Windows
Analysis Report
Invoice_INV-002296.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 5780 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\I nvoice_INV -002296.pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 3944 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6768 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 76 --field -trial-han dle=1508,i ,307818634 1101652738 ,150877182 6633930658 3,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1427906 |
Start date and time: | 2024-04-18 10:28:41 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Invoice_INV-002296.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@15/40@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.46.201.17, 52.5.13.197, 52.202.204.11, 23.22.254.206, 54.227.187.23, 162.159.61.3, 172.64.41.3, 104.76.210.84, 104.76.210.69
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.260473234083818 |
Encrypted: | false |
SSDEEP: | 6:s6J9+q2P92nKuAl9OmbnIFUt8z6JJZmw+z6ENVkwO92nKuAl9OmbjLJ:zJ4v4HAahFUt8eJJ/+eA5LHAaSJ |
MD5: | 33801B7C62691B3B5A87B460D15C71C3 |
SHA1: | C38E65858D2EE55C80747E3B7E5230A47EE6DF37 |
SHA-256: | E16938307FC3852FB9D08A599D7A738A83A8971954838B8037B7F5DDEE8D553D |
SHA-512: | 3605C2515C0FC9255CC7AA5525318F7445C07DD255D2D98ADE139AD49F4AB3902AC43DBDED4BC85148D0DE90555688F55EFA69BF1EF9694BEC86ABF12E867EDD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.260473234083818 |
Encrypted: | false |
SSDEEP: | 6:s6J9+q2P92nKuAl9OmbnIFUt8z6JJZmw+z6ENVkwO92nKuAl9OmbjLJ:zJ4v4HAahFUt8eJJ/+eA5LHAaSJ |
MD5: | 33801B7C62691B3B5A87B460D15C71C3 |
SHA1: | C38E65858D2EE55C80747E3B7E5230A47EE6DF37 |
SHA-256: | E16938307FC3852FB9D08A599D7A738A83A8971954838B8037B7F5DDEE8D553D |
SHA-512: | 3605C2515C0FC9255CC7AA5525318F7445C07DD255D2D98ADE139AD49F4AB3902AC43DBDED4BC85148D0DE90555688F55EFA69BF1EF9694BEC86ABF12E867EDD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.141239147861906 |
Encrypted: | false |
SSDEEP: | 6:s6Ycq2P92nKuAl9Ombzo2jMGIFUt8z6tSZmw+z6tekwO92nKuAl9Ombzo2jMmLJ:z7v4HAa8uFUt8e4/+eg5LHAa8RJ |
MD5: | 2A369F65F5BA5C68F7F5170DE0CDB18F |
SHA1: | F9AC6408C323A792C467EE02008FF87558A58365 |
SHA-256: | 719CC8687C3365AAFD12C1ABE292798ADF537A06FA237EB62184E6DA69138143 |
SHA-512: | 6D366818EAFEC11B0519327AE9CF519AE702F263176528E348D766DE46E28CAC36447C4B4AEAC1638EE9501982F07C5BB89C7329DF5C2CA3B87319C60FBFED9B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.141239147861906 |
Encrypted: | false |
SSDEEP: | 6:s6Ycq2P92nKuAl9Ombzo2jMGIFUt8z6tSZmw+z6tekwO92nKuAl9Ombzo2jMmLJ:z7v4HAa8uFUt8e4/+eg5LHAa8RJ |
MD5: | 2A369F65F5BA5C68F7F5170DE0CDB18F |
SHA1: | F9AC6408C323A792C467EE02008FF87558A58365 |
SHA-256: | 719CC8687C3365AAFD12C1ABE292798ADF537A06FA237EB62184E6DA69138143 |
SHA-512: | 6D366818EAFEC11B0519327AE9CF519AE702F263176528E348D766DE46E28CAC36447C4B4AEAC1638EE9501982F07C5BB89C7329DF5C2CA3B87319C60FBFED9B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.0559832668513085 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZcZ62sBdOg2H2caq3QYiubxnP7E4T3OF+:Y2sRdsBSdMHJ3QYhbxP7nbI+ |
MD5: | 4241927149FE90D02BE46C32F255B602 |
SHA1: | 78C0A3660666605F4AA1888607B0F6F3F3FA1F76 |
SHA-256: | 17572907E888C6C591FB98CAF3DC4D0D715A0484614FFB6C3EEE7113226FC272 |
SHA-512: | 494269CD39C642BC02259D3FA8D7130A7B06CB589A7500E119AE6FD0CCE9266939DA24EE0068EB689E0D21AEBECC8A2AD7064EDC47A5BA3AA7A439F07B48915B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\fc0ca26f-8100-4e74-a20b-07d8f9c92949.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.0559832668513085 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZcZ62sBdOg2H2caq3QYiubxnP7E4T3OF+:Y2sRdsBSdMHJ3QYhbxP7nbI+ |
MD5: | 4241927149FE90D02BE46C32F255B602 |
SHA1: | 78C0A3660666605F4AA1888607B0F6F3F3FA1F76 |
SHA-256: | 17572907E888C6C591FB98CAF3DC4D0D715A0484614FFB6C3EEE7113226FC272 |
SHA-512: | 494269CD39C642BC02259D3FA8D7130A7B06CB589A7500E119AE6FD0CCE9266939DA24EE0068EB689E0D21AEBECC8A2AD7064EDC47A5BA3AA7A439F07B48915B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.239862365008524 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUzBQ0QwZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL8 |
MD5: | E3308A4789C41F741444659EFFBA09E0 |
SHA1: | 3ADCD258CC84B1978B108EBDD2483B483962C0B8 |
SHA-256: | 5E017325A6E81EFF634F89440F80D7BBB0A9832AD8C06A6C7502DDE50B234175 |
SHA-512: | 7E4371D51D0F78B01AC2CE9835AC59D3AD94EF443A85F2D1988F625E79318F7C24C1C1756C60949D7920E12AE3A2151EB7A6422204C3E84E743DA61B9E785684 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.17786194210288 |
Encrypted: | false |
SSDEEP: | 6:s6yXEVOq2P92nKuAl9OmbzNMxIFUt8z6NZmw+z6xkwO92nKuAl9OmbzNMFLJ:zyXEVOv4HAa8jFUt8eN/+ex5LHAa84J |
MD5: | 27DDA9F10E1EC4BC33BEDFBF7B2B09F8 |
SHA1: | EA524604316A4517A1EAB4F04D113F5C7912552F |
SHA-256: | 00319C592EC3F758BA930AAD9282C9649B80CD58DB9976AA5EEAFE06CD89961B |
SHA-512: | DC498253759DDDABB0A2D9297B737CE73AC7B049960C58B289104BD3E9C66CD7FEB8E4C380BF2D10F7EC0311F90A6A72517C7D0F9169B80E321DA6F9EA8001D4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.17786194210288 |
Encrypted: | false |
SSDEEP: | 6:s6yXEVOq2P92nKuAl9OmbzNMxIFUt8z6NZmw+z6xkwO92nKuAl9OmbzNMFLJ:zyXEVOv4HAa8jFUt8eN/+ex5LHAa84J |
MD5: | 27DDA9F10E1EC4BC33BEDFBF7B2B09F8 |
SHA1: | EA524604316A4517A1EAB4F04D113F5C7912552F |
SHA-256: | 00319C592EC3F758BA930AAD9282C9649B80CD58DB9976AA5EEAFE06CD89961B |
SHA-512: | DC498253759DDDABB0A2D9297B737CE73AC7B049960C58B289104BD3E9C66CD7FEB8E4C380BF2D10F7EC0311F90A6A72517C7D0F9169B80E321DA6F9EA8001D4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240418082936Z-166.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.1661593758390136 |
Encrypted: | false |
SSDEEP: | 192:G9axncnGVUrvinP+Wdjo7h1tQJomRxtmv:GAh3depkEv |
MD5: | 5B49656A9300218EC09A39D74911CEB6 |
SHA1: | 714690A4D67A0C5ED46E6978C1C56F1334D7C58B |
SHA-256: | 2DFE33A9A42A640B491D4C9561AA4F2360F016ADE756693305FD1CA0A694B604 |
SHA-512: | 4F05057D081C346C353D53B61788FC27A40929D51ED896608E24BAB0E8ED8ADA42801C19083737DCB3E8A1C4B6AB6E04F84F150642279DE5DDFDE393D5B4B04F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.311775693773059 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJM3g98kUwPeUkwRe9:YvXKXtkkYpW7vGMbLUkee9 |
MD5: | 99A6CC20D615E65440A2614AD7927B4A |
SHA1: | B22E427B312902267A41F95F7D7ABF552F4B6E96 |
SHA-256: | 1C8C835CDA2743860065BAA9981E8FBF37CAF85F4A0AC00C5B5A99A5070928D5 |
SHA-512: | 14DABC8D6776DF90693DB4A6D69DE18C7ED6B917C4C754F4757A039733F8AA7001E184E2FF8BFC52A61C2E50FCCB4B02CC24605B8D9AB6A050CFD0A947654A54 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.245724686059657 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfBoTfXpnrPeUkwRe9:YvXKXtkkYpW7vGWTfXcUkee9 |
MD5: | 927F308C133751B01BB7E11C9B38DF04 |
SHA1: | 28E449495228AFAF037FDF506370AA8B45CDB68D |
SHA-256: | FC6E2F7C0581A926045ED33DDF7720FF9C8AEAEBB86EC7B4E1F84BED8E64F1DE |
SHA-512: | 4937AA6B54082C934A5FE52F0099C71E5913232155B1CBA2973959395384F16D2EB6B5EFDE0B13FFD928B78CC2977606D41CBC1FC80C11C4C53E38AE9B35F043 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.224394748483881 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfBD2G6UpnrPeUkwRe9:YvXKXtkkYpW7vGR22cUkee9 |
MD5: | 09C90F04B27EDD28E523EDDB24811D36 |
SHA1: | 6AB7A144BD902ECAB6D649CE2CE43C4EFC6BBA0A |
SHA-256: | 0BA0FE370DD84452EE70A983FB168E7B4A00CB996D48078C498E2864AA9C279D |
SHA-512: | 6A4852AA33806899B1083BFD6CB6C7641FD0F5FA45CC70B3C4C2E146945DC5A7B4634757EACBE52EE7A3D9504489D3E21E3AFDD2A88A93D8022ED7347271E92C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.288858476951762 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfPmwrPeUkwRe9:YvXKXtkkYpW7vGH56Ukee9 |
MD5: | 54E0530406EEAFA859838C5D64CFF98F |
SHA1: | 0E82C213ABA01A9C5945C4434EC8EA3FE4204417 |
SHA-256: | 09BA7F7DF66755B93964F578EA82FBF4020BD03DECF5AC2715A65166E42AE277 |
SHA-512: | 76E18B1C4E014894D4245C95E19F377CC613CA2C750518123F835B1D57A3BB729B305C52C7D415983428A2EC69BB43A814852B6E7A10A67AF8B329BE0CE262CF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.245679190335398 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfJWCtMdPeUkwRe9:YvXKXtkkYpW7vGBS8Ukee9 |
MD5: | CF6492FE7D20C8FB08D98AF2D7E104FE |
SHA1: | 113814B3DA2DA3690B0EBEBC62B61B0FAEF95DA0 |
SHA-256: | 73DC31F24D3572AF42FC614BC5223454AAA203F5916386B17EC6C0C5359B53D1 |
SHA-512: | 63D7C3700E2F5C752A6F9255D27C6459C70799403201FDBA1FC79735BAC8D3D70BC520083BF5CFEE45272A11B5369FA1ACC839A39081DD1235475875AA3F9316 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.231307491396863 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJf8dPeUkwRe9:YvXKXtkkYpW7vGU8Ukee9 |
MD5: | 40D31D2556C18A54A4D967AFAA559489 |
SHA1: | 1FA99B81DFBD48D9ED72A6349D5E641FC2165188 |
SHA-256: | AECE91E7C8E7825BF8CFAE91910E02F7D69B5DF474A82EB07D1C4518E7725E27 |
SHA-512: | A4E433F377605459F24EFCA086D1426B72D19DCF38F19A758F15B7A5A0118E0010CA5E2881A94D213E7FB487F13BE5ECADD99AB852579A5DB74211829A77A98E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2324518500894275 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfQ1rPeUkwRe9:YvXKXtkkYpW7vGY16Ukee9 |
MD5: | B11C121040D317528F8166BE571C2038 |
SHA1: | 5EC67E4938CE7B8EAED037A77B40B3A1F4BF5905 |
SHA-256: | 548FC6317F34598CF2C5346CEFCE3B1AA80EFCBB1C48BBAC7F8ED330ED5AE04E |
SHA-512: | 3CE2053DA93683A9DAA4D006FC96780DE6366A04A5C5CC88DF41489D27D749B228CC5AB08B4EA4DC839E142023671483B9B8FD6ED66F29CCC7BF12BAD806BC66 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.252278998153962 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfFldPeUkwRe9:YvXKXtkkYpW7vGz8Ukee9 |
MD5: | 2383D172516CC8541F68318AE1B15593 |
SHA1: | F6DFDF1D1221C70DD2DA4B6CF82F38F2AFB6E4F8 |
SHA-256: | 9A1D95E97D00E9AD52572BD259374E8C0BC4708D97C4278CB37C6B75AD9B6919 |
SHA-512: | 48F3AB4F537C774CCDC8F1BEDD5C3B2B2D55AFEFE519336C70B473AD61BFF4886519191F5DAF3D7262944ED98031F3454F7011C1CEE8A88A4A57DA5F79694B5C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.734718959786559 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xtk1i3KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNZ5:YvO3EgigrNt0wSJn+ns8cvFJP5 |
MD5: | D8ADE5E0BD2E3CC3FDDEC6403F4C8482 |
SHA1: | 6F35BF948B91CA0A4A568766147E27F8BDFECE48 |
SHA-256: | 45C27D7DE9A61247205A0A41D7E6615A066766D9075E99A1D1578985957351F4 |
SHA-512: | 64864FA187ADDD862FF94691969B2A5D649A856B5F707CDB70FE9E0BEA9F6F331779937C9F916A725C1504F716044CA3D5F3AE032E9142B58DF22FDFD67D5B7B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.239193775178807 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfYdPeUkwRe9:YvXKXtkkYpW7vGg8Ukee9 |
MD5: | A835B17E0E7D84C65AB357AE0268CA12 |
SHA1: | 916BA2D146FDB4F682FD153C9FD0C126A051C74E |
SHA-256: | 8BD4D5400E8A3C4B937FBE014348ECCD2DAD1870D45BD646067BB05E429AAA6B |
SHA-512: | E2D1311E4316C933815B7BBABCE2D3286BE8ECD39E246E06F3A75C8209ECDAF76A1E9966AE954C5FD6C487F0435416F53298BDCCD7B0ACA0CC5DB165F2A18838 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.771275124902558 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xtk1iKrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNR5:YvOKHgDv3W2aYQfgB5OUupHrQ9FJr5 |
MD5: | 1B88D7821698B39F34CDD2FFE7194D10 |
SHA1: | 28BBA76BB24CF10E1649527D44BC718A547DB1E4 |
SHA-256: | 406C755FD6F9355EE993361CEC853FE21F6F8C964A34271AF59022E2A74536EA |
SHA-512: | 3A7667EB9BE7A011CE9E6D2371E21E757046AA18C1B029C15FB943F56EB889A7E07FDB8162C38A80DF400381D54AC3E2EE804F2B154280301E7563BFE4298DAB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.223158785050755 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfbPtdPeUkwRe9:YvXKXtkkYpW7vGDV8Ukee9 |
MD5: | 702F54B9C00B27D938306F4B895C0E6A |
SHA1: | 7187BC4DCE825391199C48F5DAACD673C1484156 |
SHA-256: | 8F1A1C973D66C4F0C018CF0F6F56BA0506F238DE5FFEBFAFA9DED59DD024675D |
SHA-512: | 21B834C84BFF30277B9C96B7215AF8C6BDF3FD403A83B87645C20C644168690C6F3BF8FE29F2CF1DCFAFD4D115FBC8FA7FD92B340AB2AF431B95F66EF81DF6D3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.223990355377691 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJf21rPeUkwRe9:YvXKXtkkYpW7vG+16Ukee9 |
MD5: | 77C01DDF81A34A470EEF9781356BE89D |
SHA1: | 2C9251AA3D1A86939EA662E6F12E5B4B7DF00BB2 |
SHA-256: | FB00DE8768FF52C71ABF5CC9A91EE94E2B497D4AE56096550843D45EE4CB59A2 |
SHA-512: | 0236DAACD27748196DA57DE9F4BDC6CC3981DB474E77CB40FD84B964F66BBB0891822945A36BEB70304F30D544896BD82CBFB20303695D2DAB80CBD849D4FAC8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2465692410221205 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfbpatdPeUkwRe9:YvXKXtkkYpW7vGVat8Ukee9 |
MD5: | 85A7C81CFF9C13CA8B21F17DAFA9FEF5 |
SHA1: | 8A3FA99ADB88DA9DB4A7FF5A8A5AC8410A26534D |
SHA-256: | C36E671F41903C6B051579F31D0B93E29C30EA223D7802FB079B065CE2792A76 |
SHA-512: | 7306869770589BDA534F385FBC63220DC7020FAE24FF5FE2AE753DF6A62F480673C0524727847D30708C816790A2E891C3B2BFCB6428A7BFE2512B74F451D0EB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.198937488656215 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfshHHrPeUkwRe9:YvXKXtkkYpW7vGUUUkee9 |
MD5: | 77D097C5CD3F55A26FBE464E80D1801C |
SHA1: | 3DEBF01EF219E25F22539FCD8541F4A31CCA063F |
SHA-256: | 4C1EE0DB1A4293DBBBE61900AD4500D124BD8B324D7E5B5CAB1C3CF7C2625837 |
SHA-512: | 8F75F78500AADC6B9546CDBD2FE273CE9D6671291990CF595DBA6E688B32D3E11A01B0DD316B72BBA23FE0A4C5F0441CB135AC94432977B7BAEA513031C2147D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.356669693613801 |
Encrypted: | false |
SSDEEP: | 12:YvXKXtkkYpW7vGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWnV5:Yv6Xtk1if168CgEXX5kcIfANh05 |
MD5: | BFA7D982AACB5F8E8196A1E0999035F6 |
SHA1: | 587C044F2203EEBF27AE8294AF1DA893E5A3280E |
SHA-256: | BA84C9027989E88039052743D233F7F9F2E04AC2F2599D725B57D34E985F71AC |
SHA-512: | 958822A8F0784F7C2B8B5DBE13D7DAEF8056AF362C7464DF6FDEF086C8D51C7CCB7230CC309A6F0687758649F9D82E149CFD434778C628A121AD6D58E1A0E8AB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.13685989365381 |
Encrypted: | false |
SSDEEP: | 24:YsJjk4LCcwzZu0cs/5Ya9ayQxfU+JkBwjOn1vj0SwH/82oS2LSqhD5cq9R2H6ulj:YsJHaz03s/GS+JrgbxSchDh9Rw |
MD5: | 2FEED9A7A6AA3747C19A804540155098 |
SHA1: | DEC74CBE2AB70195FE2025CCC75F04DBF0825BCF |
SHA-256: | DDF74D6FA9B39D1A68AE6C7642D0313BBDC6FD0A6A6C02C0A5EFD54F0B1D980A |
SHA-512: | 4D066675D505A23041FA8019B2C1B31D80EEA3366F20F318032D5235E229BF0C3BAA078CDB643F89058A001A43678AF2168CFD8476ECB53492E2C37EBB7EF73D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.983625770803985 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sps44zJwtNBwtNbRZ6bRZ4D4F:TVl2GL7ms6ggOVps7zutYtp6P2k |
MD5: | 6C12853B7F708D362110114206C914B5 |
SHA1: | 04F886904771FEA642B7326D49D7D3378C24EB61 |
SHA-256: | 21F2D8B6579828667F2C9669D7B6EC088527FAB035FD2424276BD7D65D0A2CF1 |
SHA-512: | 5A8602582F0D116ABBB50B47FDECC9B8F3347675BE6FDD47CDF9CEC4EC9FF8D156E4A4366EF6ADE25AC83A2FCCDC5DA53CABCF9AD89B75C1A4D7AE32DE3734D7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3373215025208514 |
Encrypted: | false |
SSDEEP: | 24:7+t4AD1RZKHs/Ds/Sps4PzJwtNBwtNbRZ6bRZWf1RZKmWqLBx/XYKQvGJF7ursz:7M4GgOVpsEzutYtp6PM5Wqll2GL7msz |
MD5: | 13F1A35969076086FB735060169375AD |
SHA1: | EB2CD6384C07975169A9328AB8F643A2F97A9CF7 |
SHA-256: | 3D597BC9211DD0BB9E7C32E201502D556C0CA155D580962F7881A17D2ADB8B08 |
SHA-512: | 6C4FDC353C6251756352965E830F4580759D80C3436F38984D54FAA49F5B25CA031242A757DFBEC04CF9EB660159D65D3364DF5A1E1BA6BDF45F01F460F9795D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5309417490522437 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKkadNDw:Qw946cPbiOxDlbYnuRKSlw |
MD5: | E33B83A380FE854E0AC750DA47C636DC |
SHA1: | 0D6E0323CC8562B189855063ECB96D91084E90F0 |
SHA-256: | 0C763CE367C0A2396E3690B58CD3941D1D8B16168AC6FCF84967F2633CDAE7D3 |
SHA-512: | DB38168E452E29752A3A1D999F774CBF0F299611579EDC1939BBC9E746E69E64A6336C6B28F48BBF45AB9FFD297BE24B3B1D3C73EBB34689A96E0C46D9A290B9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-18 10-29-34-576.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.376087668515795 |
Encrypted: | false |
SSDEEP: | 384:aOsfEOBe5xmgZzcOrJkl7cp1i/9X5pSKxW4aC08xML3fVIeuaTaz4zOLpjMIHvfc:vE3vU7RSHe |
MD5: | 42C3649A4BCC9A95A35904151592F518 |
SHA1: | 04613F7A49703A6E4F947449B0FD3BC52E55CC79 |
SHA-256: | 498B84C5C23A09840FDEF15F3F54038C0F9C20A931324CB6E9A3891F58BB3A65 |
SHA-512: | EC75E6E86C8B1D2B3D3D3A6FCC74AC5D4265E833B572191A1C0698BF4BB0A9953B29B0519E4E8D852110EBA1C19B171A44007F626B09671A2855DB8177CFC98F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.400486251504405 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbF:J |
MD5: | 2ECFD80236150D1CA44CC0D81C77B22E |
SHA1: | 6B678B2F6C9DA25208AAE9DCBC68CB371B8D16D9 |
SHA-256: | EA3A69CFC59F3B8589BF11C3AE4D681ECFFB5D2DB4E5660C498558563C7ACD00 |
SHA-512: | 2CF03943BFF97F08C2BD479B6E501CE61EA292342197538332B2BE6120FBD2221AB95B5619A8AEAB809FEAF7D697E77A3AB930A030D8E4589D61B41EC03D8200 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru |
MD5: | AE1E8A5D3E7B2198980A0CA16DE5F3D3 |
SHA1: | A1DB2C58AFC81E6A114A8EB47BE0243956F79460 |
SHA-256: | 8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F |
SHA-512: | 5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.93906467101947 |
TrID: |
|
File name: | Invoice_INV-002296.pdf |
File size: | 40'517 bytes |
MD5: | 65ae0d0bedd02aeef55c5724c3e48f64 |
SHA1: | 3775b87ac0b57eae65191e5f400bf43db68d8529 |
SHA256: | 7c748acf4d4f8878aa72271c798ef2534d759a6b63188cb2e2d5f2c86a46e172 |
SHA512: | 8f36c4b37a6011b552ea0196f37eb44aeb727fb15ea1a8967cd33114911dd1bed63eb3ea83830207ba33778b15b45caad73993419a37656feb652a315aa3cb43 |
SSDEEP: | 768:J9G+fmc20bLkj++fSffrs5aAiASuoAmyEQFOcx3XeQYlIQe4fM1MqwYI3RlCDRGX:6Am6boj++qfjsB95aQFOklY9qkzRYGhh |
TLSH: | 1F03E1A4CC894CCEDD4FAAC4E561B66DCA61F36AC8CA52E005AF1F676080F6C77750D2 |
File Content Preview: | %PDF-1.4.%.....1 0 obj.<</Type/Catalog/Pages 5 0 R/Lang(en-US)/Names 2 0 R/Metadata 4 0 R>>.endobj.2 0 obj.<</Dests 6 0 R>>.endobj.3 0 obj.<</Producer(http://bfo.com/products/report?version=work-20200610T1518-r36819M)/CreationDate(D:20240417091858-07'00') |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.939065 |
Total Bytes: | 40517 |
Stream Entropy: | 7.987553 |
Stream Bytes: | 36662 |
Entropy outside Streams: | 5.336073 |
Bytes outside Streams: | 3855 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 24 |
endobj | 24 |
stream | 10 |
endstream | 10 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
9 | 09392629289a92b2 | 35621cf51184d38c00ac144e1be009a8 | |
18 | 39392629292a3a32 | 012bb2d8ad80e521cfe42d2b89ee8b12 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:29:30 |
Start date: | 18/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 10:29:32 |
Start date: | 18/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 10:29:33 |
Start date: | 18/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |