | 23.217.172.185 | 192.168.2.5 |
Oct 8, 2024 00:22:02.612771988 CEST | 49780 | 443 | 192.168.2.5 | 23.217.172.185 |
Oct 8, 2024 00:22:02.674928904 CEST | 443 | 49780 | 23.217.172.185 | 192.168.2.5 |
Oct 8, 2024 00:22:02.675750017 CEST | 443 | 49780 | 23.217.172.185 | 192.168.2.5 |
Oct 8, 2024 00:22:02.675816059 CEST | 49780 | 443 | 192.168.2.5 | 23.217.172.185 |
Oct 8, 2024 00:22:02.676309109 CEST | 49780 | 443 | 192.168.2.5 | 23.217.172.185 |
Oct 8, 2024 00:22:02.676326036 CEST | 443 | 49780 | 23.217.172.185 | 192.168.2.5 |
Oct 8, 2024 00:22:02.676336050 CEST | 49780 | 443 | 192.168.2.5 | 23.217.172.185 |
Oct 8, 2024 00:22:02.676374912 CEST | 49780 | 443 | 192.168.2.5 | 23.217.172.185 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 00:22:01.575412035 CEST | 54758 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 8, 2024 00:22:15.207312107 CEST | 55079 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 8, 2024 00:22:16.591937065 CEST | 53 | 55165 | 1.1.1.1 | 192.168.2.5 |
Oct 8, 2024 00:22:20.653425932 CEST | 53 | 49967 | 162.159.36.2 | 192.168.2.5 |
Oct 8, 2024 00:22:21.097131014 CEST | 53 | 54149 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 8, 2024 00:22:01.575412035 CEST | 192.168.2.5 | 1.1.1.1 | 0x7c4c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 00:22:15.207312107 CEST | 192.168.2.5 | 1.1.1.1 | 0x9f2a | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 8, 2024 00:22:01.584049940 CEST | 1.1.1.1 | 192.168.2.5 | 0x7c4c | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 8, 2024 00:22:15.215476990 CEST | 1.1.1.1 | 192.168.2.5 | 0x9f2a | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49780 | 23.217.172.185 | 443 | 4508 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 22:22:02 UTC | 475 | OUT | |
2024-10-07 22:22:02 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 18:21:35 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 18:21:35 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6964a0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 3 |
Start time: | 18:21:36 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6964a0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 4 |
Start time: | 18:21:37 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6964a0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 5 |
Start time: | 18:21:38 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6964a0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 6 |
Start time: | 18:21:39 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6964a0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 7 |
Start time: | 18:21:40 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6964a0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 8 |
Start time: | 18:21:42 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6964a0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 9 |
Start time: | 18:21:42 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6964a0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 10 |
Start time: | 18:21:44 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6964a0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 11 |
Start time: | 18:21:44 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6964a0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 12 |
Start time: | 18:21:46 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6964a0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 13 |
Start time: | 18:21:46 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6964a0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 15 |
Start time: | 18:21:48 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 16 |
Start time: | 18:21:48 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf30000 |
File size: | 218'280 bytes |
MD5 hash: | 92366A2F482926C3D0DD02D6F952F742 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 18 |
Start time: | 18:21:50 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |