Windows
Analysis Report
Obaid_WFH_Check.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6640 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\O baid_WFH_C heck.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7200 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7376 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 84 --field -trial-han dle=1736,i ,109499303 0833009636 6,41830563 5898412976 1,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431808 |
Start date and time: | 2024-04-25 20:04:43 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 54s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Obaid_WFH_Check.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/44@0/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.31.60.185, 18.207.85.246, 54.144.73.197, 107.22.247.231, 34.193.227.236, 104.76.210.69, 104.76.210.84, 162.159.61.3, 172.64.41.3, 184.25.164.138
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.121745694127591 |
Encrypted: | false |
SSDEEP: | 6:3l1Slyq2Pwkn2nKuAl9OmbnIFUt8MlKs11Zmw+MlKsjRkwOwkn2nKuAl9OmbjLJ:1syvYfHAahFUt8aKsX/+aKsjR5JfHAae |
MD5: | 7402F5993BDECFFC2217604CA20783C3 |
SHA1: | FF90501CB50B9B912BE81440571405AFD875E706 |
SHA-256: | 0967291396DC97288898659A45E70D7FF7DDEAD328E63399F3C183BCE331860D |
SHA-512: | DA2D86AF59C4139F637EF354430A00247C54C32188781D88109435B7D1E1D3A2E72F9E3D40FF8125C2543387E6E0AA91EB73992E32A815801A6760F6EF734E21 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.121745694127591 |
Encrypted: | false |
SSDEEP: | 6:3l1Slyq2Pwkn2nKuAl9OmbnIFUt8MlKs11Zmw+MlKsjRkwOwkn2nKuAl9OmbjLJ:1syvYfHAahFUt8aKsX/+aKsjR5JfHAae |
MD5: | 7402F5993BDECFFC2217604CA20783C3 |
SHA1: | FF90501CB50B9B912BE81440571405AFD875E706 |
SHA-256: | 0967291396DC97288898659A45E70D7FF7DDEAD328E63399F3C183BCE331860D |
SHA-512: | DA2D86AF59C4139F637EF354430A00247C54C32188781D88109435B7D1E1D3A2E72F9E3D40FF8125C2543387E6E0AA91EB73992E32A815801A6760F6EF734E21 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.167647113353894 |
Encrypted: | false |
SSDEEP: | 6:3lBDM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8MloXgZmw+MlVtDMVkwOwkn2nKuAl9OU:1hM+vYfHAa8uFUt8aF/+afMV5JfHAa8z |
MD5: | F766A5EE8C4EBE912E8CD2AC26ABE98A |
SHA1: | 0F15B1BD0BA192295C81B6189C56AE271E2D613D |
SHA-256: | 73B9633468FA5B438637EB35A95F197344802D083028A6839DA16BDDC4E0B925 |
SHA-512: | 448430E5B6062ADA61189F46EAC095B0F78BADD168389003907EED0D0D4C501550BFDD9C4A886876BE626C47E7DE406DABDA6F6BFB1EBBBB85CF6404C6FA95BA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.167647113353894 |
Encrypted: | false |
SSDEEP: | 6:3lBDM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8MloXgZmw+MlVtDMVkwOwkn2nKuAl9OU:1hM+vYfHAa8uFUt8aF/+afMV5JfHAa8z |
MD5: | F766A5EE8C4EBE912E8CD2AC26ABE98A |
SHA1: | 0F15B1BD0BA192295C81B6189C56AE271E2D613D |
SHA-256: | 73B9633468FA5B438637EB35A95F197344802D083028A6839DA16BDDC4E0B925 |
SHA-512: | 448430E5B6062ADA61189F46EAC095B0F78BADD168389003907EED0D0D4C501550BFDD9C4A886876BE626C47E7DE406DABDA6F6BFB1EBBBB85CF6404C6FA95BA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 476 |
Entropy (8bit): | 4.955058227529306 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZz2sBdOg2H+2caq3QYiubInP7E4T3y:Y2sRdsWbdMHc3QYhbG7nby |
MD5: | 8233C863EA4D7189B30D0CA656ADE9B3 |
SHA1: | E47A3C12124D9C94D6757D5F0CF8011DE4A2D3CA |
SHA-256: | F8E6D19EAB7D4FB7E69865D5A222F52A1CF21826A0ED9A81EC7B9642CCD8E959 |
SHA-512: | A5234FB142BD1AA13EAC6BD6645363954F10CA1DE47475A8F4384FBB3D1327C5056CC78101ADEC4E67DED92F7CCF446D9C75EE3C66FC44311D8201F0C5FFB2A1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\dd2b2515-a754-4356-b3d7-fbccb6a9541b.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 476 |
Entropy (8bit): | 4.955058227529306 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZz2sBdOg2H+2caq3QYiubInP7E4T3y:Y2sRdsWbdMHc3QYhbG7nby |
MD5: | 8233C863EA4D7189B30D0CA656ADE9B3 |
SHA1: | E47A3C12124D9C94D6757D5F0CF8011DE4A2D3CA |
SHA-256: | F8E6D19EAB7D4FB7E69865D5A222F52A1CF21826A0ED9A81EC7B9642CCD8E959 |
SHA-512: | A5234FB142BD1AA13EAC6BD6645363954F10CA1DE47475A8F4384FBB3D1327C5056CC78101ADEC4E67DED92F7CCF446D9C75EE3C66FC44311D8201F0C5FFB2A1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.256412823658674 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7Ec5HZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goV |
MD5: | 733BFE73D40D33C7383793FC89478E9C |
SHA1: | 0A009DB6D408298FEA57C895D2296582DBDA439E |
SHA-256: | AEBD375431AC395239909C382CEA7E5085F384DD1D1C1C54AF970B9FE6C4DF17 |
SHA-512: | 3C832CF740C7217A6864E59E65DC44BE41D4581265943FEF4435F8A43DECDF5FCC725AFF8CDE4A20D5FCCB6E24AF9586EC7C87B1FA50D8CC9DAEA4405BA01FA5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.168338945788006 |
Encrypted: | false |
SSDEEP: | 6:3lKDM+q2Pwkn2nKuAl9OmbzNMxIFUt8MlY2GSgZmw+Ml5VDMVkwOwkn2nKuAl9Ob:1iM+vYfHAa8jFUt8arGX/+a59MV5JfHP |
MD5: | C697C462C6FAD07FAD05910B2E1B3D78 |
SHA1: | 44775E6092AD89D031901E2903D5AFD7CDE77EBC |
SHA-256: | 29C3E3A4424238019AC500DD8C42CA9E80CD690F7F790A11DE403ACDDA152460 |
SHA-512: | 8092EC488E469A9B62B3CAE23149315DFDCF4F6BEA187FEE4B20B71FF918535B30F5A61F5172255E000CCC5414890D810D3071EF0B9FD0A5B32D7AC4B3F515D2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.168338945788006 |
Encrypted: | false |
SSDEEP: | 6:3lKDM+q2Pwkn2nKuAl9OmbzNMxIFUt8MlY2GSgZmw+Ml5VDMVkwOwkn2nKuAl9Ob:1iM+vYfHAa8jFUt8arGX/+a59MV5JfHP |
MD5: | C697C462C6FAD07FAD05910B2E1B3D78 |
SHA1: | 44775E6092AD89D031901E2903D5AFD7CDE77EBC |
SHA-256: | 29C3E3A4424238019AC500DD8C42CA9E80CD690F7F790A11DE403ACDDA152460 |
SHA-512: | 8092EC488E469A9B62B3CAE23149315DFDCF4F6BEA187FEE4B20B71FF918535B30F5A61F5172255E000CCC5414890D810D3071EF0B9FD0A5B32D7AC4B3F515D2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425180536Z-162.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 2.2058520977097795 |
Encrypted: | false |
SSDEEP: | 384:0YWDdxFgYrYr4OO0CWIgf2oe1kkUcMSa/7ZHfKNu6:0YWDTFjYr4OO0CWIgOZDTa/9/KN1 |
MD5: | 61024AB1427A6229CED0C8670F048BA4 |
SHA1: | 199B76739AF8CF553675AA746C85C2054A6DF46E |
SHA-256: | DCFFD82F101981D707B4CC049E98F19B1C46A6010B4F6C3FB48A912448B69156 |
SHA-512: | B05195FDC3F47E4F0531F956FD33B81E8BB3C3BA34E53E06F68364EC8E2367A35D33001D5ABB72B070C05308C30E19D48823CB0A3A390CB9F976765CDE31430D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445186104557027 |
Encrypted: | false |
SSDEEP: | 384:yezci5tgiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:r3s3OazzU89UTTgUL |
MD5: | 69A9EF459E6028ECAF63FD62E9158AB4 |
SHA1: | F364B37A8856C7025966CB289818F66C870FC316 |
SHA-256: | 1603203E376A361DEBB81B7A1E051DFE6DE4F07AD3B891E6C4884EEC057F959E |
SHA-512: | D564C0280B01D38D36AD980F53F9938D514710315CF0EEBD77ECD827EA6BD723481E502AE54759992569FBA3D9002316B8482A66483A7EFC6C68CD04F83D375C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.773175654060231 |
Encrypted: | false |
SSDEEP: | 48:7Mjp/E2ioyVwioy9oWoy1Cwoy1wKOioy1noy1AYoy1Wioy1hioybioyOoy1noy1A:7QpjuwFnXKQT9b9IVXEBodRBk+ |
MD5: | 35E78B0067F182A3E53985586D8615D1 |
SHA1: | E97ECC7E7401B61EE506723703E651D76CF0250E |
SHA-256: | 9849D32022393D640D7FA72E381301A85600320F879A723EFD5C74ED1C6A4CC9 |
SHA-512: | A626C39BD11CBA1D3100B27129ADE7A850C437537BFD182EF0D33563D7E23CC8D976A79E421566351BAAA149A0CDAD9CFDD1657EAD42451BCD9842A059584343 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.372813356372477 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJM3g98kUwPeUkwRe9:YvXKXintKZc0v7GMbLUkee9 |
MD5: | FD43E617714CCBB5604A45BC92DF4760 |
SHA1: | 20F2CA317EA5FD78E259DC7F1964117D8FD2F330 |
SHA-256: | 6CFFA04A974946EDFE1E1F3BCCAEA302DA8E7D505646490A0F08D68D72170F2B |
SHA-512: | 182DA0028896D3B2381C009C79ABEE84C8E73BFBB541464D335B328CCF60C738C80C5D4EDCEA6FA25F2379687539C22D9CF619B33744F07790A79701A765C83D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.323126850486204 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfBoTfXpnrPeUkwRe9:YvXKXintKZc0v7GWTfXcUkee9 |
MD5: | 167ED0C32A7D53F8D8842DF614FBDD15 |
SHA1: | 6132DE69F85643AC96F95C8EE26B7CE5BE42D916 |
SHA-256: | 213749C87FF6D994E554169BCDDF1737B796A3CE3803FA4C9602308B87A43FD4 |
SHA-512: | 4BD1606F962F8330D2CACB6EDFEC141DCD19991F922F5F8D7D7C4F2FA1A39D569E1324D64180E1C9BC840A67E4E5BFDFB2B9B7055C7D9326E31DD4EEAE4B4856 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.301386345844012 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfBD2G6UpnrPeUkwRe9:YvXKXintKZc0v7GR22cUkee9 |
MD5: | 5EB759F8CE05D1F4C720742E7A995B6B |
SHA1: | 97FE3A2FEF743CEC325BE85DC161C6B2BFFD8275 |
SHA-256: | A9976E6D00938FE8A36DEB5889A229388070AEFFB1E08ADAD453B12827246ADF |
SHA-512: | 3491482CFDE29CEFA5B54FF5788092414EA7A100CB041A4AE50DEF773A1416B3DD0A72058212B7EFB45D78FBB7DB7CD6D9BF8AE5B0C660E6930BAB41AA8CE04F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.360155440464313 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfPmwrPeUkwRe9:YvXKXintKZc0v7GH56Ukee9 |
MD5: | 48BD0976669CAB663B36F330DE47DEFF |
SHA1: | 7917587289C9E1D3294D03825B886B781FA0E525 |
SHA-256: | B47CD175DC766D3A05587C16A36BCFA696E0AA0915586E8953F4D1D31C142E61 |
SHA-512: | 40294B0B5EEC039C5F59006E8C75E3E2D178CE935A68B04CF1FCE67DF173DEB9128FFF806802C5F20637991C18B33C423660A7AED922982BFEDC941209008F5D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.3207110204459305 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfJWCtMdPeUkwRe9:YvXKXintKZc0v7GBS8Ukee9 |
MD5: | D77B14997456EC767C2F7EEFB5A11E89 |
SHA1: | EAA3926527D914D4977851A50587FC44FC81E39A |
SHA-256: | 782AB28D1966CD59CFA9914DA37E5F4C5355DD8ABBBB58A40823BE846EC7EC36 |
SHA-512: | ADDFD82690C3964A4ABA93EFDEEA9724EDA844E0AB0C4D270AB28A65E0D74DFAE7C51D7F3861121BBE56C010CE8A775DC029BF68B347985FC64A3591FA328BBC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.30741481372837 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJf8dPeUkwRe9:YvXKXintKZc0v7GU8Ukee9 |
MD5: | 9C0D1D0F68598ED5DCEA586A884B306D |
SHA1: | A74EC2546DB7C75D3D386DD09DB96F70C81B67AA |
SHA-256: | 64284E2B7523799483AD0FFA32C972C84AFE35AE5BC5B5F8D07C6BEBFBE9AC1C |
SHA-512: | E55EE6399872A3675B48A9CCE2EBA2A446B9B3646329E1C92185B696DB768A6D52DF4D3E54D591C40A0E1EAF170BF1507A754AD201DB95167A615DEDD78DEAA8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.311221071773531 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfQ1rPeUkwRe9:YvXKXintKZc0v7GY16Ukee9 |
MD5: | 1DA79AEF047BB0FB6D472DBF60969A4C |
SHA1: | 6469A8F9C8A61463FACDC17F339C6F68B82521A3 |
SHA-256: | B024D80D819F3981C14C2D361D399A7E98A78E4B1F001572047F65F0B082D939 |
SHA-512: | 0592E2135306B12292E78ACD980E66CB0BBA0F20C8257D845A58EA806314400C28BF6C221F9C78429ADEC8A83E22059B164EFEAD1DDCE78445C3FA6C848AC835 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3167178977857805 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfFldPeUkwRe9:YvXKXintKZc0v7Gz8Ukee9 |
MD5: | 2C2422B8465F46ECB21AC618E4954A4C |
SHA1: | 6B32569B4E79BAB566F235A1FDAB87035B287843 |
SHA-256: | ADD36C991460055F1EA842783CC686216C8D7BD2C601F40A9D41280FB634268A |
SHA-512: | 7582B5EEC45E6AC5AA9464CEDBC3AEA93AE78DBE5D61B2655C0376162830256B193CC9898D8AD0362ED3CFD1B67ECA47F4CE10A6EBA238DE6726BD001A809B13 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.743841938183374 |
Encrypted: | false |
SSDEEP: | 24:Yv6XitKzvDKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNQ:YvW7EgigrNt0wSJn+ns8cvFJy |
MD5: | B6BF8E6FE321C1B74AD37A4B5E2ADF8C |
SHA1: | 5432F50DC7180D4E80355AFF8A7E21275022EFC7 |
SHA-256: | 7EE73DF12793EAB5F55778B0D92DB2CD8C586BAFDEB409965E8C6D2B0F1E668B |
SHA-512: | 7716EEACED2A649D473C271995206B07C5FE59B6B5AB4C141880FE6FC1F4282FEFE2B36D8026B5C59F6582DC78EAE1684CECD5D9EAED8C70EADB5ECD8E119884 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3139993126764615 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfYdPeUkwRe9:YvXKXintKZc0v7Gg8Ukee9 |
MD5: | C47CEEAC9DEC3DB272FE7653B951A1FC |
SHA1: | 307414F6CB8554D787F080CE59B61206BDB6785D |
SHA-256: | 56FDC4C27B8B93906842FE875C3A84D4D3849BB7EF8E66322C7C1AFE4D58168D |
SHA-512: | 023007BC89516A75694DE2938B9C5C711110085F8EDED448850F38F8F9CEDFA685228948ED90BCFE68743F73525D8A0DBB6B43D1977DFD62E8D5EA309B8D55B5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.781762381966558 |
Encrypted: | false |
SSDEEP: | 24:Yv6XitKzverLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNY:YvWmHgDv3W2aYQfgB5OUupHrQ9FJO |
MD5: | 4174332827983009FD9CB2CA61264E22 |
SHA1: | D0DEAEEFB036F3260097B86175C053B1A8DCAA77 |
SHA-256: | 1E268A16E2F12894A6B16619429FE0296F188DD9D7D3DF0C3A106505F4859AFE |
SHA-512: | A2BECC35AFE694CEBAF8BFBFDF5976E81828C97A14EA7E9BA79073879FD0581C2A7C038506B027AE86D5F638B3E9E3EF5655D8CF164441C960CBEA65BA18E9FB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.297450195142925 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfbPtdPeUkwRe9:YvXKXintKZc0v7GDV8Ukee9 |
MD5: | 90C2F2A64E7C4CB58D065EC6A221524A |
SHA1: | C69E8CA3C1FA0ACF139DF9DA51C91771FD030868 |
SHA-256: | B28FE7FCFCF3FFCD2ED141AB52A964C08F38FB10105502BCD88BF5B0D53647DA |
SHA-512: | 9C12E843893E436F710858AF5D9C896A57D6729F5AB3A00CA74ECD853B12EBFDC389D85213A5D59AA07AE83F73AD719981552242DF6ACC2BD85EA3B27082098E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.3019810385613555 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJf21rPeUkwRe9:YvXKXintKZc0v7G+16Ukee9 |
MD5: | 3655961307417BBF09A8947D00B4B7A7 |
SHA1: | FC4A85BED1D46A42FDE21864E5B3912253C8E694 |
SHA-256: | 8F1D17D5C900CDE5F08A04256D194A7BC3CD62AB5F713143F571AACFC40135C3 |
SHA-512: | B7FDFA4449F4DE09593854861EEAB235019FF46E8211A3242DB3204FEAAA61907EA67414A7382473A3A88189618C9316A5AC91B3C6BB53CE9DF1884932D81A50 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.320540623360388 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfbpatdPeUkwRe9:YvXKXintKZc0v7GVat8Ukee9 |
MD5: | 55FEEC9DD1541EFBFFF8066950DFE00A |
SHA1: | 4F51E97070886493A641459255191DA2BFB863D0 |
SHA-256: | 80308D6ADD546CB18443750A3B56F1A9AE01C7CBFE308291E859D384B1DA68A0 |
SHA-512: | 0F9308339B0E9C7815C0FE4E341FD8A46A8F11C4B2387DBBFEA9F475FFB27103E176578B64303FE643476283C2C7C45839582AA66BD8118833A74696453DE8D8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.277689154822248 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfshHHrPeUkwRe9:YvXKXintKZc0v7GUUUkee9 |
MD5: | D2123807C2077CC2632DABFA6AB63EAC |
SHA1: | B40C59BE14AE3D2896BFFF372DF3601674C71126 |
SHA-256: | E56DB2626BAA2DAC9F5BFABD5E489EE873370D8BEB42DF66284300A48DE842A3 |
SHA-512: | 554720EEB5CB2B962C3E880BA2C5664EF1ADFBB116118B96E22B15595ECA773CA35178B2CECAAE7C44D3845CFFD0120D293FE2DC3DAF74C2C325C4DED578B235 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.372627534359294 |
Encrypted: | false |
SSDEEP: | 12:YvXKXintKZc0v7GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYv:Yv6XitKzvb168CgEXX5kcIfANht |
MD5: | 1A5D06718279723DFA316EE5B30D70C8 |
SHA1: | 0271A4AC503D218049404751CECB384DA611B00E |
SHA-256: | CFF7C3AC7CFA7F746DF2607FC00DD236A03C36C259FEA26391A68483A21AEEF0 |
SHA-512: | F6E0603CAD7FF7E32C4BE8A297D5D02922F7C248A90B707352DFF8F3355AF89523C20F396C4D031BF9C9C5B242C1E563C8F1F9AF69AB61E0544DE83D683624BF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.129502065684939 |
Encrypted: | false |
SSDEEP: | 48:YZWGCOgOql1yAbpTI8/fP8Qzy7TqO9h3U:8WG7ql1tbp88XkQzy7/5U |
MD5: | 4186C994E253A1AA5A2A342CBE5ACBF7 |
SHA1: | 15EE9637856C9D90FF63596EDFC22B2CB0FD9B9E |
SHA-256: | 1589D4E63CCC39529CDB3A68405CB4E6D6694F7D388718F2878E08B9C3C924B1 |
SHA-512: | 8B000362EBC237202BCC78D24284ADB1BEF166A1252FCC8D07ED7C02EABD5B1062310F273205913478134F19CA2549E12AD6032C0842117CB3FA0262F79A1014 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1869050633465628 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUQBp4SvR9H9vxFGiDIAEkGVvpkBp2:lNVmswUUUUUUUUf+FGSIt/ |
MD5: | 908A16033B7883AD2FD18BD7BF060E9C |
SHA1: | E29C637ABF1070DD33D826D094D706D48CD87304 |
SHA-256: | 01134E76564E1DCF8A085B1B6CC46E3DB6757DA7468AB61C68D815E7490D1416 |
SHA-512: | 7DE0B089A13297FC2EFA2B03B91818FC514EE6DE3AF5F78C1AAE4925EA727E23AAB843EB7BE65A8BEFAD686309AF22BB5305A52CC8CAEBB6B2A1FA14DB885B40 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6059474010247679 |
Encrypted: | false |
SSDEEP: | 48:7McKUUUUUUUUUUQBpavR9H9vxFGiDIAEkGVvPqFl2GL7msk:7kUUUUUUUUUUzFGSIttKVmsk |
MD5: | 2F34E24665403071F3B66BB70D17EAA7 |
SHA1: | A7974F226908AF1FF7715BF1EE830E47241AD6D6 |
SHA-256: | 40136A690871EF5A1ED8E8DA3BD565E6BCFAEF90090E885CA658649F0E862BC8 |
SHA-512: | 3907A6658F693887091269FE1A0195AF7CF2A812A7B78142EAFB7EAB71D3DFE4C036504963A307A9C615AA4D8217A3E3265724A133B9130CE221B02049E30AFB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5004142083842487 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+WlNDaCH:Qw946cPbiOxDlbYnuRK8rH |
MD5: | 715B2273730CD5A5081AE9437E1A33AD |
SHA1: | 96744BF2C005A541287CBF4D0603F95157003755 |
SHA-256: | D2D5C2B116D13A71795BAC54B6E712D0AF01DF08A7D2DA409F4407C7D3073C10 |
SHA-512: | 63D63CF1D85841E76A466E3146F6AF6F72970B3A7874F2F73C6820F3D12687DEC67C6EA0FBE7605D2E8D7718A6CAF913C7E32844733E3F61E583D2729E7D3803 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.043140745342817 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOq5YJ6vlI8CS5YJ6vlIUCSyAAO:IngVMre9T0HQIDmy9g06JX7JsoTJsJlX |
MD5: | CBFD68EECABF3425924AB5F03C89D227 |
SHA1: | 204079D419488226338CE93360BF350C08F18A2E |
SHA-256: | B114954E83DA13B134BB2A5DFDFA20DBE38589681757EA07200475C1D60ECA8E |
SHA-512: | 9B5EEDF4EFF8284838F386042122F87B1280311542B51ACFC6F30D125685F53563B9FE3D1B5E93163E4B7B4CAC5E18CECBF0176155FF506C20843D58553181D1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 20-05-34-613.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.381342081959021 |
Encrypted: | false |
SSDEEP: | 384:KXDqb/WDi5VAKibdGQGYY80HA6bFeGeWe0eXQPjFtdoYpCZbTNxJqlA3M3qzRv53:j0r |
MD5: | F0F22303A693664A53E0313646E7B56E |
SHA1: | 8EB7432B44D1F7A36EF62E46961402F5D921746A |
SHA-256: | 3D807ACB42FB710BA5E9CC64E0FA24C7D8021615B465BBBCB6DBA720A177DD41 |
SHA-512: | 4BD10DCB9CEC32522580BE615686589634FBD25E8B381C2ACB69C0EDD41237399414C6F4BB7632719F6AEB7215CE2DA81D8C99C013DB3F4D5A1268E7C851D26F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.385203906466951 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rX:r |
MD5: | E1F3C6E8EA6515E968DF97FD66861922 |
SHA1: | 296B0FB0B8EEBF266F3ADDFEC60633A4048F194E |
SHA-256: | 2B10921E14AB9C419882B03BC2C341624043BC13E05B257C94DC8F032066D467 |
SHA-512: | 7D9DCFA4CE9145C34C62E538814877C7D563BF4048BEB341BDD4CB560F78F4EBBAE590BF12A9C76181C0B8A83F585DA07A3C43FF0676A475654B434868060834 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.996601171716677 |
TrID: |
|
File name: | Obaid_WFH_Check.pdf |
File size: | 492'551 bytes |
MD5: | b5e121f6bb5574a588a430b51fda7f9a |
SHA1: | afba123e82ac84ea9910ecbf3775168249c09867 |
SHA256: | ecd936385cea6816a3baf0c61b72cb5da62ae56cb9420c66ff0c11efa3bd2a15 |
SHA512: | fa71f043c442126ba22651b6ae41009332c1fac7381376f11c2ee2097648c1b1f1815864b9dc8196bcbc7fad7c916541b44eaf6e64a4df94f060e41ab3794d73 |
SSDEEP: | 12288:m5Lz2vC7PqARdrBqTyXyKge/NuYfbF/iABjsaoX:mV/7SA3rJyxe/AYJJBM |
TLSH: | B2A423695CBEBD40C0404961E8C82796039BD0FCCA76BA453E4BEB57A8ADF73C5DC912 |
File Content Preview: | %PDF-1.4.%.....4 0 obj.<<./ca 1./BM /Normal.>>.endobj.5 0 obj.<<./ca 0.2471./BM /Normal.>>.endobj.6 0 obj.<<./ca 0./BM /Normal.>>.endobj.7 0 obj.<<./ca 0.3294./BM /Normal.>>.endobj.8 0 obj.<<./CA 0.851./ca 0.851./LC 0./LJ 0./LW 1./ML 4./SA true./BM /Norma |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.996601 |
Total Bytes: | 492551 |
Stream Entropy: | 7.997066 |
Stream Bytes: | 487613 |
Entropy outside Streams: | 5.307552 |
Bytes outside Streams: | 4938 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 33 |
endobj | 33 |
stream | 15 |
endstream | 15 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 2 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
13 | 8080808080808080 | ddc0b61b0e7d611c14796574124538a6 | |
12 | 0000000000000000 | ca3773d02665336a2dd855142645f147 | |
15 | 01065e36aac84480 | 039d47c43e5faaa14e7a2a5a977c6090 | |
14 | 00020c26aac84400 | 0326a9d5a963ca1403cc0bd588ffa0e2 | |
17 | 00000050a2900000 | 37b3f1bb6dda2883a4d0a3c0333254a0 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 20:05:31 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 20:05:32 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 20:05:32 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |