Windows
Analysis Report
Einsatzwetter.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 4280 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\E insatzwett er.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6980 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 1372 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 96 --field -trial-han dle=1740,i ,136244189 1976876486 6,84213418 8678426525 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1538464 |
Start date and time: | 2024-10-21 11:07:21 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 58s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Einsatzwetter.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/37@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 18.207.85.246, 34.193.227.236, 107.22.247.231, 54.144.73.197, 162.159.61.3, 172.64.41.3, 2.23.197.184, 95.101.148.135, 199.232.210.172, 2.19.126.149, 2.19.126.143, 192.168.2.5, 23.192.223.240
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- VT rate limit hit for: Einsatzwetter.pdf
Time | Type | Description |
---|---|---|
05:08:27 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: claude-3-haiku-20240307 | ```json { "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false } |
URL: PDF document Model: claude-3-haiku-20240307 | ```json { "brands": [ "Wettermanufaktur" ] } |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.1792418663256345 |
Encrypted: | false |
SSDEEP: | 6:J9KvIq2P92nKuAl9OmbnIFUt8Y9XuiZmw+Y9XuOkwO92nKuAl9OmbjLJ:zKvIv4HAahFUt8Gt/+Gf5LHAaSJ |
MD5: | 0CE729D572668D0148564ED32C7D67AA |
SHA1: | 25013D61A26D3BA8C358B4BBD4743BCD7DA98D05 |
SHA-256: | 2892022901292A4C1FE688969FC4DF4F3CBA63F4F6A2CD9FB9CDA7B30AAA4436 |
SHA-512: | 5EA8623ED6A32032D736667750A09D4D72932576129CDA44889104754C33696B2841852C1BF13F2089DB8765314ECECC291FDD00BFA5080C18ADB538A37F5F64 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.1792418663256345 |
Encrypted: | false |
SSDEEP: | 6:J9KvIq2P92nKuAl9OmbnIFUt8Y9XuiZmw+Y9XuOkwO92nKuAl9OmbjLJ:zKvIv4HAahFUt8Gt/+Gf5LHAaSJ |
MD5: | 0CE729D572668D0148564ED32C7D67AA |
SHA1: | 25013D61A26D3BA8C358B4BBD4743BCD7DA98D05 |
SHA-256: | 2892022901292A4C1FE688969FC4DF4F3CBA63F4F6A2CD9FB9CDA7B30AAA4436 |
SHA-512: | 5EA8623ED6A32032D736667750A09D4D72932576129CDA44889104754C33696B2841852C1BF13F2089DB8765314ECECC291FDD00BFA5080C18ADB538A37F5F64 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.158119519177573 |
Encrypted: | false |
SSDEEP: | 6:J9jmyq2P92nKuAl9Ombzo2jMGIFUt8Y9jmo1Zmw+Y9jm+RkwO92nKuAl9Ombzo23:ziyv4HAa8uFUt8GSm/+GS+R5LHAa8RJ |
MD5: | CCBCB12C01F3E6B42B753B8846FC7FB3 |
SHA1: | 725E9A8F14AB56CAA21CA630A95E36373AC96819 |
SHA-256: | 03112A23D0444101D9D5CC43DD9242819BF91E736B9603A44D0D6BA17A10060A |
SHA-512: | 40E5F3EA0601A62ADBA771753D021C23E78634D8033FBFF426FB1B516816317CB4142D931CD0B6B0880B43DA2069321FE6B152843F5AAA3307D4EBF1902EA00A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.158119519177573 |
Encrypted: | false |
SSDEEP: | 6:J9jmyq2P92nKuAl9Ombzo2jMGIFUt8Y9jmo1Zmw+Y9jm+RkwO92nKuAl9Ombzo23:ziyv4HAa8uFUt8GSm/+GS+R5LHAa8RJ |
MD5: | CCBCB12C01F3E6B42B753B8846FC7FB3 |
SHA1: | 725E9A8F14AB56CAA21CA630A95E36373AC96819 |
SHA-256: | 03112A23D0444101D9D5CC43DD9242819BF91E736B9603A44D0D6BA17A10060A |
SHA-512: | 40E5F3EA0601A62ADBA771753D021C23E78634D8033FBFF426FB1B516816317CB4142D931CD0B6B0880B43DA2069321FE6B152843F5AAA3307D4EBF1902EA00A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\18a7cc32-e6f1-489f-b4cc-99d6d6aeac2d.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.063888803132812 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqCQXhsBdOg2HD+caq3QYiubxnP7E4T3OF+:Y2sRdsvQidMHF3QYhbxP7nbI+ |
MD5: | 577C01BB051AE918FDC22DBF76747153 |
SHA1: | E7B885BC240D927B64EEF575D42292ED318919BB |
SHA-256: | A95E6B75E3970DD758807767B1C46F6D1F4CFC58A9E500853B556DA12B33B52B |
SHA-512: | 42BAD24BC2805F4843A1EBF649EF2B4DE5862E079562713868186F2EA425B1FF3B96E231D78644478C691E5B7D5926508C3D8A91EF689310F29A16F707E7D7B6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.063888803132812 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqCQXhsBdOg2HD+caq3QYiubxnP7E4T3OF+:Y2sRdsvQidMHF3QYhbxP7nbI+ |
MD5: | 577C01BB051AE918FDC22DBF76747153 |
SHA1: | E7B885BC240D927B64EEF575D42292ED318919BB |
SHA-256: | A95E6B75E3970DD758807767B1C46F6D1F4CFC58A9E500853B556DA12B33B52B |
SHA-512: | 42BAD24BC2805F4843A1EBF649EF2B4DE5862E079562713868186F2EA425B1FF3B96E231D78644478C691E5B7D5926508C3D8A91EF689310F29A16F707E7D7B6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.233767318774777 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUW3M9z3mZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL/ |
MD5: | 859063B9B33407DD53BCC52286352FBE |
SHA1: | F852D7D3C2AF749F1569711ED92864389D93BBE6 |
SHA-256: | 0639F864CE7B88445FAD30FE9EA178B5014DBCE5D1632F708C354CD7A4F56984 |
SHA-512: | 4F39DED43FDA2ACF7D1F11859C054B610355209C1415582B1DEEB6C5CA2C163CFA0529285F03204CA373DE0C9BBD210EB4FDBC4ED5D148891DD94A64459A8428 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.169216500705258 |
Encrypted: | false |
SSDEEP: | 6:J9hjRjyq2P92nKuAl9OmbzNMxIFUt8Y9h8o1Zmw+Y9hopRkwO92nKuAl9OmbzNMT:zhjRjyv4HAa8jFUt8Gh8m/+GhopR5LHP |
MD5: | B65094E4049835A69692ABB2031D6FF5 |
SHA1: | 8AFA9CE6AE3A3A9DD178B55E22E9B1530ACF8931 |
SHA-256: | 2F9F35FA00A43FD0BCF92CD78A570E67CE0225A7CF3096708FE4A525798AECC0 |
SHA-512: | 572AF5F5170CEE1428E04ED01A0D3DAE4481F663FFCA65D2B57F3249369E42D127E8932A63138B035017350B6C1185257A02841CFA4AB3094C648B76BF899007 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.169216500705258 |
Encrypted: | false |
SSDEEP: | 6:J9hjRjyq2P92nKuAl9OmbzNMxIFUt8Y9h8o1Zmw+Y9hopRkwO92nKuAl9OmbzNMT:zhjRjyv4HAa8jFUt8Gh8m/+GhopR5LHP |
MD5: | B65094E4049835A69692ABB2031D6FF5 |
SHA1: | 8AFA9CE6AE3A3A9DD178B55E22E9B1530ACF8931 |
SHA-256: | 2F9F35FA00A43FD0BCF92CD78A570E67CE0225A7CF3096708FE4A525798AECC0 |
SHA-512: | 572AF5F5170CEE1428E04ED01A0D3DAE4481F663FFCA65D2B57F3249369E42D127E8932A63138B035017350B6C1185257A02841CFA4AB3094C648B76BF899007 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241021090818Z-159.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 2.1899142901962416 |
Encrypted: | false |
SSDEEP: | 96:aUsejM4NN6awAp+QV4M5o70E6DWwMVoSFtwjDstQMy0W31BjDwMtbMMMeM0G1uDV:aUQQVoWz1B4Sk1Swo5a3VIXi0d |
MD5: | 83E3C17AECB60743D15B94E9C32ECB05 |
SHA1: | 9461BC1822793D5E773B7ECA7DDA0CC6304808AB |
SHA-256: | AAE8D6BF7077B0628451788329E2D41650045BE40CF4A9235401104083F71410 |
SHA-512: | 389418664D8D221C35B106F318965EAEB9F6D8804E8CDCACE8564EAC9C16EF7E349812A692EDCE691D24E1182F30E8B6A8247ED289DA482ABCD5BE46EF31B447 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.2935530429385076 |
Encrypted: | false |
SSDEEP: | 192:PedRBAVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:Peqci5H5FY+EUUUTTcHqFzqFP |
MD5: | 584CF0873D19C2704133219887E7F7E2 |
SHA1: | 67212E62D1B5008D247E4F30F2FFA4243F682656 |
SHA-256: | 193E42CF1AC6FF5F4502B601BD37B065FE614A0D38FDCAB4053181524F87CA1D |
SHA-512: | 76AC1117F25D2D9C36AA1C1CE2021BB8AF00B747DA36CAA9CD9694CCCA7196420ADD1A61B85345B1EDFF5373BB6B1B088033E23707D10732839462BE71A8EDFF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 2.208538121893594 |
Encrypted: | false |
SSDEEP: | 24:7+txD8twKDqLKzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9ML:7MxIDqOmFTIF3XmHjBoGGR+jMz+Lhu |
MD5: | 540AB1E876C25940B2F578712D9F5795 |
SHA1: | 37F240F036F519EA59A01FDE016886DA7DAD4709 |
SHA-256: | 8EE1188AE364478C4387446393FBD1612F2389AE4B9A78441D72C9F87CE9BE9F |
SHA-512: | 43A75ECFD0DE6C21417BA6C382D2EFDB9E02DE81539B22D1F23FCD9FB353B277A0518779085B8AB95BE80F03D1B967C2F9D3679C2AB696693164D6A6668AFA69 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | 3:kkFkl64ukfllXlE/HT8kjtNNX8RolJuRdxLlGB9lQRYwpDdt:kKjn9T8kNMa8RdWBwRd |
MD5: | 0EE3F7DE4AB15198CA60510000E30661 |
SHA1: | B5D03A0193CEC7E2263908CEF33E58B0C0D40052 |
SHA-256: | F6614FCD4A63A97079AA93E79C10B3FEA38FC15221C57A6AFDB7B7C27E0BD8E9 |
SHA-512: | A7EBB1A1D5D67657D963456398726AB9C34194C5AD9FCA34255421334FBA6EE40E88AAAC15DE695F77AF107997621327EFFA6AD9ADE2D9344DBEAE1775E8BFA7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.2539954282295116 |
Encrypted: | false |
SSDEEP: | 6:kKckn9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:v2DImsLNkPlE99SNxAhUe/3 |
MD5: | D7DC14179F35D0FCC57C22D4D8215E79 |
SHA1: | 8DF2F10EA9EDA7E04052683A4E9019060974906B |
SHA-256: | D035C97991D768D3FA8C26CFBF19B2EFF25C5813CF0D811FC27DF53892238069 |
SHA-512: | 3B30A30C07334439848A45866FF5F99ADAB4ED4689224B5B61AC59ECB4CAB0E54745842FDCBD9C4F0603EFD31B42DC25484899895ACA09A3E92C22BAB47E3B97 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2145 |
Entropy (8bit): | 5.069128467610703 |
Encrypted: | false |
SSDEEP: | 24:YFuX3QJGm27XHZ2LSCt7aZna0TNpnayGZmmuBJvbZW4xCZqu20Z+nZO8ZMCCDxiW:YwAwmWXZYEtoitbRCwu20wD+JliWxao |
MD5: | BB2017810AA8D27034A7B661C7E81623 |
SHA1: | 4A701F84C9F1CFF7440FA1C1C178C224DE30C68B |
SHA-256: | 1697BA78ABE0867930C65ABB1DE661B69625DB349A9F644977DACCA1E526B3E4 |
SHA-512: | 306C6943B4396804C9CFAE71FA3B713AA185B32E5F7BCF921AB7C3345419BA4850211DC78783999F9E51EE7E003F98734A6F99268BC5E0ACE7DEDC7EFA426180 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9991627053795571 |
Encrypted: | false |
SSDEEP: | 24:TLBx/XYKQvGJF7ursYBR1RZKHBzOQT3tggpj3tuVlZtAZczZc4cigF:Tll2GL7msWgBfZFJufbAcmr |
MD5: | 28240C780423DDEEF60AD7B3396FDBAA |
SHA1: | 8785FAD3E61E0D0FEE74D425C5C4F0D84086C8EE |
SHA-256: | F96CE4D0BB8981FF9F0D05766E286D5A7ADF61CEA263C9B632AFAE0295BE6833 |
SHA-512: | 203B9937F3D76E1EBDEDE81C5D03A85B0F6B26573C949FD569035AC977833EDC8CB344535AB7B6D7E12C3D7D84D7414A8AD4693D030A84D4E9A227BF00E623B5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3623502380984904 |
Encrypted: | false |
SSDEEP: | 24:7+tcF1RZKHs/DA3tggpj3tuVlZtAZczZc4cigrqLKufx/XYKQvGJF7ursy/:7Mc7gOUFJufbAcmxqGufl2GL7msQ |
MD5: | 0C844C7E5CEDFEF3817027653625C724 |
SHA1: | CD17D6E515B7AE5462714D0C102671F02D4C6DEE |
SHA-256: | C3ED9F38B3FEFA63E6213335A25C2E8B1665495E0DD0F7F2DAEC0515782135F5 |
SHA-512: | 4BE4D7F28F94B1B5C87072F02412632A4D283F78C70FAB855A1B48598D2E667FB3A3170A09E0B5BD1D7221A5C660A3DFFA5A32FA98F02CB09130D72FA651EF39 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.503482856767026 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8PWfP/H:Qw946cPbiOxDlbYnuRKnXH |
MD5: | AC7F454B38BADF3CEE8EFE951C4AA9FB |
SHA1: | 5E105B4CD83E6FC3673DD1F0F8566EEE3E724AEA |
SHA-256: | A8F3A92E711AFF77D5DEAFBF81EA02DFC3CD40FA1B75CC3CB59FE8B71BCE477B |
SHA-512: | F2176D97BA3413552F5EF17C2B245F4A85B566B95DEF197E4877D7D9EA1A24713C72A6A9662746B3605F90D1137D453AB7B2D4454E5DDB7B3A1603AEC4545DE2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-21 05-08-16-974.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.3715962737974055 |
Encrypted: | false |
SSDEEP: | 384:QgGtegHB3yTli0XiWQPuapw9QWleXFpTOFf7JlZ2rB6lLpU6poeNRER0JUWyMFlZ:SmH |
MD5: | F726FC6844CE192796ED62752F97CE9E |
SHA1: | 5E94EDECDABD64103153B2E0CF9107565284C2D7 |
SHA-256: | 5641E48BF1194C2E27EBE155B62CCF68809CA74D22C68213F23AF2F51AD3180C |
SHA-512: | C2057358F886E49A431D3A451B48DD2D291D12A2F5CC5371E091EED6BF51E4C9A883C1C0A00843ED0405B3DF21EFA5EEAC984159165221D9404F4D49FC49B704 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.397002256365594 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbW:q |
MD5: | BC76532AA6FB0B6399A9D9A44F5CA12D |
SHA1: | CA89B8C96EA9B033DBBF8A28B8D5E81F328C6FE3 |
SHA-256: | 39437321813ECC602A0684C5840407B18F0620489B4911ECD7B8C9F0DEB05CB7 |
SHA-512: | CC6329390D9DAABE2DCC974B0665170FDB0B9ECF6138E13B1078EC1ECE7EB2A56C3AA8C9A9F77AAC33083371C207644EE2D3E548D044CA889C5ED5A0D75ED528 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje |
MD5: | 716C2C392DCD15C95BBD760EEBABFCD0 |
SHA1: | 4B4CE9C6AED6A7F809236B2DAFA9987CA886E603 |
SHA-256: | DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8 |
SHA-512: | E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.66829583405449 |
Encrypted: | false |
SSDEEP: | 3:So6FwHn:So6FwHn |
MD5: | DD4A3BD8B9FF61628346391EA9987E1D |
SHA1: | 474076C122CACAAF112469FC62976BB69187AA2B |
SHA-256: | 7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486 |
SHA-512: | FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98682 |
Entropy (8bit): | 6.445287254681573 |
Encrypted: | false |
SSDEEP: | 1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L |
MD5: | 7113425405A05E110DC458BBF93F608A |
SHA1: | 88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF |
SHA-256: | 7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46 |
SHA-512: | 6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 737 |
Entropy (8bit): | 7.501268097735403 |
Encrypted: | false |
SSDEEP: | 12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa |
MD5: | 5274D23C3AB7C3D5A4F3F86D4249A545 |
SHA1: | 8A3778F5083169B281B610F2036E79AEA3020192 |
SHA-256: | 8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97 |
SHA-512: | FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14456 |
Entropy (8bit): | 4.2098179599164975 |
Encrypted: | false |
SSDEEP: | 192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ |
MD5: | 32FCA302C8B872738373D7CCB1E75FD4 |
SHA1: | DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1 |
SHA-256: | CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6 |
SHA-512: | 57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.647009562488164 |
TrID: |
|
File name: | Einsatzwetter.pdf |
File size: | 144'689 bytes |
MD5: | 48a1938b7961da6d9d7e475233cf404e |
SHA1: | a6decb5208f906377b185aee4d9c5798e6c9532e |
SHA256: | 8c5d77d498a8d91d4df5a409acf506dde407672ebeedfbbc9a2b011b94c3f17d |
SHA512: | edc92a3b48d496ddf05cbaec06278a28346fa3d477a19edea71809f5982dc9ae408db952c76d0c3b3eb2787ffad688ae1d79c035d3eada125aff5008f0ee9f88 |
SSDEEP: | 3072:sEMdKQTH5R99qHjWBHtrngYDni+4hWAeqct5sVxQp:sXdH99q6BNrgY2/hWA6WVc |
TLSH: | 25E3F17F3F41AD04F9D18FB65203FCBA48EA0D6CE1DF9E9EB1D64E593482284D801599 |
File Content Preview: | %PDF-1.5.%.....7 0 obj.<<./Length 6483 ./Filter /FlateDecode.>>.stream.x....r.......}.a2B.U.P..NZ.f....M.../h.g.59#. {..7.]YDV...+.."D......B!.N..v.vj..Gj........VU..w...........Q..i...._./.....lm.......}......p.{.......|...5....Z.{.vgM.......l.....^ |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.5 |
Total Entropy: | 7.647010 |
Total Bytes: | 144689 |
Stream Entropy: | 7.642920 |
Stream Bytes: | 143471 |
Entropy outside Streams: | 5.263687 |
Bytes outside Streams: | 1218 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 8 |
endobj | 8 |
stream | 7 |
endstream | 7 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
4 | 6a6d621b1b6b606b | 9f3b6734693cb51cbbf65bec71b5bdd7 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:08:13 |
Start date: | 21/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 05:08:14 |
Start date: | 21/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 05:08:14 |
Start date: | 21/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |