Windows
Analysis Report
19194R21.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7320 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\1 9194R21.pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7584 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7868 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 32 --field -trial-han dle=1512,i ,921902697 7050960623 ,122369952 6197475043 0,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
96.7.168.138 | unknown | United States | 262589 | INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1537087 |
Start date and time: | 2024-10-18 14:58:22 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 30s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 19194R21.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/47@2/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 2.19.126.143, 2.19.126.149, 184.28.88.176, 162.159.61.3, 172.64.41.3, 52.5.13.197, 23.22.254.206, 52.202.204.11, 54.227.187.23, 2.23.197.184
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: 19194R21.pdf
Time | Type | Description |
---|---|---|
08:59:46 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: claude-3-haiku-20240307 | ```json { "contains_trigger_text": true, "trigger_text": "VIEW SHARED FILE", "prominent_button_name": "VIEW SHARED FILE", "text_input_field_labels": [ "Email Address" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false } |
URL: PDF document Model: claude-3-haiku-20240307 | ```json { "brands": [ "BELO CORP." ] } |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
96.7.168.138 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher, Mamba2FA | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HtmlDropper | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher, Mamba2FA | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.225033492193055 |
Encrypted: | false |
SSDEEP: | 6:DcG/yq2Pwkn2nKuAl9OmbnIFUt8qcA1Zmw+qcWRkwOwkn2nKuAl9OmbjLJ:A9vYfHAahFUt8nA1/+nC5JfHAaSJ |
MD5: | 8DDDC5B641870234B3C5E6E6B8982781 |
SHA1: | 706BCB6C7A67138F4AC6A1FA6D22946758AA8750 |
SHA-256: | EA1C299EC1D663BFE961043465EDA7387C54BE477B3BA913D20856364A4C629A |
SHA-512: | 40C7BFD337C70551A88150FE983BD0D96ABDDD235A35276D0664C3D401D3740447BF63657B3CEDE2E39F2EA49DA074C9D7F65B513E0A99A84B462C7F3CB7768C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.225033492193055 |
Encrypted: | false |
SSDEEP: | 6:DcG/yq2Pwkn2nKuAl9OmbnIFUt8qcA1Zmw+qcWRkwOwkn2nKuAl9OmbjLJ:A9vYfHAahFUt8nA1/+nC5JfHAaSJ |
MD5: | 8DDDC5B641870234B3C5E6E6B8982781 |
SHA1: | 706BCB6C7A67138F4AC6A1FA6D22946758AA8750 |
SHA-256: | EA1C299EC1D663BFE961043465EDA7387C54BE477B3BA913D20856364A4C629A |
SHA-512: | 40C7BFD337C70551A88150FE983BD0D96ABDDD235A35276D0664C3D401D3740447BF63657B3CEDE2E39F2EA49DA074C9D7F65B513E0A99A84B462C7F3CB7768C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.168051083695223 |
Encrypted: | false |
SSDEEP: | 6:DcNhq2Pwkn2nKuAl9Ombzo2jMGIFUt8qcKHZmw+qcKVkwOwkn2nKuAl9Ombzo2jz:ATvYfHAa8uFUt8nA/+no5JfHAa8RJ |
MD5: | C9DB19B3A317D9B823963C2DF0766E8F |
SHA1: | 5845FB34D7A37027159B9B42D90329D736F183B1 |
SHA-256: | 6A149EEA0AB1AA4D4AA615891A4B4AD4BB192C97A6D1679BAEF088DBEEBD9B50 |
SHA-512: | 16E56BA6CD9CD4D8A035E892D6BE36AA95FB95FEC7938399818B14E3E7B80A72A00D5633E4D77822C1A4841F112E41553287DE2849A5810AE871E3E592B348FA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.168051083695223 |
Encrypted: | false |
SSDEEP: | 6:DcNhq2Pwkn2nKuAl9Ombzo2jMGIFUt8qcKHZmw+qcKVkwOwkn2nKuAl9Ombzo2jz:ATvYfHAa8uFUt8nA/+no5JfHAa8RJ |
MD5: | C9DB19B3A317D9B823963C2DF0766E8F |
SHA1: | 5845FB34D7A37027159B9B42D90329D736F183B1 |
SHA-256: | 6A149EEA0AB1AA4D4AA615891A4B4AD4BB192C97A6D1679BAEF088DBEEBD9B50 |
SHA-512: | 16E56BA6CD9CD4D8A035E892D6BE36AA95FB95FEC7938399818B14E3E7B80A72A00D5633E4D77822C1A4841F112E41553287DE2849A5810AE871E3E592B348FA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0d3a2e0e-00be-4ab9-8c4d-911b283c5c29.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.962073186358444 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyMsBdOg2H4caq3QYiubInP7E4TX:Y2sRdsfdMHz3QYhbG7n7 |
MD5: | A50A6B390A2DAFCD6C666858609A1A45 |
SHA1: | 1C32C12FCB4D00670B44206BA9299EC9ED24B122 |
SHA-256: | C55B1E2A56118D51D78463AF6730AC917476B79DA0762FBBCD34880F78B021B2 |
SHA-512: | 45149C25EC51023792A013EDDE3D9F24980081B8D291C8FCF5521B30E477A129738FF2619CED751D98EC558B66259A27A8675969CC5261196C1D37608F4F1975 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\197d76c8-46ce-46fe-a98e-54bf323e784f.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.967403857886107 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7 |
MD5: | B7761633048D74E3C02F61AD04E00147 |
SHA1: | 72A2D446DF757BAEA2C7A58C050925976E4C9372 |
SHA-256: | 1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67 |
SHA-512: | 397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.967403857886107 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7 |
MD5: | B7761633048D74E3C02F61AD04E00147 |
SHA1: | 72A2D446DF757BAEA2C7A58C050925976E4C9372 |
SHA-256: | 1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67 |
SHA-512: | 397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF688a73.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.967403857886107 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7 |
MD5: | B7761633048D74E3C02F61AD04E00147 |
SHA1: | 72A2D446DF757BAEA2C7A58C050925976E4C9372 |
SHA-256: | 1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67 |
SHA-512: | 397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.247964544859148 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo70Dz6Z:etJCV4FiN/jTN/2r8Mta02fEhgO73gof |
MD5: | F357733CB87E43EB5EDD15E1BED82768 |
SHA1: | 7DF0D526D559F673BC05555B0990F8C063EAC4F1 |
SHA-256: | 40F3A284BA6AB549FE9E3BDF1BFE4EDB398BEED4E6B05E5039E504A82839E54C |
SHA-512: | 498F45824DBCA76DBBC98FF71C9CF341B2C07474AA078E19486CC7A6A9AFE738003B885826DB44113CC48199413E3D2A6647FF055A07EC96CAEC91245936C75C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.197254727993156 |
Encrypted: | false |
SSDEEP: | 6:DcCSdq2Pwkn2nKuAl9OmbzNMxIFUt8qcePZmw+qctfkwOwkn2nKuAl9OmbzNMFLJ:AfvYfHAa8jFUt8nk/+n95JfHAa84J |
MD5: | 8FFEC474FD68612630E942B942637102 |
SHA1: | 2082C6C26980C1EAC16C5B3AE4D235C02DFBEE45 |
SHA-256: | 399A2B3FEB974BD15A6F3BA4BB22BE1BEBC57DA85A8CBC1412E9A0DF714CE6B3 |
SHA-512: | 032BD1445C7BE900F431F00609EBFD7833D18B50594E0F208999C77222D482DDC991040EDD9BCD76A65CDE696F750857D91FE2F89A6421645A06791685EEBC56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.197254727993156 |
Encrypted: | false |
SSDEEP: | 6:DcCSdq2Pwkn2nKuAl9OmbzNMxIFUt8qcePZmw+qctfkwOwkn2nKuAl9OmbzNMFLJ:AfvYfHAa8jFUt8nk/+n95JfHAa84J |
MD5: | 8FFEC474FD68612630E942B942637102 |
SHA1: | 2082C6C26980C1EAC16C5B3AE4D235C02DFBEE45 |
SHA-256: | 399A2B3FEB974BD15A6F3BA4BB22BE1BEBC57DA85A8CBC1412E9A0DF714CE6B3 |
SHA-512: | 032BD1445C7BE900F431F00609EBFD7833D18B50594E0F208999C77222D482DDC991040EDD9BCD76A65CDE696F750857D91FE2F89A6421645A06791685EEBC56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241018125940Z-178.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 0.9157690851560711 |
Encrypted: | false |
SSDEEP: | 96:sXMotD+Y4B8MJLscU6JUbM5nveNMVHWQt/MAcBZ/3DloaFAivfh:wdneLHiv3nT |
MD5: | 3CD6CF8C3F33E012CCDF668401ADF719 |
SHA1: | 7D0E921FCAE594324CA5A36B59875F042FEFC846 |
SHA-256: | 702A1FB8F0D4A8D156CD4E848347AA888C0102BD75BF6FA77B85936B340D76FD |
SHA-512: | 758DAF2121BFB79A0AEEE1373E5720F24CAD8D915AEF72C7E5F87F247AD737396CE97446D777D4AB064DD7107793EDE2D28A21C7AFDB45568667DA1800897237 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445273891175217 |
Encrypted: | false |
SSDEEP: | 384:yezci5tGiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rJs3OazzU89UTTgUL |
MD5: | 81280038E78AE3A5F8FCE58392A73F5A |
SHA1: | 8253FD50E538967D33F69E367E8C9299CD920B46 |
SHA-256: | 87FCD54A22B0C18F28660CCB9A0A2479F8FD61DC5657C6FBD73CEE2A62590FCD |
SHA-512: | 1CF6620945E750A386077D03D68C6B7E47ECF24809AAB218A4C4F740A8F61AC12C97B1B28398F827EB61556ECAC36BBCB7C5D5A78E10B2EBBD634492788B78A7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7759334753092593 |
Encrypted: | false |
SSDEEP: | 48:7Mkp/E2ioyV/ioy9oWoy1Cwoy17KOioy1noy1AYoy1Wioy1hioybioyToy1noy1j:7Ppju/F6XKQedb9IVXEBodRBkB |
MD5: | 9DB5E5AF90C3DFCF22B9FAAEA0FDB184 |
SHA1: | B81C487052C7786C26DDD90A634CA51CFF2E358E |
SHA-256: | CC5034D2CBFD6F126B7C6720FF6D755B4E6C63D08AC4FDA7B2F32A672DC789B7 |
SHA-512: | 0AC9C64A99060BA6EE06CCC8B8E71CBDCA128C9983028CDAEB3DC9F786A4943800DB9F00890378C78F79F3D5290C9BF79205BC32E7451E737B799F7201ADD399 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7647458239154146 |
Encrypted: | false |
SSDEEP: | 3:kkFklpoeRlfllXlE/HT8kJhlXNNX8RolJuRdxLlGB9lQRYwpDdt:kKdeRmT8oldNMa8RdWBwRd |
MD5: | D46B682C43A0CB61DA4379F5BB33115C |
SHA1: | 04F8200C856D05E2510F2D108E327643DEC0A297 |
SHA-256: | 49EADB724C7ABD30DAF8344CDDEBBA7A9375A7B41865D4BCD643AEE0243CB7E1 |
SHA-512: | ECCE0518C1627BC71D322B3A0C0E919012A354038040E905A414D29C4F0F421D50EF71B926D1F66DF860695165FD107ABDD76D2DD9C7F50F7C827653E8B2966B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.373225996260062 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJM3g98kUwPeUkwRe9:YvXKXHIBEZc0v35GMbLUkee9 |
MD5: | 049FC53AC45EFDBDAB18B4FBA8D50124 |
SHA1: | D8CBE5DCBD28BB936EAB819243002AA89F96B78D |
SHA-256: | 591D14A7EEE55359B102C0924339EA9DB352408E9F284C94DF70F21721342F5E |
SHA-512: | 5D7E62391574C5A567A6E16035E36C1072379543621D282EF2B187066F6EBA8653EB06212CD05406A116D7286C495ABE442177E292F25314C8059600D7E689FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.326295518389564 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJfBoTfXpnrPeUkwRe9:YvXKXHIBEZc0v35GWTfXcUkee9 |
MD5: | FAEC0ADCF6925CFE85F97EAE88B5F116 |
SHA1: | 8B65C0DA0D5F5559AE1EB4C2ECE58FF4074E5702 |
SHA-256: | 0C845B3243122010E33719D94C18A5914E19AF26A3B7760B11F55C2FB528F2BB |
SHA-512: | D242E688D5CB7F01E2DCB086756CD667A3EA4F5EF56A8F983895EB97DD18EB2E8ADE13D9A9989F9466372301498C491D1EC214DC9638855A865758998FF5AB2B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.305186371000321 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJfBD2G6UpnrPeUkwRe9:YvXKXHIBEZc0v35GR22cUkee9 |
MD5: | 24FABD34351493BB86BE1944B189B18A |
SHA1: | 321E3CDC104074A9C74DF0749AFAB78D6184B2C8 |
SHA-256: | 54904FE3C524E3CD0238EE1E9A794029932B8C4719D577A0FB1F72FC4E8A2EC1 |
SHA-512: | F8C3C389AC9D982E03BA92A22E4A812DA2DC245346A6EA1104B5F2512A2C3222810AAFF4440E171392E21E1F8E65D916B1E3E6D341D9D8805638AB22F112B5F3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.360582558944445 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJfPmwrPeUkwRe9:YvXKXHIBEZc0v35GH56Ukee9 |
MD5: | A91635271B6742D44D36481DEF55555C |
SHA1: | D6555092830CAD4EFED19C00C40413920AF267C9 |
SHA-256: | 28FCA95838DBCBA1015D2C56FFFED8384FEAD5EE5F56A9456FAD56FE1E1DCBF2 |
SHA-512: | 87C94B87FEB95FE1F80DA174F008FF28D868B9A416B6CE58FA89A284AEC42886932E420F9073EE8E7017FB49349CFDDA97BE8F6C05B76F9D10C47FB2A1F6BBBE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1055 |
Entropy (8bit): | 5.66523935747723 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8EzvOpLgEscLf7nnl0RCmK8czOCCSH1:YvcGhgGzaAh8cv/V |
MD5: | 1F9433BE13503B5E89E3D1E5BAE0A6B1 |
SHA1: | F3B5E20ED76CA5965D062A3C7453B1721908C821 |
SHA-256: | 2D4D939DEE923E2EAFDBFF7B88401AABAD45962CA86D83421EF865729FAEA2FF |
SHA-512: | 9584503DA375725C5BC3EA3EF1CF33D6235EFF7361F1D4627E7C700DB881FB096120D2B6E9FB2BC3153973DA47F338169E53FA08BCD7ED315E321369CAAAFDD3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.655830016996937 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8EzvYVLgEF0c7sbnl0RCmK8czOCYHflEpwiVu1:YvcwFg6sGAh8cvYHWpwV |
MD5: | 6E64C1DF83C7E79716F32A4CC282CC45 |
SHA1: | D3054478F5E61982EA7368832D38BA4509EDA2BD |
SHA-256: | E87B9BF3BEAA4D22DD35A72CE3B9BD807B58A94470D446048AF4494B20C3FB93 |
SHA-512: | A159689E17201A3C36E2C7F3A98FA1CDCF993F6DD4372BD16686FBA6DA7D8FA94353533A50E3C1C75884D84F135979F6CB8FB540AD25D0ACE2CE3A82BA75B772 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.313416600226047 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJfQ1rPeUkwRe9:YvXKXHIBEZc0v35GY16Ukee9 |
MD5: | 640FCF677B3F8E5D79EF4059B8FB6D4A |
SHA1: | B9DDAB6648265E13A5CEAA3F47E79FF5708F8409 |
SHA-256: | 4D81FEA48BBF75EB28B7A9A8FDC52BB5291D6B18080274C7A81DB4F9A675FA55 |
SHA-512: | D7CD559F12DFA6EE5756960EB7C1B1E7ECD5B71CB8DC654A3E53A256C9B94DC9902DE7FE9E74F7283A21AFB2E9B9B629C1DE70BAB388FE541EBA4D5312939B5C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.648837322083477 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8Ezvd2LgEF7cciAXs0nl0RCmK8czOCAPtciBu1:YvcVogc8hAh8cvAW |
MD5: | 2188D04E7B85C52A9039E01D839B7406 |
SHA1: | F7773410A4BB4298145582409C2BE311EBCD93B3 |
SHA-256: | 264250F82CCF0EEA1F71F20F194BC5C2098A0622C868BB45899705A15A9ECEDC |
SHA-512: | 7467548655AFB3ADFF3A414010A1FCD4ED45A8D7F5F2BF3EE1ADB49814BE2262558AFDCF164EDFB9515FAB73DF16FD7601FC0C435B934BFBE1F9DD736126202E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.703689693933831 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8Ezv1KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5u1:Yvc9EgqprtrS5OZjSlwTmAfSKK |
MD5: | 8B215AB762FEBFD4A428BA392D5D2949 |
SHA1: | 4681A3F26358CCA7CCBCC16E9EAFE347D927E19B |
SHA-256: | 63381F83E3E24652ADD183F2098D18FA201CCDC7823E8A75D1E369F6259BB347 |
SHA-512: | 917291391C67D2DFFF62C3D0DBF0500B7C4EF9C3D54F626158E598E06F7B6EAAB4CD3579F62E86DF804DF9AB25994C0A23ECC6C770AF1C68E136BD02563E3183 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3145557549122575 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJfYdPeUkwRe9:YvXKXHIBEZc0v35Gg8Ukee9 |
MD5: | 21D6F86281B7EB42E87BDD346C2D9AA7 |
SHA1: | CD0D06D4AE4695A99DE221CE9A72C8BC94DADFAF |
SHA-256: | FC96A5CD98514263EFA19BB79360DBF687BF6948B7228CCFE0D0AC23BBA17CEF |
SHA-512: | 8D9497044023484E208EB912FE2164C1F8B7899441329DE662C7115487B123947A8E439865FB95FD81FC628ADC313177DBA534D0955B41C3320CCFB0DCEACEDF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.779779643112842 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8EzvorLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNT:YvcAHgDv3W2aYQfgB5OUupHrQ9FJZ |
MD5: | ECE910876BD8C14C775499E919F26E84 |
SHA1: | A9E6F3987FF0DE8AA6B8A52B69DDDBE64025716F |
SHA-256: | 5CC7A1CCEF0941024510493599F65D5754B32513447871B6D0C17C6B904CB6D2 |
SHA-512: | 93B7F7CFA9B02E5CBE0E863EBC3B997A21567CD9E09477B1EAF9D099B258B124BE62F6D8FE23BB83507092797CB6558DFB8DF90CAC3FCDCB24C4554E776F9579 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.298002813033459 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJfbPtdPeUkwRe9:YvXKXHIBEZc0v35GDV8Ukee9 |
MD5: | E4D8558616841AB56989B6B2E7168149 |
SHA1: | 19EECE2E13E4F35FE22B574F02612C9B68235ECA |
SHA-256: | 144CE5EA1DE1018B0CB6F1A33577829EE0444D5A1194D8C5B087992DB090971C |
SHA-512: | E70871592EE492209523FAD8EA64CC8D38EA231EECE531000BF2706FF50BEA2FC7A0548CF5F97B022214918BEE885812691B58BBF9D38F0722A7CAD21CA94AB5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.30315160464142 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJf21rPeUkwRe9:YvXKXHIBEZc0v35G+16Ukee9 |
MD5: | 4DB5B4BE70F0CCE3C7F477956235D6BF |
SHA1: | CB268C02B71E5ED4577221EC3B041B138C2C781C |
SHA-256: | 79DCD9C9F9D1254B839CFACC7E23CA52C60A5CB9DBF8164BC460C57AC2665C9E |
SHA-512: | 43ECDD52211F2FB3AEC9F6D5B40D5975968EEDAF899C8E561FEC8B08487056A9F96887C687CFDB290A7993AF0610D3EFB0BF2296D218A2116075C22343DF28B9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 5.6354974576795245 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8EzvSamXayLgE7cMCBNaqnl0RCmK8czOC/BSH1:YvcUBgACBOAh8cvMV |
MD5: | FAB15C6E900ECED0E4B92C01CD5D2A39 |
SHA1: | C1218DEF341EDF2B1B46124E5862C2E2DB8792D8 |
SHA-256: | D19AB9CD9BD405A6E6B76F75E69E194DC6AF4E2E9ED5CD4D35DF11635F029983 |
SHA-512: | 7D466435D0280B8F02BCE08AABA33EBCF899D1D6ECC293F721A9A5D3167B1DE190FB48B728E8D89E8332C3B835FACDF35ABA410B36A2A25D25444AD0362B283B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.277935954020714 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJfshHHrPeUkwRe9:YvXKXHIBEZc0v35GUUUkee9 |
MD5: | 17F92B63D7E91A41B38B92BAFB204CAD |
SHA1: | 4440C17E441F0A648FCC30D032D301AF2E20083A |
SHA-256: | 470F5CAE659BEE6E0B9893B3CD8376CE89F6EAE8E57529A6071C8670A48F6FAD |
SHA-512: | D8C1CB4437D5BCAEF4CF1B6C65029A6A5525F32091EE19903407B566372C9EFB51AF54C6421B1F3DF7B4B58BE5DBD792DEA947AA0FF7486C22AD46F0321CAF6B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.375464193023646 |
Encrypted: | false |
SSDEEP: | 12:YvXKXHIBEZc0v35GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWy1:Yv6X8Ezvl168CgEXX5kcIfANhH1 |
MD5: | EC934FBF49F288F2E3BC0493B5F6862A |
SHA1: | 94990B24F06579573E1DB4F8380FB2B722BEE00A |
SHA-256: | 59AB0B0F1351E7A73347B815851A46A3A9BD8DC3BC9AAA9432048AFD02EC9112 |
SHA-512: | 626E78D3E6B26792D55F87CCE458FC447E0007759F6BD114E45B6F9F0A83EC2DAB42E5031D2B5B30B6E880C75628CC96DE589062088F72FDF30A6BDEF9EAF1BC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.138140230270308 |
Encrypted: | false |
SSDEEP: | 24:YW73Dbn5awqCaycduRzGQC+JDsdefzcstueSjGXj0SugAS2jV2LS4Fft5QaU9dt5:YW7fC9wXJoQfzJARGTdwVGptVU9dD |
MD5: | E088672F6ACD18F33E21E29D9DEA68C5 |
SHA1: | D6EF2673EC35EFE6EE35C87D1B0CEA42ECBF5238 |
SHA-256: | 1ECCACA38CABFF2005661111C7771FE5A81A03C018283D0B5E91147F5B469357 |
SHA-512: | 4FC4BB300236A4C91A4EE48DB83936A05D5C81E3BCC8B729D111361059129691EFD33940B7B50F15181DE59B7EF4683AA89C2960DC36D653222FD4E10059BD25 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1889249353470681 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUMVWSSvR9H9vxFGiDIAEkGVvpQVWU:lNVmswUUUUUUUUMV/+FGSItMVf |
MD5: | 20C15F159A6D21FE4938F4EFD608D365 |
SHA1: | 72B01459C95EA67D5692C8FE43CE015B9E3175FD |
SHA-256: | E0EA11293BC5DB3A354605280550E2AECC155118EBAC31B64C24590D567FE2F6 |
SHA-512: | D615397A68903577A4E04B26561BA30ED99D6025DBD80352B8BA7864F24A231B4673A87AF34A6F0970C790D2CA3015DAA1C359B546A4D6A8B0C5479992250155 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6089922104898435 |
Encrypted: | false |
SSDEEP: | 48:7MGKUUUUUUUUUUMVWAvR9H9vxFGiDIAEkGVv7qFl2GL7msW:7WUUUUUUUUUUMVTFGSIt5KVmsW |
MD5: | 2D883470CBDEC7360CF6DA1687489D5E |
SHA1: | C624D7ADB68488B87D75A5241B01065EE7F4B41C |
SHA-256: | 6D6A6B936EFB078FC72283A20E30F241CF41CEB633EF5C6E26D830764501464D |
SHA-512: | 104538D1FBA21C1B3FCF5385153531F25057C229F17BB28415F7DDDAFA17CFC7CB0D9F5DEC3CDC8476B2E363782966485A300CB7AAF93D60985DA68B9574653F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5309417490522437 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKRklcPYH:Qw946cPbiOxDlbYnuRKSLPYH |
MD5: | 3E86175935768C6CDAE8FEB17AC1C67B |
SHA1: | 4B19D4284C581758D8591F80DA6173C3246F8D05 |
SHA-256: | 6BBC0F701FCEBA0A2846A7F872113808C1F2F70C68EB5F45CD80B9CF9B08BE48 |
SHA-512: | EA07235274CFD4AB4605FB4462FEE64DA48BD94826E10A8A98ED3D41814F48C220C2BFA50AF050D58AF543C3119426B5698B867BDBEA9AD6B46A381EE649B2CA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-18 08-59-38-099.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.36861002173754 |
Encrypted: | false |
SSDEEP: | 384:qugLIuZjOBwyVRLSZCcNcuJ0A36nbpTpnpdX5sisP5Vhrurt2/EC5jjwjAhyh8Z7:WtyNNbJ1a |
MD5: | 2658CE9271EE5CD90A2B0B4098BE1196 |
SHA1: | 8FF67F4534C9B3C8C50F8B8FE042A1B787C618D9 |
SHA-256: | 5313ACA2BCE04DCD388644ECE509DCA9614B853FE700D0DED0E9D6410D304AE8 |
SHA-512: | FDC153F933C7364128D7C4533304BFEE638F283F6B989D48DF5252AEF6DF891ADA3C096A6058FC0705C3F68EE5D886FCAE57FFAB8E0A4C5322ED4CCEBFB6A1C1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.395248520548887 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r6:u |
MD5: | ED241BE29B5482DB67703C2364EC74DD |
SHA1: | 0F7E37C651ED00194A24B1E3C8096DB3C33FFC0E |
SHA-256: | 20B1D6D5668D977313156F40E1104BF546E77967758730DFD5B73066E096B010 |
SHA-512: | 299F92192CFBB61DEAC29828E56CF8A9F0D33EE6A7B33922624B6A1CE3271A6BBE81765FCA15055F8FE32EEAA8B71627F26383962FC596596D53333EB4F0EADB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.938966055185457 |
TrID: |
|
File name: | 19194R21.pdf |
File size: | 91'111 bytes |
MD5: | 8523b894e3341389e8b0f8f46d84fb3b |
SHA1: | b2c37f027bd960ebae79e32984d81a1e4b8720eb |
SHA256: | 58031f56fff1a6b777cda8244e8acad871b5c247c1ec3f7ed468baba820fbe63 |
SHA512: | 241e86ceba92f5a8a0de2ba58d563452eccadba4595745092249f33ccaddb5daa8427042e704124d81f303954832a6019f1dd61dd9540f5abb74caae251325ef |
SSDEEP: | 1536:beYpbHNlR1ExLWrIu1XHgWACwqR+wjziSv2fTxADp:beYrj1aarv3gWPbGSvkxAd |
TLSH: | B093E1349509488DF247D14596BAB269C54DF6D213CA98C1A06CFADBCCC8E2DE1E36E3 |
File Content Preview: | %PDF-1.7 .%.... .1 0 obj .<< ./Type /Catalog ./Pages 2 0 R ./PageMode /UseNone ./ViewerPreferences << ./FitWindow true ./PageLayout /SinglePage ./NonFullScreenPageMode /UseNone .>> .>> .endobj .5 0 obj .<< ./Length 1452 ./Filter [ /FlateDecode ] .>> .stre |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.938966 |
Total Bytes: | 91111 |
Stream Entropy: | 7.996944 |
Stream Bytes: | 82882 |
Entropy outside Streams: | 4.819151 |
Bytes outside Streams: | 8229 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 59 |
endobj | 59 |
stream | 16 |
endstream | 14 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 4 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 18, 2024 14:59:47.889095068 CEST | 49750 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 14:59:47.889133930 CEST | 443 | 49750 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 14:59:47.889194965 CEST | 49750 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 14:59:47.889446020 CEST | 49750 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 14:59:47.889462948 CEST | 443 | 49750 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 14:59:48.771248102 CEST | 443 | 49750 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 14:59:48.771594048 CEST | 49750 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 14:59:48.771612883 CEST | 443 | 49750 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 14:59:48.773140907 CEST | 443 | 49750 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 14:59:48.773196936 CEST | 49750 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 14:59:48.821795940 CEST | 49750 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 14:59:48.822024107 CEST | 49750 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 14:59:48.822035074 CEST | 443 | 49750 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 14:59:48.863419056 CEST | 443 | 49750 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 14:59:48.871628046 CEST | 49750 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 14:59:48.871649981 CEST | 443 | 49750 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 14:59:48.918487072 CEST | 49750 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 14:59:49.020637989 CEST | 443 | 49750 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 14:59:49.020807028 CEST | 443 | 49750 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 14:59:49.021217108 CEST | 49750 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 14:59:49.021249056 CEST | 443 | 49750 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 14:59:49.021261930 CEST | 49750 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 14:59:49.021311045 CEST | 49750 | 443 | 192.168.2.4 | 96.7.168.138 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 18, 2024 14:59:45.739506960 CEST | 60866 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 18, 2024 15:00:05.053188086 CEST | 59994 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 18, 2024 14:59:45.739506960 CEST | 192.168.2.4 | 1.1.1.1 | 0x3927 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 18, 2024 15:00:05.053188086 CEST | 192.168.2.4 | 1.1.1.1 | 0x898d | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 18, 2024 14:59:45.782659054 CEST | 1.1.1.1 | 192.168.2.4 | 0x3927 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 18, 2024 15:00:05.417702913 CEST | 1.1.1.1 | 192.168.2.4 | 0x898d | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49750 | 96.7.168.138 | 443 | 7868 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-18 12:59:48 UTC | 475 | OUT | |
2024-10-18 12:59:49 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 08:59:33 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 08:59:35 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 08:59:37 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |