Windows
Analysis Report
MB & Fed Docs.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 1220 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\M B & Fed Do cs.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 344 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5668 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 96 --field -trial-han dle=1568,i ,108427682 6582800653 0,49918680 2111531910 5,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431642 |
Start date and time: | 2024-04-25 14:52:44 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | MB & Fed Docs.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/41@0/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.54.200.159, 54.144.73.197, 34.193.227.236, 107.22.247.231, 18.207.85.246, 162.159.61.3, 172.64.41.3, 23.34.82.7, 23.34.82.6
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Report size exceeded maximum capacity and may have missing behavior information.
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.196928287387296 |
Encrypted: | false |
SSDEEP: | 6:TcM+q2P92nKuAl9OmbnIFUt8WqdXZmw+WyMVkwO92nKuAl9OmbjLJ:T9+v4HAahFUt8WqdX/+WfV5LHAaSJ |
MD5: | D3E0DA05542AB4DAC7798DF05D9B4CE7 |
SHA1: | 2D0A1D57456FD0B69B42D9AB1C1454BD2120B1A6 |
SHA-256: | 068E92423C7E0A24048CAA74E306254D3FF506BA821C578671D5718596357521 |
SHA-512: | 4BC6AABE793751D2FF72FF1F5E832979DA7551F04E9F55D18F80A892A51B841481DC162A09B50E9418C5B505921E4761EC048DC29E04D306DDF7D2993902B78F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.196928287387296 |
Encrypted: | false |
SSDEEP: | 6:TcM+q2P92nKuAl9OmbnIFUt8WqdXZmw+WyMVkwO92nKuAl9OmbjLJ:T9+v4HAahFUt8WqdX/+WfV5LHAaSJ |
MD5: | D3E0DA05542AB4DAC7798DF05D9B4CE7 |
SHA1: | 2D0A1D57456FD0B69B42D9AB1C1454BD2120B1A6 |
SHA-256: | 068E92423C7E0A24048CAA74E306254D3FF506BA821C578671D5718596357521 |
SHA-512: | 4BC6AABE793751D2FF72FF1F5E832979DA7551F04E9F55D18F80A892A51B841481DC162A09B50E9418C5B505921E4761EC048DC29E04D306DDF7D2993902B78F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.199938807762304 |
Encrypted: | false |
SSDEEP: | 6:TiEjL+q2P92nKuAl9Ombzo2jMGIFUt8WiN1Zmw+WibLVkwO92nKuAl9Ombzo2jM4:TiEjL+v4HAa8uFUt8Wif/+WibLV5LHAv |
MD5: | A1E8A3066C55FD2125FB317AA2C9C23B |
SHA1: | BB0DF5556E57CF98AAE30FBA6D580E90E9AF07E8 |
SHA-256: | 6A3D1B7C26F199BB5809CAEE8C22B09E195CC9C79C0FDE9C341E62D1DD59E73F |
SHA-512: | 273B7F90B97BFC119A1F8DD6EE25A41427F256299C7A0B14CE41D7A3CE899088DCFBDF30C5E35FD5D30A1F47F45189E63C32A0819397B9B719FD1E1A8400BBC1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.199938807762304 |
Encrypted: | false |
SSDEEP: | 6:TiEjL+q2P92nKuAl9Ombzo2jMGIFUt8WiN1Zmw+WibLVkwO92nKuAl9Ombzo2jM4:TiEjL+v4HAa8uFUt8Wif/+WibLV5LHAv |
MD5: | A1E8A3066C55FD2125FB317AA2C9C23B |
SHA1: | BB0DF5556E57CF98AAE30FBA6D580E90E9AF07E8 |
SHA-256: | 6A3D1B7C26F199BB5809CAEE8C22B09E195CC9C79C0FDE9C341E62D1DD59E73F |
SHA-512: | 273B7F90B97BFC119A1F8DD6EE25A41427F256299C7A0B14CE41D7A3CE899088DCFBDF30C5E35FD5D30A1F47F45189E63C32A0819397B9B719FD1E1A8400BBC1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.063139707842253 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZtpyhsBdOg2Hxcaq3QYiubxnP7E4T3OF+:Y2sRdsipdMHI3QYhbxP7nbI+ |
MD5: | E5E17D40CC284C1B5D4592AE12626152 |
SHA1: | 49BEB4ED54AC5DEABEFABAF407B3A8EB2059410B |
SHA-256: | 203828E344797BE728B4B873D55E8506B801788CBF43BF0F056C96C6C04E113A |
SHA-512: | 3933EA94D1BE56E4D38822F27EC5777DB7BE088E236B1FBB58A2FD2BD4E030510425F6536C3DF3E5AC5169B778AC1F491F06766EEDE0272B91D128C950990CBE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\eeb7e4f9-7b63-4d5d-846c-fc471501937d.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.063139707842253 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZtpyhsBdOg2Hxcaq3QYiubxnP7E4T3OF+:Y2sRdsipdMHI3QYhbxP7nbI+ |
MD5: | E5E17D40CC284C1B5D4592AE12626152 |
SHA1: | 49BEB4ED54AC5DEABEFABAF407B3A8EB2059410B |
SHA-256: | 203828E344797BE728B4B873D55E8506B801788CBF43BF0F056C96C6C04E113A |
SHA-512: | 3933EA94D1BE56E4D38822F27EC5777DB7BE088E236B1FBB58A2FD2BD4E030510425F6536C3DF3E5AC5169B778AC1F491F06766EEDE0272B91D128C950990CBE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.246202141325017 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUSwzeSwgzzZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLi |
MD5: | F1B0FAC8542AE1B2A09DE72021C1EC10 |
SHA1: | 812C8EFD749EEE612617FE1A5E4DA0EFF13ED1CF |
SHA-256: | C033D67C4EB7B4B01F3D4E33AA70FE241C33DBD603AF46AA4AED68771FEF0375 |
SHA-512: | 6A1E4DE8D5AE93D0BD8E80812F2D0A4B72CAA48C6FA6E00EB8C3618A74A85393CDA2E6A3DCBE0F870F8DAB7C4BC9AFD1E2D22023C183ADB79F5F9596CE7639ED |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.180592863801733 |
Encrypted: | false |
SSDEEP: | 6:TWoqL+q2P92nKuAl9OmbzNMxIFUt8WWi5mj1Zmw+WWiHgLVkwO92nKuAl9OmbzNq:TqL+v4HAa8jFUt8WpmJ/+WQLV5LHAa8E |
MD5: | 83A9B402D688505DE094E572A561FCE1 |
SHA1: | 63C5D4A3F07A18549108EF92C3D28DC098B17679 |
SHA-256: | 592980976C3079B4F5803986F5AEF66E3874D90D17DD58F7D11BFC2DD103C43A |
SHA-512: | 376F0DD96092CAF00DDDC4BD65449352EE565B2EB1477B27177D56436B50F420D1229E5C222C284FA56945CDC4BBA52F232CE5AA141EB2ACF6E9F30EE1D5E773 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.180592863801733 |
Encrypted: | false |
SSDEEP: | 6:TWoqL+q2P92nKuAl9OmbzNMxIFUt8WWi5mj1Zmw+WWiHgLVkwO92nKuAl9OmbzNq:TqL+v4HAa8jFUt8WpmJ/+WQLV5LHAa8E |
MD5: | 83A9B402D688505DE094E572A561FCE1 |
SHA1: | 63C5D4A3F07A18549108EF92C3D28DC098B17679 |
SHA-256: | 592980976C3079B4F5803986F5AEF66E3874D90D17DD58F7D11BFC2DD103C43A |
SHA-512: | 376F0DD96092CAF00DDDC4BD65449352EE565B2EB1477B27177D56436B50F420D1229E5C222C284FA56945CDC4BBA52F232CE5AA141EB2ACF6E9F30EE1D5E773 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425125340Z-165.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 4.181458337093595 |
Encrypted: | false |
SSDEEP: | 1536:7g49FI2G2u/8fqHgAmTZ3GeCQ5sMlpL9bH1lh:7T9vS3AAm93fXi2N |
MD5: | 805C2EC87FC373C325878396226436F6 |
SHA1: | 700D7C45C4E8E5598969F571BD8A23063233E54A |
SHA-256: | EAA26F0098630EBD2EDE04B95B3A0B765A78F43095BDDECB873803CF725AB37A |
SHA-512: | B0D6422B6A046A9B77A377DBF190B3819CADDA73432DE04AB8D123C66884A83C0D3BDFBFC59356E8C06F11057FCA0D5814796894E6699E04ACF5A00CBC1A5B43 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3404290809688915 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJM3g98kUwPeUkwRe9:YvXKXtxe0YpW7FZGMbLUkee9 |
MD5: | 6CF4CCB282D1D488C7F7DBFFC3AA6496 |
SHA1: | A9D3ED3C50E3F239A298B38156E278CA8A7EC2B5 |
SHA-256: | F5FDA67D030C30949451FD310ECC34B52D3BA304A9F1A920FC353EE577625548 |
SHA-512: | EF4F59B834050C0C82BD0B3729A058A8012A5DC7531CE4351D386DEFA833FE1D8A972D0770DCB5FA899AAEC1A007C226B00CDF8B03E2F40C8599523FDE861B16 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.277878656918835 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfBoTfXpnrPeUkwRe9:YvXKXtxe0YpW7FZGWTfXcUkee9 |
MD5: | 4E572E71A9EA0B8646987D84C762C1FA |
SHA1: | 410C641572C6C76CBF0AA52A75AD7817F6CC407F |
SHA-256: | 720B124C61C408E95BC11E4A49371F4D6822A83EBF80C19BAAC0E4C9BABAC753 |
SHA-512: | F7CEF11429A237C6011F7DFBF299643E41A32F4568F1D107EE22220C3E51820B655124DF0441A9FD8D46A20D732AC0A411AE841B4EF19A4F91FC0CE5C6BEC752 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.256138152276643 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfBD2G6UpnrPeUkwRe9:YvXKXtxe0YpW7FZGR22cUkee9 |
MD5: | 31D46920BE34E59A8276BC4F9301F77D |
SHA1: | E7DB69F92B97C12333D1F938F7D803805B64B0C1 |
SHA-256: | 91CBC69089C67C3DA52D7F6E651ADACC7482D0D92E2003D0A7AC9386C6781568 |
SHA-512: | 4D6693CADAC398005839800917842B49A77865D2FD7D148F2DB5A777A9AEA660E1B4F15F604103E526491B480B625EFF97FAF8EAE1FD794F69DC386571526E54 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.318517246154466 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfPmwrPeUkwRe9:YvXKXtxe0YpW7FZGH56Ukee9 |
MD5: | 4A1C4E5768111ADA4DCE9DC182F0B0C2 |
SHA1: | 63EB8500C81C8FC0A45C74276A00DFC5423AB348 |
SHA-256: | 58D212E2C07B04B881B458FBE1B3FBFF8FB41B7EED62F73EC63A59580EEB7F89 |
SHA-512: | F67260A962250FACFB38628850B5754F2FE3E15F04B780637F89700874C8DB42AB37675DB0678F4B1060BA1D746237D6978E4B0B4276FAF783219E2403006B86 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2795696900748865 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfJWCtMdPeUkwRe9:YvXKXtxe0YpW7FZGBS8Ukee9 |
MD5: | C1029CDC98C52514E06955B6E6F2C0C4 |
SHA1: | 13626D0A1D0FE6643E2467BA2524EA410D05FBBA |
SHA-256: | F3A77F85DA58F54C603392291CED88C925249EC42ED2FDF469F9B6EAF14D8EE0 |
SHA-512: | 81D9591E59584AF2EDC43F4641B2390C9B764D4A58560DCC27060F23026D21CC4CBCE447A9EE377C414CF325A99C84919FABE8E81441B2951D3BE6CEBAF9B116 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.265170088041755 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJf8dPeUkwRe9:YvXKXtxe0YpW7FZGU8Ukee9 |
MD5: | 57F8EA628CF7D40DB0781D22AE36D3F6 |
SHA1: | 736DFC36441FB9E903B4EF82BC373ACA4BA6A8CD |
SHA-256: | 7B3B2D411782DB0F312A4A2DF0BBCB0DAA43336A49C82CB38805D2A862CE2386 |
SHA-512: | 4679DB7F1CF45BA8FD11D627613F18156371E60C7733D1EA7CE44B47AE36E02E8BEDFDE42CD0180BB491DC61B3DB5285A852282B3046A1F33C34E449B2819E0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.266153504183615 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfQ1rPeUkwRe9:YvXKXtxe0YpW7FZGY16Ukee9 |
MD5: | 6BA9BCD316D2AD473A76D606AE1CB26D |
SHA1: | 2491078D7E764600C9B2AE52B064C3D27D401C24 |
SHA-256: | A95B1BD83468F3BECC8180516E3F91537079EB07F4DB17A14C237D813DD95FDB |
SHA-512: | 9955C69385D0D86CB579E2153411CA8A4EE74247C5421A317A34D2D759B51F0B2AFE5467B3975016A88BA4CFB196F5630A3DB76E6E1DA1DB45F192917533699A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.285687147229627 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfFldPeUkwRe9:YvXKXtxe0YpW7FZGz8Ukee9 |
MD5: | DAFAAC5EAC4251679E74A9851443EE9A |
SHA1: | 744AA81DB372F7B82BCC2417715C2AD4B33D8D55 |
SHA-256: | 5996E3C2B9496307EB7AAA6B65E67C40C57375B803BC1D1BA524357B75ABA899 |
SHA-512: | 54C783E4F2B224E901EBD8D4D56B840E371C1C73BE54C9F47D47C4A6E52EFA951B9CB1A91C9537E1D8CAADDB98E2404B69EAC3D98699E3C0D8011BB29DC6E8E1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.739136117744216 |
Encrypted: | false |
SSDEEP: | 24:Yv6XoiFFKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNX:YvIFFEgigrNt0wSJn+ns8cvFJV |
MD5: | F6E6FE8104BBA3E3323EF4C7AF96174A |
SHA1: | D3D6BBB03AF90348BD8925E77BE980CBAE352823 |
SHA-256: | 10D4DF64C7FCCED29B1E2C09C478271C5CF5ECD5AC2E68EC707369C5429C513E |
SHA-512: | 041DA745EBDD8E5617DC2A5A66A19CEF6E62EF99C553F807348B4AE60E99B0416BFFC2FCA2613C87F82A7193EAEA023CBE1B5675612AEDE0A73514E22F033F16 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.27343607941386 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfYdPeUkwRe9:YvXKXtxe0YpW7FZGg8Ukee9 |
MD5: | D3EB87B101BE9A232B60B112E79A5B4E |
SHA1: | D35DEE61BD16503CA2A74074613F03484B41F605 |
SHA-256: | 63462645CB5C9B6F6BA9C49E34C30B3B96B8C44AA64AF2711B3F6718EE0CE1C1 |
SHA-512: | 93EF59CDE4BE21B095544ED9BEB2E5EBD3862EBE8BF0793A26FB7ADB59A54D63A25BE2AFA039DD4F28142A0BD23D483F123EA5C5471128EEEF54A91B8BFA7D89 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.778084929582163 |
Encrypted: | false |
SSDEEP: | 24:Yv6XoiF4rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNP:YvIF4HgDv3W2aYQfgB5OUupHrQ9FJB |
MD5: | 3FE17D2B86996F03CF43A234CCA36772 |
SHA1: | F84CE251FF400800DFA350E3669B870E897F67C9 |
SHA-256: | 9B0A9258C88BF3DC49D4EA7F749FBBAF37136FD99FAF5144DF7FFEE6EE85F3C7 |
SHA-512: | 8275A7762C5A9F37194EDB085F6DBCBF93FDA1A1F10108880D896DE4E8DE8795872B81794E43A3CFB3C5DB6F1B8B0733C93CFC2EF69FFC8EC621270DE51FCAF1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.257165746988659 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfbPtdPeUkwRe9:YvXKXtxe0YpW7FZGDV8Ukee9 |
MD5: | 149EFD5B8140D179D15E6B65269A5ADB |
SHA1: | 30BE5AA63D6A62C52BD60F033CA4F7E205D0BB25 |
SHA-256: | DF06F68FAD06238398E320723F931F12CD7D90EAC4956E1E01A49866F1CEF397 |
SHA-512: | 1F9A99342F9D726EFC04659DCE5572D9D3161CFD5E4400028C1CEB10F1075EA1BCA292761B7EF133172FAB9462CA072CDE75D7D51C077355E39FDE9A6AAD6998 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.257821531851545 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJf21rPeUkwRe9:YvXKXtxe0YpW7FZG+16Ukee9 |
MD5: | B0D84D32965AC51D0DEF0F960F21D7F8 |
SHA1: | 59812BDFF4A6C421A1CE81C3A7682EC8A8D37C48 |
SHA-256: | 39BB84EB9321C178A6A78DB463471AC561C7CB3A709119DF2E1FBB91B85DF1F3 |
SHA-512: | 7873A1F18DA93EEB80516EAE9A2AF03EF13AD9C03A5135F5680B3AFB130DAC5B23F7F0704501EDEC5ED517FE45776BDAE971E72D08F903B4EED692F3210C9E78 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.279977390097786 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfbpatdPeUkwRe9:YvXKXtxe0YpW7FZGVat8Ukee9 |
MD5: | 788FD9072136004D543FB689EA7287D5 |
SHA1: | C86AE065BA4B418BC6B3A93C09CEF27E7D1E3503 |
SHA-256: | 9E62C034F5DDAD4EC4952B6322A7E036BD9920E54284D9B9A328EA55AC961A67 |
SHA-512: | 194FD09AE51639FA3106261E705C7D962E40FCE60097D6525A6E46A873D070337E21690BCB0BB3BECF354235175E1A9728EBA4E298E02A464756FB46C9E59700 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.232696072862044 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfshHHrPeUkwRe9:YvXKXtxe0YpW7FZGUUUkee9 |
MD5: | 98567B004733379B79849E1A715C55BB |
SHA1: | 18765A09BBB9BE8C4D55A972D84D77524B772D23 |
SHA-256: | 17E7517A67EE079CD6235A0C23E857889231B5204979254AC09E498ECB071CDD |
SHA-512: | C13AEEC5535C0BD5CE6E197424C5468A99C9A5BACC8D15F8790411C44C6C32B55AC425283A4390A78DEA1A897ECC352685C99EE9BF8669520F4447295C9E7CE6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.367670787872763 |
Encrypted: | false |
SSDEEP: | 12:YvXKXtxe0YpW7FZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYU:Yv6XoiF1168CgEXX5kcIfANhu |
MD5: | 39884A2C1F922366A12B73080B9DBA96 |
SHA1: | DBCC6E0E5278AFC49E1898EC6FFF89CF4B88CB76 |
SHA-256: | BBA5181A05D63D3B9A79913BFA75E991CFA00027C0B1983B9922835967F9782A |
SHA-512: | B730268A020F2DB596B3BE304D435241770A10E6BFFD079754FB63FE7B19B38B461E570C1A6CFDCBD6A345EC2DEC62A759A3AAF21795000C57F8D811FD9FD9A6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.127063259564262 |
Encrypted: | false |
SSDEEP: | 24:Y6BW/EzVM8kYCc+YoeRLGbdVvaQMCayf/ZA/N4hjN5j0Svtr2jdb2LSpTBMs5J9h:Yb/wZcYdC5xR2NuNtNWdbnNMsX9h |
MD5: | A85D5585D7E7C607771EF478BF30BF0A |
SHA1: | 5767BEF01ABD4EB73856135647245FADEC435DA3 |
SHA-256: | B43A61DF0DCC330545E6B4D25D08F62C74176B881D35448D31A8B64ED062D2FB |
SHA-512: | 0CFD04E85C9924D8673A1808E3219C9A9C59AF91D4B0B943C4C587D05BF501D79144E1DB3AEAF6DE6823DCAA23C952FA1EE6FE742AA2483ED0718334B7CDEC1B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9839393630296503 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpA54zJwtNBwtNbRZ6bRZ455F:TVl2GL7ms6ggOVpAazutYtp6Pmb |
MD5: | F72B986E0C62E0A8660AB4BB06F397A3 |
SHA1: | A03E22007366EDB17CF0839FFB2B9CEDFC84C891 |
SHA-256: | 7391AB2EEE4C6345EE5B03FFB2E9AF6B7E95476F4FB97725B49995A7157592FF |
SHA-512: | 68723CAA72E2E9443D66484DB1B03128BFC4515CD669BF7D6E0A145B48D682545C42FDB5B32ABB7B450EA2C904B17C58C97ADAC1C3461550FBA9BD3A2DE8664F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3383296164835754 |
Encrypted: | false |
SSDEEP: | 48:7MopGgOVpABzutYtp6PM3vqll2GL7ms6/a:7LOVpAMa1vqVmsR |
MD5: | 4C6C1A21DFBC78205E01822036C270A6 |
SHA1: | F49954A2F5612A198300B589BC2EF8B7AC638F48 |
SHA-256: | 3ADE05AD2FE2E9B5BDFE62499CD9092C7E03910A9CD795A74B7B05606DF35E52 |
SHA-512: | BCA3C9C7AAD955A22E3E46F38A0D467263F7A80072B4FE2EF77CEC093904C92F0D191948AECEE2CCD13954BBE815423C4049FB5569A4D779DC0C354A489999F9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5162684137903053 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+aRb:Qw946cPbiOxDlbYnuRKG |
MD5: | F5A723D0D9D494D2FEA0486CB30DAA19 |
SHA1: | 6B1E399A50F68747500FE0F557AAEC49335C198B |
SHA-256: | 44637BDF0253A4A76A0AEC730A89A8D563196B8DE621904DC2BAFF5D75BC60FA |
SHA-512: | 291A1F9E5F7AD4F701F0E4BE640358D44CE1116B05045B7291BFA28685770ED918F4FBF2EDB094BEF84B6625FB30C2A6EC9C1F252503E2473CDAC99061C30BCC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 14-53-38-860.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.366591262119228 |
Encrypted: | false |
SSDEEP: | 384:XFxsCyrefIAVidSAl9T/aD2W1uozF1rIvw280t/44uHx5elTiaT7G7GjnRYbQ4oV:6Fn |
MD5: | EEEB1075ABF2CEC7A10BC0D1A13BAE3E |
SHA1: | CC9F69A87945573CB165E3ED67BE5913827E6B78 |
SHA-256: | 3705A8C414DD282AFCE1FC8DE8F4A5CF4BD7DF0E22B84142FA665C8CD906CC96 |
SHA-512: | 50B6C8805AB25EA9A539BF332857613FC41ABECE3BC41BB75DA659152BA23B439CCF58853994988CF71AC1B8B26069A6F653CB74E2E29D093673B9760226A23C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.391366039512032 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGby:m |
MD5: | C1E99F946A4D00B5C89142D5AC6C45D7 |
SHA1: | 7E4D04B45D6D390B4D61CF56970DA41DEAE5C9D6 |
SHA-256: | EB0544AB505DC2F4D0244A17A2CA4CA19F2D5711864BA191710EE47798D03A07 |
SHA-512: | 1F5F4A8FE9FBA4B4973B7EF807F77CE30119E4FC6D06F74542E0CAA9162DBE286CD8CDECB77FA96A9577C59DB2D676B4D53B8676E81B9A5842F62B93185B0F3F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.875549098833751 |
TrID: |
|
File name: | MB & Fed Docs.pdf |
File size: | 4'028'742 bytes |
MD5: | 752791345cb7add0b6b550b7084a0462 |
SHA1: | 33bd2ec64ff8a6ec1700cde312393d524cdd9538 |
SHA256: | cb53e4d0f67225e1d24a20f2b2c5e500e19f66a94c832a305b59363a61d0e02e |
SHA512: | c085f2ff1a80e2bf3453f425ddc1fe787a8222d8e1ffbd151092ec3ba99bde6f3045e399c46f3bb8719fd51c8ca52358000d5da61643c072495db82eb44bd3d5 |
SSDEEP: | 98304:zqJlKnKkCOVnBy3K2hy6zmRLFsnWOv9m9QBPfTRu+/834mtE:zqsFCUBy306zaFKHU9QBPd/83g |
TLSH: | 4F165D1388049B43A53997E8BE431F6C1F5A7F1CE98279FF10664DDB7E602621C9E42E |
File Content Preview: | %PDF-1.5.%.....11 0 obj.<< /Type /Page. /Parent 3 0 R./Resources << /ProcSet [/PDF /ImageB /ImageC /ImageI]/XObject <</I13 13 0 R>> >>./MediaBox [0 0 612 792]/Rotate 0/Contents 12 0 R >>.endobj.12 0 obj.<< /Length 76.>>.stream.q.Q.q.W.0 0 m.612 0 l.612 79 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.5 |
Total Entropy: | 7.875549 |
Total Bytes: | 4028742 |
Stream Entropy: | 7.875296 |
Stream Bytes: | 4025679 |
Entropy outside Streams: | 4.986348 |
Bytes outside Streams: | 3063 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 23 |
endobj | 23 |
stream | 10 |
endstream | 10 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 4 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
13 | c547737b7f7b6f88 | 1716ea3c611accf9e4c92c1d0bd7c180 | |
17 | 7373777d7e675d58 | a2f1ac99b81d643405ba07111b7dddf6 | |
21 | 4d477f7f7f7f77cc | 128d29dfd40586e264924ec97f95389a | |
25 | 7937777d595c00c0 | e7b945e2c98675bee411593f6112afce |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:53:35 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 14:53:36 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 14:53:36 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |