Windows
Analysis Report
W9.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7336 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\W 9.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7508 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7732 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 04 --field -trial-han dle=1652,i ,569131112 2867177486 ,788153636 5226576026 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1531074 |
Start date and time: | 2024-10-10 20:20:21 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 4s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | W9.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/47@1/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 95.100.50.221, 18.207.85.246, 107.22.247.231, 54.144.73.197, 34.193.227.236, 2.19.126.149, 2.19.126.143, 162.159.61.3, 172.64.41.3, 104.79.88.64, 104.76.201.34, 88.221.110.91, 2.16.100.168
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: W9.pdf
Time | Type | Description |
---|---|---|
14:21:38 | API Interceptor |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.075326539843995 |
Encrypted: | false |
SSDEEP: | 6:JFvUA4yq2Pwkn2nKuAl9OmbnIFUt8WFVQ1Zmw+WFVGRkwOwkn2nKuAl9OmbjLJ:JdUavYfHAahFUt8Wg1/+Wi5JfHAaSJ |
MD5: | E3713B3D2C6080AF2E41BA28FD584050 |
SHA1: | 9D881D3E4055EC8F8B3A155D21809DA74AF00B3D |
SHA-256: | A0EB0836972C384202781D90FDB0C25CDED353D9FEE2976130B7A81A4FD99166 |
SHA-512: | 30A32FD09A633D00A8F9452AC39DEC73BBBE9549A3F79F70956758A18431896D7CDDA5C396B1A8E936A68B97DEEBDE1012AE78576A80464858564F37A2944285 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.075326539843995 |
Encrypted: | false |
SSDEEP: | 6:JFvUA4yq2Pwkn2nKuAl9OmbnIFUt8WFVQ1Zmw+WFVGRkwOwkn2nKuAl9OmbjLJ:JdUavYfHAahFUt8Wg1/+Wi5JfHAaSJ |
MD5: | E3713B3D2C6080AF2E41BA28FD584050 |
SHA1: | 9D881D3E4055EC8F8B3A155D21809DA74AF00B3D |
SHA-256: | A0EB0836972C384202781D90FDB0C25CDED353D9FEE2976130B7A81A4FD99166 |
SHA-512: | 30A32FD09A633D00A8F9452AC39DEC73BBBE9549A3F79F70956758A18431896D7CDDA5C396B1A8E936A68B97DEEBDE1012AE78576A80464858564F37A2944285 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.121808756812273 |
Encrypted: | false |
SSDEEP: | 6:J5SQ+q2Pwkn2nKuAl9Ombzo2jMGIFUt8WgSgZmw+WqQVkwOwkn2nKuAl9Ombzo23:JEQ+vYfHAa8uFUt8WgSg/+WqQV5JfHAv |
MD5: | FC365E9C07B7A4955159B7A9A6984DC8 |
SHA1: | 3265BA4F3B9C38939863F8C499143C6DF50206A9 |
SHA-256: | 31DF9141AABD1F7695CB2B2AF130841CDEE11700E06251ECB927AE1B83417772 |
SHA-512: | F54EAC47B163BC631C72A48FD447FD3088E3BF40746D4F6FAA8C134202FD31BEA60F1FD55CAF96CF33EE63456BE8AEFFAF218A4AE9FCDCC42661B5F30A941864 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.121808756812273 |
Encrypted: | false |
SSDEEP: | 6:J5SQ+q2Pwkn2nKuAl9Ombzo2jMGIFUt8WgSgZmw+WqQVkwOwkn2nKuAl9Ombzo23:JEQ+vYfHAa8uFUt8WgSg/+WqQV5JfHAv |
MD5: | FC365E9C07B7A4955159B7A9A6984DC8 |
SHA1: | 3265BA4F3B9C38939863F8C499143C6DF50206A9 |
SHA-256: | 31DF9141AABD1F7695CB2B2AF130841CDEE11700E06251ECB927AE1B83417772 |
SHA-512: | F54EAC47B163BC631C72A48FD447FD3088E3BF40746D4F6FAA8C134202FD31BEA60F1FD55CAF96CF33EE63456BE8AEFFAF218A4AE9FCDCC42661B5F30A941864 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.959716522192626 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyj2sBdOg2Hzcaq3QYiubInP7E4T3y:Y2sRds9bdMHK3QYhbG7nby |
MD5: | 09CBA28BB3E86CB7CB3C7C578DC87850 |
SHA1: | A807BFE728D55BCD821EBF3B8D7CC6C03A74C853 |
SHA-256: | C76CD8D0035328209A9A1B54533C338C46BF36481A462876D878FD15F99FFD72 |
SHA-512: | 5A7282E84E5A69C387C55FC3371AC55FFD280DC29D6929EB8281562119ECE5EBF7894ADB088EF9921648B9EAB4DD771724B8DD9F7F0FA814ADDCFF4D70215706 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f5c00dbb-3127-40b0-b43d-9548f074d526.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.959716522192626 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyj2sBdOg2Hzcaq3QYiubInP7E4T3y:Y2sRds9bdMHK3QYhbG7nby |
MD5: | 09CBA28BB3E86CB7CB3C7C578DC87850 |
SHA1: | A807BFE728D55BCD821EBF3B8D7CC6C03A74C853 |
SHA-256: | C76CD8D0035328209A9A1B54533C338C46BF36481A462876D878FD15F99FFD72 |
SHA-512: | 5A7282E84E5A69C387C55FC3371AC55FFD280DC29D6929EB8281562119ECE5EBF7894ADB088EF9921648B9EAB4DD771724B8DD9F7F0FA814ADDCFF4D70215706 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.244029194942188 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo74hpvmLnZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go1 |
MD5: | C7A2B8ECFB69A531B10759AC98E0FB8F |
SHA1: | B9B26AA16DFBF6EFD9DD4575E51A364BBA3471DF |
SHA-256: | 0CF098512FCCE4CF4756B961746657D1C2D0D414DADF67B2945F85D22824DBAB |
SHA-512: | 398DE8B5E8D70C51F581AF0A1CF1EFA90F2B2053FDFC715CD9FB79A9FC40E728ED23ED483FD78ABBC2770A3E6B8845CAA178046702EA095010A86F683A51C870 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.163047830775051 |
Encrypted: | false |
SSDEEP: | 6:Jd/4Q+q2Pwkn2nKuAl9OmbzNMxIFUt8We02SgZmw+WeDQVkwOwkn2nKuAl9OmbzE:JqQ+vYfHAa8jFUt8WeHSg/+WeDQV5Jfv |
MD5: | 7534BE69EE3ED6903EB00604C5120105 |
SHA1: | 85E89D8C391BF602D74F83F9F4ED72D6A61277B3 |
SHA-256: | 5DF995CCFD0244C32C5A7AED5451B90BA04949C3AA03ABAF61717FEE40A27A73 |
SHA-512: | A814CF93031F5A72B703A6D2333FA1F75B8D564870805E15EA1369FBB5560EDB24D79EB8B8642CFE7D8296E5B18224DF362342B3ED1B65969C6146CA4AC31616 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.163047830775051 |
Encrypted: | false |
SSDEEP: | 6:Jd/4Q+q2Pwkn2nKuAl9OmbzNMxIFUt8We02SgZmw+WeDQVkwOwkn2nKuAl9OmbzE:JqQ+vYfHAa8jFUt8WeHSg/+WeDQV5Jfv |
MD5: | 7534BE69EE3ED6903EB00604C5120105 |
SHA1: | 85E89D8C391BF602D74F83F9F4ED72D6A61277B3 |
SHA-256: | 5DF995CCFD0244C32C5A7AED5451B90BA04949C3AA03ABAF61717FEE40A27A73 |
SHA-512: | A814CF93031F5A72B703A6D2333FA1F75B8D564870805E15EA1369FBB5560EDB24D79EB8B8642CFE7D8296E5B18224DF362342B3ED1B65969C6146CA4AC31616 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241010182128Z-156.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.9187944771207956 |
Encrypted: | false |
SSDEEP: | 96:+mvpAcWnTMJrJXy35m9bJjh7EMkwWZ8X9We0ciLMJc9oZ/tArNc9FN:til6dX05mPB8w7XsedlBaaLN |
MD5: | 10D8E425E6DC62E4CBB915FBCDE38C8E |
SHA1: | E5D5D42F5B65FFEE343789F945DDB1ADC42638FC |
SHA-256: | B60D0F2D54A90CB93458F0D352F9BEAA611E3C8AB74C73FC6FA834E7196C950C |
SHA-512: | 67D16629097A15956612C646A666C7A9B49D2AF068CCE6FD65BA8DBFCF49708084182E09F1E09A5D5E6153070F6B5D6BA842363F9CB6E3954AACBA8AF2C409B1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444966005822717 |
Encrypted: | false |
SSDEEP: | 384:yezci5t+iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rRs3OazzU89UTTgUL |
MD5: | 21BF964253CEB3B8B92E8F0079A7D145 |
SHA1: | 7561C0590C422368F9B946FBC4FD4287733EED6C |
SHA-256: | EB370D14517E6DB61CCA42093CC803F99C40EE4D878EEAE8094776311C84AD76 |
SHA-512: | 86676F85940E7D34075D314F07CAD87E56EF2F9A2814642E8A39145E90B291FF88551AA4091D6311B2EBD93B94BB9321E08B0928FDD10E300875B95B8FF510BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.773051360788147 |
Encrypted: | false |
SSDEEP: | 48:7MRp/E2ioyVHioy9oWoy1Cwoy1XKOioy1noy1AYoy1Wioy1hioybioy3oy1noy1V:7OpjuHFKXKQ+Eb9IVXEBodRBk0 |
MD5: | 2FF7FFC350B57F7F38CD2FECF627013B |
SHA1: | CAD11950473BF390705A80AFA7A63A79C697C59A |
SHA-256: | 8B6D59E643A5BD7DBADC2B468368625017D689CD663CF42C6278F864E1B429C9 |
SHA-512: | 5A494AB023B4F06FF054257DB8FF8E14C270AAB249F973B45BEEB56DA4B8FFFB7741CF0C3B85F7A06DFC1803A0450626557CD20E2EEBBF72D7CF53D06B5E9827 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | 3:kkFklq6v+DtfllXlE/HT8krgz/tNNX8RolJuRdxLlGB9lQRYwpDdt:kKz6v+DeT8ig3NMa8RdWBwRd |
MD5: | CCECF052E00348CCF5DB13301A710F0F |
SHA1: | 940564B5FC27F5004C6DE098F0E608C015D8D34B |
SHA-256: | B9696F948C9CF6C1575BF0F3A6924955A69D0BAD01146527BF0F6626CEF544AB |
SHA-512: | C8E70A9EC70938A3B7E98D7D24F07FE2E7057C0C26AFC5C6E5E5C20B3B6DF47684024AF4ECFE3FFDD6D683F3F703D340D58B9ED26D851F65FE9074AC22CD1AEC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.140290524202369 |
Encrypted: | false |
SSDEEP: | 6:kKGsL9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:DiDnLNkPlE99SNxAhUe/3 |
MD5: | 156974FE62E6F9851CE8209955981611 |
SHA1: | 43983EBF1AD947CA3DB52E252E32899F01E63B91 |
SHA-256: | 6981B62BFC1DBDC6F85D4126A9CC6029171293EE7939CE8EB81525C75AB67B90 |
SHA-512: | 261705DE1DD4F380254F7C37E3EECBB149D4AD1D3CD952D794EC415BBDA958D83811EB1675FA2012EFB85992F72A5AD19147FC7AF48216DF35FEC80C9D35404B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.377720432307104 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkwHEX9VoZcg1vRcR0YGNVFoAvJM3g98kUwPeUkwRe9:YvXKXkxEZc0vOGMbLUkee9 |
MD5: | 7098F7074C60A1DE266F20C2B279FA43 |
SHA1: | 9009CD3671DC5E3BFF71E9513CC3228D13760F40 |
SHA-256: | 7061548A041A8A702AB9C9713601E1A7305EB6DD13A1253342719E7624F533A3 |
SHA-512: | 6D3678D00AA0200D1F2FC1B4A5039FEB915BEDF9A41D7744001613E92ABA810D75B828F647493E350F3FEF2774BF3073640147A8BB77FA8C904CAF92A95B2476 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.328761130089333 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkwHEX9VoZcg1vRcR0YGNVFoAvJfBoTfXpnrPeUkwRe9:YvXKXkxEZc0vOGWTfXcUkee9 |
MD5: | EFC68F11CBE72088A5C1787666D4A239 |
SHA1: | 0F1A9CA5402CC7AC36DC635E55053722F0BC3B8D |
SHA-256: | 9067BACABB22B537B9389D9FB7741A08945DEA553DEBF8419A1FB203C54301BF |
SHA-512: | E9886B88B5FE942FB63581A899F804013B21E7296C3F6CA3348367BC1FFAB92EB170509129861B45E0D8A947597E179E897C53192C606474530D053B5772CB43 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.307958878058537 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkwHEX9VoZcg1vRcR0YGNVFoAvJfBD2G6UpnrPeUkwRe9:YvXKXkxEZc0vOGR22cUkee9 |
MD5: | 1F5EE7AF1EEDEC28C5C5697821AA8FEF |
SHA1: | 573C4F4316D72064A0CF29645D97EEF720508415 |
SHA-256: | A2DC7707993326CEACFAB351CF8F73904C25D7D81BCCE63FBEF3CB798A1A4943 |
SHA-512: | 4FE2202713A8C65590815F4740FEF081B110053C07A58B16862DFE5B859E90CA929F19116D94F25FC643DD015123F22A95C5E01C4106EE86E8522EEEF86087FB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.365234694501909 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkwHEX9VoZcg1vRcR0YGNVFoAvJfPmwrPeUkwRe9:YvXKXkxEZc0vOGH56Ukee9 |
MD5: | 8C777858A0BECF37D0B8BCB6B26E2A7B |
SHA1: | 4742C2B0B85A7D2D389820D1E3A4F78D31A616F4 |
SHA-256: | CF920547CB7C3800E6C0D99AA1151D16CB48BC342FBD1570DD92F8F3ECE68E24 |
SHA-512: | 1B34E28AD8957E5C114ECFD170BC8081C75C0E96ED452A32C970A143DED08AA7B1CB5A73DFF2EEEEFFE27FF8E5EDF112F2258A2A9CFB25B84BBDD2BF637F9314 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1091 |
Entropy (8bit): | 5.692923564239528 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xxzv7pLgE7cgD6SOGtnnl0RCmK8czOCYvSE:YvSThgs6SraAh8cvYKE |
MD5: | A92CF788683383E6CD070CF0C726E25C |
SHA1: | EC6C70123191C7CEF548B9057FFEA7789AC3C0DB |
SHA-256: | 961722C8CC0D83D73C264AE22C8F1CE46A34D36A1B175A2EB86B31943D761F46 |
SHA-512: | DEBAC0DB844D26FAF3436D66756A59B28BFA7289003FFD814317B103371C3DE0B9D440FAE312E2171B474990741894C7498E9C7339FD274E03F272827CF8C40B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.6603816430423235 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xxzv3VLgEF0c7sbnl0RCmK8czOCYHflEpwiVN:YvSPFg6sGAh8cvYHWpwE |
MD5: | 7AA90C354D644FC856672199488D856C |
SHA1: | 16E787AA444EB75EFB56D6AB9BCF921CE975FF07 |
SHA-256: | A8A84924147DA5F1CC4DA17665AFF177B1EAA852B36075F081098839CBDE7BC7 |
SHA-512: | 5B9104AF5C7928448EA9E6FC494619BC10CD9214DFAA08584E443428DE645603A1C59B1EAFDFC8CD6B77A3FB2B55FF378340E44740116701FFEC86C1660BA620 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.318142325814355 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkwHEX9VoZcg1vRcR0YGNVFoAvJfQ1rPeUkwRe9:YvXKXkxEZc0vOGY16Ukee9 |
MD5: | 6A4ECD770757AAB7103C8EF52D36B6F7 |
SHA1: | 9F30AE80A0D95D1E6917DB7D94420117946216D0 |
SHA-256: | 90BE6FD4B432B202D5D5E48DBAAC5705E19E704A176489149BDA3C7A06767D32 |
SHA-512: | 8564707F9A80DB00F6485D8196B488F06A97CA20F0034F2F5D2B669A76C019319BC0994126613987F1CB03F6FE19E39A870349F182B832A74DB70673C8E3B88E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1098 |
Entropy (8bit): | 5.6932320583917715 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xxzvm2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSE:YvSeogq2SrhAh8cvUgEmE |
MD5: | E3A8972C8660E82DBB189C8F76B2FCFA |
SHA1: | F2DBE61BDC27E087213D7C6F7F6E68C9E5626E87 |
SHA-256: | 38C449940B4D1F98529B0194DED16B926414F9FED08656D951ED0FD8D281E1A0 |
SHA-512: | 822312E6550F99BF7D21DEF6C029B55E2B356C5D79CE9DC4432BEF1BCE49BF21743175F781D693F1DAB807E0E1E9091CB70EF914C83E26C34677CE3E56D62DF1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.705054776705049 |
Encrypted: | false |
SSDEEP: | 24:Yv6XxzvKKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5N:YvSSEgqprtrS5OZjSlwTmAfSKP |
MD5: | 3CB3B3DF9BDBE691D045BD23712088E7 |
SHA1: | 5DBB13D598BC1AE91EC02C8AD00473E2C3FFEC07 |
SHA-256: | 29E99958E01C9028392D7A9B0E0FD187EAB7394D4FB9FA0CCB874CF9E0BFFF23 |
SHA-512: | 817F6FCFC6E0FC0453B5E37001F1846AEE378A5641245539159E10078F3B5941E7FEA1579F1A6E1EA7AC3AD32118C821FABC235FF6BC01703249E56502F53174 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3196243545497515 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkwHEX9VoZcg1vRcR0YGNVFoAvJfYdPeUkwRe9:YvXKXkxEZc0vOGg8Ukee9 |
MD5: | B7BC7AD099BDE64671A4C6CA984DA856 |
SHA1: | 66CC474BD79358E48E2D2BB9FE7C58D6940BE7F8 |
SHA-256: | 7E8B6F6ED062E2643CC41280DDBF900A6210B7CA82A2CEA49ABC12787E76323E |
SHA-512: | 631BED33DD9BF32E4B7BAFE1493BAAFA41323F5346941FEA90F4AA5002BEA5AE77912827AEA5398E6613D19FEC46327D626F17FA0960CC87D86DC91F15A97B01 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.781708216529685 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xxzv5rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNV:YvSRHgDv3W2aYQfgB5OUupHrQ9FJP |
MD5: | 9EE3E29CF93B5B855220026AB6A4FCBE |
SHA1: | 9F4FABD7333696290EAE9F551BDE29BDC974375D |
SHA-256: | DC709039324DC814DB45333225D22119265E2264A6505F6BE65C0E2531744E75 |
SHA-512: | B38F15492F6C0C1FAFF8C544038297BA75977D3CEC533F2BD44B4D225EE3EC9B5AD965DF211AB28406C147B09F6C261BE5C7783C1885909A1245F3FDF211A389 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.303036576934613 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkwHEX9VoZcg1vRcR0YGNVFoAvJfbPtdPeUkwRe9:YvXKXkxEZc0vOGDV8Ukee9 |
MD5: | 6717E1AEFC6B353AA41C7C61F3FE706F |
SHA1: | 34F907D4F3F6BA3E77ED4ABB179CD75A46A72685 |
SHA-256: | 4DDF207DF67E7DEED9D2AEA190F69222A016EE3C1DD709A52AB6490D0ADACF34 |
SHA-512: | ECF60A697B6035CD6ECE5775031DF1472790F6F8A5EB73F2A5889C48439B75BEB41291FFB0A5CF32E1156E230D86770F3002148B49C82589B7EC2F33E5BA4E74 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.307959659943809 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkwHEX9VoZcg1vRcR0YGNVFoAvJf21rPeUkwRe9:YvXKXkxEZc0vOG+16Ukee9 |
MD5: | E1B4D0C4E36834CF3E6B3B0D2528BD36 |
SHA1: | 206B149A2403D898B2497CBE7C21A135F5E12E71 |
SHA-256: | EBA5244B83AA8109C4381D47357D8D0067A28E7EF1C6D360CAFC20C5436A2FAA |
SHA-512: | CB26FFA477D03F7C52B7497DF4A4082960351C13C62B6A6D5527B34222A54449300B184D1032C717FFC955F18098B676B1A2C7EF9D3207DCD79E9A2BAAAD8F61 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1054 |
Entropy (8bit): | 5.672198253914773 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xxzv7amXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSE:YvSTBgSXQSrOAh8cv6mE |
MD5: | A07D4372618B533AC072F4D3A69522B4 |
SHA1: | E24A45822A2A6CE9B2126FC639B0E0AE8A2D5FD1 |
SHA-256: | 94A4EFC5DC92A337582B959E3F85CE0FF21D53499ECAA49ED8485EDA0ED3EF8D |
SHA-512: | 40645B21688508282D05BC8DEED745762C1B99283AAF8BEE51948B4A34122FFF53FC1E980C6C7B6000F873F044CD4FF74EE1E7504282B1E7822AEA23746A737E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.2843889141118785 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkwHEX9VoZcg1vRcR0YGNVFoAvJfshHHrPeUkwRe9:YvXKXkxEZc0vOGUUUkee9 |
MD5: | D64362C0CE44CF33F0DD27253CF89211 |
SHA1: | D4280FE10C602EF5BAEB16C8C7E4F2841A1A2139 |
SHA-256: | 35FFD0748310FC54C67E851818673BAAC099F685D2D8DF32DB83046C6809354D |
SHA-512: | A0917A812182BB476648E0461B5E4BE93D8E1CBC217623FED65159A0CB3D763B1F4A68CABCB5F180B4327BC587C05F16E1A2E7AED801CFCD3CEE76B932ACFAAA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.377363867283819 |
Encrypted: | false |
SSDEEP: | 12:YvXKXkxEZc0vOGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWp:Yv6XxzvY168CgEXX5kcIfANhE |
MD5: | C437662FE46B278DC1D9CFB4048F5639 |
SHA1: | 0EB97007EA789750A188CBBD7D16E5BD33E041B9 |
SHA-256: | E77F19D6772A60152AC70DD5DD830B05E8F56E2B34C650D557F6CC1D9FF96D49 |
SHA-512: | 19EA4305B93399CA0285F3736DA02E577A122508B0C43DE034C91A0AA006A1AF3FCA9B2ED4BDCBFDD5941D3A44A0D3C6EAE983ECDEE396269432CE3B58FF6A74 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.139308863520581 |
Encrypted: | false |
SSDEEP: | 24:YITykM4saxJayts/UOXCid1fYr15OfAolPl4xjUchxSj0S3d272xg2LSRSYZk5n4:YIWFqpwbrqyAW9u3Gpkn3S8kd9OvBT |
MD5: | 41253A486D747B8B7928BAC6F6B38BA7 |
SHA1: | 6AEACB3085A55C41EED1CAFB64B1BBEEFFAC46B5 |
SHA-256: | 0D6BB21BA3063C05B54857E456DFD396E4A9E415E0CC7B16BBCCF0C0961AD52C |
SHA-512: | 67745BF5F993D41ACF9FF3002225611D2831A98065E07A0FE6BA08E82B89358ED5A3FC91A339E0FCB47A86E2BBA07A4CE7EC23F15BD60995608F93AFE8BCB726 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1912934659066992 |
Encrypted: | false |
SSDEEP: | 48:Tll2GL7msETUUUUUUU4dLVvR9H9vxFGiDIAEkGVvpQdbadLD:fVmsQUUUUUUU41RFGSItgk1D |
MD5: | 4C1101279B7D13B5BB97A076EF2949BE |
SHA1: | 3A65772838311241737EAAB804BB644D24B08505 |
SHA-256: | F26765ABC6A9D81F95EB124DA82BE125284794E4EFDAD206F2E2565409DDCFE2 |
SHA-512: | B529A2B90890A6A459E147698694E1F84F34667E7128A651FCF78B3CB8DBD422CC4053A37B0488223611971609773D4E61AD8FD49E1A56F3A8B265342EA76CE3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6120688588631937 |
Encrypted: | false |
SSDEEP: | 48:7MtUUUUUUUU4dLrSvR9H9vxFGiDIAEkGVvpcdLuqGufl2GL7msu:7GUUUUUUUU41r+FGSIt41uKNVmsu |
MD5: | 343FE7B35D087C89F93C6D25E6ABF5FD |
SHA1: | 25E0141CB5164CF5453D6C87F538DE33CA303836 |
SHA-256: | 8C5FBD6132D491452A4ABE5A8E62B83F71AF3826CB032688CEB8311153987B06 |
SHA-512: | D6D5274D038671E137E69DFC23CDA9D89B2A44B594E7D3C58C8CF97CF911D1B7EB8C5CE68E04FE2283650221FE658102B21E86EF6A8D18FF81411118DD807E7D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.493870954423123 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ErOqRScflH:Qw946cPbiOxDlbYnuRK9flH |
MD5: | 49CA8165E8D3D051205BD9640BEFECE4 |
SHA1: | A855FD67ACD758D43CEE2DBD6E01C704EC14EA31 |
SHA-256: | E60FD022F35270464D957AA1EE585E55F086346A1ECB939AB7C6C63D74A06913 |
SHA-512: | D852F3572E8849A6C6663ED510C67EB59A59A94044A7D212033A3287E0C3B739BF1A1EB22F453C955FC50620DFDF4C1702A97260E157C6746A986B16B6AA065A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 14-21-26-913.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.343650416846543 |
Encrypted: | false |
SSDEEP: | 384:7Ooz9fUPDsV7RoWUias1siJUgDm7q7PxQzsYTPDPaOmx3b2m2tr1w7z67Fz6vGuM:q4+J |
MD5: | 31ACF1CEB7D170A6ED5CD7393B79E2D5 |
SHA1: | 7089D96B603C07B55F8838C8C4CD578AC96AC42F |
SHA-256: | 78BE90312082E1666736AE64BBB6D05398D6B3A4D1C6870DA8C0E3F324E6F551 |
SHA-512: | 73E4A16EE5A20148EEDE9F3C6816434DC725C1F93AF131BA862739A87F2138DC2FF95E4BF1374C4C156958F65BD8F6B962E5FA84EC0883BAE90ADF22C605A3EE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.383787150366511 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rC:Nk |
MD5: | A9B8983B3EE241B6306A52F26C22528D |
SHA1: | 3E514CA23681F9A28228376F00AC0B9C45C08CC2 |
SHA-256: | 7CDF8042DCC8D775DA213F4F40A176A1364A848BAE8C8824F2A83286328FE7FA |
SHA-512: | 1B8D4A04E2CCBA28173641A4DB94B655E8634EC2FE8334606507793637318FD7BE84C81AD1C577BC19EAE8FCD608ACE06E105C007D733DB3953E1770ACB39E68 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.66829583405449 |
Encrypted: | false |
SSDEEP: | 3:So6FwHn:So6FwHn |
MD5: | DD4A3BD8B9FF61628346391EA9987E1D |
SHA1: | 474076C122CACAAF112469FC62976BB69187AA2B |
SHA-256: | 7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486 |
SHA-512: | FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.711741565660802 |
TrID: |
|
File name: | W9.pdf |
File size: | 152'934 bytes |
MD5: | ea49c648dba2f52a92228a74fc0772ff |
SHA1: | 2f4e769faebf1f341fa8e47cdc244c99cbedb7b8 |
SHA256: | 0ad146bc2bfe274d4003fc2b58df8e696915ec0d4240264d004a316b4c9479d6 |
SHA512: | 215481ec4723ee2e1d4439263204ecdb9f37cfc8de1f57763635c8474dcf7cf12c4489621fe05f960619c75d55ad2e595a382ad5233485eaa0376f5ac1d3efdb |
SSDEEP: | 3072:Of5s08J+6bfeA5ZRILH8GO57ZDDp6/byfV:Of5s08I6tbRILcJPDdcyfV |
TLSH: | 50E3E1DC8898F4C844B5A3C5B75090D7C18FA7D74644983B75DE8B920B02DA6EEE3DE1 |
File Content Preview: | %PDF-1.6.%......11 0 obj.<</Linearized 1/L 113343/O 13/E 108239/N 1/T 113037/H [ 693 250]>>.endobj. ..59 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<F611083F5726B54DAC55038B230FB00D><041F9C6CC4938D40A77E2A5B56E70E2 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.711742 |
Total Bytes: | 152934 |
Stream Entropy: | 7.848719 |
Stream Bytes: | 131303 |
Entropy outside Streams: | 4.956176 |
Bytes outside Streams: | 21631 |
Number of EOF found: | 4 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 81 |
endobj | 81 |
stream | 66 |
endstream | 66 |
xref | 0 |
trailer | 0 |
startxref | 4 |
/Page | 3 |
/Encrypt | 0 |
/ObjStm | 6 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 10, 2024 20:21:38.074479103 CEST | 64465 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 10, 2024 20:21:38.074479103 CEST | 192.168.2.4 | 1.1.1.1 | 0x93a2 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 10, 2024 20:21:38.422441006 CEST | 1.1.1.1 | 192.168.2.4 | 0x93a2 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:21:23 |
Start date: | 10/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 14:21:24 |
Start date: | 10/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 14:21:24 |
Start date: | 10/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |