Edit tour
Windows
Analysis Report
1844-24 Ellis Crossing EC - Meritage Job #70122449950.pdf
Overview
General Information
| Sample name: | 1844-24 Ellis Crossing EC - Meritage Job #70122449950.pdf |
| Analysis ID: | 1592057 |
| MD5: | da12f982b24cf7c7f33cce769b557a57 |
| SHA1: | 22af9b6b85c890c0b39c58bca10198b5cdeaa1f3 |
| SHA256: | 821370b70b6254ee195bccdf44d289075198471e92c173444e33cb23c866712d |
| Infos: | |
 | |
Detection
| Score: | 0 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
Potential document exploit detected (performs DNS queries)
Classification
- System is w10x64
Acrobat.exe (PID: 6972 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\1 844-24 Ell is Crossin g EC - Mer itage Job #701224499 50.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 2084 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6268 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 08 --field -trial-han dle=1640,i ,777581053 3559986121 ,118972586 6554046722 2,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| x1.i.lencr.org | unknown | unknown | false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high |
⊘No contacted IP infos
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1592057 |
| Start date and time: | 2025-01-15 18:00:37 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 4s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 10 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | 1844-24 Ellis Crossing EC - Meritage Job #70122449950.pdf |
| Detection: | CLEAN |
| Classification: | clean0.winPDF@14/50@1/0 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 2.23.240.205, 52.6.155.20, 52.22.41.97, 3.219.243.226, 3.233.129.217, 2.22.242.11, 2.22.242.123, 162.159.61.3, 172.64.41.3, 2.23.197.184, 2.22.50.151, 2.22.50.131, 2.16.168.107, 2.16.168.105, 184.28.90.27, 23.56.162.204, 20.12.23.50, 13.107.246.45, 52.149.20.212
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
| Time | Type | Description |
|---|---|---|
| 12:01:48 | API Interceptor |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.18927426222192 |
| Encrypted: | false |
| SSDEEP: | 6:iOP0LT+q2Pwkn2nKuAl9OmbnIFUtJ0LyG9Zmwr0LyGPkwOwkn2nKuAl9OmbjLJ:7PRvYfHAahFUtJHm/rHa5JfHAaSJ |
| MD5: | 6C4A87F04B033C8BD80C19C28C07B2F1 |
| SHA1: | BAB4947B6D5647E7BF5EF9E926C54D68263A5DDC |
| SHA-256: | 45B75AE16D2D196F355E889B3E2D978624F0947AA306B56159E1AAFE2748040F |
| SHA-512: | 112EE3D04D70C24F4E1AC65375A7E52474302896863D5A92E644D6CA10CFC89CCBB1AAA3EB842DFA20713A7392869424E1086747BCEC6DE4DB8BE90AD65D1F1D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.18927426222192 |
| Encrypted: | false |
| SSDEEP: | 6:iOP0LT+q2Pwkn2nKuAl9OmbnIFUtJ0LyG9Zmwr0LyGPkwOwkn2nKuAl9OmbjLJ:7PRvYfHAahFUtJHm/rHa5JfHAaSJ |
| MD5: | 6C4A87F04B033C8BD80C19C28C07B2F1 |
| SHA1: | BAB4947B6D5647E7BF5EF9E926C54D68263A5DDC |
| SHA-256: | 45B75AE16D2D196F355E889B3E2D978624F0947AA306B56159E1AAFE2748040F |
| SHA-512: | 112EE3D04D70C24F4E1AC65375A7E52474302896863D5A92E644D6CA10CFC89CCBB1AAA3EB842DFA20713A7392869424E1086747BCEC6DE4DB8BE90AD65D1F1D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.1605577140636445 |
| Encrypted: | false |
| SSDEEP: | 6:iOP0LcU0q2Pwkn2nKuAl9Ombzo2jMGIFUtJ0LcUOZmwr0LcUikwOwkn2nKuAl9OU:7PPjvYfHAa8uFUtJP9/rPP5JfHAa8RJ |
| MD5: | CEF6A301FE52A876C5092DCD27656166 |
| SHA1: | 38E9F5CDF2732588DB74E2F97BBDC7CFEEAF2C60 |
| SHA-256: | 15F16D5D0D133AE7A4054A0352C3D214421BC5DBBF648A298FADA73EEB036FC8 |
| SHA-512: | 9CF08FC1B472ACB61AA580668C5094F644F19DF53719A977AF88EE1A1D54ACFDE5C385067A069D9F5AD1337F0650208ED0E96AEA9FCD31EBC1DBE393D0521058 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.1605577140636445 |
| Encrypted: | false |
| SSDEEP: | 6:iOP0LcU0q2Pwkn2nKuAl9Ombzo2jMGIFUtJ0LcUOZmwr0LcUikwOwkn2nKuAl9OU:7PPjvYfHAa8uFUtJP9/rPP5JfHAa8RJ |
| MD5: | CEF6A301FE52A876C5092DCD27656166 |
| SHA1: | 38E9F5CDF2732588DB74E2F97BBDC7CFEEAF2C60 |
| SHA-256: | 15F16D5D0D133AE7A4054A0352C3D214421BC5DBBF648A298FADA73EEB036FC8 |
| SHA-512: | 9CF08FC1B472ACB61AA580668C5094F644F19DF53719A977AF88EE1A1D54ACFDE5C385067A069D9F5AD1337F0650208ED0E96AEA9FCD31EBC1DBE393D0521058 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.969096082385961 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqxgsBdOg2HQ8caq3QYiubInP7E4T3y:Y2sRds21dMHQ/3QYhbG7nby |
| MD5: | F11CC87C6E6807EBBD69D97FD5EDE505 |
| SHA1: | 8E80A4F4E237D2B78F76F1BFCD6D36CAF43AAE7F |
| SHA-256: | 8CCD13EED09B160D53AC218CBB221B2421A390876061576D4438655E921A44F5 |
| SHA-512: | 8EE1F861B199F5B53C2C5E34697427904D1904C7B5FFAB102FA418EEDC6B9B0F357CCA03DCB7A568A5E134559E41A2DE0BB5E1D69D928E2EBCBE2359B35A1227 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ae56acd4-60b0-4e5e-a072-e027c52a162c.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.969096082385961 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqxgsBdOg2HQ8caq3QYiubInP7E4T3y:Y2sRds21dMHQ/3QYhbG7nby |
| MD5: | F11CC87C6E6807EBBD69D97FD5EDE505 |
| SHA1: | 8E80A4F4E237D2B78F76F1BFCD6D36CAF43AAE7F |
| SHA-256: | 8CCD13EED09B160D53AC218CBB221B2421A390876061576D4438655E921A44F5 |
| SHA-512: | 8EE1F861B199F5B53C2C5E34697427904D1904C7B5FFAB102FA418EEDC6B9B0F357CCA03DCB7A568A5E134559E41A2DE0BB5E1D69D928E2EBCBE2359B35A1227 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4730 |
| Entropy (8bit): | 5.255592167700991 |
| Encrypted: | false |
| SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7/QGt1YeTx1YZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goq |
| MD5: | 6ADB99AFD478EECF3A2CD1E6461797B6 |
| SHA1: | 2CAA1B7C237F4905EEEBB364F64CF76B01E86BF1 |
| SHA-256: | 709CDC4F70CAB9CD9D5F01D19F28C8E955000F1BDE994749FA489FFD1BD08E96 |
| SHA-512: | 3CFE6B9579F8886F99D30CE0BF29006E31CA6279E4608DD9A903C559CEB5E558C5D9F48273A76779293C3456AE2E9B60A65C5AE983A65A86BEACCD5689326D3C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.184538210751653 |
| Encrypted: | false |
| SSDEEP: | 6:iOPSF8Iq2Pwkn2nKuAl9OmbzNMxIFUtJSZFU8ZZmwrSXzkwOwkn2nKuAl9OmbzNq:7PSzvYfHAa8jFUtJSZF7Z/rSD5JfHAab |
| MD5: | 1AC7A1B130C65A422499123B84AE7421 |
| SHA1: | 5671485E0B15CBF735B481EFC82979B3911921FC |
| SHA-256: | 914BBE4BEBD31E873953CD7CCAF0BEF1D17538499F9496E8AC8395579866353F |
| SHA-512: | 146E8D9E5E044BE156A1FFAE80AA6CCC43CB512765AB66A03D322F1795D5CCFCAC69F2F55120F2F8A1612BFB7E7041A05A79BAB532A1A4A824AC91D933D4800E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.184538210751653 |
| Encrypted: | false |
| SSDEEP: | 6:iOPSF8Iq2Pwkn2nKuAl9OmbzNMxIFUtJSZFU8ZZmwrSXzkwOwkn2nKuAl9OmbzNq:7PSzvYfHAa8jFUtJSZF7Z/rSD5JfHAab |
| MD5: | 1AC7A1B130C65A422499123B84AE7421 |
| SHA1: | 5671485E0B15CBF735B481EFC82979B3911921FC |
| SHA-256: | 914BBE4BEBD31E873953CD7CCAF0BEF1D17538499F9496E8AC8395579866353F |
| SHA-512: | 146E8D9E5E044BE156A1FFAE80AA6CCC43CB512765AB66A03D322F1795D5CCFCAC69F2F55120F2F8A1612BFB7E7041A05A79BAB532A1A4A824AC91D933D4800E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250115170140Z-156.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 1.6144910990260861 |
| Encrypted: | false |
| SSDEEP: | 96:gQb4kDr6dHcv9/3XkMpMMKuJjw52k/Ihdm9AI9MMMYAmMGMl/PWMoD4l:gQb4A+Y/3A4hhh |
| MD5: | 58DDE6F4B5EF66CEA69A0B741A474CB2 |
| SHA1: | 5A1EF93C27D0290BD740A341AD14108DA038FACC |
| SHA-256: | D93A35D15DB7B849D65A62BD68A5F45B0C9CF72EAA75DD76A3007E01479E51BA |
| SHA-512: | 87D484483AA59834AF5936959A8C772438497E2D81E7AEBC9504BEA0004EDD8A5EBEDD9669AF087DAFA1719CD55761578160C746E862A93B04120FBCB97B0CE5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.444836913797311 |
| Encrypted: | false |
| SSDEEP: | 384:yezci5twiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rHs3OazzU89UTTgUL |
| MD5: | 37743981E30E04F08AF5C98E3B926250 |
| SHA1: | 72948E038D1A61EB6B9076BC6707BD7F1086E74D |
| SHA-256: | 4217C30A683B4582ECA1FA991E9661A99B045451F6547F193E0D730E797896E3 |
| SHA-512: | 98BAC9481D5069623A62FD42E46C73729DE15DE1B8F77BBB9AA5A5FE67693BA1E48D53EDE8BC7EF4754963780999B66606D60473CC27386157F0507625C32114 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.773969327981527 |
| Encrypted: | false |
| SSDEEP: | 48:7Mjp/E2ioyVylioy9oWoy1Cwoy1JOKOioy1noy1AYoy1Wioy1hioybioybKoy1n0:7spjusFDXKQXvb9IVXEBodRBkW |
| MD5: | 9D75530C15E54B97485ADABD3BE4B644 |
| SHA1: | F278D1AEA3F3E2F1D8A20FCAEEB31084B477919A |
| SHA-256: | 5FDCCA3EC30C0EC35CCF80E45C88B1E74C8B86A3D400BDEAC1E98E47D593F388 |
| SHA-512: | AAB072A645D707FE8CFA44C071858A36D3B1E8E502F8A00E965F473789568986ABE0879312B89DB9BC716AF66F3B4B7583CB38BF31D12D67B3EF34482B30FA77 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1391 |
| Entropy (8bit): | 7.705940075877404 |
| Encrypted: | false |
| SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
| MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
| SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
| SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
| SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192 |
| Entropy (8bit): | 2.7425532007658724 |
| Encrypted: | false |
| SSDEEP: | 3:kkFklile+M1fllXlE/HT8k+NNX8RolJuRdxLlGB9lQRYwpDdt:kK7lPT85NMa8RdWBwRd |
| MD5: | CD193424A2D76ED545692AF4E791BA51 |
| SHA1: | 567BF24C6E716D99D04624B7BA276EE3E85B0495 |
| SHA-256: | 3B4F7C896517ABC92A9C6145ECE681527E8F4A93A52C7D5FE303D4AB9BF1070A |
| SHA-512: | 2BA3A6F4084978451236D51A1FF43E76EB00B94BE71AAB91F0DAD5597E8E375504BBB365A6FD33DB9FEA860696B2286AF6F4972FAADC122490FED700BDBBBA22 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.137556996908955 |
| Encrypted: | false |
| SSDEEP: | 6:kKxT9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:YDnLNkPlE99SNxAhUe/3 |
| MD5: | DF858991438518B5DB0FFAA839347C20 |
| SHA1: | 9E6EABC146542A343153899DD1CC58508BC04124 |
| SHA-256: | 69D8319C217C8EC3C527D895976C51F8A48FD00B012538E597AFAC63C4F0D2FC |
| SHA-512: | BFBAC2F16FB9A8E3C11D6DD94A2FBB3A448668C0E9FCC1B0BBDF2E4C5F102B8B8B4E402A3D7E6F90D857312699EF19991F9F19328C70BA513F54707F96E58432 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10880 |
| Entropy (8bit): | 5.214360287289079 |
| Encrypted: | false |
| SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
| MD5: | B60EE534029885BD6DECA42D1263BDC0 |
| SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
| SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
| SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 243196 |
| Entropy (8bit): | 3.3450692389394283 |
| Encrypted: | false |
| SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
| MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
| SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
| SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
| SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.368843598485394 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXB0BG00VrSXb9VoZcg1vRcR0Y56UoAvJM3g98kUwPeUkwRe9:YvXKXB45akbEZc0vfnGMbLUkee9 |
| MD5: | 316170A93A561EBDFFD08997CE2CA2AA |
| SHA1: | 6A78593A7D48494735E02541C4B5EBD1B23CA172 |
| SHA-256: | A0E932EE31A64D6A6BB534291DDB8AB0D0D3AAB99587A292D5BC8EC2E8A440E9 |
| SHA-512: | 420254D4C254D6583FDBC64CE56078A145D47CD0D4A92FD5F79415D0B825A2D57312D1C35CAFEB0DE64D6DF9BD954FEBA89734737466C17C54D533139189F8CC |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.320260631901182 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXB0BG00VrSXb9VoZcg1vRcR0Y56UoAvJfBoTfXpnrPeUkwRe9:YvXKXB45akbEZc0vfnGWTfXcUkee9 |
| MD5: | BFD222016688232718EC46E1EFFDCEE3 |
| SHA1: | 99DFFC17BE686926F70ABACDB5364BEF1C15CC3B |
| SHA-256: | 5985435B2206EFDAFFD1303F66B7A36A3B1DD57F5D9865B078EBE300A34C09C4 |
| SHA-512: | 98296124B7F2682FEE0C647D9043CD889E67AB53842551E437CA006DDF4B48A4490B12A4F4BE3D36C6CAE1BD65F4D0F1341F7C713A54079B8BD62E5B1F50FF74 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.297075178085311 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXB0BG00VrSXb9VoZcg1vRcR0Y56UoAvJfBD2G6UpnrPeUkwRe9:YvXKXB45akbEZc0vfnGR22cUkee9 |
| MD5: | 8849977D78B28B6701061D47B113CC71 |
| SHA1: | 8E97DD0810EFA89F2C40AE692C89BDF7C7A3BD94 |
| SHA-256: | 4560181CBAAAFAC5F70F58E9654CAE208F133BBF42336AEB36B9A5CE911B65FB |
| SHA-512: | 9B08EDDF50E70A0A174DCD8A1756E8869F08DA1EE15E2CC7D93AFA770769568E1A18E65BFC54A50FFA2847E02103F28DBD0E5AB85E546198F50A1A666DAAC5E1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.356046392826806 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXB0BG00VrSXb9VoZcg1vRcR0Y56UoAvJfPmwrPeUkwRe9:YvXKXB45akbEZc0vfnGH56Ukee9 |
| MD5: | DD0AD46717209CE73339B636F528C597 |
| SHA1: | 6753908440E5AA56188CFE9ACEFCA0AC6E3E4F78 |
| SHA-256: | FA06284905674FD5441D66221427361D5CC5E5AD133C4CD58D064B6E2A0E97A6 |
| SHA-512: | 00D7411B872C1A8E802B57765BBC4F8A8EDF298DBAAAE8F15DBA8EF2A57F600B610FC799DEBD173BD1EBA0E2F4E0E8049D135372BE839EC0E11B597975944E34 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1123 |
| Entropy (8bit): | 5.688906843919219 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XB4wkYzvfspLgE9cQx8LennAvzBvkn0RCmK8czOCCSJ:YvEfchgy6SAFv5Ah8cv/J |
| MD5: | B691768D355ACD3B2317C467258009C9 |
| SHA1: | E2E4CBA89B36BDF62FBAB7FDA52BB9A062F624BE |
| SHA-256: | 06D3CD6C6554E1CF9F62572BC6A7B21E1C62B636B472A00F281DF96E7EF9BA7D |
| SHA-512: | E6AE2FA92AD4E2D69626F76B92EABC4E8C9F0E9BF43C3BF28D98ABF75E64D6BEC3A618A96CF484D9863907F98E1921FD416E1D55F7C0085F796A86C77593FB90 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.302176462135683 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXB0BG00VrSXb9VoZcg1vRcR0Y56UoAvJf8dPeUkwRe9:YvXKXB45akbEZc0vfnGU8Ukee9 |
| MD5: | BEC962A8FB016465802DEE7EBCA0B4F4 |
| SHA1: | 60773A9DA0F74B9EFDF6973CD78D04C33F31E143 |
| SHA-256: | E92D1AFE89FBD83E67496D4B184B948D7607473B247ED3AED41167A5CD208B95 |
| SHA-512: | 36126EE25A589D5C82581B570763DD776EA184923BEE47D95129BE4D198813407CF843BFC5DB83C689016A46FEA8C220BD45343BA4CB881F69654509C4D561E2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.306345536243041 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXB0BG00VrSXb9VoZcg1vRcR0Y56UoAvJfQ1rPeUkwRe9:YvXKXB45akbEZc0vfnGY16Ukee9 |
| MD5: | 7246FD17373621BD421F04700BC2782A |
| SHA1: | 664537805DC783C3C0C4582B710BB2B00E814F98 |
| SHA-256: | 43447B041073A8A435DD202C015B1764E1E1F40BE3028422BDA88F8F7792A962 |
| SHA-512: | 5252C9348C9B3F66482D89ACCCD2F2A598B71C58694B7B6B82D0C5B64C8A85BB7327E70BC7E32F54319005E6CF44978C3D8E52D886995524285DF7618CA30094 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.311898960714371 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXB0BG00VrSXb9VoZcg1vRcR0Y56UoAvJfFldPeUkwRe9:YvXKXB45akbEZc0vfnGz8Ukee9 |
| MD5: | 68F282EF701186AC7E87D7609F200B2A |
| SHA1: | 5107515F9B0FE97BD9735F2DA45BB3EC6BAF76C9 |
| SHA-256: | 2599466C1240C8E917B0E6B76410E8DB12CADD8E07AF1EA5D634F951C755A6B4 |
| SHA-512: | AA33968E10131FA50E470FDC24912A97E3303DB07A3DE1698D564C1CE1FB4875C56C41EA4F2ADC48DE3780E2972BA49E51690AF6B22520464CD09C6FAC608570 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.329762658280664 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXB0BG00VrSXb9VoZcg1vRcR0Y56UoAvJfzdPeUkwRe9:YvXKXB45akbEZc0vfnGb8Ukee9 |
| MD5: | BD8558D4FC4A517120B52A4CD251E7CE |
| SHA1: | D90A2AD2B563566D35A9F34303C55CCBD5E348FE |
| SHA-256: | 3C5B709C2A7523434431D8975537FA653B979796D03B7FDC4CAB8579A167DE25 |
| SHA-512: | 8B91FEC7AA846D53AFCC4A101687B2DB65F6BF4F91A2C822E848D69A7EAD658D947137E48B8D0A0C11F99E45EBED3EC88B946DC9C86BCCDC221192E07B464CC1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.310328479949584 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXB0BG00VrSXb9VoZcg1vRcR0Y56UoAvJfYdPeUkwRe9:YvXKXB45akbEZc0vfnGg8Ukee9 |
| MD5: | 8892D905CB05643AF91C8FB6672B61E1 |
| SHA1: | 38C1982D7AADFA50FB93C714F8A65C9FCF52DDA9 |
| SHA-256: | 014DC51B2FD3831D4214A366FC636974877F6F9569E2DE0507087F10EE874F0D |
| SHA-512: | 176019F18E09F8F09801C6B11B04F2357A1868B26F1135C0CCD4B40B9714E2E0F8D9E6F210F4853C02F07FF3436A1E8D42FA9750EC0FA082C942B67337997881 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284 |
| Entropy (8bit): | 5.296242990675149 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXB0BG00VrSXb9VoZcg1vRcR0Y56UoAvJf+dPeUkwRe9:YvXKXB45akbEZc0vfnG28Ukee9 |
| MD5: | CCF5739C07D14EA8C12C457078A30549 |
| SHA1: | 8C7F32078979CDBB755CB0B945AEF9C6DC5054F4 |
| SHA-256: | A2873B2FB47BF5E336CB7F037CD18D37F4901A00BBEB488DDED3078CEE05D7D0 |
| SHA-512: | 880F3CB2A82A6C9D0CBCB5E87D0B964B53717B33FFD86E20F29530CB2C809CAF00F8700160D546CEB8D4CCAAE7FFD45EB2ECB7329C1C4DCC5970B6C322D914D9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.293804591506955 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXB0BG00VrSXb9VoZcg1vRcR0Y56UoAvJfbPtdPeUkwRe9:YvXKXB45akbEZc0vfnGDV8Ukee9 |
| MD5: | 0FA4043BD22E4F7467533E2C64E95982 |
| SHA1: | 1501454BABF7F55620FC29B2E0E4D807CDC58105 |
| SHA-256: | 6416A7855033FD8279124D2FF2ED04A808D92DB1256E0B74039E4FCB029E5556 |
| SHA-512: | D2B6EAA9B2CC06CD51C4BA1E4BE638C17CE3FB9A8796AD061C5CFCA33C3DF15560F8BD9782AE6591350401B55CA5AE784868D16A58A3F9551CFF667FF7A1D3DF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.298284625118611 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXB0BG00VrSXb9VoZcg1vRcR0Y56UoAvJf21rPeUkwRe9:YvXKXB45akbEZc0vfnG+16Ukee9 |
| MD5: | 809295E8554D618E8B65F4BE9DA5C551 |
| SHA1: | BDB043CADCB35D1174678FFA456366FBED5B67DE |
| SHA-256: | D28D08150853291DC8D295888A00D2EE1A5375A25D46675111BE477FD489DE68 |
| SHA-512: | 184FDD97AB5CA82182DD3C868AE1B001BF5AAACA98F09300ADC9B60261B4D74FC292FB7A1C003197024FA0C9044AE6FC3E76B6D9F22DC4452F63B2035398008A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1090 |
| Entropy (8bit): | 5.663542749149799 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XB4wkYzvfYamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSJ:YvEfuBgkDMUJUAh8cvMJ |
| MD5: | 6423595F04091FFA7C5D4427C4211A29 |
| SHA1: | 50427A2B8BA32914025E062611D1B2751CB43C74 |
| SHA-256: | 093774500C338944F84074E57D5B076F69AA453601EBDDCD36EC97DA8E95820B |
| SHA-512: | B1677040126C50ACF37AEE89DD23D44140486D658DF1058C8B9EF8377E313D4FB16BA110BC6E16154A731E067592B47DB8D06E4757515B5CFD6825E459E1F1EA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.272819669459879 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXB0BG00VrSXb9VoZcg1vRcR0Y56UoAvJfshHHrPeUkwRe9:YvXKXB45akbEZc0vfnGUUUkee9 |
| MD5: | FD1C4EBC3DD95E56FEA09526A68C67F6 |
| SHA1: | 15BA260A2596675443E8CD507CB1BC79802F26AD |
| SHA-256: | A4B0858E77F63A14877ACD4ED376E22EC56AE42970F5CC1316DE8765D46DFE1D |
| SHA-512: | 3D64E7E1D99672443558B21E48E549F238BC80EF7343DC53D5E0AFE946EE403A6F52E50FCC4A64F08A9F7D55DF9A8C3B4E88CCB56907819944FDA4FB2A7D2A7D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 282 |
| Entropy (8bit): | 5.279729514836226 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXB0BG00VrSXb9VoZcg1vRcR0Y56UoAvJTqgFCrPeUkwRe9:YvXKXB45akbEZc0vfnGTq16Ukee9 |
| MD5: | 3C97621067919F6725689D5277EF5DE9 |
| SHA1: | 585F5C97C25F21BBA325532B8FA7F6E7282F8531 |
| SHA-256: | D9D839FD86B5481CC89AE1B46C5BD06E96DCD98620718A4CE739253C8C5EBFDB |
| SHA-512: | 505A3B229D2A55A8DF50B76607B6FC0CBA38D55D65FC2F01E20D3F36EC069B19C98A0F3DBAB5C2A1D928266E25B0F1EEF189EA7787253D53515B7617666319FD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.131699156796681 |
| Encrypted: | false |
| SSDEEP: | 24:YTTaIEayPjMC1Pscrb2qnPTl4Gy9jiq01yj0SrV32MV2LSVCBHcQQgBzg5Nrb4Uw:YIj1scWq7+iDE1zVzYHcQQgBULrbx9XC |
| MD5: | 4873EE0D3C9ED341D4E1F7207EDFA455 |
| SHA1: | 00D63675B0F63CA958F2A74DC73B9102BDF7DB15 |
| SHA-256: | BA79ABB91DABEDA716E62239A1AC0297096D9E3FA3E96783B85D5FEDF9C2104C |
| SHA-512: | D70B83E9220B76D90A1DAC38A4DF30F89F9241A84B9839FBBC65D4FB71BB3DEF6C5AE29A609D049900DE079D9AEE881BF5BE6860436C43C5015BE040D7AB5D23 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.1887709742043302 |
| Encrypted: | false |
| SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUBWSvR9H9vxFGiDIAEkGVvp1Q:lNVmswUUUUUUUUBW+FGSItBQ |
| MD5: | 428EA755FD240482D421E271D1BC2DA6 |
| SHA1: | 10691A199099B777EE25E9CAFB1AE2E0DE12C70B |
| SHA-256: | A83C9D229DF29210F96B1E83567FCBEC55C4984CC4144923CD02D07625E93980 |
| SHA-512: | 50DF907A393F2785CE93A18A3244E26BD4BCAA3F5A264DC670C07EEE9FA4695B7C450E53237221854FCECABCA46E432C70AD7A2178DA8624AC17339E92D6A75A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.608488966562773 |
| Encrypted: | false |
| SSDEEP: | 48:7MhgKUUUUUUUUUUB0vR9H9vxFGiDIAEkGVvpqFl2GL7msW:7GHUUUUUUUUUUBkFGSItDKVmsW |
| MD5: | 9B1CAC14316969CD2DC7C0E723EA5CD3 |
| SHA1: | F872DC1C37629AB0F78D74DC50E693B85DE493F1 |
| SHA-256: | 3C09D8F7D0BE0B4CD1299C32F9EDE9040169824925B7763D3DBC0D4F069FE55C |
| SHA-512: | 7BFEBD0AF6F29D8FE926BB7DCCDFD989933DB7941F38130F61494E81235853B57E6ED5E655F763B181DB3F57FC4D7B2CAA5DC26FD5F5D6D041E0EBC2E70986D0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66726 |
| Entropy (8bit): | 5.392739213842091 |
| Encrypted: | false |
| SSDEEP: | 768:RNOpblrU6TBH44ADKZEggetycPPHvRWoIG4aqtj/kt4KYyu:6a6TZ44ADEgeMcPPHvRuTKK |
| MD5: | B900437F448B8AF9539BB6021503CB18 |
| SHA1: | A6E63A40B7B0C753B9AA3A40D27743D80569D918 |
| SHA-256: | C065A5884C4946916C5C00F6B9C97F750188E0E647BDCBBFD7AAF6B576B13556 |
| SHA-512: | 514EDC2753AFF609F71BA5A9B4E75A12F228F369BD6CD1520D5A1E56E5AE8986DC309090B7AB6A682C9D1187D7E3A4D40DB56E1D5ABA5285051F88D6A6DD706C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5085442896850614 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+pClE3ul4lH:Qw946cPbiOxDlbYnuRKZD3B9 |
| MD5: | 2ECAA527D2059ED93DCE2C7C6C671395 |
| SHA1: | AE35B8A227BD7BD4BA8A8AF4906BEBF614F810F0 |
| SHA-256: | 9B987DF7B21223A97E2BF1A856CFEB3F5269D0DFCADE29FD018CF1D70FA1FDC6 |
| SHA-512: | 0BA114650DAF87A767C019D70FE93399F6DC2B68DE093DF8AF6511183E1B45426E9EC38A0EB4EC6D5DE60E84613A01E3878D928BD67D75CAF261C37FAB323970 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-15 12-01-38-286.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.345946398610936 |
| Encrypted: | false |
| SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
| MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
| SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
| SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
| SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.3857922064500245 |
| Encrypted: | false |
| SSDEEP: | 384:1LNuV3MjXEFzULVTmK0KhDuHbwRn3ddBt+cSoAiWUTFp/FaUE7LzKlKXCTVQc3fH:1PwG |
| MD5: | 69CC3EC764312B0A5DB2889C6BE738AA |
| SHA1: | 7A5A5269815DE15571515E0820D7A49630734BCB |
| SHA-256: | 43452C9D5319C815D19C6D0EACA6B244E309879D86830163A650991EE109C27F |
| SHA-512: | 0277809B0D49E4842C26331EDD91222C6B4B78FFFAFC5C2A2EE0A98DC75123D039E7DAC60693E65BB7E2C7BE84222F0AE1904C83CFF06D78CF774814B7C5F86A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.388728096903671 |
| Encrypted: | false |
| SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r8:A |
| MD5: | C6E5F81AA60F02DCC1DDD7CE44C14A86 |
| SHA1: | 858C27107A354C58561DDF0D91E9219B334E4BD3 |
| SHA-256: | 106B7D155E76BF0F2006A199E1EDE3A289266275023DFD625D7B1871C3ADB001 |
| SHA-512: | 4527505352EFB86CC3967A315320EE36738F263D6F75E8BF163106317513E9B93BB0E425B094DAF98432FB56A07D91DC264FED676A588B639C5104F76ABFE8F8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
| MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
| SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
| SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
| SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7ouWLaGZ7wYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLaGZ7wZGk3mlind9i4ufFXpAXkru |
| MD5: | 13F55292D0735B9ABD4259B225D210FC |
| SHA1: | 810CC5D545BFA11D2825F6E1DFA69176794DA7EC |
| SHA-256: | 8C3FFEA68963D108599E8C5AE20DE6E9C473BF33197A03A9A7DDCD0F25A6C7F6 |
| SHA-512: | 4F54EDA9EB61172A5243DAA718CFF42A0BF079CC0FA7BE3553CC8B79772763B49F530DD6B54A9D595C4F46B8416ADF7D5C8DAD58FC43A5C651258E669DC375DA |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.933972048400654 |
| TrID: |
|
| File name: | 1844-24 Ellis Crossing EC - Meritage Job #70122449950.pdf |
| File size: | 94'849 bytes |
| MD5: | da12f982b24cf7c7f33cce769b557a57 |
| SHA1: | 22af9b6b85c890c0b39c58bca10198b5cdeaa1f3 |
| SHA256: | 821370b70b6254ee195bccdf44d289075198471e92c173444e33cb23c866712d |
| SHA512: | 5fcb0a4364474bfa3ba7b1fb7f830f200c9fe472b5255620a2d7678e497cfd59f7f2576fb95cfc022723cf8717d34571ef240e324732cdf37e6995fb9dc11611 |
| SSDEEP: | 1536:grIqtarb56NhB9tZK2ylsWfllZOZiy0hP/iya2Gkajk7pOwUkDVi3EpR5ZFYXmSt:g1crb5iY2yxfllYiphP/JajMpOd6R57A |
| TLSH: | 8893E0309E2C0A9A5DD360B35324D922D6750ED1024177E6BB3D7B6E2B9CD8514B48AB |
| File Content Preview: | %PDF-1.6.%......10 0 obj.<</Linearized 1/L 94849/O 12/E 90547/N 1/T 94545/H [ 461 154]>>.endobj. ..18 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<6D54142F70AB61A07E82BA108B13E9B5><56E14C9967E4504890D9B831FCA5626 |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.6 |
| Total Entropy: | 7.933972 |
| Total Bytes: | 94849 |
| Stream Entropy: | 7.938827 |
| Stream Bytes: | 93101 |
| Entropy outside Streams: | 5.299199 |
| Bytes outside Streams: | 1748 |
| Number of EOF found: | 2 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 15 |
| endobj | 15 |
| stream | 12 |
| endstream | 12 |
| xref | 0 |
| trailer | 0 |
| startxref | 2 |
| /Page | 1 |
| /Encrypt | 0 |
| /ObjStm | 4 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 17 | 21c9ca1e6e6e01a9 | b6704e20d5d76287c1f5adfdf047ae74 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 15, 2025 18:01:49.445791006 CET | 52492 | 53 | 192.168.2.4 | 1.1.1.1 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 15, 2025 18:01:49.445791006 CET | 192.168.2.4 | 1.1.1.1 | 0xb922 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 15, 2025 18:01:49.453583002 CET | 1.1.1.1 | 192.168.2.4 | 0xb922 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 12:01:34 |
| Start date: | 15/01/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6bc1b0000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 12:01:35 |
| Start date: | 15/01/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 12:01:35 |
| Start date: | 15/01/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly