Windows
Analysis Report
W9.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 2556 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\W 9.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 1440 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7236 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 08 --field -trial-han dle=1656,i ,736181634 1777172123 ,181593371 1151863640 9,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | IP Address: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false |
| unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.195.76.153 | unknown | United States | 2914 | NTT-COMMUNICATIONS-2914US | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1531115 |
Start date and time: | 2024-10-10 21:29:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | W9.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/51@0/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 95.100.50.221, 18.207.85.246, 107.22.247.231, 54.144.73.197, 34.193.227.236, 172.64.41.3, 162.159.61.3, 104.76.201.34, 2.19.126.143, 2.19.126.149, 192.168.2.5, 23.44.133.32
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateFile calls found.
- VT rate limit hit for: W9.pdf
Time | Type | Description |
---|---|---|
15:30:19 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.195.76.153 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
NTT-COMMUNICATIONS-2914US | Get hash | malicious | Mirai, Gafgyt | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.174065326024868 |
Encrypted: | false |
SSDEEP: | 6:JWAAq2P92nKuAl9OmbnIFUt8WYwXZmw+WmFkwO92nKuAl9OmbjLJ:JWAAv4HAahFUt8W//+W65LHAaSJ |
MD5: | 80EA228BAD796D822174D04879EFEA1A |
SHA1: | 2BE4BBA6242950A41EE3DB3B85199B920E5D729B |
SHA-256: | BB754C6CCF303C798F5BC99982566AE5D8B550B79D3B49F61B3DD4094ABC2713 |
SHA-512: | 3D592BABD47096FBBD3FA9A85D90BBF0E117C7A073792F84C8D623C6F4F8A588C7A5EA79587FE3DBA88E6D63710DC3D8D07654E1B031BBE6E3E78573A2BEC50A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.174065326024868 |
Encrypted: | false |
SSDEEP: | 6:JWAAq2P92nKuAl9OmbnIFUt8WYwXZmw+WmFkwO92nKuAl9OmbjLJ:JWAAv4HAahFUt8W//+W65LHAaSJ |
MD5: | 80EA228BAD796D822174D04879EFEA1A |
SHA1: | 2BE4BBA6242950A41EE3DB3B85199B920E5D729B |
SHA-256: | BB754C6CCF303C798F5BC99982566AE5D8B550B79D3B49F61B3DD4094ABC2713 |
SHA-512: | 3D592BABD47096FBBD3FA9A85D90BBF0E117C7A073792F84C8D623C6F4F8A588C7A5EA79587FE3DBA88E6D63710DC3D8D07654E1B031BBE6E3E78573A2BEC50A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.1592828110408515 |
Encrypted: | false |
SSDEEP: | 6:JhgcM+q2P92nKuAl9Ombzo2jMGIFUt8W+UENJZmw+W+WdEcMVkwO92nKuAl9OmbX:JfM+v4HAa8uFUt8W+lX/+W+WdpMV5LHA |
MD5: | 42A134161034EE41E5180CCCDC8EC89E |
SHA1: | 76D5A81B562327B6332C6DEA50AFDA31AE2EB3E7 |
SHA-256: | D90217401C3899E823E993527D8D90551C2C561FBEAE9351DBB097109ADEEBA0 |
SHA-512: | 8C0EE355C1DD4B7C290A1F766180505CED9742A46B711661610DFC1BF6933F00EA4704E36DB7577AE0A0906EC7597EBD395308FFB48CE2845126960210353B2B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.1592828110408515 |
Encrypted: | false |
SSDEEP: | 6:JhgcM+q2P92nKuAl9Ombzo2jMGIFUt8W+UENJZmw+W+WdEcMVkwO92nKuAl9OmbX:JfM+v4HAa8uFUt8W+lX/+W+WdpMV5LHA |
MD5: | 42A134161034EE41E5180CCCDC8EC89E |
SHA1: | 76D5A81B562327B6332C6DEA50AFDA31AE2EB3E7 |
SHA-256: | D90217401C3899E823E993527D8D90551C2C561FBEAE9351DBB097109ADEEBA0 |
SHA-512: | 8C0EE355C1DD4B7C290A1F766180505CED9742A46B711661610DFC1BF6933F00EA4704E36DB7577AE0A0906EC7597EBD395308FFB48CE2845126960210353B2B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9d79854b-682e-4cce-a037-ae7e4104cbac.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.052567248163298 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyOEsBdOg2HKgcaq3QYiubxnP7E4T3OF+:Y2sRdswpdMHC3QYhbxP7nbI+ |
MD5: | 206DE56D2CEB4FEFFEE812E74F8B9EB6 |
SHA1: | BC39B7BCA906003ECC56D57AFF21702A09C4A94A |
SHA-256: | E3F194C0661F722262916C49C45B1DA93490D097FF822E6EBB8933B8EDA6332A |
SHA-512: | 58FC84859A7A77A3DFD0A1D43FB9722A884276CEABC8AB9197B5506684C46E1FA5528F6C1D12B44109E959403C39BD85C6C3E1AF2068828F2FDC42A64FF86429 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.052567248163298 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyOEsBdOg2HKgcaq3QYiubxnP7E4T3OF+:Y2sRdswpdMHC3QYhbxP7nbI+ |
MD5: | 206DE56D2CEB4FEFFEE812E74F8B9EB6 |
SHA1: | BC39B7BCA906003ECC56D57AFF21702A09C4A94A |
SHA-256: | E3F194C0661F722262916C49C45B1DA93490D097FF822E6EBB8933B8EDA6332A |
SHA-512: | 58FC84859A7A77A3DFD0A1D43FB9722A884276CEABC8AB9197B5506684C46E1FA5528F6C1D12B44109E959403C39BD85C6C3E1AF2068828F2FDC42A64FF86429 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.24274960891647 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUkbgVGZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLF |
MD5: | F024D0E0D5BBA7D1104F3B7C04955840 |
SHA1: | BB704556955F344A8438A24AABE01834B5B11895 |
SHA-256: | 721696CD9A5A8EEF3B9B663485CFB57536194380A27B730097C183B64BFABE2F |
SHA-512: | 13DA908201E17F81EE2B38D9D36AA55D6594D89C5BF48DD7932CD747C9B0A363714F465ABAC1BCB90EC0DB6D9051897AF18285BB02BEF071136FA31DC8A97F39 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.153182416177477 |
Encrypted: | false |
SSDEEP: | 6:JSrcM+q2P92nKuAl9OmbzNMxIFUt8WSCJZmw+WSCcMVkwO92nKuAl9OmbzNMFLJ:JSYM+v4HAa8jFUt8WSc/+WSXMV5LHAab |
MD5: | 7FF1A7FF8620166E3093E45376033D23 |
SHA1: | 82FB52B505D89152AEB76C75F3D01A6A57357A84 |
SHA-256: | AD31A52B0DC276539441AF77578C394EE0E2EC933420FB2816BC45F118805220 |
SHA-512: | D74D4026018E30E7FBAEBCA798AA972AE5100F2C4D69D15203FCDF210C0C210EE20D81E10C05178B594DEBB63A1FCB0C81E7A7C5BBB6F33FD327AE58BBEFC9AD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.153182416177477 |
Encrypted: | false |
SSDEEP: | 6:JSrcM+q2P92nKuAl9OmbzNMxIFUt8WSCJZmw+WSCcMVkwO92nKuAl9OmbzNMFLJ:JSYM+v4HAa8jFUt8WSc/+WSXMV5LHAab |
MD5: | 7FF1A7FF8620166E3093E45376033D23 |
SHA1: | 82FB52B505D89152AEB76C75F3D01A6A57357A84 |
SHA-256: | AD31A52B0DC276539441AF77578C394EE0E2EC933420FB2816BC45F118805220 |
SHA-512: | D74D4026018E30E7FBAEBCA798AA972AE5100F2C4D69D15203FCDF210C0C210EE20D81E10C05178B594DEBB63A1FCB0C81E7A7C5BBB6F33FD327AE58BBEFC9AD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241010193010Z-234.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.6695507626220603 |
Encrypted: | false |
SSDEEP: | 96:w1oZMqX8efH1MyTDMT3M4M3qAM4MtehMM47zFiM6MMrMMx6XgMMMMM4YfI4MM1MR:3j8oA9iqzFgT |
MD5: | 2A5FB82DC4D84091D5A54BD84F2BDD95 |
SHA1: | 177FC52732540D07A53A16803482D828F7010504 |
SHA-256: | D771D7665B99334820D8878ECE4264100548ABFE314CD5DADBCD5266DA0B4B88 |
SHA-512: | 42D9085DED64F7F85F235C3866B9977F7185487F485C84A71CA87E385E90241CD94B48C16834A6835BDC0B4D7C3B239549A5C26DEFD7C41B182989E533C0467C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.293514653167849 |
Encrypted: | false |
SSDEEP: | 192:PedRBHVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:PeNci5H5FY+EUUUTTcHqFzqFP |
MD5: | DDF0FB46B0B9DF57FE54D1065AAC394B |
SHA1: | F518AD33F28A2C6C953BE25D1723CE63011A8251 |
SHA-256: | 30F14CCBEB350BB3CC4DFE02D7399C4E2E3DB99CC2C846BECA16AC79194E5926 |
SHA-512: | 0CA7509AE4E2CC4DD7FEA18C6B83AD493805737092C8FFE3769504932EBF5A54D033E55A0D0EEF2FE340C16B2A8DE7267A38438522BC570EF87FC4C5FF945253 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 2.212980696272765 |
Encrypted: | false |
SSDEEP: | 24:7+tqywKXWqLKzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9MzU:7M5XWqOmFTIF3XmHjBoGGR+jMz+Lh1 |
MD5: | 201F14C4E586D52902E4C1FC94E085A9 |
SHA1: | 40D694E9DBBC24163EF2EAB55CF9B92E04832C6B |
SHA-256: | C351847962E1968DFAEF50B876AD2B31A02A4A99C2768E9C3A260462CD5D8AC6 |
SHA-512: | 222ED40B16D476AD3847854EA3990112B8A769678CF37656CF0F3E0CBCD4F8DF03AF78E0CE564449E508D633840674DE228FC3DA1631E009703B4E2C2FB60CA6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | 3:kkFklgI+bNllltfllXlE/HT8kFlZNNX8RolJuRdxLlGB9lQRYwpDdt:kK5I+l/eT8ul3NMa8RdWBwRd |
MD5: | 0A779A9FDC6536261D43FFB2E3594830 |
SHA1: | F72FDC62962D2E2DFD4707671363A817387201F5 |
SHA-256: | 8FD05A64FACE4E64A04E3A62B60201AEF5648D38F381D983937E13B076FD01FC |
SHA-512: | 20DB9538848D3B18D6DA07617F737D61A64DE5B9F707BB5755A5B42D7E53451B393850A8C0BA8C1B5CB637895EBEC5D37379E3C5C8474FAB1E0AB12501992647 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.370945956790068 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJM3g98kUwPeUkwRe9:YvXKXKUkYUYpW7pJZGMbLUkee9 |
MD5: | 6321CE2C13AE2F2EFFDA12DDA198CB94 |
SHA1: | 899D6F0894C306B7144D9A9450CEFD2434A5E598 |
SHA-256: | 44CDF5A85B2B1ADA7A8576FB08BFB4493CF1078E7EB823A80F35104E2BE81B56 |
SHA-512: | DA3A70B99AE51FC6031BEEF2036B515BE5C35B3B7C2D230CD2BF763552D933B06589F2F3E588CB3F6C26EC5462F5B5181A3939A1E82BF9C3C6E988752CC6B9B6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.308878318572079 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJfBoTfXpnrPeUkwRe9:YvXKXKUkYUYpW7pJZGWTfXcUkee9 |
MD5: | F044E92F0850C9F1E4F011D79CF0D771 |
SHA1: | 57D917D7A5BDF48C5B920CADAA5F985DD8BF47DC |
SHA-256: | F81CC6266B97398600645E5C817E4AA288785066F0FA33A770B57540DE9DC4F7 |
SHA-512: | 1E85E5B4062D399A7923CD61FAC57B5B88A2EBEAE9ACF7338E5169869AA679BD933D90F56F5C06F326A3CA645AEF2D92B5C4115C1605371B19F58D869CAAF04B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2883648877094815 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJfBD2G6UpnrPeUkwRe9:YvXKXKUkYUYpW7pJZGR22cUkee9 |
MD5: | 033A290A8F8B0EB04A5EE534CD757AC1 |
SHA1: | 92221C47C129320CAECD940864D1E3057A84275C |
SHA-256: | FC836A672F07F4E5D351FD697D6C8CEEB4D85730DE368B2AAB5BD479F66F4C3D |
SHA-512: | D628A1F428005C09203717C6B0BF5CBD41D2D381652EEACEB221A87B52D73E9591F99B6BB5FF92BC843FDA183922FF20A573F5A51252CC01FAEFFC9C7FCAE334 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.350104889548316 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJfPmwrPeUkwRe9:YvXKXKUkYUYpW7pJZGH56Ukee9 |
MD5: | 041EFFD4D9232B5B4FA9BA89817C8621 |
SHA1: | E7985689271978C33DC4DA9A11870E036058C01D |
SHA-256: | 9E734B43C03570CA0EC78D77B9276795033D01D58338E251A226C7C268FC6D8D |
SHA-512: | DCE5DA749E33785E9BD0FAEEC662DC695C8D110A69F499119A2B85F07028E4727BF0C8FD6A20D4482B0FBF21CAAED39282391BE0C5778148ACB68CFB5214706C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1083 |
Entropy (8bit): | 5.681222241062549 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRipspLgE6c3UDx7nnl0RCmK8czOCY4wgSg:Yvf+hg1JaAh8cvYvFg |
MD5: | 5F47B5268AD0FD0984BC07D4FD688537 |
SHA1: | AE1DE40DAFF6A83A5942A198AC8E6B4850F0C613 |
SHA-256: | 5A436B84E69F8E8FD7381DAD5B42A893907EF4D7C62655276E6EA5734FFF160A |
SHA-512: | 2BB43660271D480F9921B755540323A244376EE790491BF552CD1A80F4619EA05A254060E8A49A4D150421C408BA586F0D9662A2EFF8C178EDCAC554334E846E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.654294683037266 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRipGVLgEF0c7sbnl0RCmK8czOCYHflEpwiV5:YvfoFg6sGAh8cvYHWpwg |
MD5: | 3C1670D7C714048472EAED662AF52EC3 |
SHA1: | 86CE41AAC2E3EAE3EBAC60D36C7C7DD41B8E093B |
SHA-256: | EF1A28FC0E7E6595335886E8F613F03FDF04054E59D982DBCB69A1FBEA61E85C |
SHA-512: | C19EF11D4310AF1B6A3C4FF9B2AE82688921F0726FEB11E6F0322E4FD0930A613AA97ACD5CA366AC5AB2B0E0E1BF8E3A4B5A201014CDD191DAEA4F27E7E379BA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.295751439126137 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJfQ1rPeUkwRe9:YvXKXKUkYUYpW7pJZGY16Ukee9 |
MD5: | 5C6F70ADB8CA597626D3810E6D271B8B |
SHA1: | D55B0AC69DE01A08E0B6D7D71076281B0B871015 |
SHA-256: | 6B2E10D052D3CE4EEAB5B59F17A6E590361CEF225AA1312B8A2A9955879B5FEF |
SHA-512: | 3D603594818A363DB32DA439259D28FBB7F9A1A6236CCF28C485EEB99DE6034BA8F1FE355004BE3DD0536BAEDBC166EE8A48B3E99830BFF6406420A9DAE3896C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1062 |
Entropy (8bit): | 5.6906592935580225 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRipz2LgE4cq/S70nl0RCmK8czOCAPtciGSg:Yvftog9ohAh8cvA3g |
MD5: | B20C7118FFA2756A32EF5011C5E98522 |
SHA1: | 61624BB403693B605C4FB753637BE59A05E4AAD8 |
SHA-256: | 7AACE0B6EC460635049FB77F07A8E3D468742C22AC00F20E3CE2A22972B24636 |
SHA-512: | B710A2F98E94B8FC73A3C5BC4FD4D411C8033E6FEF7801936C679BB7BFA6A20F5005A7DA86447814725A74A50F0999D8752C8261EB8CBD1003832BAF849EB70A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.704458819870214 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRip/KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK55:YvfFEgqprtrS5OZjSlwTmAfSKP |
MD5: | 77AA407A0A5780E65AA3477B750A1766 |
SHA1: | 4195A4B1047861D446A22981857E0F4FB479AFA5 |
SHA-256: | 905ADEB1A41AABCC10BB0CCD8BABE82AEFBF3389FC39BE6120B86B27AFEF667F |
SHA-512: | 5AFDA2A123D9883B672F2BCF3D8DDD1E74C4E801C36AFAAB175EAAA41AF0DECE67B3ACF13F0F9E56C1AA5E8BD7EB16A68B21E387A12A8D5198FC8CB39BC90C2A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.302285405227218 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJfYdPeUkwRe9:YvXKXKUkYUYpW7pJZGg8Ukee9 |
MD5: | 0C3D96949EC5A965DDD7910AA476A166 |
SHA1: | D66C92039F10EAE0708F5C2B4ABD8837E18F9AE9 |
SHA-256: | B7BD66D0CBF9BE5E9C4910A23752B27AE678139C2558CF0F01C9B5A330888100 |
SHA-512: | F87B5B7A7C9096820F013C0D5F1B7AE88F1C89D85888E37CF8DD45992F05DA03F4692493930247D65D8C97A9293BEE8EBBD29A5FB34CE81E8556AC8FC0F79267 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.779267806143197 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRipCrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNB:Yvf4HgDv3W2aYQfgB5OUupHrQ9FJP |
MD5: | 260880A66A0F31A418E72A919EBE0A06 |
SHA1: | 69968F8640953DEE71E71C4C3CFC0C77CBC89DA6 |
SHA-256: | A94E278B39E0197D2C5A507D65F784C8DF7962A0EA3EEE9FBED34F53951C695A |
SHA-512: | 27F7E2ACEED04BB0E1BCA3415B5D4E14DE633E9BA6213D35F5058715BE3BC3D29DB9560791032D2FF674CDE98FFFD1EADF994DD1ED9A9100B96E799F1E4A5860 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.285816795648661 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJfbPtdPeUkwRe9:YvXKXKUkYUYpW7pJZGDV8Ukee9 |
MD5: | C26DE12A99D90E35BA4B2F1E36F894D0 |
SHA1: | 401BD62F93AA9EDA8E22D09D2D7BEEC280FE4BE9 |
SHA-256: | 4309780F6C3FE324806B390808AEB840BF54867828F8C815CD0036F22C14525E |
SHA-512: | F478A721D285030923057623553822A4C7DFA85069FAC6152E89E82A0F60078BDF2AC8D5958A53E1F805D0A7CAC2F625607020D06D5AD46552FEE92DCE3356EF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.2868718982629055 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJf21rPeUkwRe9:YvXKXKUkYUYpW7pJZG+16Ukee9 |
MD5: | FBBE75747F76901B02F1823B3CCDB307 |
SHA1: | B882946A79A3F06BC8BC5246D4786EC8E42673E2 |
SHA-256: | BC44AC7FC45733DAE29DE3310EBBBF0231A7B30B24596F370CB048D3DB3C0460 |
SHA-512: | 5C0B7BC7D64C20D2DA777A7A19B6845F709DE5531027A906EC48509426ACB890C395C0C0F31662029ACE32E9F96EF53653460D43D139EE41AFFBD73A6BBD32B7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1082 |
Entropy (8bit): | 5.687126299250898 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRipYamXayLgE7c9O47Naqnl0RCmK8czOC+w2E+tg8GSg:Yvf8BgZNOAh8cv+NKMg |
MD5: | AECDA41EB120429E3540CFB23BA18315 |
SHA1: | 56C4440FB7EA35CCBCF8A357442A77F2F607CBDC |
SHA-256: | F6A8854DFF09A16D03E0543900F125A791C32DCA7682BA82FC1EF3BE60C54CBC |
SHA-512: | F64790F2AD89D22534DA1C507B73AA75B6D3EBF20B43685FD6A13E63AD53FE0B57A395702B7F3A4FA0036B45F39B523EEC23F2F7775F93F8B7360DBA89567B8A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.261300246510031 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJfshHHrPeUkwRe9:YvXKXKUkYUYpW7pJZGUUUkee9 |
MD5: | 400AA84DC9260E514D20ECDEFFE46F75 |
SHA1: | 112B71DCF55B731A941841E243D2E360AF582E0C |
SHA-256: | 0AD24DDCC8740E1E9797DF06A0E76BBA03651A4570A8CB8412C86CECEC4319B7 |
SHA-512: | 87A07A4C32C2F2922CB337A5866B1CA522991F0CF08352A32B0349F416CD160FE62E87F990F09DD10D5161637E0CA53D07332A48A58EC7FB27D71CE4F0ACEA4F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.371625648294804 |
Encrypted: | false |
SSDEEP: | 12:YvXKXKUkYUYpW7pJZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWAkr:Yv6XRipn168CgEXX5kcIfANhg |
MD5: | C8E42C816EB53C5B810BEB1F2DA960D5 |
SHA1: | 3F6B7F7BA22DAF0EEEFD7741499F452EC37EB5CF |
SHA-256: | 4A314B39D9E29AD7516FA24BF729CE46ADB7B4C928E9F42B77482CF53EB05D8F |
SHA-512: | 687BE6BC0EA3B69A919DA0AAFB0BAAEB32AA189D0099D9BB46D966F6E2E648E4E1DE0A93723F63E43C00FBA13DA4BE36B4F7317A503312B772B5B07D4A7DF0BC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.122023843096026 |
Encrypted: | false |
SSDEEP: | 24:Yi2nd2lCsa6aymUBPWECHGUICwDWCVr5KOVurWvS5AC93Xuj2q12LSx7mpQe/jxq:YEnosVW8KIAP9HM9v+QeLxr+b |
MD5: | 91216150794E3CC852C18CC4422AD0E7 |
SHA1: | 4A898A90F767D3311EA026B52EBFA5C4019CD3BB |
SHA-256: | B118DD65C30BD6E223EAF19A2290D02AAF5BCF35913076BF751F03C10FA12ABE |
SHA-512: | DDA445B3AAA5F4D14A02B367DFAEF2BDB4FB8F2D7A2704C21A20EB4EF48B1D60EFF9D9C19622664815938550F3B090247872311B278F4435477FBB98390E4AA8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9990849935223676 |
Encrypted: | false |
SSDEEP: | 24:TLKufx/XYKQvGJF7urs1//1RZKCs/Dt9Ej9N6j9sGj9Naj9sMj9Qoj9Qbj9dj9sZ:TGufl2GL7msHtOANWRN2sgdEHS |
MD5: | F01A0318A23FD63E8F470CE122B9DC35 |
SHA1: | AE674AF05D5DBE331AEE8F4A24A8FBEA1E4B4D81 |
SHA-256: | EECBBAB6BF99E6B4B08DE0209A14973DB97144E792CF2AD8F920049F7D836132 |
SHA-512: | 1616220675595E24EC2B1800B99F7E1950C04F79C60821E63754037806D9132E17E1AC7375FA6AA849BC1A298D7DCC5539C8C708AA8A7D5CA3FDA86D78E0973B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.360620564552382 |
Encrypted: | false |
SSDEEP: | 24:7+tg1RZKCs/Ds/SRj9sGj9Naj9sMj9Qoj9Qbj9dj9scqLhx/XYKQvGJF7ursB:7MYtOVrRN2sgdEHJqFl2GL7msB |
MD5: | 99B5AB9E0B9E58D37EDF76F9A911ADFE |
SHA1: | 3AD488DEE14F2C6D4DBA50A4C40BBA38C5CB592E |
SHA-256: | E2F82CED1BEC567A0507913D99194BA760981928B953FBEF289DE15D088A84D2 |
SHA-512: | CC79237933EB46DEC94413B5CCC7EE0704A94FA4422FE21FE85FA32BFC44EFAA3A2BBE3D0FE5FE4BD5D266BA663963603ADCEEC2550905C7A4CF48357ED7E6EA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5085442896850614 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ErOqTdb:Qw946cPbiOxDlbYnuRKL |
MD5: | BF506D7C61B1AEDAE89BB9C8B7027DF4 |
SHA1: | 06A0D608D5DADA1FA087650786180980DA494147 |
SHA-256: | E4A635C1237AE07A3558BEFE61A670D2011BFF0B5EDF1D37F1FA3E8CA99C0D87 |
SHA-512: | BB392569546D40F4780417FDDAE9383DA2822DC5E7AAF030254B5234F02025DDC035E2D49B306BFBDD6B8E2AB195FD5BC6768173B044CD733FDD3CC28A627A2B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.003138901393333 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROODpmdUpm9LCSyAAO:IngVMre9T0HQIDmy9g06JXlpOLlX |
MD5: | A53174CB91464AD3BDBEA88D491559E6 |
SHA1: | 98BB26A565CE1FAA26A6DDC38EA7F5019B9913A1 |
SHA-256: | 0A4A80AF46376B4BE05F329128699E5090C73FEA8FA6191348C9195DD55352CA |
SHA-512: | 5C52FB20CD27F4B38114F90578647E1181E662D89BCB5C0834ACE16C7E355BE3983E2CBA0790D86F756928C3113EADC4F1823BC2B09A54130832DBCAB80D1B40 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.079257591508179 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOetXrdtXrgyLCSyAAO:IngVMre9T0HQIDmy9g06JXutXrdtXrJR |
MD5: | A681F66632CF4BB7B45FE3439C75F875 |
SHA1: | 6C4262DF19C02E765DF18B0087508328CBBC118A |
SHA-256: | AB521BE3E67CCA539E4D6D0789EEB23777B77C95F92D5465B60C28DDDCF5BEF5 |
SHA-512: | CE5E108F9A4AD39DD4E3A4902941D2D24FB91B77DF6B9048FE042BEAD3D6BAFCF326F377F7887D18A712F6EACBCC67348DC3A7F2951DC7F5C91B0F536D9B6121 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.034363725413332 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOUP2TU7vRv/P2TU70bCCSyAAO:IngVMre9T0HQIDmy9g06JXEuTU7vR3uQ |
MD5: | C534DB04AF2E087C36A1CB4520558F39 |
SHA1: | 7ADFD8FCCD9292F26B6475621866D5630F677147 |
SHA-256: | 1AE17AA6D44A97B5CB93C89E8FEC71442B37AE1EA99774F99E0BD844832858A0 |
SHA-512: | 3B3C88A316FFD3F12E4758C86F05F1E59F232EE9E48795D9EB23C521AA3FF29C361EEC8E848EFEDAD4481AEFD346ED1DF0B5A2D5A772FFCD713093F5B956F096 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 15-30-09-160.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.334712821535474 |
Encrypted: | false |
SSDEEP: | 384:NGaXyur6LvsE5qUT7ualejyaNmq03W2HDsPlLTVb1Tnl3MBguXSGGbGrOImkbsUv:OtD |
MD5: | E647E9FF76CABE7B389A275952795F88 |
SHA1: | 8A1D60143CC5B088982924B5FF6796173150F18A |
SHA-256: | 98FAF10EDC1EDF6443963917205CF121629C53361CC0721B577082F5287A969A |
SHA-512: | FD113529DBABB1686028A35B4C1EC8C6B17BFE5C35E981689CD6C62E6CF479F0F89A8F82D9C14D3316FA4845DE01DDB3FBFD2940B658AA86D1E146F9CCC5999A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.393256087004157 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbg:vc |
MD5: | 210F19A6543982A0B8BC64F348A8F310 |
SHA1: | 9F1F5A9FFDDACFE62B913D5D094EE427143ADA88 |
SHA-256: | 3506E7B7AA33F75558280C946FE9D60108C6718A3A8ABD4D996F282A95D01237 |
SHA-512: | 5A958CADCCE7DB9D0D808112818136183566DC2434C3FB31968F90ED622583C0413CF220F192E5D44BEC24ED9491CDF05906B78D0502EBD0445B40E6E068271D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/M7oMOWLaGZ4ZwYIGNP8dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RVWLaGZ4ZwZGm3mlind9i4ufFXpAXkru |
MD5: | E787F9888A1628BE8234F19E8EE26D68 |
SHA1: | 44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5 |
SHA-256: | 3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80 |
SHA-512: | EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.66829583405449 |
Encrypted: | false |
SSDEEP: | 3:So6FwHn:So6FwHn |
MD5: | DD4A3BD8B9FF61628346391EA9987E1D |
SHA1: | 474076C122CACAAF112469FC62976BB69187AA2B |
SHA-256: | 7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486 |
SHA-512: | FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98682 |
Entropy (8bit): | 6.445287254681573 |
Encrypted: | false |
SSDEEP: | 1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L |
MD5: | 7113425405A05E110DC458BBF93F608A |
SHA1: | 88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF |
SHA-256: | 7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46 |
SHA-512: | 6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 737 |
Entropy (8bit): | 7.501268097735403 |
Encrypted: | false |
SSDEEP: | 12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa |
MD5: | 5274D23C3AB7C3D5A4F3F86D4249A545 |
SHA1: | 8A3778F5083169B281B610F2036E79AEA3020192 |
SHA-256: | 8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97 |
SHA-512: | FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14456 |
Entropy (8bit): | 4.2098179599164975 |
Encrypted: | false |
SSDEEP: | 192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ |
MD5: | 32FCA302C8B872738373D7CCB1E75FD4 |
SHA1: | DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1 |
SHA-256: | CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6 |
SHA-512: | 57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.894578259073223 |
TrID: |
|
File name: | W9.pdf |
File size: | 219'004 bytes |
MD5: | 585bda4766885da586b18675b74c1eef |
SHA1: | 38eaef40ad8ff7788cc6aabd5f1ae55806e2b622 |
SHA256: | 3068b530b08cc4a0607eecc7f2d1e027c9a4097bdc09fc2a2d4f70c0f7b031cf |
SHA512: | 4da110d2d6016a3ea53f9ad8bcb03fcbc050c9a8dfabef67a342b10fc985fbeb450bb9e3afc539f7c9c5250e1e7ae786feaa08f800ffab622fbcf9a583d1e9e8 |
SSDEEP: | 3072:tTFlQDm7JoYSXqON+OGRyyswW610hUascmQh2h7nU/SQqwCfhfzB5OqcS5qcc:tT8Dm72tXHN4a66i93Qh6HQMhrdRsB |
TLSH: | 8324E068A61A9C4DDC96C1B2E00CE5D78F9CC1B7361C74811C2C8A5B198AE41F6BB7DF |
File Content Preview: | %PDF-1.7.%......1 0 obj.<</AcroForm 2 0 R /Extensions <</ADBE <</BaseVersion /1.7 /ExtensionLevel 11 >> >> /Lang 3 0 R /MarkInfo <</Marked true >> /Metadata 4 0 R /Names 5 0 R /Pages 6 0 R /Perms 7 0 R /StructTreeRoot 8 0 R /Type /Catalog /ViewerPreferenc |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.894578 |
Total Bytes: | 219004 |
Stream Entropy: | 7.996203 |
Stream Bytes: | 181737 |
Entropy outside Streams: | 5.929623 |
Bytes outside Streams: | 37267 |
Number of EOF found: | 3 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 184 |
endobj | 184 |
stream | 100 |
endstream | 100 |
xref | 0 |
trailer | 0 |
startxref | 3 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 16 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 7 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:30:02 |
Start date: | 10/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:30:06 |
Start date: | 10/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 15:30:06 |
Start date: | 10/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |