Windows
Analysis Report
Security Guards of America Proposal.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 5216 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\S ecurity Gu ards of Am erica Prop osal.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 3504 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 3120 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 16 --field -trial-han dle=1644,i ,232361424 1662355698 ,289155115 3677106926 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Static file information: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1458487 |
Start date and time: | 2024-06-17 18:14:27 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Security Guards of America Proposal.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/45@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.6.155.20, 3.219.243.226, 3.233.129.217, 52.22.41.97, 172.64.41.3, 162.159.61.3, 93.184.221.240, 2.16.202.123, 95.101.54.195, 95.101.148.135, 2.19.126.143, 2.19.126.149, 95.101.54.113, 95.101.54.105
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, a767.dspw65.akamai.net, wu.azureedge.net, acroipm2.adobe.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, apps.identrust.com, fs.microsoft.com, identrust.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ssl.adobe.com.edgekey.net, armmf.adobe.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Security Guards of America Proposal.pdf
Time | Type | Description |
---|---|---|
12:15:50 | API Interceptor |
Input | Output |
---|---|
URL: PDF Model: gpt-4o | ```json { "riskscore": 2, "reasons": "The screenshot does not contain any visually prominent button or link that could mislead the user into clicking on a potentially harmful link. The text 'A Security Proposal' does not create a sense of urgency or interest typically associated with phishing attempts. Additionally, there is no impersonation of well-known brands that would raise suspicion. The content appears to be a legitimate document related to security services, and there is no immediate connection between the text and any prominent button or link." } |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.274707162521874 |
Encrypted: | false |
SSDEEP: | 6:18HM+q2PCHhJ2nKuAl9OmbnIFUt8g8OFJZmw+g8OFcMVkwOCHhJ2nKuAl9OmbjLJ:18s+vBHAahFUt8g8O//+g8O/V56HAaSJ |
MD5: | 6E515F937FA9B44BC3BA523063A8DF4D |
SHA1: | B57FF3224E0AF11810506ACD1A71AD9BB4D98E1B |
SHA-256: | 1F6DA20019E834AF6F684B13CF64DAF4F40A3D177E27A17C107F1A0AA2FAC285 |
SHA-512: | D2ECEA521C33D7DB422A7757EE9B839382F84446BE7052ACC34D0BE2DB4E21C9EA9A9A558744AE0F42B9DA6B8145BE5F17A7144940B91DA95552805510E6D41E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.274707162521874 |
Encrypted: | false |
SSDEEP: | 6:18HM+q2PCHhJ2nKuAl9OmbnIFUt8g8OFJZmw+g8OFcMVkwOCHhJ2nKuAl9OmbjLJ:18s+vBHAahFUt8g8O//+g8O/V56HAaSJ |
MD5: | 6E515F937FA9B44BC3BA523063A8DF4D |
SHA1: | B57FF3224E0AF11810506ACD1A71AD9BB4D98E1B |
SHA-256: | 1F6DA20019E834AF6F684B13CF64DAF4F40A3D177E27A17C107F1A0AA2FAC285 |
SHA-512: | D2ECEA521C33D7DB422A7757EE9B839382F84446BE7052ACC34D0BE2DB4E21C9EA9A9A558744AE0F42B9DA6B8145BE5F17A7144940B91DA95552805510E6D41E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.2125414096299245 |
Encrypted: | false |
SSDEEP: | 6:18KL+q2PCHhJ2nKuAl9Ombzo2jMGIFUt8g8fj1Zmw+g8f1LVkwOCHhJ2nKuAl9OU:18PvBHAa8uFUt8g8fj1/+g8fD56HAa8z |
MD5: | 8CB33FA6938F9BE94186F37DE0E093EF |
SHA1: | 3CC6D222A7BEF8BE73829535F39E3739C6F11FF8 |
SHA-256: | B9365D261EBE0FD1E189BA23AF508A149FB547E5F8FF26B19817F330B76BDB42 |
SHA-512: | 5E0F008DBA4DAB6B1CF48674DDD9EDC5DEA94BC81DB9ECDE9F8C2F13C486AC0F50BB205874440A3EC5C251754104C322E570E935D73C88DEB7CE546A25A6542B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.2125414096299245 |
Encrypted: | false |
SSDEEP: | 6:18KL+q2PCHhJ2nKuAl9Ombzo2jMGIFUt8g8fj1Zmw+g8f1LVkwOCHhJ2nKuAl9OU:18PvBHAa8uFUt8g8fj1/+g8fD56HAa8z |
MD5: | 8CB33FA6938F9BE94186F37DE0E093EF |
SHA1: | 3CC6D222A7BEF8BE73829535F39E3739C6F11FF8 |
SHA-256: | B9365D261EBE0FD1E189BA23AF508A149FB547E5F8FF26B19817F330B76BDB42 |
SHA-512: | 5E0F008DBA4DAB6B1CF48674DDD9EDC5DEA94BC81DB9ECDE9F8C2F13C486AC0F50BB205874440A3EC5C251754104C322E570E935D73C88DEB7CE546A25A6542B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.95899770031832 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqlEsBdOg2Hycaq3QYiub6P7E4T3y:Y2sRdsOdMHd3QYhbS7nby |
MD5: | 00187CF7519489BB6121122244AF4BBB |
SHA1: | 9645D2BCB95AF1D6A331F05EEC3E374105F79EC7 |
SHA-256: | AD1F459D4D5AB1CFF022652061BB20471A0D52DFDDDCD6CEA2E612273B7B52D3 |
SHA-512: | 4C4D784A7E59CFD64499A38D1DA6723427F4DA283E9C9E752BB7FFDB27C0EDB6F6FA186014C6656526966AC9C950B468C544D5F0A6A79E64E5815BF330125ABC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bde44254-daf1-4f98-bf51-485e9420e15d.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.95899770031832 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqlEsBdOg2Hycaq3QYiub6P7E4T3y:Y2sRdsOdMHd3QYhbS7nby |
MD5: | 00187CF7519489BB6121122244AF4BBB |
SHA1: | 9645D2BCB95AF1D6A331F05EEC3E374105F79EC7 |
SHA-256: | AD1F459D4D5AB1CFF022652061BB20471A0D52DFDDDCD6CEA2E612273B7B52D3 |
SHA-512: | 4C4D784A7E59CFD64499A38D1DA6723427F4DA283E9C9E752BB7FFDB27C0EDB6F6FA186014C6656526966AC9C950B468C544D5F0A6A79E64E5815BF330125ABC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4288 |
Entropy (8bit): | 5.224476710737875 |
Encrypted: | false |
SSDEEP: | 96:S4bz5vsZ4CzSAsfTxiVud4TxY0CIOr3MCWO3VxBaw+b/WAsWJWQgZ:S43C4mS7fFi0KFYDjr3LWO3V3aw+b/Wn |
MD5: | B6D4E08D06E5F942B5C98636CBF571E1 |
SHA1: | CC32771AA4AB93F6FC5191CDEB27EDB48F78493F |
SHA-256: | FFCD92F681743AD571AC708F985E1CFEB7024BBC0FBBB928C9A20A720A90890C |
SHA-512: | 6D6A112240DE1CCB403B883BAC90A5E3D721F83EF396BC1F6CBDAB95DFEE56A90BCECE673B52E59F37D3717A44B3E112532BBA8721DCD903F542218886BCBA40 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.246695972387304 |
Encrypted: | false |
SSDEEP: | 6:1810L+q2PCHhJ2nKuAl9OmbzNMxIFUt8g8g11Zmw+g8YLVkwOCHhJ2nKuAl9Ombg:18zvBHAa8jFUt8g8g11/+g8g56HAa84J |
MD5: | 90449FF7AAAD78E73D63C9D334BB6998 |
SHA1: | 4B1577D80C379F0044016190C1D1921A50C4A659 |
SHA-256: | 22AA249A12522ACE389A7512202A75162FFDDEBCB23FA98EFCC516A30C61695C |
SHA-512: | 31379C899607ACD379577AC1178525B2A1A2BEA64A6B00B1D714A71EEDD33B45C151CA92D3E666522424CDE90968C91879E5816A3996A4B453AA78E0E1CF93B2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.246695972387304 |
Encrypted: | false |
SSDEEP: | 6:1810L+q2PCHhJ2nKuAl9OmbzNMxIFUt8g8g11Zmw+g8YLVkwOCHhJ2nKuAl9Ombg:18zvBHAa8jFUt8g8g11/+g8g56HAa84J |
MD5: | 90449FF7AAAD78E73D63C9D334BB6998 |
SHA1: | 4B1577D80C379F0044016190C1D1921A50C4A659 |
SHA-256: | 22AA249A12522ACE389A7512202A75162FFDDEBCB23FA98EFCC516A30C61695C |
SHA-512: | 31379C899607ACD379577AC1178525B2A1A2BEA64A6B00B1D714A71EEDD33B45C151CA92D3E666522424CDE90968C91879E5816A3996A4B453AA78E0E1CF93B2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240617161541Z-161.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.753853349536202 |
Encrypted: | false |
SSDEEP: | 384:iD8gCTDwRO3doceoQXVKLTAPUcQhSZcdmr5klVx:aFCTDwcr/QlyU87hSEf |
MD5: | B404300BF4B3A54614767046E60BFF14 |
SHA1: | 1AEC9F62D721758F8B165A76AD4E1864A509663A |
SHA-256: | 139E18D99F22EF084BCBC515BD8CF0EA1D23BC37F3C870ED9A526E793F980488 |
SHA-512: | B66A97EDBED2F77B30A8F486AB135907B521290E2AB6A894E8A906007DE08D1012AC66D0C8256E425B92C10A24C7572BFC30D8407E3D44CA08518A5340665F4D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.1356875516282012 |
Encrypted: | false |
SSDEEP: | 6:kKk/MD9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:8EaDnLNkPlE99SNxAhUe/3 |
MD5: | F2D008C2972D478E564A0C0C8D5844B2 |
SHA1: | 63BAA1ED7B1A674D69E495653FE24AF400FBAF83 |
SHA-256: | 4C513BA6E1A6C0A20ABE2E95CFC93F535453AA72C55FF681A1C26074EB39EEDA |
SHA-512: | 1058892E9CAC36386CB7743FE162771549C34AD0286A2A7014C0CCDD527372E2BB40CEE26B5F237FC0732656AA4021D14E83112E5EE00C842E0FF39BD461678A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.034404395079139 |
Encrypted: | false |
SSDEEP: | 3:kkFklVvwifllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnka:kKUNxliBAIdQZV7I7kc3 |
MD5: | 2B02EC9EC7064691FBAD85265DFA721F |
SHA1: | 6211E4E9EF17238F047D8DC0BB8D49D38EB04B3C |
SHA-256: | 0A0734BCEF67FE31227548719FEF1DA6D81E8C44B22E81AE3B44DC3E0FFCF420 |
SHA-512: | BEB52132589B3F35EC47BA28A1A2D829E021BB60CFDFFA99672DF212A9A86BF9460E478940E48451A5433D846A5E3056306CD76AC8C6803089ACE5F9902FAF78 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:qKPC4iyzDtrh1cK3XEiv07VK/3AYvYwgF/rRoL+sn:XPCaL/3AYvYwglFoL+sn |
MD5: | 27094DF6D14B4D6728D59FFC4E31294B |
SHA1: | CC768A8693F9C122496C2BE949E13F0C36AE7888 |
SHA-256: | B26846BECCDB3792F05A996D2863C7A1D286BD9F997DBC2112604EBDD206FEAC |
SHA-512: | 681F8D3F21AF1B1898F6572DB44AE92CF2AF56B3E8C9421C679DF0962A6CABE44753A5327368DAB97BC9AF997EFD86B803847285BB64F427196C65C8B0348BE8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.337831068390098 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJM3g98kUwPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GMbLUkee9 |
MD5: | B7E1CFE58A2D12E2D0540196D438BDDF |
SHA1: | 31F5528364D4EF62041AB434859E86FE59795F2E |
SHA-256: | B2D2A78948F622C8B64966AA1EAFB0C4439B1BB8F4E6EAC400D234EC824747DE |
SHA-512: | 36D96DD2AC16321F50C0E15FA5B771FCE9277F4CF2C442C00DAE73D50BF54BC1BA98D757D18416C87307BE020C8A6D63DD6C3A3814628107E7C2EE446803935C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2774276661326445 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfBoTfXpnrPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GWTfXcUkee9 |
MD5: | 4FD1AF6C571C3C4A32A17EFCCD08B9FA |
SHA1: | 8496E80C98E5036C343272B8653AF7EC74996B42 |
SHA-256: | 61B881E7E01FD08C4322EF461EA608C674C7DE4284F936D6CEC41EAD3F040451 |
SHA-512: | 5E739548EE5DCCCEF982801F544C576D10531D41DAB93B5B8AEA6A3FB67CE716989E6CFF1D3994129D25C47817A8AB7E419B1ED6354528EFAF1C9874EB034A22 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.255380266132004 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfBD2G6UpnrPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GR22cUkee9 |
MD5: | B160DCE5DB28F3F61B24C094BF585BA7 |
SHA1: | 8861560581AE86810FB52C02B4BE85DDEA38D24A |
SHA-256: | C80AD8FBC0DDEDE3BC5B721BE64A5B40AA8D8E3480CADF9741486CEFCBF3A095 |
SHA-512: | 71513CB86D1A4F3DDFA8F312828E15ECAAA6DDC77CA782C406657E8F977C39B4B306EBFBD9259C2ABFEC8FF79343FE0338FA50D69496267CBFF0AD962C4DA613 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.313883744130935 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfPmwrPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GH56Ukee9 |
MD5: | 64ECE91634D51170820FA64544006E18 |
SHA1: | A51715B3CD294D3CAD9F6FFDCAA3AD201FE3D68D |
SHA-256: | A09FCAF8EE786FE0937E17CB51561942F0355494BEF6906F6EFE0548301CFE0D |
SHA-512: | 435378D2B3A390810BE26E1620EA40252B2EFFCE50E48471F8CF02DFB0126D05983FF2C55A224A79AA74C7A89A8B9413971F9ED1D1584CB25C88B701778DB98B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2774273063299155 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfJWCtMdPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GBS8Ukee9 |
MD5: | 8ED3F2FCEE52BA2A0382FEB17CF862F6 |
SHA1: | E38CD6331DA7B81B9EB00075AA82017B8DE378A7 |
SHA-256: | 454DC7B17E253BE4483717DDB95C70FEF8D654798F24A5ED2FB28DC980CFFDFC |
SHA-512: | A86A166508B1EB61FB78CED395496975DD67A219FF98DBC8C75F3AA1DE5926CC1FD0476E210CD3136C516AC8071CCF0EC3DD7991D7EDBB830A4C855D2882E3AF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.261822327626672 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJf8dPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GU8Ukee9 |
MD5: | 42F0B725F123BA654B2FB0CA30C07782 |
SHA1: | 952B145F82C4D386B4573478DBDC0D90F89E3F83 |
SHA-256: | EB4E6990E89A2550D3F191349A3EBDCD32BD61D5E7EB6AFAD5A047684D511882 |
SHA-512: | 0178D0F8BE7F0319542CB4535E7A5EAB07DD1F6ECDF4C211A9FABB1B9CCA9824908795C8F809E61715DD43B54BB26CF225E9BB9903ED5A082BB92C3B7341A2B5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.261202529009628 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfQ1rPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GY16Ukee9 |
MD5: | B0106326DCD97FA1F7CFBF005B5BF54B |
SHA1: | 7E2A89A61A531A13C8A34976101EBA14AB82C36C |
SHA-256: | 21FBB98E20E6C7B40A39E6AEE4FED8C0C8DD7ED74FD1AE310E703CB85527056C |
SHA-512: | E6A6AE5A7AC9138BB44BEC8DCA5467ED8AD0A911D453D09BC5F1F0EADFC5D34EFD5454291A07C5BAE658ADAB89E97F78553631DCBB8BEB602DF5A50A0ADCE61B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.274738412611558 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfFldPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5Gz8Ukee9 |
MD5: | 9501D19B30BB5C82F12D12702C5081FF |
SHA1: | 1BB8A5B38B98599679E27F8441FE91952354911E |
SHA-256: | 62CA67BD3D330E80E073B46C25119882973CB545787319624517BF2520B941D7 |
SHA-512: | D4888BB67E91A0DB318797807D7C95842B932ADCD934DA893791C7944AF20CE15F62B2C0E1E725D0198C2EB51547B271DD41C7601C6673FD0C693C6B6AC7EE4B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.741656035066882 |
Encrypted: | false |
SSDEEP: | 24:Yv6X1JhRuElKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNV:Yv8JhRvlEgigrNt0wSJn+ns8cvFJf |
MD5: | E239356C80BDBA1193DAA8A2FC5AC04E |
SHA1: | 2EF5323A9317B8CEDCDF30A242DC7CC82F684A95 |
SHA-256: | 06DF3BD0E6A046FDFBEA2026B7CC2B1B3F0E629BB6A5D522AA599A7660FC23F6 |
SHA-512: | D02512A13B94BB2DB1BFABD7A69F96DE78BC2311C1C9ACF4FA13A32A4E3C1F3C87F22CC9631AC0BD78D1862EF05B52226580537EF33EEAAE33168FC926D1392B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.271271456391259 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfYdPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5Gg8Ukee9 |
MD5: | C13C6841DC013C2A42BC895DEEBC0262 |
SHA1: | 012A8A462474231755DB7AAA9A212BE443BE5BA3 |
SHA-256: | D5BEB985A94D90C560A431786D51D6C65DED2302E0FEC72F473C89157169BFBE |
SHA-512: | B8B626E7CCE188EA863CEE1471E5EACC2E04E1DBC2E41D5BF06B2332AB491FD38A01494C5B6DBB1793BF25422A1D16D3D78E3DDBD5C71823F9AF37F3381F10F4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.777023149218417 |
Encrypted: | false |
SSDEEP: | 24:Yv6X1JhRuEYrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN6:Yv8JhRvYHgDv3W2aYQfgB5OUupHrQ9FS |
MD5: | DE21DD4D4645C2CE5007FB0E144B71AF |
SHA1: | A0B19DC581834A8D7D60306CD12277A067E6ED55 |
SHA-256: | 890A8C9C46DDD13DB3F00B95260D56BC53030D22152F1D94C630FBD6F059A7C7 |
SHA-512: | EE5DA76EA88527FD9F1B06AB19119E3B3601046E30EC71C365F473D1B2CDD34D1CF4BF768712AE49E034649EF111969C9C0D6E977D5F3E82DB79CD5779492DDD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.255016001100233 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfbPtdPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GDV8Ukee9 |
MD5: | 821C99933BB7C5D95B6A4406EBC45F42 |
SHA1: | 756118F563811456CA656B76664B50BBA7621761 |
SHA-256: | 15A356FB3E461AA9EE1EE67832606627F07C64DEA5962E01514E1512CA38DB93 |
SHA-512: | 83A5B4E191AD618D83A65729E288E5DC03AEC5AAFE51D021124F9FAAD0DA29715D9804DFB628228F20A7B8FC4C181F829B630945457E56F9BA57A97023F77EB8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.253661304395933 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJf21rPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5G+16Ukee9 |
MD5: | 03D9E3FA2DBD51A87017D860BD15156C |
SHA1: | AB85B8C13BB9799D8FCA47F8039C14FF26BDA2B4 |
SHA-256: | 218FBE99B346FDC805672B741151E146FD8389854B763948B09771DFB6A49973 |
SHA-512: | 96D809742E64AFF267C100CF9C39818F46C3DF8475F4EF4B2FDF3F66549DDF206A6982C072E8B363A39171A99916F53AC9D3E8CD9D9BFF1CC26CDBF097D92B10 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.27750056210846 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfbpatdPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GVat8Ukee9 |
MD5: | 4C26D874941C0FDFF11F26CCB76140A3 |
SHA1: | 0BF2D3EDFC04AD9D5ADAA027580B2FCE4054AEE3 |
SHA-256: | 9E64FC4630C0C7FF97C18F2ECA97E1CDE4544ADA805B7CC54E1BCA0501ADF8F9 |
SHA-512: | AF7E61904F970DDDFA0738FCCEE23F6F68D5467E85AF79431CC2E2FC8FDAA1F277D6D1C5AF954505B56BFB888E5F49885BF4B54C489A6873D5DBD1B7C5DD85D8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.225986031579576 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfshHHrPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GUUUkee9 |
MD5: | 6940294F4199FFCA2FE361488BFAAE8B |
SHA1: | F29BD20990ACAE0D53C7CDC61BBDB0C6A20BA5B3 |
SHA-256: | 24CEE1A8B2D5B73EB13269D1331CAE97E6B37C1F46F349E1EE1BD6F1707C4C2B |
SHA-512: | F59C6FB98C64D43D749042B955624522A465429910C77E7F10C06FC56709FC68B4461BEF080E169AC6F092DA264712D729D11B89D32F2E2F6ABD6E5A74799A14 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.364710070200502 |
Encrypted: | false |
SSDEEP: | 12:YvXKXg/2vR/ZwHA1FUE5GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWp:Yv6X1JhRuEV168CgEXX5kcIfANh8 |
MD5: | 204482579DCC17B8DEC391AC5B4FF609 |
SHA1: | 36F0EA6D0812CFE1A39DF03FCAF2CAB220445EC5 |
SHA-256: | 1294B01D03DE606D17D6A368EB0675A5A64844A41C7C389A3C30FF067526E6CA |
SHA-512: | 72F681509AD8A9BB6D23CE9817AC2D7F96DDBFD49DCCBB8E51D050B3ECA8853786D7A63BD5DC6F27775A093E8C7D6D53B04A5B17E4CA44BBC6077B238E6B21DA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.1322558890250045 |
Encrypted: | false |
SSDEEP: | 48:Yjz9EDSO401ggpAdAn8vwKfkZ7QVcEJUYpxKLmw9/s915/:S9EDSqhpAWn8vwKfkZ7QhJUYfgmw961B |
MD5: | 4701D3127CCF4E35DB6602E2B7FBE654 |
SHA1: | 6BE5C93B175A25B64B9A68E1CA12E00FA24E9C3F |
SHA-256: | C5E4E16B98F5456B398172BF23D6B3276A60B8CD654FD9C1B0F0A221F9449014 |
SHA-512: | 4386DEEBA9402FE6D2AC0F94BEEB7858E93E55E06781CFAEBDB53B3084ACCF943CA915037016AF12380A709D42852058701D1EEF2BB3A8295CAE9A0156A8D40C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.317423299789279 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7ms9WR1CPmPbPahe5fypilIw5z:lNVms9WfMwbPahq9 |
MD5: | 515346D557AEF743B794F6AC201E50B1 |
SHA1: | 2DD56B25DC508F8C744B240D1197C4F231D9FC32 |
SHA-256: | 227B6DDCDC6ABFE795F70E57EE3CECFC769F321DE0E19602783DCE8CB03CC1F6 |
SHA-512: | D06EE2ACB361FB6B59E4AE8E43FD427AF51C2205E15177E0849CF1797C7D3A3E8DC9F68D58D8BF4FB5314E185149F34CA5FB3A7B4F80F1D2F60DA29930DFA3FC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.7807288598511077 |
Encrypted: | false |
SSDEEP: | 48:7MRWR1CPmPbPahe5mypilIfqFl2GL7mst:7oWfMwbPahbuKVmst |
MD5: | C9D08BB8EF69CD8B13AD8DCCACBE1599 |
SHA1: | 27FAF8A5DB8A0EC23C06163AC62618B20B7ADAB1 |
SHA-256: | 50762AAA6CAB6730691D765F5AEBCF13464F6016516792B57FDD24B9ED10BDE0 |
SHA-512: | B13F1959F4DE6BBBC08284EEDEF0969C37F38CB341A5B32B91FE921C650F67FDBBECB08EAF9FA81D5FD152D9F77DA96133E2EBA4ED13B23AAAB6627D79EF4C57 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5162684137903053 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8dq3GlKR:Qw946cPbiOxDlbYnuRKCYGlg |
MD5: | A955370E4D3D03775274273C739BE296 |
SHA1: | 5CB6CD051930E4E5D25B918BC1D19B526DCBF893 |
SHA-256: | 17404D4336D5EA8A9281D83B87AE7B3EC7F1D6956FF9F16B321364D348D6DAF2 |
SHA-512: | 8CBE9289BEE41BA3E11039BD47EA5489786DBCFE734FD571A1461E859F5BC7A6DBA5C6BC559D81CD4CCA4EDB4C698D23287457F7303D31E93AD10AF7490093FA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-17 12-15-39-341.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.33860678500249 |
Encrypted: | false |
SSDEEP: | 384:IC2heaVGJMUPhP80d0Wc+9eG/CCihFomva7RVRkfKhZmWWyC7rjgNgXo6ge5iaW0:X8B |
MD5: | C3FEDB046D1699616E22C50131AAF109 |
SHA1: | C9EEA5A1A16BD2CD8154E8C308C8A336E990CA8D |
SHA-256: | EA948BAC75D609B74084113392C9F0615D447B7F4AACA78D818205503EACC3FD |
SHA-512: | 845CDB5166B35B39215A051144452BEF9161FFD735B3F8BD232FB9A7588BA016F7939D91B62E27D6728686DFA181EFC3F3CC9954B2EDAB7FC73FCCE850915185 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.350044446424254 |
Encrypted: | false |
SSDEEP: | 384:9DRKpXE7y5M+JbH0pFqdSYpAc/m/oXMWtxJV/HXfl4cwlnZkUjrbS9SvqWY4POWU:RVqB |
MD5: | 9D53926713D9D12622368B255DC17B93 |
SHA1: | 8D51DED9149210B018AED33BFBDE57D76DB725AC |
SHA-256: | 7D4E3B2BA306D6606A28BCA5B9BC1FF72F8A6AC4E791A745233F114C53E1C027 |
SHA-512: | FDF0ECAAC0C120B96BDB2B078CB348D4A2F77C0C7E458EEB96AE5B2AF21D3560A8DDE201B29D1158B8A50C855B1F865770075F3F8716DFC6E936617CA1134DCB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.4186843061067975 |
Encrypted: | false |
SSDEEP: | 192:TcbeIewcbVcbqI4ucbrcbQIrJcb6cbCIC4cb0cbYI1HcbW:ceo4+rsCN1J |
MD5: | EA09C266B5B0494FC3F6E981816194E4 |
SHA1: | 7F8BF1B63CBDFBA4B320FEB5A1943320A9B3C1BC |
SHA-256: | 0F456D72C0FD5EB007E67A9A6FA91D9978474A4E85469398A5822D702A78DFBB |
SHA-512: | 6591C1516154942E957030D1DE7DB72A6EBEAB4194BA103910551638BD12D7D0641275AB968DB7A76B58CE7C3ECE00F07B4575615C49421ADD1200C8804016C2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.1486739793186 |
TrID: |
|
File name: | Security Guards of America Proposal.pdf |
File size: | 9'526'728 bytes |
MD5: | 3b0e1fc1c45235d3363a88eeb0e5bd32 |
SHA1: | c7954f3bc149924bd300a83d608d1e48af89e90c |
SHA256: | 1299384429fbe823fadacecedc6ca38a5072bef1a04822c3fef01fbb72bb01a1 |
SHA512: | b67dc96b7aa68481637d77319e12237485ae7fc2ba058e6a95fa214633e836140cb743479d423e06460f049dbc42f91017b868c9a5d568870ca52196086f30c0 |
SSDEEP: | 98304:mlgVwnEa96dKoezVjcgVfNJPUQqDeHERrpQdELXaxT4ex1vDruhfX6Yw4gV:mqkwdKoezl3udgMeuLKTnxVruhK4gV |
TLSH: | F4A68DEC98DDE1890679DFC2AB81E4EB954F23635B49443A71AF4FC20B53C1AED83845 |
File Content Preview: | %PDF-1.6.%......1499 0 obj.<</Linearized 1/L 2770623/O 1501/E 237074/N 26/T 2769714/H [ 490 628]>>.endobj. ..1510 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<3C494D00E402A949BD6F996B8A323EBE><41D28A503138FD44BEA832315693D |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.148674 |
Total Bytes: | 9526728 |
Stream Entropy: | 7.863966 |
Stream Bytes: | 6350343 |
Entropy outside Streams: | 3.886998 |
Bytes outside Streams: | 3176385 |
Number of EOF found: | 128 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 1852 |
endobj | 1852 |
stream | 1055 |
endstream | 1055 |
xref | 0 |
trailer | 0 |
startxref | 128 |
/Page | 165 |
/Encrypt | 0 |
/ObjStm | 149 |
/URI | 0 |
/JS | 1 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
1506 | 4d5171555533964d | 1a68c103bf9c36cc87d3d3ad1e4902cc | |
1509 | cc5971755533338e | 36dd25e29fa2e71bce4eb369d0a33f38 | |
22 | 7509525b989c25fa | a5c0c46c830c19793612b50edba47a61 | |
23 | fcf7c3e9a566e0d3 | d03037a94d4308182387e2dbafe0b404 | |
54 | b2303380e861cccc | 54f8a9cfcc3297eb6afb4d614ac94264 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 12:15:35 |
Start date: | 17/06/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6e8200000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 12:15:36 |
Start date: | 17/06/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79c940000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 12:15:36 |
Start date: | 17/06/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79c940000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |