Windows
Analysis Report
$DS_122189.pdf
Overview
General Information
Detection
Score: | 22 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
No malicious behavior found, analyze the document also on other version of Office / Acrobat |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
- System is w10x64_ra
- Acrobat.exe (PID: 7124 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\$ DS_122189. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6408 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6460 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=15 68 --field -trial-han dle=1584,i ,182603290 1698983363 3,50867476 5480238495 1,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- Taskmgr.exe (PID: 5772 cmdline:
"C:\Window s\system32 \taskmgr.e xe" /4 MD5: 58D5BC7895F7F32EE308E34F06F25DD5)
- Taskmgr.exe (PID: 7948 cmdline:
"C:\Window s\system32 \taskmgr.e xe" /4 MD5: 58D5BC7895F7F32EE308E34F06F25DD5)
- cleanup
Click to jump to signature section
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | Mutant created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Boot Survival |
---|
Source: | Registry key monitored: | ||
Source: | Registry key monitored: | ||
Source: | Registry key monitored: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | File opened / queried: |
Source: | Process information queried: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Query Registry | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 11 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.159.61.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
23.221.240.182 | unknown | United States | 8612 | TISCALI-IT | false | |
54.227.187.23 | unknown | United States | 14618 | AMAZON-AESUS | false | |
23.45.148.189 | unknown | United States | 9498 | BBIL-APBHARTIAirtelLtdIN | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430202 |
Start date and time: | 2024-04-23 10:06:18 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | $DS_122189.pdf |
Detection: | SUS |
Classification: | sus22.winPDF@19/30@0/40 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.221.240.182, 54.227.187.23, 52.202.204.11, 52.5.13.197, 23.22.254.206, 162.159.61.3, 172.64.41.3
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtEnumerateKey calls found.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4270b459-67c7-4e41-a957-f499647b88bd.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.991744691118462 |
Encrypted: | false |
SSDEEP: | |
MD5: | 42C41C2B8C909AEE33A0AE74579FC684 |
SHA1: | D597EB0562A1C25E19DED5DE7CA208559C7BEC8D |
SHA-256: | 6704094A924A1A4EA67E639C1E0F63130FD023AFCD7A49FF4EA191C1120D3426 |
SHA-512: | 5C6371F1A71A6053A85CF53A3064B35F4F0B49E06F902B5118B2CF579B9E2EAFE8B73D4A98F063AC609D3C48D94D7690972AD8660EF00187AB6167E197778808 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6cfcc1.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c4da8eb5-d248-4d54-aeab-3f489e965c68.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240423080650Z-159.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.5502926796178695 |
Encrypted: | false |
SSDEEP: | |
MD5: | 910177B4A5DC6F3BD9C3A6614E701397 |
SHA1: | B751D7195D96AFFD8A43E306F45CB165BF736530 |
SHA-256: | 4A378096C6F12127BF9C22DA1F15D4A68A963F5B3D25585C3DFAAE231E9C497D |
SHA-512: | AAA906A5950E03B3EC4528B689442DBCA38F8FD72A08D29DB6ED4FDEF70F2AFEAA3F1BF9734618E1351ABA01B5924671C14EB179178E4BB71DA4AE5465528C4E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2148109902598085 |
Encrypted: | false |
SSDEEP: | |
MD5: | 98540105852BBAB3672E40B91D233EB2 |
SHA1: | E60E7195A908A2C7A8E7B9E1DE1BB02790627AE6 |
SHA-256: | 1DE811E655BFFAEC191CE0CC250311DC22AC2F8042D497C647BCD90E125A2406 |
SHA-512: | D26608BF207FC80B3787E9E8B2E7EFE209300D9C10B93D802C8B8D3D3086B7CF1D0953D0EDDBB2D80EB9CDBE1C2772F5D4BB9EA94E4B237672AE3F28EF2840D0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.385535507819151 |
Encrypted: | false |
SSDEEP: | |
MD5: | F0A6A6E5647D8D10B265F245463C15C3 |
SHA1: | BDD455C59CAE564B10CC137A5AFA4DAD5D18A887 |
SHA-256: | AC1374B88381275904453019BDEFE413353EA71521A8D788F6D91BF2C13733FF |
SHA-512: | 023836449FDBB4109CB256C08648F0D6F0435289F30178C99C2D7CA965E7FA4B26E1EA0B65FBE2674BB1669184D93D76E7B34467BA9BDDA407984104E68A559E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.3327209406492715 |
Encrypted: | false |
SSDEEP: | |
MD5: | E380D5551229AA5BB16B5CB17A5AD673 |
SHA1: | 5B638A94C25710EACA1910BF680AF958C3F545D1 |
SHA-256: | DC4AB625A46E5487A03041A4D94650433F2056F0EC9FCC0C34B9B9A195ABEA8A |
SHA-512: | 122770045CB19FFDB191F17CAB6A383CF0BC51D77B586A73BF480A535DEF9AC760016D76A0B6E35B46D4727987FE59F862D842301ED43A48F1B12AD360A55144 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.311715976044347 |
Encrypted: | false |
SSDEEP: | |
MD5: | 033F6A1E3EEC9A1BD0323D7476B9A4B7 |
SHA1: | 9FC1C5474B0FCB45E4DBAE16F7E31D975AF7B8A4 |
SHA-256: | A462B055B757134DDCC01B6F4AFECD34604DB36D3ADF37F34AA20D85A26FA938 |
SHA-512: | A57F72BE0CAFAA4F0A95D23D6EBEA958FDBC5EA1B838C7B20FC651FADB66428BE22D8597147CC54341F08485148822ED657109DD43C9C606F690609B498ACC43 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.374693665735653 |
Encrypted: | false |
SSDEEP: | |
MD5: | C71A5A07521C1706EC79B46FEDB7A37F |
SHA1: | 8492B0FC1A270BA1B6A91CA34D1DCED708204FF2 |
SHA-256: | 538245A4EDDC53FECFC5891A0516A27E781E3C9D33EDF75D34CAB8082F8D140C |
SHA-512: | 2F609146EFDCFEA23948C0F39B5B4D491E8307C3DF193E8AB7F4C40E3E2BDD408D9C71993F0660BDF4DBE84C933F4A81870316E7FA762956FF6973826D75874C |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.335476235267384 |
Encrypted: | false |
SSDEEP: | |
MD5: | CEC084F1C1804E25F54F76248F1369D1 |
SHA1: | A30CD09904C141B3F30EAC9DF282D9D76B5EFCA6 |
SHA-256: | 96F14860B2AD6616ADC62CD4C0994947E699C29680D24B2075CB084993DB0F42 |
SHA-512: | E6502443A269095DFF743CFB24DDD306597D373F72706FCBF33920C0EBE754DF69B02AC1754C012F4420208A0061CE0A0A58CFAC3999CA480290F5E27DFDA973 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.323127156536532 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5004A43A5B7A005FDAFC1AF85EDDF66D |
SHA1: | 7E9E212EDC42838CA46AA96311A4F9E318131895 |
SHA-256: | DA25A58939A59937F5D2DAA8074EE6C706DFEF884EA1F46BD1CC66B114C807D1 |
SHA-512: | 271BF6BD5ED7DDFA6DE3E7394C4782786EA29DCFE4B5E3C1908164A712FE3CD334258B9C6A8FC92B7B7FAB17CD83AB7EA1E5532E0B834A1D83E8F71671C07DE1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.3255418009067235 |
Encrypted: | false |
SSDEEP: | |
MD5: | 25D5EA15A12CA7C754209F572F0853C8 |
SHA1: | 23A2453EE29D64229A088DF6A7600337B7D3D2ED |
SHA-256: | B2B886DCD9436BBA875E682A3C0AF55ADD25C18E40FB24B8AFEEDEE83BF6B40A |
SHA-512: | DDA9C9E8EF2D0CE4F6A98762F0F9B4DB4E04BB4BA34B03D91F7279C94132CEC222DCD045050416C23EA6A16DA32952FDA13E8448FA2CF7D96FBEB59FB94ED837 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3329353725496835 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1B1169EAA79E369F3836D1E9B2E6DCBC |
SHA1: | BE0AFEC43C33ACD58EAA0BF01AEA5DEEDF196AAF |
SHA-256: | 85D74A8CE8D1C47A20EB3F73CE2C8F683D9984944572E16BE0489377689232D0 |
SHA-512: | 8CC2D7FD0FCA509134157EA54C844F8C9D81E78D8A61FD888349B82892FDA15D80BF47D4110B8DDC9F612F2477301CBC19766C396F7172C58ADF790239280960 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.744194277241329 |
Encrypted: | false |
SSDEEP: | |
MD5: | 350EFCD8BE3EEDDF35A85E24B94782E5 |
SHA1: | 02C4DB117F97D324D64C6CF1292EB9BC43D4FB90 |
SHA-256: | 9862311EC6E4A501D49D2BD11C053F66F1A125D7FB20253D362C5E38A435C3D6 |
SHA-512: | 94E97C1DAACFFD0C5A6771A4793AC67D9114085C1502823F10E11401AFF3FF4A3B92164B5D6763A5C43BB844F9822136739B5E29208CC87343C06498AA310154 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.32891779962409 |
Encrypted: | false |
SSDEEP: | |
MD5: | 483D2F1EAB2A2FA3716D1145C7E3FA30 |
SHA1: | D3A2CD74F3D0847D9A56A84968C6D80FC87F4002 |
SHA-256: | B4621CC10F752B212473BAC9267484F336DD6ECA9572DCBC7675B47F3957FBA7 |
SHA-512: | BB046EE994B7F6391C4BF930B879F1D235DC6E101975C68096F5663E8800A5CAAE852FFDEC61B3365641F8F0A2FAAD8324DB367111F193272BA1A4E16163CD50 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.779735897976201 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2D9ACCD30602E9FCB2C2B2B2D4A5A661 |
SHA1: | 8BAD5F03E45D337EC67AC3759CA6B0D5D5E91226 |
SHA-256: | C397F3AE8096A8AEBD2821713C58C1586F24133BD45D40DEF5F13B0AF4E88A76 |
SHA-512: | C62C1A7187D6C4893B7EED017FC6628B24D53806A948EC872C3720508162CD0955F7CD1D8909B5462FFF44AADE77F4FB0C6061A41693C51DFBC94D5002B85E79 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.312266149534214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 27F1188CA5BF3476A5C39B70D5F999CC |
SHA1: | 755D9EDEF018590B4FF6C7F050418152358E89CF |
SHA-256: | 7AC9DFE7647D93E3A0244155499605CFAFFB0CFF022201F8E1A657B2E264AADB |
SHA-512: | F1BDB5095E6772E2FA41407379F1F32BC7FABF81CB168B1BEC5CCED672355B077E9A1BFB8E2D1160B231B6A0F2D22744A270F7F4C001EAFE5B406B171D58E234 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.316047735378944 |
Encrypted: | false |
SSDEEP: | |
MD5: | F2547B62259B483148E59DF020032B6A |
SHA1: | 5A921A3C76DA51F9C8E9FB6FC8F474AF705033F7 |
SHA-256: | 735DE05ABF22AFBDDB25BB2F3CF66FFBA86FBC0513D26134B6C01ED2390CD052 |
SHA-512: | F5752C77DA76DEA74D5A4078B2CACD16300BF2BA7EC431B8E5A5D6BBAB6F58BF1E37BC5C3AB67384917E5BA1132AD7279AB3121D1CA4D4238C1F0A902277597C |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.335752928382237 |
Encrypted: | false |
SSDEEP: | |
MD5: | 076E9CCA851A79DA732372E76209C7BD |
SHA1: | 9062D9A4DCB2756C2A9A1981A01324548DFA63FB |
SHA-256: | 2D927BECB1909A1426D44BC7BBE12710A98F62737CEA3DA1A6EFD70001CB8049 |
SHA-512: | F7DC3F88C2ACA56049EFB2C783F4F48C9F13023963DD17F0FDBAC2B02FF441166207631464B98351ED321F04DCEA43E2E9D284E797D51E35001D1939CEDDB2AF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.292802169613044 |
Encrypted: | false |
SSDEEP: | |
MD5: | FE8195B11D4D3EF9A129FC1F09E39DEA |
SHA1: | 0D15DABB3410B3824F3AFF79BF1B64CC46AF82D1 |
SHA-256: | 2B8276AB7233E59F0D49B291C2D2BFB847D0F4BE64D7FBBDF938E97EF0E26C1F |
SHA-512: | 097F35EB06C6FCB295A140B496FDCCBB5E974C0B2FC6D20E23D3B24664A9CF8DE6DD38B57D456CE2F372D201E6E5AF60D617E979C8EE0934ABCE44DACC838E50 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.378723564590521 |
Encrypted: | false |
SSDEEP: | |
MD5: | F6755E7F355184BC5E1520FB8AEC39F9 |
SHA1: | DC205A497139C7E69E6EF012FBB9B220585773A8 |
SHA-256: | 160F84A18F52EB8CD4360DB9AF86513CC3803978BCC4EF4F9205F0FC715B84A5 |
SHA-512: | 6B766BB8F4E26A15FFCCE5CAB787099C88B5EB18759982C9212D9E7B203F370ECD34B33B830142FFC13FEE2D4FB9A1FC2C84325F948CC843573E5DA0C8387394 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.133757607820949 |
Encrypted: | false |
SSDEEP: | |
MD5: | A94B746DD6DBD540744C03AB353BCBE7 |
SHA1: | CA089B6683B3D0E3BFB21318A864E9861D6F5B16 |
SHA-256: | B97509C2435FD7F6DF646175F4E6C428C434AC766EC6A9E7E5F63D90D596FD26 |
SHA-512: | C5F61153540E13A34F83D1727EA03BD6C4130A910C5485A874CC7524BA4FCB8AAD7AE1CCFA2B3612649AFB80A4A9CDC4755509B76DBF035D07D383DBB73733FF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9867372276215678 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C11EDD61DFB52EAC287E672A862DA9B |
SHA1: | 2078F7708A5999E8036C9F6925C4C0A3B21E4778 |
SHA-256: | 39CF52A5340CB3179FF09EA93EB024226E019D4ED26CA5333565C9B43A9DB6C6 |
SHA-512: | 35F806F5EA3132AFDD6ACD4979846DAEB5D88321F8D92267050EF2C266BB455247F90A4D1846E942CD5F41501C7A9EE2EAE68DDEFF33A2572B06E576C569FBAF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3421902885735948 |
Encrypted: | false |
SSDEEP: | |
MD5: | D3917F93A1648FAEE2931E3DFCDF8953 |
SHA1: | 79F0966FF737B0E50749BCE8652F2A8180F0B33A |
SHA-256: | BBF07D74280DA06064AF2A73BE787B250D72948FAF7EDC3C465E74943756327E |
SHA-512: | B246FE6626102D7B8F4F67630D5E27AFF511C7A8D7D51407809E2BFEC4F9219CD5ABA373362CCD78FBEC59273D6FBD057A55CE04DA28F55FC13A530B117D6CDE |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Download File
Process: | C:\Windows\System32\Taskmgr.exe |
File Type: | |
Category: | modified |
Size (bytes): | 4 |
Entropy (8bit): | 1.5 |
Encrypted: | false |
SSDEEP: | |
MD5: | F49655F856ACB8884CC0ACE29216F511 |
SHA1: | CB0F1F87EC0455EC349AAA950C600475AC7B7B6B |
SHA-256: | 7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA |
SHA-512: | 599E93D25B174524495ED29653052B3590133096404873318F05FD68F4C9A5C9A3B30574551141FBB73D7329D6BE342699A17F3AE84554BAB784776DFDA2D5F8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5309417490522437 |
Encrypted: | false |
SSDEEP: | |
MD5: | B8B8B460A780B85C7080D01258833658 |
SHA1: | A78E9D881B7A75AE8BA945548D95094B145609EA |
SHA-256: | 6486B88C7272E01DE054AB5641DB70E67A0151212621777CCF022AC3273C6BEB |
SHA-512: | 4434DE62FD010EF8646CF338B565E3DB5B53192C8E951292752EFAD43CBB0982B1830A2572BBA07B17BD14B6EFEDB990A19D2CA06910488463125745E3F548B2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-23 10-06-48-305.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.417998646406768 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6382DBFCA6CC0C144C87780D230CC58D |
SHA1: | 7893819462B49E7A5F87AC4C150702DE12546732 |
SHA-256: | 444E51F25BA8A58CEF2AB6DA9B32D0CDF08D8C6B625CC1618E1E49FD0BCB448D |
SHA-512: | 46565D378AD8203CD742E35851E8D6EBEA3C6CA7038C5D033037C1F26B007AC015DA3B395CC0DEB4AE4685434B4DCE67C6FAECAC252B952B7981473C6A8304CA |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.798856320987464 |
TrID: |
|
File name: | $DS_122189.pdf |
File size: | 259'549 bytes |
MD5: | cfa36c0f6cacc9c47dd1e30ea80e7701 |
SHA1: | 8932c26ac38a4537767ae0cbd6fcde32e16eac2c |
SHA256: | 8b464491752c8edb5a64c1891c0ca07845e02648d27045356272ba2d0f7b701c |
SHA512: | 9e3481c67c87b4af27cab11aa42377cf3b7f6ab12a091c6d499c66cf6c6daf587ce1d38128807dbfde24aa65e1c2b89760dd4457f3c8f99126507b4c544b752e |
SSDEEP: | 3072:ceUHwYJxEHaubwqMVEOTGaW/a4tMON/+2ZfAoDjTWbZ5VbgYvKwxLixLUK:ceqXWbwqefT7ZON/tZfAoDjWPJixl |
TLSH: | 4844F168A4C86DECD5A2C7F37F3DA0816B9CB327C1CD90A2996D4E935907E855CE3413 |
File Content Preview: | %PDF-1.4..%......1 0 obj..<</Lang(fr-FR)/Pages 2 0 R /Metadata 3 0 R /Type/Catalog>>..endobj..2 0 obj..<</Kids[ 4 0 R 5 0 R 6 0 R ]/Count 3/Type/Pages>>..endobj..3 0 obj .<<./Subtype /XML./Length 1130./Type /Metadata.>>.stream.<?xpacket begin="......" i |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.798856 |
Total Bytes: | 259549 |
Stream Entropy: | 7.813267 |
Stream Bytes: | 239048 |
Entropy outside Streams: | 5.095638 |
Bytes outside Streams: | 20501 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 109 |
endobj | 109 |
stream | 20 |
endstream | 20 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 3 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
7 | 000001000d3d3d03 | b5ee4937703e3d3bd4591d544f0ff858 | |
8 | 0000000094aa2080 | 138ac50dff1ed2337a51e4c92cc88678 | |
9 | 000101494a840080 | e4f981ef4cdbe302ab13f285d40df39f | |
15 | 00020697b5290010 | f70c7198c11dd57573ea2b56733e44a0 | |
16 | 0000000094aa2090 | ad0b4434ee73776e2d8723230a536955 |