Edit tour
Windows
Analysis Report
Kristina Lo Capital one #2118.pdf
Overview
General Information
| Sample name: | Kristina Lo Capital one #2118.pdf |
| Analysis ID: | 1542428 |
| MD5: | fdf23b9b13c75b6805e6028b23374584 |
| SHA1: | e366571133d391a0ec517a323b4d64db24072c8b |
| SHA256: | 92cf69b26c53f0ab2a32d52e542a9208f7adcc4a02752880df087102f61213c5 |
| Infos: | |
 | |
Detection
| Score: | 20 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
AI detected landing page (webpage, office document or email)
Classification
- System is w10x64
Acrobat.exe (PID: 7748 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\K ristina Lo Capital o ne #2118.p df" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 7984 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 8172 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 00 --field -trial-han dle=1712,i ,334515144 3095019627 ,347377994 0010065284 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
Persistence and Installation Behavior |   |
|---|
| Source: | LLM: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Browser Extensions | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown |
⊘No contacted IP infos
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1542428 |
| Start date and time: | 2024-10-25 22:38:44 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 12s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 15 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Kristina Lo Capital one #2118.pdf |
| Detection: | SUS |
| Classification: | sus20.winPDF@14/47@0/0 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 23.22.254.206, 52.5.13.197, 52.202.204.11, 54.227.187.23, 162.159.61.3, 172.64.41.3, 217.20.57.18, 2.19.126.149, 2.19.126.143, 2.23.197.184, 88.221.168.141, 192.168.2.7, 23.192.223.240
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, time.windows.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Kristina Lo Capital one #2118.pdf
| Time | Type | Description |
|---|---|---|
| 16:40:02 | API Interceptor |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 300 |
| Entropy (8bit): | 5.312461551526919 |
| Encrypted: | false |
| SSDEEP: | 6:VjQ1jyq2PcNwi2nKuAl9OmbnIFUt84jr11Zmw+4jVpRkwOcNwi2nKuAl9OmbjLJ:cjyvLZHAahFUt82/+SpR54ZHAaSJ |
| MD5: | 456FF4E5452CB6F6A672D4EC972EFAB5 |
| SHA1: | A1846910972C76299B27C94A899372E322EB53E2 |
| SHA-256: | B9C186FCEA345317FF6638847EA8F556B10379EE459D1067827A6D40EF0704EA |
| SHA-512: | AED7526532D9364E1C867F19EFAF6A840FF412AD39964E112D63A2548D06BE01D5E338484F4C9A9C678CDE5B67E2BFC1A9D6E155B096C56989B8EE4AB4F0CD18 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 300 |
| Entropy (8bit): | 5.312461551526919 |
| Encrypted: | false |
| SSDEEP: | 6:VjQ1jyq2PcNwi2nKuAl9OmbnIFUt84jr11Zmw+4jVpRkwOcNwi2nKuAl9OmbjLJ:cjyvLZHAahFUt82/+SpR54ZHAaSJ |
| MD5: | 456FF4E5452CB6F6A672D4EC972EFAB5 |
| SHA1: | A1846910972C76299B27C94A899372E322EB53E2 |
| SHA-256: | B9C186FCEA345317FF6638847EA8F556B10379EE459D1067827A6D40EF0704EA |
| SHA-512: | AED7526532D9364E1C867F19EFAF6A840FF412AD39964E112D63A2548D06BE01D5E338484F4C9A9C678CDE5B67E2BFC1A9D6E155B096C56989B8EE4AB4F0CD18 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 344 |
| Entropy (8bit): | 5.2825693986654345 |
| Encrypted: | false |
| SSDEEP: | 6:Vj5Mq2PcNwi2nKuAl9Ombzo2jMGIFUt84jmHZZmw+4jFBkwOcNwi2nKuAl9Ombzz:0vLZHAa8uFUt8NHZ/+E54ZHAa8RJ |
| MD5: | 2766491AA353F164D526A1671BBB830A |
| SHA1: | 3E29C1E814235D8809FFE00EBED9A8D247C638E0 |
| SHA-256: | A0D3ED5E42277DBDAAAF74425E2B806112AC16B8E491B187C626D77A573F6CC7 |
| SHA-512: | 272E85DDDAE91FCBE557D2B548D554CC6A5ED49FAA6445CE57B4DEFD6F032075170C812765BDA48C0B2EEDA524F3BE453993E6F2A1D3EBD4DD22265AB3342B60 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 344 |
| Entropy (8bit): | 5.2825693986654345 |
| Encrypted: | false |
| SSDEEP: | 6:Vj5Mq2PcNwi2nKuAl9Ombzo2jMGIFUt84jmHZZmw+4jFBkwOcNwi2nKuAl9Ombzz:0vLZHAa8uFUt8NHZ/+E54ZHAa8RJ |
| MD5: | 2766491AA353F164D526A1671BBB830A |
| SHA1: | 3E29C1E814235D8809FFE00EBED9A8D247C638E0 |
| SHA-256: | A0D3ED5E42277DBDAAAF74425E2B806112AC16B8E491B187C626D77A573F6CC7 |
| SHA-512: | 272E85DDDAE91FCBE557D2B548D554CC6A5ED49FAA6445CE57B4DEFD6F032075170C812765BDA48C0B2EEDA524F3BE453993E6F2A1D3EBD4DD22265AB3342B60 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\62f61cde-f38b-4cec-b364-51f11a7aff8e.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.969814904260269 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby |
| MD5: | 7BE9C8316EB1B7252CB363207744A145 |
| SHA1: | 57861355BE6541501AED40F896891579DCF473BF |
| SHA-256: | B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D |
| SHA-512: | 2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\741ca09d-56c0-434e-82be-7e72564f66bd.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.968728469429457 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqXx/VSsBdOg2Hkcaq3QYiubSpDyP7E4T3y:Y2sRdsE/JdMH33QYhbSpDa7nby |
| MD5: | 9D72B8B8BD96BA24D35E21050FBCA99F |
| SHA1: | B8BF13B9FC82EAC8E6E63D961787331A5D8EAE99 |
| SHA-256: | B4AFC16B7870C2D55A84E71198ACBF70E0E14D29DE887065992B2039DBD9F2E1 |
| SHA-512: | 701A6EEEA25A39A3036A5F1053A03C95B020629C993AFAAD12500EB5A542C5F7974D1F03C8006E8F81ED1DB8F155AECAF8861846225DDD2BECEABDD068A31599 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.969814904260269 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby |
| MD5: | 7BE9C8316EB1B7252CB363207744A145 |
| SHA1: | 57861355BE6541501AED40F896891579DCF473BF |
| SHA-256: | B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D |
| SHA-512: | 2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF42d30e.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.969814904260269 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby |
| MD5: | 7BE9C8316EB1B7252CB363207744A145 |
| SHA1: | 57861355BE6541501AED40F896891579DCF473BF |
| SHA-256: | B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D |
| SHA-512: | 2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4509 |
| Entropy (8bit): | 5.234979529880266 |
| Encrypted: | false |
| SSDEEP: | 96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPuB3BOS3Z:CwNw1GHqPySfkcigoO3h28ytPuZBOIZ |
| MD5: | 54C5F4023DFC89461F527AF1349EA2E6 |
| SHA1: | 17AEE5C8BC93B32B230D51989F0CFECCB5CC9A21 |
| SHA-256: | A17DFCB89BD38B95275EF0E0F327DC23D5549D74A7B6BB5CA7EA17AB0E81AE53 |
| SHA-512: | 63A638BB7DBD4BCD2E55CF84480313170906122EF55279CBE799C225B1924FBF9BB5C67C09BF61439D023BB0E3FF66DBADF802DBAA59CB6ED6D7628C8A373FAB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 332 |
| Entropy (8bit): | 5.288605384318357 |
| Encrypted: | false |
| SSDEEP: | 6:VjDn8FIq2PcNwi2nKuAl9OmbzNMxIFUt84jDnrJZZmw+4jDnfBkwOcNwi2nKuAlG:hUIvLZHAa8jFUt88rT/+8fB54ZHAa84J |
| MD5: | 4FF90675375D3B04FB8A3961CA7F937E |
| SHA1: | F30908D597CEC2A99628D949EE12F140ACD0EB56 |
| SHA-256: | F284DC175F3C00BBFAAE83E3459AE9784DB023E3A543A7244BFC646AC3BBD14C |
| SHA-512: | E4E97356611A9BA579A05AB1A2DB7603788DD570690AB65FA0A0BC77C6EC58901AB6BA82E2A1E39D3C2EC6EC79409165C1749AFF02B2CB1970290FD0BC9EED1C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 332 |
| Entropy (8bit): | 5.288605384318357 |
| Encrypted: | false |
| SSDEEP: | 6:VjDn8FIq2PcNwi2nKuAl9OmbzNMxIFUt84jDnrJZZmw+4jDnfBkwOcNwi2nKuAlG:hUIvLZHAa8jFUt88rT/+8fB54ZHAa84J |
| MD5: | 4FF90675375D3B04FB8A3961CA7F937E |
| SHA1: | F30908D597CEC2A99628D949EE12F140ACD0EB56 |
| SHA-256: | F284DC175F3C00BBFAAE83E3459AE9784DB023E3A543A7244BFC646AC3BBD14C |
| SHA-512: | E4E97356611A9BA579A05AB1A2DB7603788DD570690AB65FA0A0BC77C6EC58901AB6BA82E2A1E39D3C2EC6EC79409165C1749AFF02B2CB1970290FD0BC9EED1C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241025203952Z-168.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 2.410421357801225 |
| Encrypted: | false |
| SSDEEP: | 96:JWzMrY5RelEfZLWrsVaZA0gGLUiiLGhQNqMOGovv2OMCM0czMwM+zIEUBEKyGNyj:JRNg9iiLpkhcQvBEWt/imAspcmo |
| MD5: | BBABE8EA2589E4812FC164464A9E5527 |
| SHA1: | CE6DFD3AAED5E0A8D265E7B2B1AFB7C1E6B08488 |
| SHA-256: | 23760A0B2B91E109E962E5451579B7E12E679387E8AB94FEA6CEF3E9832A4239 |
| SHA-512: | 756CF603617AB263D4ACB495B1A9A804E54C0224781B52E26FE103A2582DE20E4736E86D8E53A1D15FF88ABBAB46B88F28E9474A26B5C629A7125B6EAA80394C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.439199730151862 |
| Encrypted: | false |
| SSDEEP: | 384:yeaci5GYiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:10urVgazUpUTTGt |
| MD5: | 020BBDCAEE7273B4A286B1766A860ADE |
| SHA1: | E1AD9F1008B9CEA2E568C7EEB2EBF4B2C6737F3F |
| SHA-256: | 0CCBD7FB11462500FBFED1BD28D9CCD7FDAF9F2F9CADD13D55C77AA1AB69A5DA |
| SHA-512: | DAD3134D038B8D341D8FAAFC14F8B928BC54DF730EF7112CE5F924D9C8BED296BB3F27A2C7B0859B5BB24D53538419291C505569178E26BFCDB10C97C8B0CA2F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.777578028826149 |
| Encrypted: | false |
| SSDEEP: | 48:7MPp/E2ioyV1ioy3DoWoy1CABoy1JKOioy1noy1AYoy1Wioy1hioybioyBoy1no8:7Ypju10iA/XKQ01b9IVXEBodRBk1 |
| MD5: | 381855E5D31CD2172BA11C010283A892 |
| SHA1: | A9B4456204D11189079D9D25F6EF96F632F0A5A2 |
| SHA-256: | 58EBACBB94BA90A3098DFFC2585B5902FC7A3A3D55E892FA9205C1BDF56EF9B5 |
| SHA-512: | 36FA245C0A9530648EC8ECA24E5C65697C92D7EFB59ABF16739468C53A4BD96B17F36582CB5CE6CA6DB3685620ADF5649ED0AD4CA2AA25E55F70FC2545C54DB1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1391 |
| Entropy (8bit): | 7.705940075877404 |
| Encrypted: | false |
| SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
| MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
| SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
| SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
| SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192 |
| Entropy (8bit): | 2.732136534099206 |
| Encrypted: | false |
| SSDEEP: | 3:kkFklZZE+kPtfllXlE/HT8k61NNX8RolJuRdxLlGB9lQRYwpDdt:kK/DeT8B7NMa8RdWBwRd |
| MD5: | 5485B933416103243EB6C9CE2546320C |
| SHA1: | 7B2678327F6C3B9C192624DE11CBE5D32E55F458 |
| SHA-256: | 836211E77FF8D334D9BE5779147EDB443CA38DF6B1C7C8B0E3822F6A039245F5 |
| SHA-512: | 9A1C59F80C16EDDC1581BD2BDE481CDEA537C10E02A3351EB2D9570DE183CD1E85C7C6E1F9B964906AC3570CC30D1BF96A24DEF565225D7F4652C1F5001E00C0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.362890363069435 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXliJNWWsGiIPEeOF0YzJUoAvJM3g98kUwPeUkwRe9:YvXKXE7sdTeOTJnGMbLUkee9 |
| MD5: | 820198AA70270343C19482F46C19F8BB |
| SHA1: | 384870AF15470F49ECBCC9B2AD102D6D7A93B8DA |
| SHA-256: | 5CB5BC54055E07DFD96721C239313510A284F90CD6D0E05DD98B32F5425A1BF6 |
| SHA-512: | E5713F03480C8B67A000515DEBA74032AFC4B7CA436857C30FD9359786B37F3AB5B7C3D53DCAF33A8051D913CAA3B18EBEE066003A0DD2AAF7A1AB0D2DD91691 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.294639211794184 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXliJNWWsGiIPEeOF0YzJUoAvJfBoTfXpnrPeUkwRe9:YvXKXE7sdTeOTJnGWTfXcUkee9 |
| MD5: | 60F24B0EAFDFEF78D8427599C812434E |
| SHA1: | B352AF8C214C2645580D806698A78C0524D5BA81 |
| SHA-256: | D43605E931A3BAE3E8ED657F19CD75CA176B51F77C33D346FC777C07F2A56C93 |
| SHA-512: | E50EE8444D5D77250D1E050C7017DD5323548C262FBA0D8BECDB93FC138CD051AD6EC8B06D50E3BDCCEB9C8DE3B15ABAE809E4D26510D286C7CD1C83B609C263 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.274902387244174 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXliJNWWsGiIPEeOF0YzJUoAvJfBD2G6UpnrPeUkwRe9:YvXKXE7sdTeOTJnGR22cUkee9 |
| MD5: | CDB249F0D32091363BDDDFAC5BC93427 |
| SHA1: | 2C44A9B4721818D9ADFE00EA85F3160FBF305905 |
| SHA-256: | 35DEE035984C301EE0F9A8D74EF53849361422EC8CB07766248BD69B7C74A35B |
| SHA-512: | 8AE61822162143675A04A42906B35526B3C395A482517888852ABAB6228B194A850B764DBB518862E84ACF4189ED757A9EDA3915425DB7B8553A3AB2513954F0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.3497520689173115 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXliJNWWsGiIPEeOF0YzJUoAvJfPmwrPeUkwRe9:YvXKXE7sdTeOTJnGH56Ukee9 |
| MD5: | 4F2D01B3E91E4514F9C2748C629A3695 |
| SHA1: | 2C54FFE1325638DAB13BAB4BD640D0BA30F65C6E |
| SHA-256: | 2C109C00B414BF7A9B94033E74C5542A7A693FCC72D4B61CC524CF6B9CAC4F82 |
| SHA-512: | 3D9D403AFF8F753F11D5E9ED74058239FFBF9195DA334CFFB261C9F91406B9FF79E5F5F230596D7833008F0A868CCFC1F68C84A4F170BFD106971BAFFAF65C00 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1055 |
| Entropy (8bit): | 5.653750945146965 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XE7meOTepLgEscLf7nnl0RCmK8czOCCS81:Yv8eIehgGzaAh8cv/81 |
| MD5: | 858BA7F3D0E3761DE76ECA086470F5E2 |
| SHA1: | F1E11557C7659EB0CC619C9516CC1CE968FCE0A0 |
| SHA-256: | 9C2F802BE00684313416C8DE2E33491547D806F8426B632916E5C59B01E28A36 |
| SHA-512: | C752B9EDE903FCA62372C25FCEE9264B51EB9978234812487694FAC2DD87E62BCBEAED13C6E6F30A4FCC317F7E6654FCC80705D84EA282C122925E04C5DFEAD5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1050 |
| Entropy (8bit): | 5.6494500423174046 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XE7meOTIVLgEF0c7sbnl0RCmK8czOCYHflEpwiVt1:Yv8eIIFg6sGAh8cvYHWpw81 |
| MD5: | BECFD1920EAEA1FB1BF9F9F25973D2A7 |
| SHA1: | D96866C4B753960BE2FDFD22FC866D4FD3AF28BD |
| SHA-256: | AA81E349B1813FC6D72637FAFF4200484D8B326E9B3FE9E2C03F6AF87265DE3E |
| SHA-512: | 10CE7B374692D6308D102F1E04327C34C28449A85CBC9FA77E281A89E0FFAFFF9B7067704E1A19D42DF639A197740B2BD619EB99C2960AA2D2532F2124C2DBD3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.284480102951699 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXliJNWWsGiIPEeOF0YzJUoAvJfQ1rPeUkwRe9:YvXKXE7sdTeOTJnGY16Ukee9 |
| MD5: | 5BF2B03A8876C2D7FD71CF83CD3055B3 |
| SHA1: | 29424FF7528236E7D59138BE8489A916E03E0EBB |
| SHA-256: | CDF5E0290AD697EDE9F4056481657DE910436570F3DA474169C6192C2731A024 |
| SHA-512: | 8A629CF7699A07066A88F96C6E2D122EE55CDBA6C25118969E9E170F4EF4870FC51CA9F2040B9DB6254E499BB0F475DFBB4FAF3FB1746D0865E203B675B6734E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1038 |
| Entropy (8bit): | 5.647226146641199 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XE7meOTN2LgEF7cciAXs0nl0RCmK8czOCAPtciBt1:Yv8eINogc8hAh8cvAD1 |
| MD5: | F30942096EE34365FEB3F80578F3AF93 |
| SHA1: | DB258DB1051764B954F1B1A4556D7761F2E64404 |
| SHA-256: | 59FCDC252706F76449F17258C1F8A7301878ED63201B064882BC0B419A16094B |
| SHA-512: | B864E0CD2F440B96115174EC49139A3F59A4BF7ABD1BCFA16E6AF83033D1022C2EE79770B7F2340E756C1CC311155F55DD52BC8E3830D77741E755116773FFE8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1164 |
| Entropy (8bit): | 5.6973984428007975 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XE7meOTlKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5t1:Yv8eIlEgqprtrS5OZjSlwTmAfSKn1 |
| MD5: | B553D5DA012BF32B86EA2C7EF629B904 |
| SHA1: | 1E424C182B1B05F6CC66CC8C167B863F9812770D |
| SHA-256: | 6767D17E7A385177F3C51CC7BD760BD7B80A3F93451CF53BA545AEF6E0E4F58D |
| SHA-512: | 933D198D5945DA17665F27EFD291637786B65A329A26BE4EA68EDE1C9067DDABA535232C02CECBE00895DE77585E93264B177312E659A7AC6FE2498BAD55BA5D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.2862383351431355 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXliJNWWsGiIPEeOF0YzJUoAvJfYdPeUkwRe9:YvXKXE7sdTeOTJnGg8Ukee9 |
| MD5: | B8A6C87E1D3D57D2BB80953B81BD3055 |
| SHA1: | BEF5DF917C5D5F21A1BEAC3E84D3DD19543BD3CF |
| SHA-256: | B8CA4BC88AB9AED295A1FE5A2D09DD05996EFC9CD0C6DF28D0E9B6263C2B498D |
| SHA-512: | 26F7B3CE34E78169312B8D009336D60B817D8B33B3164895D0927BC4E32911765C27418C9CB4D7EAA7ECB352B1B12EEC3EDD3C7B021F6D7FD00470FDEAD1754E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.772076165277728 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XE7meOTYrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNV1:Yv8eIYHgDv3W2aYQfgB5OUupHrQ9FJn1 |
| MD5: | 6B4B196FE918CEFF7EC39949B8091C0F |
| SHA1: | 418E737E628492A318633F9A23BF01DCCF0BDA8D |
| SHA-256: | 077127109C26BE2FAA9081AE4B439C696017965554D38479A660C778839BBD04 |
| SHA-512: | BDB1AEEF2CA3803ACFB2A6CCA68C387A15800B1F311ED277C16990BE7965F4B17BC2BF8113527805D8EAB7B007DB75903A8B8AA9465609ABB3389752C3E16AA4 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.269880014706051 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXliJNWWsGiIPEeOF0YzJUoAvJfbPtdPeUkwRe9:YvXKXE7sdTeOTJnGDV8Ukee9 |
| MD5: | 5D2C7CFC5F3B4DD33C1F85A109D36E48 |
| SHA1: | 6BB5A1DF6ED2B80368D7CEC15E27A29E78334413 |
| SHA-256: | 932AF5C62FAB8D1E4FA2376EAD06CDB327BFB4BC11B123D625BAD74536A555D6 |
| SHA-512: | 40AFC7AD0AAD2A459C18803230C807C1C85FF67E4611CBC1A3CB6DC594FEA04ED09FBEBB2D3A739818953A5903844A75CF851AA4ABC435361C2E749CD9F916D6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.274340985349693 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXliJNWWsGiIPEeOF0YzJUoAvJf21rPeUkwRe9:YvXKXE7sdTeOTJnG+16Ukee9 |
| MD5: | 732240ED314865FF2108F43221633762 |
| SHA1: | CEE0BD27ECB888224F5F6E04D36CA313E4AD3AF1 |
| SHA-256: | 5B4490F0448F91D16B9FE5886D0CFDD497E51E0F2AEE1A459F125961E8F6160E |
| SHA-512: | 577C662CAA755E016F748CCFFF037E081D13B6BFEFAA6EF1A63DE7B2C5EF6017027AD8C371FCA8B7F5078867FA7627F4F8DA3DF1902A943095651283B652EBFF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1026 |
| Entropy (8bit): | 5.625563159713544 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XE7meOTCamXayLgE7cMCBNaqnl0RCmK8czOC/BS81:Yv8eIcBgACBOAh8cvM81 |
| MD5: | CE3156C5AD6A5F35076A1D040E9B409A |
| SHA1: | A7E2D8DF66A8D1A90B1F9DBE52D1448C0BABBF45 |
| SHA-256: | A853F4B5472CED689E1CDA417FF55DD17F50F6F7728CC9CEDB06F4F480D569B5 |
| SHA-512: | A4A31A361609D18565E9CEBCBECA56FF2B01E9D828EFAF37C0FD060306160F910E75ED6932ECA960EAF90D17B703C21B505D4A6F64F8AA4D4BA6A5E6B3DB7244 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.248532241147876 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXliJNWWsGiIPEeOF0YzJUoAvJfshHHrPeUkwRe9:YvXKXE7sdTeOTJnGUUUkee9 |
| MD5: | E1198B47B01B9672A7E0315064DDE046 |
| SHA1: | 4273129C7208FDEE3362DA034690EC23C41253DB |
| SHA-256: | 83180ECF531FE63F000678FA3E42977D7F46EC4121628A8EC6D425344A6C99EF |
| SHA-512: | 3A70D19D4A081CF65A28C9503E5AFB34CBE2D33311AF33BAB79BA160C5335E59ED8099FB6F7CF936EEFADF6D322408A47A061786759B4FC760E3A875609584EA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.369741006248509 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXE7sdTeOTJnGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWcg1:Yv6XE7meOTV168CgEXX5kcIfANh81 |
| MD5: | 42489DE8CAE18E657609807FAA997B34 |
| SHA1: | ADA823F656958D62AA369599E496B2382F33E612 |
| SHA-256: | 87172702EE77528A6E08889D8011A9479B698DA80CA2A7D4913351656545BDFB |
| SHA-512: | FBA411B5790653AD7E850DC3BB637B4024F32965BE30512539418153F9518060AFA84A3A17B67C46A105424B40A75103F86735686F9CAD7765EE4AF98E435C18 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2818 |
| Entropy (8bit): | 5.133730005865142 |
| Encrypted: | false |
| SSDEEP: | 24:Yo57ka5baycoHtCJtlJP/RmK5jRucj0STXm1h/r2cPi2LS9eZY5a9n8BupOG:YyRabJnHEuYhfKHyY09x |
| MD5: | 91DE2AAD6E7E2324617B2783522D8E97 |
| SHA1: | 3CBC80446D17012565254431242298B419B74B00 |
| SHA-256: | E66DA9C65305A44ACBDB4E209B224AD48C6885A8028311C8C8BA6172E1ED56A6 |
| SHA-512: | 3356D88935C267E953519D19F58D9CD074B497A78275174C6F8AF9A173AE43F16703EEF7415293A5C929946618DABDF5527B717D903D1FBCBA61655BDAB2E28F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.4535936636532247 |
| Encrypted: | false |
| SSDEEP: | 48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsPlR:lNVmsw3SHtbDbPe0K3+fDZdU |
| MD5: | 67C72A8BF8506DBB9C9A32C074F285F2 |
| SHA1: | 6661F0BFFF7AAF8E36B92EB784EFF115436987DD |
| SHA-256: | 8802FBA84E957E7C09E9038AD700962BB8A176D8C947A15EC7BCA566E4491967 |
| SHA-512: | FF2B05F9E7B628FE17EEBAB83B73798DBF55BCCE70DA9090F83805E4FB1A8045DA320E02C9882D63AFEF6D0F4611AFB27AD5611DDA6BCB24AE98F0E09C994E5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.9576592693674955 |
| Encrypted: | false |
| SSDEEP: | 48:7MKrvrBd6dHtbGIbPe0K3+fDy2dsGhqFl2GL7msu:7H3SHtbDbPe0K3+fDZd1KVmsu |
| MD5: | 244083B7A450DB73C27ED64645B52E52 |
| SHA1: | A5DCEAEE177A4121FA07FCB374CD8E14498F2709 |
| SHA-256: | E709B5EE8A6C6EFF0AAAF6D10D916423AD31E00E92748B80827E6A780C49ECF7 |
| SHA-512: | 06D457F024AAEA2C449162D599965C94EF1BAD8F270740A5A1AFE115229F498BA795AD6A6B0B1F8D247B61148150BE52AB667F7A9D9494A6122B45D7579F88BA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5390718303530573 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8jqrN1Kw:Qw946cPbiOxDlbYnuRKDNYw |
| MD5: | 38948E119CFB143D82FBAD3B1C5B9EE0 |
| SHA1: | 4D101C43ED4E61ECF938A478E7870876192A2E30 |
| SHA-256: | 2CD9B45C9BFB3F7DE3ECB8BBE39D55A833B8AA54A46020A70ADBA07EC95C3866 |
| SHA-512: | 66CE3BBBC06D28CC4B0415FC93B65FBF0B9699AC737F79BBCB31DB7AF0745E839E06EB2C0593CD088D7F8E445E46DF7BF0E9FA8E9C5067BD9FAFFF30F8AF6FD3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 144514 |
| Entropy (8bit): | 7.992637131260696 |
| Encrypted: | true |
| SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
| MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
| SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
| SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
| SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 16-39-49-827.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.386483451061953 |
| Encrypted: | false |
| SSDEEP: | 384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID |
| MD5: | F49CA270724D610D1589E217EA78D6D1 |
| SHA1: | 22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3 |
| SHA-256: | D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D |
| SHA-512: | 181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15114 |
| Entropy (8bit): | 5.344609660797039 |
| Encrypted: | false |
| SSDEEP: | 384:7rFmNfUvfs9HkeLpwAQ0O/6mRkbqBt92XQf7NF1gBRGJuSDzjzjj6Z63iAKtqLj8:7Sd |
| MD5: | CBD69664019CB38D82820952E889E7C2 |
| SHA1: | 4E72692A805F8A8E1D96FA1299A418C5BA27E38A |
| SHA-256: | FB86ADE71205E5C68EE1BC66023BBDFAF83D94C72482C0DB1604416DE6E15F37 |
| SHA-512: | A77C5A8343046413E68AC74F8EC0C8C351287C32FD0A70E8E946ACE84CEE4186C002A76DE9E0C8CA6AD1DD8D8F40F3CADE2CC738A55D8D652584A124F94C1CF2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 35721 |
| Entropy (8bit): | 5.412090238779671 |
| Encrypted: | false |
| SSDEEP: | 768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRW:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gR4 |
| MD5: | B811A1C688C2022B9165704CC03422EF |
| SHA1: | 221927F6EC903EA7C614218EB47BAED39AB5AFDA |
| SHA-256: | 06C3E4BD9CBF2604D256AF5CE493256CA42793FBF77DE0F1497E9E817C79C759 |
| SHA-512: | 072ED83C051AF7103BAD5FCF63CD0C5DA7A6ADF88ABBE49CD99294AC3B980FF68FC1A79819B96A46DF2AEA5444360B17BD3B192CABA77EBFB016567CA38AA12B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru |
| MD5: | CA6B0D9F8DDC295DACE8157B69CA7CF6 |
| SHA1: | 6299B4A49AB28786E7BF75E1481D8011E6022AF4 |
| SHA-256: | A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7 |
| SHA-512: | 9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.634472616311431 |
| TrID: |
|
| File name: | Kristina Lo Capital one #2118.pdf |
| File size: | 513'213 bytes |
| MD5: | fdf23b9b13c75b6805e6028b23374584 |
| SHA1: | e366571133d391a0ec517a323b4d64db24072c8b |
| SHA256: | 92cf69b26c53f0ab2a32d52e542a9208f7adcc4a02752880df087102f61213c5 |
| SHA512: | 580109f8db4a3d014b87eb210159e92401f8c6bc31ae515c06b52217153a6ff7070d70c9c5c85c03cd422f79b6c20c931ff29ffa4f152482d6901f25cf0852c3 |
| SSDEEP: | 12288:iZSpae38NHWDK7q2zn9GrtpEpgCEpgOP1Y:iZe47qAPqTq6C |
| TLSH: | DFB42258177DC6C0CD0089E48C25A8DA19DA49EEE84670E4370EDAFF53E6D46BF648CB |
| File Content Preview: | %PDF-1.7.6 0 obj.<< /Creator (OpenText Exstream Version 16.6.1 64-bit)./CreationDate (10/11/2024 13:31:44)./Author (Registered to: CAPITAL1)./Title (Card_Statement).>>.endobj.%%NAME1: KRISTINA H LO.%%NAME2: .%%ADDR1: 15201 PLANE TREE CT.%%ADDR2: .%%CITY: |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.7 |
| Total Entropy: | 6.634473 |
| Total Bytes: | 513213 |
| Stream Entropy: | 6.631978 |
| Stream Bytes: | 505124 |
| Entropy outside Streams: | 5.351159 |
| Bytes outside Streams: | 8089 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 47 |
| endobj | 47 |
| stream | 41 |
| endstream | 41 |
| xref | 0 |
| trailer | 0 |
| startxref | 1 |
| /Page | 0 |
| /Encrypt | 0 |
| /ObjStm | 13 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 1119 | ccb271696969b2cc | 9fdd729baf77e2575c980933d0349e11 |  |
| 1121 | 6892a96c5171ce70 | 490b59e4bfddd58109fb9252d019e0ab |  |
| 1123 | cc9e4548dc7192cc | e32abe4bdaca05c4a48d7922325a7d73 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node⊘No network behavior found
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 16:39:46 |
| Start date: | 25/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff702560000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 16:39:47 |
| Start date: | 25/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6c3ff0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 16:39:47 |
| Start date: | 25/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6c3ff0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly