Windows
Analysis Report
20241009_081551.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7340 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\2 0241009_08 1551.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7524 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7716 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 80 --field -trial-han dle=1732,i ,174941669 7545411493 8,21481004 3295913779 3,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.200.196.138 | unknown | United States | 2860 | NOS_COMUNICACOESPT | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1530834 |
Start date and time: | 2024-10-10 15:39:36 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 11s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 20241009_081551.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/47@3/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.57.19.119, 2.19.11.122, 2.19.11.121, 23.22.254.206, 52.5.13.197, 54.227.187.23, 52.202.204.11, 162.159.61.3, 172.64.41.3, 199.232.210.172, 23.3.109.48, 2.19.126.149, 2.19.126.143, 104.76.201.34
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: 20241009_081551.pdf
Time | Type | Description |
---|---|---|
09:40:43 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.200.196.138 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | CarnavalHeist | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
NOS_COMUNICACOESPT | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.151603728716165 |
Encrypted: | false |
SSDEEP: | 6:LDgOq2Pwkn2nKuAl9OmbnIFUt8OPsZmw+ORkwOwkn2nKuAl9OmbjLJ:LDgOvYfHAahFUt8OPs/+OR5JfHAaSJ |
MD5: | 02F67E51E958ED7D1B1A2A4841066D84 |
SHA1: | 797C0A6E4696156081A6B78898E75346178EDBC2 |
SHA-256: | 1F86EAF1D5E9BC3010AB31883BEA77E642E7DDCFFA782AAFBB7731D9A6FE996E |
SHA-512: | 03025F840DBAD5419733421D65BC90836BE2DDCC4C711764FCDD87F56196C9C94C5503998585001E6B5A778C7F346651FAFC765150ECAE27C917E25087FC2471 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.151603728716165 |
Encrypted: | false |
SSDEEP: | 6:LDgOq2Pwkn2nKuAl9OmbnIFUt8OPsZmw+ORkwOwkn2nKuAl9OmbjLJ:LDgOvYfHAahFUt8OPs/+OR5JfHAaSJ |
MD5: | 02F67E51E958ED7D1B1A2A4841066D84 |
SHA1: | 797C0A6E4696156081A6B78898E75346178EDBC2 |
SHA-256: | 1F86EAF1D5E9BC3010AB31883BEA77E642E7DDCFFA782AAFBB7731D9A6FE996E |
SHA-512: | 03025F840DBAD5419733421D65BC90836BE2DDCC4C711764FCDD87F56196C9C94C5503998585001E6B5A778C7F346651FAFC765150ECAE27C917E25087FC2471 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.168652884736982 |
Encrypted: | false |
SSDEEP: | 6:Lzi34q2Pwkn2nKuAl9Ombzo2jMGIFUt8OY3JZmw+OjLDkwOwkn2nKuAl9Ombzo23:Lzi34vYfHAa8uFUt8OY3J/+OjLD5JfHA |
MD5: | 25B3130F46FBF3F2A0195D1D29B28EA8 |
SHA1: | A95574F44B57B7792B41BD90C8EA9E0B8AF2CDDE |
SHA-256: | 92D539737D45015CC72A7EBAADECEF7713B52012E69B6F91DC0FAD54780321BF |
SHA-512: | FBFC178CF5C7AE33A9F86C62713FE8C2C79B3EE38E541BD54ADBF1AA9B9EC62D0A7580AF3D56BCD815BF95AD5D115FF3A2B2656ACE6FCB244E5C5A7239D5FFF4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.168652884736982 |
Encrypted: | false |
SSDEEP: | 6:Lzi34q2Pwkn2nKuAl9Ombzo2jMGIFUt8OY3JZmw+OjLDkwOwkn2nKuAl9Ombzo23:Lzi34vYfHAa8uFUt8OY3J/+OjLD5JfHA |
MD5: | 25B3130F46FBF3F2A0195D1D29B28EA8 |
SHA1: | A95574F44B57B7792B41BD90C8EA9E0B8AF2CDDE |
SHA-256: | 92D539737D45015CC72A7EBAADECEF7713B52012E69B6F91DC0FAD54780321BF |
SHA-512: | FBFC178CF5C7AE33A9F86C62713FE8C2C79B3EE38E541BD54ADBF1AA9B9EC62D0A7580AF3D56BCD815BF95AD5D115FF3A2B2656ACE6FCB244E5C5A7239D5FFF4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\10088c24-08a1-4786-9be6-855685d9b420.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.961305759039287 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyG0sBdOg2Hucaq3QYiubInP7E4T3y:Y2sRds+dMHR3QYhbG7nby |
MD5: | 12482945A07C22BEBDC686DFCB9578FB |
SHA1: | DA688E36E31FAA631387E962A5678A2E18FF498B |
SHA-256: | F41FF62D4F6DCC62BAA6741E4D44BF2FAF5127A9E72F9CC5833A9ABA845DF7C7 |
SHA-512: | DA134AF16FA83E35D3B64AC8BBA50975212F36FA40F1D0B756FAD544BB8DAFE7313DC6C6C89BD6FE06F69DE32DDE295DAD8AF049B09A3AC9463CB5EE61938121 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.961305759039287 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyG0sBdOg2Hucaq3QYiubInP7E4T3y:Y2sRds+dMHR3QYhbG7nby |
MD5: | 12482945A07C22BEBDC686DFCB9578FB |
SHA1: | DA688E36E31FAA631387E962A5678A2E18FF498B |
SHA-256: | F41FF62D4F6DCC62BAA6741E4D44BF2FAF5127A9E72F9CC5833A9ABA845DF7C7 |
SHA-512: | DA134AF16FA83E35D3B64AC8BBA50975212F36FA40F1D0B756FAD544BB8DAFE7313DC6C6C89BD6FE06F69DE32DDE295DAD8AF049B09A3AC9463CB5EE61938121 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.253803920754226 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo73VQ00QZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goD |
MD5: | C8392BE7F796283E38141EF91830FCB6 |
SHA1: | FBBAA3C699048EB8A28080162DE31C939703035E |
SHA-256: | 5AE33D9CA6DB799FAF38F7B6E9970C9398FE992663C653C03592D5D1B602BAAC |
SHA-512: | 3581610818BBDD008ECBA6D6BD6098138D01A0EB228532AE63E0208E0A5A86DA42B0153D9130F25E5884FF882E104BFB67D45361F84117D519BA394B9E5032CE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.139574081225497 |
Encrypted: | false |
SSDEEP: | 6:PcH34q2Pwkn2nKuAl9OmbzNMxIFUt8K9UJZmw+KCF3DkwOwkn2nKuAl9OmbzNMFd:PcH34vYfHAa8jFUt8K2J/+KCND5JfHAo |
MD5: | 6114E3AF8689E76A66B2127DE0A94C26 |
SHA1: | 42F798E8513F7DA0D24C24406DBFA11043B4CE47 |
SHA-256: | FBF0526D6F0A163A8BA7232A03D4C21EDFC811FD451C345E497D08D1813E73D7 |
SHA-512: | 491BC682C182691325E5DEF2400A231375A0A091212BD83282AAEE005F4AC2637682BDBD168FD81A6CBD436D058A46D517F603DAEA1E295253C680100BAF8472 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.139574081225497 |
Encrypted: | false |
SSDEEP: | 6:PcH34q2Pwkn2nKuAl9OmbzNMxIFUt8K9UJZmw+KCF3DkwOwkn2nKuAl9OmbzNMFd:PcH34vYfHAa8jFUt8K2J/+KCND5JfHAo |
MD5: | 6114E3AF8689E76A66B2127DE0A94C26 |
SHA1: | 42F798E8513F7DA0D24C24406DBFA11043B4CE47 |
SHA-256: | FBF0526D6F0A163A8BA7232A03D4C21EDFC811FD451C345E497D08D1813E73D7 |
SHA-512: | 491BC682C182691325E5DEF2400A231375A0A091212BD83282AAEE005F4AC2637682BDBD168FD81A6CBD436D058A46D517F603DAEA1E295253C680100BAF8472 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241010134035Z-160.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 5.611422133489269 |
Encrypted: | false |
SSDEEP: | 1536:kwxT2bJoT9oh92JgHfTNvmK1+33yGgnHlA9kSdXI:kwxifhQmHr9mK1ExvkgXI |
MD5: | 82EC8CCEE6171802269A85B62824279C |
SHA1: | 95092DC7410574ED8B18363ED5B1D483352EA72D |
SHA-256: | C00C33D9C2353E371D6B9194D7FFF208F54BFD642B31684FF0809A3CA3BF41A6 |
SHA-512: | 29F4CBE5978C46C2E07A37A4C2711E964859714235A8DB28AD85170433BABE3142C3D465B36D80DF3CFFAC287EF466789E13B439162A2C61654102A1FE99431C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444810385513243 |
Encrypted: | false |
SSDEEP: | 384:yezci5tWiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rZs3OazzU89UTTgUL |
MD5: | 712F88A0CF5ED0FBE9149FABE90D6AB5 |
SHA1: | CA5CD1E1C1B0CDF85205CA17F3976821B6E9EC92 |
SHA-256: | 8BDA8FF19C5B3A0701255C323DE895A645E34C87BBD0A50F1AF11775918BBD86 |
SHA-512: | A4116C5894130E7C283ED6205F8A2F7F226448C6D366C246B5EC9EEC08D3417CBF8879BC48542209D62C4523AE736D4C3BCA801504FF1388CECE684F2F2755C2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7746356671092762 |
Encrypted: | false |
SSDEEP: | 48:7MRp/E2ioyVFioy9oWoy1Cwoy1BKOioy1noy1AYoy1Wioy1hioybioyZoy1noy1g:7qpjuFFAXKQcDb9IVXEBodRBko |
MD5: | 20598710A42B5A8621E572626D588FE6 |
SHA1: | 0562C6C25CAB90950BB9052285F4EE2A907FCE93 |
SHA-256: | 9C7ACEE09EDA534D30073414B9F5616E3B615565E34E0CB48EF5CBF9F99BB218 |
SHA-512: | 79BD277F06E8112B8E853A7E06C48F61DBD94E9446BB9A501188BF30C3C395F59C769B7B178D1D039DC2430765F3E899DE0AA1BB89BEBA41197B35330797A043 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.708749945580075 |
Encrypted: | false |
SSDEEP: | 3:kkFklTkYl+LlltfllXlE/HT8k9/XNNX8RolJuRdxLlGB9lQRYwpDdt:kK/Ca/eT8kdNMa8RdWBwRd |
MD5: | DF7920B84C79B38B2AE5E864CB93F623 |
SHA1: | F42B8CB509309B75C6D4A99A228A2956FC423605 |
SHA-256: | B53701CFF06DA99943980A3C40DF97A2CFFC156DBC65B69980F586FE7BEB4354 |
SHA-512: | 580180CBF9B4BE61914C6504A208C504CDA74E8EF60A815BACE38EE38E6FDBE1295A0D69C26F3E7AB439976F87AADE10BC4DC5ECC3F033DBA93FD09557E2601F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.2455963809668176 |
Encrypted: | false |
SSDEEP: | 6:kK0/L9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:8iDImsLNkPlE99SNxAhUe/3 |
MD5: | 5914AA1FB723B347E3027A56343E1E8C |
SHA1: | B85DC97F4B288E94505EA549A438B648D05ABC4F |
SHA-256: | 0B600C6D0A9810E370725004D76638E2C2762A4B684D4911610E369FEFA9B0B2 |
SHA-512: | B5C112BA8FF13AA6489B710C4F76217356DDB1A6FBAFF722A13885EB09F075AE6CD28C632DC8C621907F1C2DDCFD7F913B1D29D11FEBBD10EE864FEBB69A4754 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.372067340901747 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJM3g98kUwPeUkwRe9:YvXKXIVOlZc0vDwGMbLUkee9 |
MD5: | 2898D1FB4673F8689951496A2E142084 |
SHA1: | F070D0FF4AD1C1F699881F86637ED1D03BA5787E |
SHA-256: | 7DF11A5BEFABFA09980BFFFA1484509771B5572F72B3525DA6B05CD66D924BB5 |
SHA-512: | FF64124756B5EBB2ED842E46D63A1E7DCFBB148BE5F5EF7D12F97491544C56756E46E36F0C837279F872A726D39AA730D13F15EBE12D3CB6BDB454DA926556B0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.321017341302942 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJfBoTfXpnrPeUkwRe9:YvXKXIVOlZc0vDwGWTfXcUkee9 |
MD5: | 440D92D6FFD3109DE0C5B0FC68621475 |
SHA1: | 084199725815E467A6CDFBE8DCACC8496CB12647 |
SHA-256: | A68B5D430D143E5A73FB8FABA90B0EA2B7F150782E9CD9AF81E162D733C871C2 |
SHA-512: | EF166090656227557544C8905A8258C3587F5C9F9524614D2AE2D4D717C4DF3C98D262E84A4065BB19A092204E066191BA106C3B94891235D0207CCEEF7CB87A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2997235555298206 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJfBD2G6UpnrPeUkwRe9:YvXKXIVOlZc0vDwGR22cUkee9 |
MD5: | E7BA65F38BF86042CA4AB75C12D935F0 |
SHA1: | B5BD92C651F20A95CE2FB3DE2B733A3BF09108AC |
SHA-256: | 665B76F2222F19644B733EDA3E886914EAFBF7454B00BD701B7275BC30CF5CE5 |
SHA-512: | 875C57BC12C007D8C1A38181BEDE74858982CA2C62CEF8D14C63DE208ADD7A415A68D22CB48BEBB2658C40312D33E5415B7926823590E91C3A791F6EB0D7FC2A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.359383249012154 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJfPmwrPeUkwRe9:YvXKXIVOlZc0vDwGH56Ukee9 |
MD5: | F45AE30D29CCA796BD127FF8F8FD6335 |
SHA1: | DA93CC33D385F751B18330A9046EEDEA95BDDB21 |
SHA-256: | 95CDB334B1343D77A9A7D81B87B1D4E957BCF5179E37025FE0B4FE2A2D63599A |
SHA-512: | BCDAEEB7E08731B314CD61A7A54A15184C352EA0F309079EB22632848CDA652738D8BCD605387F010ABF7E1BF0F29AB4CF34F32EA0F63C01FD4A072E832FD30B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1091 |
Entropy (8bit): | 5.691957829016333 |
Encrypted: | false |
SSDEEP: | 24:Yv6XIclzvDtpLgE7cgD6SOGtnnl0RCmK8czOCYvS8:YvWJZhgs6SraAh8cvYK8 |
MD5: | 5D9B4FD7BA4480C7E1BEA5F5E500BC70 |
SHA1: | C422B884AF12F1C0FA2E30FCFE9170D9DDE53F4E |
SHA-256: | 95B98E0687AC1362C627FF26057D426D3C1C0B7A53E85624BEA261544DCDFF5F |
SHA-512: | 39DFBEBBCB16D4BA7B2AE95E775D10083852275642853C2CE8C1326F5B543FFC022FABD1E6A31C59F9520244C9887BFBFD3FFBF0C3124BE0B9371FA0FE9C9BB6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.658249274625793 |
Encrypted: | false |
SSDEEP: | 24:Yv6XIclzvDxVLgEF0c7sbnl0RCmK8czOCYHflEpwiVJ:YvWJVFg6sGAh8cvYHWpw8 |
MD5: | 94143AB66B725943D8E70534C3E5634F |
SHA1: | C1F8DE3FB4DD9C2A300BDDBDA2B8191136ACA747 |
SHA-256: | 26E9711535A40478E3CD9CBC6DCBC01E45C594326F216341C8A067336A6D8C36 |
SHA-512: | BC89DFE279254FB1919EE166E0E11C14C6A65DA07C943FD277D73A09757514AFD71C9B440FC1FF2C14CAA5DD9CE3EEF92D380A9FF0101E75FA2E7E6889CA7F4B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.309637822665223 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJfQ1rPeUkwRe9:YvXKXIVOlZc0vDwGY16Ukee9 |
MD5: | 36546C4390BCB71BC8DB3E560BE7ACA8 |
SHA1: | BD627B080CB3CAFDC67B277E9106403FB32E6A5F |
SHA-256: | EBE407463A53A28BE44165A802FCFBD83A40FB8E5B404ECC92958EB99B1CE168 |
SHA-512: | 73A39F991FABDD334CE1900F1EF1B13B4C16763F2500370F562FEE300414C05D3DD441727D814D631174C67BF3132DEC39A73FED6903AAD4864C8F273F1594FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1098 |
Entropy (8bit): | 5.692283172016093 |
Encrypted: | false |
SSDEEP: | 24:Yv6XIclzvDg2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfS8:YvWJ0ogq2SrhAh8cvUgEm8 |
MD5: | 3173202F5E2A80B53B5076DE9A450438 |
SHA1: | 8E77823C1DC7F3FA2BFADE00CE915436EDFBA8AF |
SHA-256: | 908C6DE1C08F0A4B5959BFBAB9BE1B50CB037A55505AF1B324577E63D1197857 |
SHA-512: | A4BA491F5D6195D488C58D4AB8F252F29DE19AE8B525C614D7BF4270EE978027EBEDAF084784ACB73EDC8832215E20A994F8683FA206F6AB84BFE2FD7263068E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.703967036216226 |
Encrypted: | false |
SSDEEP: | 24:Yv6XIclzvDoKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5J:YvWJEEgqprtrS5OZjSlwTmAfSKD |
MD5: | 8CC5D6DB0A45CB81F46ECAEC69EE7399 |
SHA1: | C614DAB9DE0F7DDFC7E298CF3AB1A2CF9197DC80 |
SHA-256: | F52D31970B623E83BA252B4E5FD780C65F37E3BABAED4AFB0E38B7C5206DA326 |
SHA-512: | DD198EF2BC5EE64E229C7D3F699DA93AFC7B68ACB239B89B386F4C3DFBA999EBFEBE1D9440D0CE4E8D5A9AE5FE903034C1949E22783A8B90CB6A0A4E883D16E0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.311587385703268 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJfYdPeUkwRe9:YvXKXIVOlZc0vDwGg8Ukee9 |
MD5: | 588120E823F2FD590394BC80F5F04A65 |
SHA1: | AA824003CE060D16C43B81B353552655ABE67B35 |
SHA-256: | 1AE5B1816A54F3B8DCCBB941BB11A18F27AE53E758B684E97B27F058A9F4F26E |
SHA-512: | 28F41C3F5552EE4EDC3D91C3090991658546F413A8DE118FBD4E4A03CC638CFC247B9528D9DA6305AB69D6B516A060FBB572F351DC8BA14442D541E466785868 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.779193747394259 |
Encrypted: | false |
SSDEEP: | 24:Yv6XIclzvDHrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNx:YvWJrHgDv3W2aYQfgB5OUupHrQ9FJD |
MD5: | 4699163293A8B467CDE41FC9A5830051 |
SHA1: | 494BA23AB0809D16FDAFE917AB0F95ADE3D0D1D3 |
SHA-256: | 82826DFAE9C330575736049BD593F257D275E585B9D0CDA8D10F9D0E788DE867 |
SHA-512: | CEEA5F4AAF3200C0033EF68FEAF34DF939C1FF7D2FFCABC58A3256278DEC23A1EA34E3E9F1FDF0339E764EB07BEDDE336082D1EA08CE0B61423DA616A1B46AB1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.295054844987417 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJfbPtdPeUkwRe9:YvXKXIVOlZc0vDwGDV8Ukee9 |
MD5: | E137B487C32D2EF1D80B6A869463A32A |
SHA1: | E33E4D8DCBEDD04BCCF159998C6C99FE9C57E1AF |
SHA-256: | EB900A67758D6F434E37E241DC63D0A0B2AA32F6875702F3DA9534EDC9D81DBB |
SHA-512: | 842AEED10E791665D4668BEE2E34F596346CE6B6D72083AC2A5F57D32DCA6AEA0EBCF527903936A38AED0B13DD25029B864A564B114695808AB378E3FA94CA39 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.2998666843457825 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJf21rPeUkwRe9:YvXKXIVOlZc0vDwG+16Ukee9 |
MD5: | 4B00F99185329BD7ABB35BB8261C73FB |
SHA1: | F27E06DB7594F666CE6F4CA2203D80C55629F65E |
SHA-256: | 93104927D712510E4E430511AC6FFD58AC7A84A8FF9DFFF534D0FC248F7B8C38 |
SHA-512: | 1432F33D1733203B6EBC6783A80BD8B8CE012DBFDCDFC3C2C8E68081BC21B97943B33F4B4566FD15D24A20545F679A6C9B76FF9E91B59C8892E64A7E6402256F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1054 |
Entropy (8bit): | 5.668656441908782 |
Encrypted: | false |
SSDEEP: | 24:Yv6XIclzvDVamXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfS8:YvWJ1BgSXQSrOAh8cv6m8 |
MD5: | 7A0B22DDBFD120CBFE1DDC625C0AC948 |
SHA1: | 52C6944D3595429D4114D0AB72606B841A499FDC |
SHA-256: | 7E843E31276A609C7BAB06D95303B0FA7BA60CBDFB4A4595DF2F067E7B02A598 |
SHA-512: | AD7C8B07FCE3146FC573B08B9A642D9F1666A9229928D1D251C51ACFDFD76A82BDEBDB9126E423EC1B0645085BFE7BF8849E47BC7C4682650FB454CBDE71AB19 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.274407260362669 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJfshHHrPeUkwRe9:YvXKXIVOlZc0vDwGUUUkee9 |
MD5: | DDCF38F4E89C30FA155275ACCB96ABD5 |
SHA1: | 8D764CA3C59AED46515F0DE2BCE5023548212228 |
SHA-256: | A76CA2BD7156CEB312CD9B6DAE80A917193F7CC8C0C91CDA38300E39C7FA3297 |
SHA-512: | 1460DD7890A8BF35750B8A4C4E9F0450C25ED1E577BAE048BB0970FDCDB45447DDEDDC2EDAC553455FDD00484447773FF9BBBADEEC808ECDCF6756626CFDCBE4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.370857641169749 |
Encrypted: | false |
SSDEEP: | 12:YvXKXIVOlZc0vDwGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWF:Yv6XIclzvDm168CgEXX5kcIfANh8 |
MD5: | 8A20612F1CAD33EA518190BB54C818DE |
SHA1: | B1C024EAA0AD0FE8ED80752DE1FD28622099456F |
SHA-256: | 12A856882834B1C96B067354BF829A52C657F108EC68161A0AAE29289D64FEA1 |
SHA-512: | 255C8E7698B580514394827645E688FD145A0ABCA5374767E93449F5297FF031B73B38FE7FC180B3010DD93C4FD90893F9BCB32BA6884BE6A80FA086F5F6941B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.139804285640745 |
Encrypted: | false |
SSDEEP: | 24:YveFhatayrg3AOCfFjGaFp5KDwC58ajLj0SqPbCi2U3fb2LS0j4OZB56f9RUunOG:YGqgPqjzFa/DngbhFDO8OZBm9RR |
MD5: | CF3A5BE3D25649B09E361E16AF4AE345 |
SHA1: | 75DDA82AC02C137C057615EEE030A6FDDAAD1D4E |
SHA-256: | 6C646AB068D70D6CFA5AF8C79A06FD477C098FD627CDB414489F04F30F078E70 |
SHA-512: | 3A407A306CBCBD6BC7BBC1DB1D538B52E940631A1F7D62251CCBD2EC36BF3F2A6CE32A80CB8A30C8CDEB494912EFF35E165848449BD8A2FDFCF473932726DEF7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.18857796417492 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUxOSvR9H9vxFGiDIAEkGVvpFI:lNVmswUUUUUUUU8+FGSItC |
MD5: | 4EB15F8CB068013B89A9C1C78C31C088 |
SHA1: | B9B7901F8A3C59305CA9D485AA0A13B52748ED72 |
SHA-256: | 3972F72F12EF6EC3B33CECF7F7324FE4006B4D99A0E14802AA296458C09766F8 |
SHA-512: | 12739DB36C35F115B324BB62444535C23625A29B6D124F92EA5EFF707CD89F88E276038123908FAFD715736D8A7F5FC1B0935CE5C4A321EA0915B168B5D14BFB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6064705314857637 |
Encrypted: | false |
SSDEEP: | 48:7MFKUUUUUUUUUUxcvR9H9vxFGiDIAEkGVvcvqFl2GL7msH:7vUUUUUUUUUUSFGSItCKVmsH |
MD5: | 19400FEC50FC9EA7006A5A953B419BA7 |
SHA1: | F948899938E8722E816A90B89E33D03F0FF16453 |
SHA-256: | 0DF5E3AD5045C1A7EC9533383F5D5CCC43B743F9D7B2DC77B4A5E42D5FFDE335 |
SHA-512: | 6F20E3B07783445EA69EA0186DCAF09A6608F6454FED39E2BF115C9B44DEDBDFF2DD1E16BD25CF56A400FAEAE72E16A71E30C98F78F4B8118B3B29876297F832 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5162684137903053 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ErOaxKw:Qw946cPbiOxDlbYnuRKPKw |
MD5: | A394588EE45B3845E10F721564FE9F42 |
SHA1: | DA4168EAAFDEF924E75894BEF743846942794BAF |
SHA-256: | B277E8170EA733B449EC1B0CB5963B366EA9D45DD8DACCD454806DEF8AA42ABF |
SHA-512: | F23B567CAC7ED97F064F508E60FA187E97F5AF3855E3E254998B895A33D98623BCBB6F824ED97DCEC39346DA212F2A54B7FD884C649AB778F3A21FA0C039AD7F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 09-40-33-623.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.339076893827228 |
Encrypted: | false |
SSDEEP: | 384:Qg8tEYyay2l9UrGRgGj96oMVt+ZKwC68fsiEumkPD29AiSd9vOKfHq6XyoKn4jTL:Ob8j |
MD5: | 0D085864D3A290653C2FF2D4EAB9C76D |
SHA1: | D7CAC734DFFBB94D0FD9A4E0749567E7AF9F6BD8 |
SHA-256: | ACACCDBF939998CEB55C7D4C3455102A1EBD2CECD03CFD418156C2AF89A548D4 |
SHA-512: | 6CBE4BCCA2144A1B97169AEFD7A97ADEDAC11A9EE1BF435A72B7041BD0112E79070A59447CFF262C6342EAAEC0C55CF6F3FBAACB2CEEA2920A63B4018AED90EE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.386669807156942 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2ry:9M |
MD5: | A928AC756023109B9D046AE2D722D877 |
SHA1: | 881E6F79765E97DF632DB8E21181B0DE9F695255 |
SHA-256: | 73F37485AA9E66958B2972B945A9E5ECFE3BAB26F25B38972447687DE983AE82 |
SHA-512: | 685B74FA52A189D3B0F68AD40832368FE359BDBC9E925C5737B6ECB6A17E65E8B552538E1065FEF5B94A8E4B10613B6B9ADDE9522496BFFB239C64C0B15A9A7A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xVwYIGNPoeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwZG7WLxYGZN3mlind9i4ufFXpAXkru |
MD5: | 595D52F056D9D1FF19D516F23C677369 |
SHA1: | 463739610C6108B2A704D1483FB4CBC88C026D47 |
SHA-256: | 05CC4FC8F7F02ECBC2C67933B998CC5A281DBD2CA4205460731AFDBAE42BF72A |
SHA-512: | DB58A87B6BB916D9E7CD63248F2FD8B6F3131974C8DB8ED9D3B86A74EA060602A58B9743BFF5763785F5BCC4C6E1A11AF80B7144264AD178B553232C42A55040 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.963602327131849 |
TrID: |
|
File name: | 20241009_081551.pdf |
File size: | 659'399 bytes |
MD5: | f484e5a411a8fce3b83b52394a38e5fd |
SHA1: | 9ae19978c161dec8cc2bf731b0d66704be6a6214 |
SHA256: | d701f941b2385fca99c95a47f71e6271f4a3866541236410d147f4e62ebe051f |
SHA512: | 867bb0e1ba41a13ed96da5b1b16af97721643b4548799c14a6a980fc7215e7240ea335f7473c033058a2cbce2058fbc96cd962497c049d0febd713be548d57bf |
SSDEEP: | 12288:618KncRrgYKLktAoOR3012YRn6H6Fs9LFGTN7HzO7l2gtZcvF2H1BZW:618KncmLZZ9HFcsBFGTNW/G2VBZW |
TLSH: | 67E4239CDF9735456CB4E76FE6D6922693C5BD0AE9A8B0A12B803B851DF07812C1CF4C |
File Content Preview: | %PDF-1.7.%.....3 0 obj.<</Parent 4 0 R/MediaBox[0 0 595 841]/Contents 5 0 R/Resources 6 0 R/Type/Page>>.endobj.5 0 obj.<</Length 7 0 R>>.stream.q.595.00 0.00 0.00 841.00 0.00 0.00 cm./strip0 Do.Q..endstream.endobj.7 0 obj.52.endobj.9 0 obj.<</Type/XObject |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.963602 |
Total Bytes: | 659399 |
Stream Entropy: | 7.963502 |
Stream Bytes: | 658308 |
Entropy outside Streams: | 5.052728 |
Bytes outside Streams: | 1091 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 11 |
endobj | 11 |
stream | 2 |
endstream | 2 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
9 | 756767671794155d | b960208822d7e2b377b4b8e0107ecfd5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 10, 2024 15:40:44.683099985 CEST | 49746 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 10, 2024 15:40:44.683137894 CEST | 443 | 49746 | 23.200.196.138 | 192.168.2.4 |
Oct 10, 2024 15:40:44.683207989 CEST | 49746 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 10, 2024 15:40:44.683412075 CEST | 49746 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 10, 2024 15:40:44.683428049 CEST | 443 | 49746 | 23.200.196.138 | 192.168.2.4 |
Oct 10, 2024 15:40:45.251609087 CEST | 443 | 49746 | 23.200.196.138 | 192.168.2.4 |
Oct 10, 2024 15:40:45.253343105 CEST | 49746 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 10, 2024 15:40:45.253366947 CEST | 443 | 49746 | 23.200.196.138 | 192.168.2.4 |
Oct 10, 2024 15:40:45.256967068 CEST | 443 | 49746 | 23.200.196.138 | 192.168.2.4 |
Oct 10, 2024 15:40:45.257320881 CEST | 49746 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 10, 2024 15:40:45.293906927 CEST | 49746 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 10, 2024 15:40:45.294236898 CEST | 443 | 49746 | 23.200.196.138 | 192.168.2.4 |
Oct 10, 2024 15:40:45.295437098 CEST | 49746 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 10, 2024 15:40:45.339409113 CEST | 443 | 49746 | 23.200.196.138 | 192.168.2.4 |
Oct 10, 2024 15:40:45.347486973 CEST | 49746 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 10, 2024 15:40:45.347507954 CEST | 443 | 49746 | 23.200.196.138 | 192.168.2.4 |
Oct 10, 2024 15:40:45.392134905 CEST | 443 | 49746 | 23.200.196.138 | 192.168.2.4 |
Oct 10, 2024 15:40:45.392236948 CEST | 49746 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 10, 2024 15:40:45.393311024 CEST | 49746 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 10, 2024 15:40:45.393326998 CEST | 443 | 49746 | 23.200.196.138 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 10, 2024 15:40:44.304974079 CEST | 51508 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 10, 2024 15:40:56.844316959 CEST | 58353 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 10, 2024 15:41:12.406676054 CEST | 61975 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 10, 2024 15:40:44.304974079 CEST | 192.168.2.4 | 1.1.1.1 | 0x41ee | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 10, 2024 15:40:56.844316959 CEST | 192.168.2.4 | 1.1.1.1 | 0xa8bc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 10, 2024 15:41:12.406676054 CEST | 192.168.2.4 | 1.1.1.1 | 0xcc4 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 10, 2024 15:40:43.407985926 CEST | 1.1.1.1 | 192.168.2.4 | 0x5623 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Oct 10, 2024 15:40:43.407985926 CEST | 1.1.1.1 | 192.168.2.4 | 0x5623 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Oct 10, 2024 15:40:44.313096046 CEST | 1.1.1.1 | 192.168.2.4 | 0x41ee | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 10, 2024 15:40:56.851522923 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8bc | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 10, 2024 15:41:12.415288925 CEST | 1.1.1.1 | 192.168.2.4 | 0xcc4 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49746 | 23.200.196.138 | 443 | 7716 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-10 13:40:45 UTC | 475 | OUT | |
2024-10-10 13:40:45 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:40:29 |
Start date: | 10/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 09:40:30 |
Start date: | 10/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 09:40:30 |
Start date: | 10/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |