Windows
Analysis Report
Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
No malicious behavior found, analyze the document also on other version of Office / Acrobat |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
- System is w10x64_ra
- Acrobat.exe (PID: 3672 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\R eport_8573 0cdd-1ba3- 4d7c-8ecf- 103ec107fc 6b.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2788 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6236 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 12 --field -trial-han dle=1580,i ,269005105 0023038129 ,155512411 4327757810 8,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - chrome.exe (PID: 6860 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// signatured o1rture.ar cencieltou r.info/get /9a831435- d8a3-3bce- bc11-4d7f7 27eb6ee MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) - chrome.exe (PID: 7268 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2224 --fi eld-trial- handle=183 2,i,113504 7779545519 9426,83463 8497198357 2533,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Memory has grown: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Process information queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 1 Extra Window Memory Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.251.211.228 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
74.125.135.84 | unknown | United States | 15169 | GOOGLEUS | false | |
162.159.61.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
5.230.44.76 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
96.7.156.186 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
142.251.33.110 | unknown | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.251.211.228 | www.google.com | United States | 15169 | GOOGLEUS | false | |
142.251.211.227 | unknown | United States | 15169 | GOOGLEUS | false | |
18.207.85.246 | unknown | United States | 14618 | AMAZON-AESUS | false | |
23.213.36.145 | unknown | United States | 2914 | NTT-COMMUNICATIONS-2914US | false |
IP |
---|
192.168.2.17 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1438419 |
Start date and time: | 2024-05-08 17:45:15 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 25 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@32/32@2/68 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 96.7.156.186, 18.207.85.246, 54.144.73.197, 34.193.227.236, 107.22.247.231
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\21c86540-b372-4c00-9c33-dd8ff9286bfa.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 476 |
Entropy (8bit): | 4.967507736098325 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4641F417ED5B8E3E04E307C009AE8EDB |
SHA1: | 9AEAF15560CE3E609A7DB1E5C95E5E06E9409EEA |
SHA-256: | FEB3A99FC25F1A73CA67F8BF6B022742520B8A760E4BC8545B9973F12BA89A73 |
SHA-512: | D750EE4CF9AC06F5E1D82FCFFED907C62C9C004638BCAB41330E4F1AE999196A9A40C158245F6EF79A66833DD03FCE29DA0BBDB5E4401BBD9B88B60364D9521E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4641F417ED5B8E3E04E307C009AE8EDB |
SHA1: | 9AEAF15560CE3E609A7DB1E5C95E5E06E9409EEA |
SHA-256: | FEB3A99FC25F1A73CA67F8BF6B022742520B8A760E4BC8545B9973F12BA89A73 |
SHA-512: | D750EE4CF9AC06F5E1D82FCFFED907C62C9C004638BCAB41330E4F1AE999196A9A40C158245F6EF79A66833DD03FCE29DA0BBDB5E4401BBD9B88B60364D9521E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16 |
Entropy (8bit): | 3.2743974703476995 |
Encrypted: | false |
SSDEEP: | |
MD5: | 46295CAC801E5D4857D09837238A6394 |
SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 46295CAC801E5D4857D09837238A6394 |
SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41 |
Entropy (8bit): | 4.704993772857998 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5AF87DFD673BA2115E2FCF5CFDB727AB |
SHA1: | D5B5BBF396DC291274584EF71F444F420B6056F1 |
SHA-256: | F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 |
SHA-512: | DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240508154550Z-165.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.0963789511113242 |
Encrypted: | false |
SSDEEP: | |
MD5: | EB5A7253E5BE20155EEF71EDDA91818E |
SHA1: | C05C3BC996839B6A0B871DD07EDDA447799C8D8E |
SHA-256: | 4C16BD7FC5977A2E0126549419DC4E0BADC67E7E381E8623728AF89E9E99D31A |
SHA-512: | 5A6180C4171749525CDD9DC02AD73E0C864A68766441B7FD89D08E063DDCC2E7814153B22D3B18A4725DFA17232E7B1C485E115B14DC3EF7481612331D17B43B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445169778252367 |
Encrypted: | false |
SSDEEP: | |
MD5: | DF21DA742E6ADDD6AD2279AC72A4FF8F |
SHA1: | 916E7D84BBC2CC0A4D9CC3B1584EFF8162C6F8A2 |
SHA-256: | 748350E10E0F24543A704ED48DE7637207B00BAD6D214A41E78C5C180908F80A |
SHA-512: | 8C30CBB2FC4ED4007FFB64F66D3CFD3E5783246556E3DCB1C1904E227C9CEFC3FA005B63B7F3E6F80EFDFE8DDC51193E8C3AF138731763777CE4800DA0860974 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7706233756102243 |
Encrypted: | false |
SSDEEP: | |
MD5: | E1737E6AAC6BFAF7A4F9D6013CFBE855 |
SHA1: | 08684F7D4F02DE8CCEF7CEA439C84524004A7466 |
SHA-256: | 2196C1FC68D3598B4CF5970A9155BF42A0501140DA94178AF76BBD438F3032E8 |
SHA-512: | A9AA70D4AF0A0B0FB7FEC64B0F07B2EE708D7BB50A57F6C3B485BFAE0A5740B0071C4ACD0AD8AE477382070BC9639928E21CA0E1557893005295A838F9F20C68 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.372172868802688 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9199EC4BEE029504C7CCF4821E125024 |
SHA1: | 2FF216FF3399885FCD213A52CFF8FBEBE198DF2E |
SHA-256: | 1479E57E3AF9AC766178989CA817862345C3BD515B77D8C9DAA9B268F5C31501 |
SHA-512: | 4E32F10ECCE20E08E49F03197CCBD7E76EF6700C91934F4EE47DEE15DD320E481EB4F707014F72834B1EC696DAD75DEF18267396225EE563DF0DE4925F7F7A91 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.3162650774581595 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8249C6B586B31A024013C1B8839217E5 |
SHA1: | 4D9BD1946B42AB03B9C7EC8246969C0D7CC54385 |
SHA-256: | 80764B77BE2F71D762F893A51EDE719153F00E7DC8B9AA570869331AEAA0944D |
SHA-512: | 51F6A343475BAEF8D9F5791D29525C823CEF33A9806E2C8075036A47B07539F2A5CD326F00AEA6E06B44F04BF0B8FAC273F4231A50DDC8862CF3A53FB6728E94 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.295791260532193 |
Encrypted: | false |
SSDEEP: | |
MD5: | 48A3B52957704665645D7E595178C193 |
SHA1: | F6A146CB560CC11273EF98AA1CA6819E8598E21D |
SHA-256: | 0A729DC3251C3EEFEA8DDCDA745EA6FA62D7D68388795EAB35B78A37060D2250 |
SHA-512: | A7E9A14578C80681BD08D509E0BB5B4AFFB3A12A9B2D2110DB3E5E20768312226EEB045273361ADE23ACBB451FBAFF57632EAB70783C4C32DADF961014F5627C |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.358578457214805 |
Encrypted: | false |
SSDEEP: | |
MD5: | AA4BDC6EEA1547801805BEF13192929C |
SHA1: | 0D18931C3F332ABDED8EC5E9528BCF8FCAA1E71D |
SHA-256: | 872FD52351C90F5AFA629E0486CF5B816B6BB5A46731408E772E035BE9C23822 |
SHA-512: | 80162410B059C9EA65163FAFFBC4AAED330C07BC9C9CB9C0B7FC850D6C4646679E6550EBB93FBD15A2436773435B5F1E3D42638D985D15F8B0ECE3B04494FF29 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.320895510790912 |
Encrypted: | false |
SSDEEP: | |
MD5: | 895620C983B87521216ACAB8CDAE786E |
SHA1: | 87A18C29B9B495E654D31898658239F5FA8EE2A6 |
SHA-256: | 423E0927EEC625CCE5E3BA8D5BD181D9CB1778C7A24021073773BE69EAA0E63C |
SHA-512: | F6B68CBCF6F2E079DE5B46955BAFCFD8877990BB3D781256926C28B879FED15157E96520A5987BFF3A24C12D17BCA80A82F9E0A0A4873474F442F7C9860863DF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.308309773848293 |
Encrypted: | false |
SSDEEP: | |
MD5: | 43628D173769AA835E1D5773EB43CA77 |
SHA1: | 085CBD63FD4274A43DCF6EB2B445A4AF4E1A713C |
SHA-256: | F8F3B8B5A8CF3F2B6D0B72014A8C5313FF8820929C51BDC6421C52A3FBBA2A1F |
SHA-512: | 799E8936572926762B5007D827B598DCA035A4EE9F83399C2C711CF1D7598FAE695F1F61D20DFABA5F4CAF6B6CB42763DE2A0F8985EC6D68A670AAF042D7C78F |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.308354015819152 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5F9B168C184CCDBA363BE572DB5AD53A |
SHA1: | 78AB4176A33D7571EAA6C3CB24EB33435DE8A7BF |
SHA-256: | 0E841DA4D052E2498AD6EAC424E4FD0D1190DF001AAAFBF2D0E962F8EEDC758F |
SHA-512: | 8EF3FFBE0252EE4FEA2ECA294B6173F1F03818D05EF84D8CC031E92ED5A2E79D1116EB6B52B03A6005D0B00B090E3D17852710A2A0F1097FF11D5B8D9964BB1E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.318743628156892 |
Encrypted: | false |
SSDEEP: | |
MD5: | FDA1C9AE4A64378DE99F3A0C50E9FF25 |
SHA1: | 427BD0B7F14AF30FB57187A047D228FB604100C7 |
SHA-256: | 648F2FD3BB66A41333AA8F08D509CF9DBEACA828183D88A65E5336C1F8F623BB |
SHA-512: | 5900C382C58F1A582265D20045E01CCB2750E54A7450696D6E5CAC16E5ABA8AEFD85206F6240F40CA06AE2BCB4848A87BD68E75810EC4D94416D130CB4D39AB7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.737372638036026 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0EB1C136AD49418835F29454215190E5 |
SHA1: | 440A42F5AA8ADBF3146352BA1E15DB774B662C14 |
SHA-256: | F066201FC5F4F561964AB6CE9E96EA4839FE328E93B82633DB1971C3EDD0BFD6 |
SHA-512: | 5D9C5D1BBF8B6FF378FE213D3276F188A02C953CBA74913A3BD6879486E45B0241D310D296B74ACA8E5F1C9BF407C2ECCBEA0B871093E239A0CD2B72B7200065 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.314185718146131 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9ECD8843C32784AE68B79D2156C9C3AF |
SHA1: | B5BC75163A46FC59319A015E4D7C9A43CE8A5C0D |
SHA-256: | 053BF4363584EA6F08D2FBC679D82E0E35C3D45EF66CA3527C1916774ED032CE |
SHA-512: | 0952CD4A5E6D8C807387020E413D8FC760DE53B7C5BD8476F9EA21E12EC9B903CC779CE8255F92F94C5A5227F3DEDA4E5B31B2FA9C37125B03BF03BC21534B54 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.773428335806999 |
Encrypted: | false |
SSDEEP: | |
MD5: | 49AB382B4E303338739F988F19D12D1F |
SHA1: | 73B6F0992A072F9C6BB39C1D632643B45DCFE36A |
SHA-256: | C9DD460247A4BF3DF9816C016554978619D6CC13F7C9C192FE2AF2B4EE2B4DFC |
SHA-512: | 15ED33CB4B851F7688731705405B89DC2FB4C88C3161AA8C06A03C7E5C06D2C5AA4B1A8FE12E875A4526A4DBE9D6F6B09CDCC6A5A6B6C5090F035C5BC9B6683D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.297635319475346 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3D02E9BC06B313231F2E06FC553E742C |
SHA1: | E2A124C06726BB0AE975B21567C386489F175A19 |
SHA-256: | 9BAF72112404715D1E59E4849E73C819E9CA6CA693099FB6EBD5326ABADB817A |
SHA-512: | 02F79C502FB2F376A00985DAFC44A4826E3C56D6FC142D03F5C5A713850FC1FA908DD3F6790605904C9DA595333FF3A7B7494CAAB06548A6A8A49887C342FBBF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.299190509670976 |
Encrypted: | false |
SSDEEP: | |
MD5: | EAE09597C3991E712483C5A6F47B075D |
SHA1: | FEE0EA49537B655D61D4F3EDB8DAE599A5AE06D6 |
SHA-256: | 69C5C3B3AEBCAD2140C0177EDD6F13CF4250A03F2A371437A98F830DC55EDD5F |
SHA-512: | 8F7ADEAF929617F9AB4E8079892E8550D6E0467CD9158DC62FFEDB8F5FB691652CE95F47EC89ED0B1F048B82B779A2EF17CE613D9A38A529D355A1A3CAE67561 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.321561183989446 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5CA40F345EE0067C0A7E8667144E4719 |
SHA1: | 49126440746D25F800755DB84C29132537C13EBD |
SHA-256: | A4F33E417C629A046F7B94268F6218D9B4910DE5BB14B3C0AA421C0312C9079B |
SHA-512: | 659AF46C6DA994DFDCF349BF275E91ADAD4F955D51E22763F0480BA641B5BD99F5EECCB866F407CE5094A7820EEA96695DF02639D768EC7A66579A1C6B208F8B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.276747487357135 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9B50D1EF4064DEAA6494AE9091FEA4AF |
SHA1: | A5762A203AC081D3B34D28D3387248F7E79F278F |
SHA-256: | 9679C931099E13A5DDE6196D5B21002FD4AA9F929A52EDE4C97B298B9A351D20 |
SHA-512: | 549119EFDD0B255DE4B0C3AE30D86B40B0A26400AA895663BB4DF0139469388DFC5089A21F5E36F43A149AB1E18840F0EF4934CB0E45CED3A9837740E23106CE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.370706547426508 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8877AFB701F0D5F2ECF3C7475F687FBA |
SHA1: | 4966A0A49114F565ED127F0CB2BE31F675EE55AA |
SHA-256: | FF2A642A4298E7CC45808717693AD561A370A6ED971ACAB9A0115A1E44510432 |
SHA-512: | 8BAC1619DB21037EA7DE9B7AF9A5D17C57EEF101437A6EE59D6AE0B472921CCCDAB86A98FB5F3AB67EC500DCB68B076F665BD41A2FDC0F08911F0A6EA857A1E6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.125401902892191 |
Encrypted: | false |
SSDEEP: | |
MD5: | E156347952C38DA9EA1DC4FF6433AAF8 |
SHA1: | F5EC21D0804129525A3F97A5250EFB10E39FEBEA |
SHA-256: | 6B643A64F9EC575B8BD428BCD873B1293FEDDADCB373B115AFA0F8F274876DAA |
SHA-512: | E0950CA2EC98E9F54F655F98142DBF07181B0248AE7DA13E103DE09FA82D6FD5536C1936672F513D8871580D043BB21305058DB83C95D97E871315C309D55EDB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.3567282234124376 |
Encrypted: | false |
SSDEEP: | |
MD5: | B6CADF62FB8100F80D0F2F3F7FCB4D22 |
SHA1: | A8E632A78A1DA0EF8D000A00DD4AE8481121B0DC |
SHA-256: | 7FC5401BFA0A8951E3CF24D1D5F2E0653123C1C3DED843A9CE043B0273C1750B |
SHA-512: | 0C28087D9B4E95CDB0C595AB390D9C7B7DD8FCC6FB3D1B52FDCE81CBBAFE294700E3D70BFA16B8963926200B546DD7E3C0CDF231661643E313D48E8DFD9DE0ED |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.829565269811026 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5C52673702BDBD7A73B09D64FDD032D5 |
SHA1: | 56BF4C88D99F6B27AAFBC3DC76F3C3A108A5D743 |
SHA-256: | A6630EFF2D7C2D8FD83320AA442E3E45208DA3E9C083E59B9A960088366DECB5 |
SHA-512: | E43A400C0EF51445264CED041D4C584274821031CA37F9B9CB749FFB61851778E6A171B4E6EE3CCCBD7096E5BFE89E9224E401BA4F399D0B8B87202A898467FA |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5379959665055347 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1524FD56622A7B1E59CD5715B19A8EC3 |
SHA1: | 5165C4E0D48E204AB4989E2C7793EF0E86908090 |
SHA-256: | D0E46ACBDFB6A79D6CB241441212067A16EBE45F192836DB9EE5515345F90F75 |
SHA-512: | 2B939866C927D4A937495D6E08F0121F41BC1275EE7729D0F701FBDAED7946EB40B70CAEC0FD9B4D02A433CCE871FE66898A7441FF6D778F3897311C92E2FB68 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-08 17-45-48-442.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.359827924713262 |
Encrypted: | false |
SSDEEP: | |
MD5: | 06DEAEDB81D09FD8FB5FF668D8E09CB2 |
SHA1: | 28A02BCBD5975117B97A08AFB049F2C94F334726 |
SHA-256: | D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64 |
SHA-512: | 948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35721 |
Entropy (8bit): | 5.425350779413918 |
Encrypted: | false |
SSDEEP: | |
MD5: | 24AD10F00D98C12604AFCC1E95C851C9 |
SHA1: | 3171B32137062DA4DA587A7368E71FEB4C06E046 |
SHA-256: | B9053247FC007716A770F866B467524FF0E4036405B35324203677D3DCE404BF |
SHA-512: | 87BE2A058DD905EF8AE7883665DF77BFD3750C8D600D7975EBE6CEA18602C8D2BAE9AF6138167DB8C9A7E1504CE1528213897F6A57F12CC0B9DA3877B7E00F76 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 543911 |
Entropy (8bit): | 7.977303608379539 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5B21A6981E55EF9576D169BBED44BCDB |
SHA1: | B3A14100B7E7C2C01D61B010A54937952D111E20 |
SHA-256: | 9555E661370D1DC26605DAE88BDBC1ABA68038C769BF6E354A256B1A1C4C110E |
SHA-512: | FCA72A5131D8780A17DF65BBFF37FBA88DBEA3B7AE991C3D893B21B9E6C1EED44DC12945C8DA39DE471FAC5013BE71D43E5BBB892994742BC33EF5934469B1B1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.018537451908927 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C7E4DA6B8077945D04D0D1A36EDBF50 |
SHA1: | 3D20885F776889B046474D46C6183A93440C8DFF |
SHA-256: | 4A28B323C6B968DE6DFD016784B01B4D2411A36BC050CF54FE39257C4B6A0573 |
SHA-512: | A5A5E1661FE96DED4BC8F6F86D7C96C509847F132A8F4814A18ABF8EBC7E9139E43DE405E1473A314B4794A5387DDBAB93CA863EF20DE1C5CA7701171E7B21BC |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.951132808092928 |
TrID: |
|
File name: | Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf |
File size: | 259'648 bytes |
MD5: | 3cefa9f5174baf368a71e17592692f15 |
SHA1: | c002c219b828aae3ff940d2d1ff774ebbc0c1330 |
SHA256: | 6c004f29e5fb4050a85b141319669b764dd73860fe38e47bf2abf288f1a04b41 |
SHA512: | 31a2d0ca3e0134242d319bf1a0147462913ac744d64e289b88dd7f6070e38aa3a70df8c9b3153872a42b36d2a16effee5948ba63520d35edbec7472145a283e7 |
SSDEEP: | 6144:B4B+owoyJRxRiOmuLx8FVfSjXCGzBrOu8+cS+oTjW8B8gXGcWaYZ:B22oCRxRiOjxOSjSS2SiurYZ |
TLSH: | 844423D961B04700E1C227FFD42B32A28D2532C257997D8124638776B45ADFBB42EBDB |
File Content Preview: | %PDF-1.5.%.....1 0 obj.<</Contents 2 0 R/Type/Page/Resources<</Font<</F1 3 0 R/F2 4 0 R>>/XObject<</img8 5 0 R/img7 6 0 R/img6 7 0 R/img5 8 0 R/img4 9 0 R/img3 10 0 R/img2 11 0 R/img1 12 0 R/img0 13 0 R>>>>/Annots[14 0 R]/Parent 15 0 R/MediaBox[0 0 612 79 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.5 |
Total Entropy: | 7.951133 |
Total Bytes: | 259648 |
Stream Entropy: | 7.950109 |
Stream Bytes: | 256667 |
Entropy outside Streams: | 5.305642 |
Bytes outside Streams: | 2981 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 18 |
endobj | 17 |
stream | 10 |
endstream | 10 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 2 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
13 | c0f2b3cddb95c141 | 0768fe701a0d830061584f665019b45d | |
12 | 498e2b690c4d4d0c | e298d674d9024c1d553a7fb921a363c2 | |
11 | d2c1c4c4d4d4c8d0 | d894bbd36c758525b0340b453516b577 | |
10 | 0000000000000000 | 62640df3608f0287d980794d720bff31 | |
9 | e8c0e0a2c82ac0d4 | a56499bdfc6957790b4a64231aaf9482 |