Windows
Analysis Report
FDrive ).pdf
Overview
General Information
Sample name: | FDrive ).pdfrenamed because original name is a hash value |
Original sample name: | The Difference Maker Making Your Attitude Your Greatest Asset - PDFDrive.com - The Difference Maker Making Your Attitude Your Greatest Asset ( PDFDrive ).pdf |
Analysis ID: | 1411155 |
MD5: | 410213409ab017ba5acff390f4d8beab |
SHA1: | 012f7ca37a6b276dca0431b0b327f2e42a4c1c5d |
SHA256: | af4c8a610a96b0d868ca651bf600ffbec8a016745596d667bc138c070fbe5b3b |
Infos: | |
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 5448 cmdline:
C:\Program Files\Ado be\Acrobat DC\Acroba t\Acrobat. exe" "C:\U sers\user\ Desktop\FD rive ).pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6196 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6044 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 72 --field -trial-han dle=1576,i ,136695245 1672266885 1,15775429 1489424686 90,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.47.168.24 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1411155 |
Start date and time: | 2024-03-18 17:03:57 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | FDrive ).pdfrenamed because original name is a hash value |
Original Sample Name: | The Difference Maker Making Your Attitude Your Greatest Asset - PDFDrive.com - The Difference Maker Making Your Attitude Your Greatest Asset ( PDFDrive ).pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/46@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.199.48.153, 52.6.155.20, 52.22.41.97, 3.233.129.217, 3.219.243.226, 162.159.61.3, 172.64.41.3, 23.40.179.35, 23.40.179.19, 23.55.243.210, 23.55.243.199, 23.54.161.82, 23.55.235.248, 23.54.161.98, 23.55.235.250, 23.54.161.105, 23.54.161.81, 23.54.161.91, 23.54.161.104, 23.54.161.97
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- VT rate limit hit for: FDrive ).pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.47.168.24 | Get hash | malicious | RHADAMANTHYS | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | DBatLoader | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.2236236676462555 |
Encrypted: | false |
SSDEEP: | 6:F0PPsNAVq2PN72nKuAl9OmbnIFUt880PPkHgZmw+80PPkHIkwON72nKuAl9Ombjd:WuAVvVaHAahFUt8nUHg/+nUHI5OaHAae |
MD5: | F416B565790C3AFC626863C8F2817BFD |
SHA1: | 57DD63D4B396AD380198017614B1E711DBF147F3 |
SHA-256: | 8BB834DD361FC14497C730AD1A8059AA06D1D8B9F1302B36ED8A19376E2AE06B |
SHA-512: | D0D5319A8A3C9F2FC8011672EFBDB80310FA053C7372C6DAA310F741145179A8904F0C0C891F68C0F12AB57FE7773BCBD8708F9910DDAE5E9D036BC1C4170CCF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.2236236676462555 |
Encrypted: | false |
SSDEEP: | 6:F0PPsNAVq2PN72nKuAl9OmbnIFUt880PPkHgZmw+80PPkHIkwON72nKuAl9Ombjd:WuAVvVaHAahFUt8nUHg/+nUHI5OaHAae |
MD5: | F416B565790C3AFC626863C8F2817BFD |
SHA1: | 57DD63D4B396AD380198017614B1E711DBF147F3 |
SHA-256: | 8BB834DD361FC14497C730AD1A8059AA06D1D8B9F1302B36ED8A19376E2AE06B |
SHA-512: | D0D5319A8A3C9F2FC8011672EFBDB80310FA053C7372C6DAA310F741145179A8904F0C0C891F68C0F12AB57FE7773BCBD8708F9910DDAE5E9D036BC1C4170CCF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 339 |
Entropy (8bit): | 5.188284200233661 |
Encrypted: | false |
SSDEEP: | 6:F0PQhAROq2PN72nKuAl9Ombzo2jMGIFUt880PQ+JZmw+80PzVkwON72nKuAl9OmT:WpMvVaHAa8uFUt8nB/+nh5OaHAa8RJ |
MD5: | 1A55DEA9593621D772D43A0609913B9C |
SHA1: | 5948104118BB4BF9D1A22AC9CE0A0673A3C8EDFB |
SHA-256: | 1C3278DB24D2902D0794F8A575865167079E69F12EADE922014BAF9811A09DEE |
SHA-512: | 9CD8D7321DCB4C578D4532267ADF816F00C31CDA4E2A061590506A7F4300E4F4987F44F060BD5988D28843515B575B5FD3385020A5EBEAFE4ED1DEDE145A85E2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 339 |
Entropy (8bit): | 5.188284200233661 |
Encrypted: | false |
SSDEEP: | 6:F0PQhAROq2PN72nKuAl9Ombzo2jMGIFUt880PQ+JZmw+80PzVkwON72nKuAl9OmT:WpMvVaHAa8uFUt8nB/+nh5OaHAa8RJ |
MD5: | 1A55DEA9593621D772D43A0609913B9C |
SHA1: | 5948104118BB4BF9D1A22AC9CE0A0673A3C8EDFB |
SHA-256: | 1C3278DB24D2902D0794F8A575865167079E69F12EADE922014BAF9811A09DEE |
SHA-512: | 9CD8D7321DCB4C578D4532267ADF816F00C31CDA4E2A061590506A7F4300E4F4987F44F060BD5988D28843515B575B5FD3385020A5EBEAFE4ED1DEDE145A85E2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\839bb9f4-61e2-4ced-8770-d5d19a3b1243.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 474 |
Entropy (8bit): | 4.971158482009928 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZQkcnWhsBdOg2Hu2caq3QYiubcP7E4T3y:Y2sRds5VWydMHM3QYhbA7nby |
MD5: | 8812F7B613079C4FA56CAFD3C51B5338 |
SHA1: | 76FB1CE3F8ACA16AC2BCEBABF1D0A2AFD29C45D5 |
SHA-256: | 6B2FEB23CAFFD55B054FD9FF041D012EDFA43FEE4C1D3A4FF27BF0F0B5831087 |
SHA-512: | 73A8AEE0765C1E571A90477C9BBCF801D51948484268A0F37368CBD1F2723768C43A1D1EEDBE68BBB803A09A70121F3A07FCFF4EB1C4D28F43312E8BFD128A68 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 474 |
Entropy (8bit): | 4.971158482009928 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZQkcnWhsBdOg2Hu2caq3QYiubcP7E4T3y:Y2sRds5VWydMHM3QYhbA7nby |
MD5: | 8812F7B613079C4FA56CAFD3C51B5338 |
SHA1: | 76FB1CE3F8ACA16AC2BCEBABF1D0A2AFD29C45D5 |
SHA-256: | 6B2FEB23CAFFD55B054FD9FF041D012EDFA43FEE4C1D3A4FF27BF0F0B5831087 |
SHA-512: | 73A8AEE0765C1E571A90477C9BBCF801D51948484268A0F37368CBD1F2723768C43A1D1EEDBE68BBB803A09A70121F3A07FCFF4EB1C4D28F43312E8BFD128A68 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5859 |
Entropy (8bit): | 5.256518429319815 |
Encrypted: | false |
SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7RQRrZ:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhg |
MD5: | 11334BE567DB7AF64652B6680D7DD742 |
SHA1: | 12025C39CDBB7905D3106317E77E2BD538C2C9CE |
SHA-256: | E681316E31345E83E55FA71788FC7AD346DDAF6C13E37D709C94F7940852C826 |
SHA-512: | C48C27C67F3E38DF4A99B3DD0564CCA8A1A66DACE872311384091F728FAD4F9987993CE439723B66577827FF3001B79C43A20E44C5507001F333FEC2E77068D5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 327 |
Entropy (8bit): | 5.138939671032326 |
Encrypted: | false |
SSDEEP: | 6:F0PLq2PN72nKuAl9OmbzNMxIFUt880PGZmw+80PHFkwON72nKuAl9OmbzNMFLJ:WzvVaHAa8jFUt8nu/+nPF5OaHAa84J |
MD5: | CFC30BC717B1B0809D214EC4E237BF1A |
SHA1: | 49D0696644A795DF389C20340E0B865F7F38128A |
SHA-256: | F8D0BF7777AB6FB4E451C02B9BD38BDDD63ED0C810929CAFD5C503237BB13F77 |
SHA-512: | 4CDB25B40C76439083B68C9E61ABC2CC3042D8BC79DB9E2F5A2B0A0E0D62B035CA427D8062B0016D6FD63C0A3D530CB295B32A9034734D09D4A30A361850DB23 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 327 |
Entropy (8bit): | 5.138939671032326 |
Encrypted: | false |
SSDEEP: | 6:F0PLq2PN72nKuAl9OmbzNMxIFUt880PGZmw+80PHFkwON72nKuAl9OmbzNMFLJ:WzvVaHAa8jFUt8nu/+nPF5OaHAa84J |
MD5: | CFC30BC717B1B0809D214EC4E237BF1A |
SHA1: | 49D0696644A795DF389C20340E0B865F7F38128A |
SHA-256: | F8D0BF7777AB6FB4E451C02B9BD38BDDD63ED0C810929CAFD5C503237BB13F77 |
SHA-512: | 4CDB25B40C76439083B68C9E61ABC2CC3042D8BC79DB9E2F5A2B0A0E0D62B035CA427D8062B0016D6FD63C0A3D530CB295B32A9034734D09D4A30A361850DB23 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240318160450Z-198.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 6.1003152892229915 |
Encrypted: | false |
SSDEEP: | 768:MvyRZShtAxNuW6rmRLS9h4rnnn+4UqAtxozrAopFhmacNNyc+OI5QAZnjwEu:KuoKioRm0WSzr78acNZb |
MD5: | D61FF0FA9396DA339CC72190B08ADBE6 |
SHA1: | 1AEC844F453DFD33915F7BF78382DCBA8CF42D3D |
SHA-256: | 6A77367BABC2C7A761FB977A6860D5B2082D8822AABFBA4A28718D047529D1EC |
SHA-512: | BA2E2D4FB12175E3B59DC8AA0661D5B1AFA64B2CFF73CD11017C8D5D9DD052C309181049F66915C537616B4023BD8B90B27D6C557185166DD3E680115171B753 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444922753979987 |
Encrypted: | false |
SSDEEP: | 384:ye6ci5thiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mys3OazzU89UTTgUL |
MD5: | 4984B73774B40D765C3D80210751C581 |
SHA1: | CDB17D90B926DED7A79D31C226202D858B427C61 |
SHA-256: | 96C74137ED8592A9EC5DB025F6C13B5E1301BB9544EDB488241A97E66418DBE7 |
SHA-512: | 650D55F15CEE59A936FA0CC1C7B6D33DA00AE9F5CD12622A9ED2008D49F2A81B61B578F5BBD34BE0883D63A46ACE0D5D2511CB8364E5C4278F4A7F188F752D49 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7700350430640155 |
Encrypted: | false |
SSDEEP: | 48:7MhJioyV/3ioyCUoy1C7oy16oy1giKOioy1noy1AYoy1Wioy1oioykioyBoy1noQ:7KJuPVwXjBiYb9IVXEBodRBke |
MD5: | 0C628F2E9DA06D2801C9521B89715ABF |
SHA1: | F6A20FF0BAB9C36482FB3A16F9905D75F45F095F |
SHA-256: | 38A158139661115E5117E068DE7EB412FA97209B2A30606F52A5126F570F4BFE |
SHA-512: | 3FE81202D3853E24966D11948193516E5818BC9EC67C186307C3696611496807ED3ED1C5F8B3065E8B4359C0EB6D2BAD20AD9FD37470E760E2D3A1427F82EC51 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn |
MD5: | 265E3E1166312A864FB63291EA661C6A |
SHA1: | 80DFF3187FF929596EB22E1DB9021BAD6F97178C |
SHA-256: | C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728 |
SHA-512: | 48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3693956912280285 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZsY27GJ0nZiQ0YARWDoAvJM3g98kUwPeUkwRe9:YvXKX2Y2qJ0cJWsGMbLUkee9 |
MD5: | 624A964FB6129D30796846CCC39BB1D8 |
SHA1: | C7FC76AD5A8A71EACE46F416210E9F9478751086 |
SHA-256: | 3D3C36C4AF87D37E15E9738B746EB37FC5FB24DAD09E177EFD924AFE9A894606 |
SHA-512: | A3769116990BCEC028E30A6EF0E0D43CA43D912903B9655EEBD40D6C45C75BCBE749B2558DBE929567DA8973B1C0B21CE14BACC3F0AC07F86C368180715A946D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.322961074118742 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZsY27GJ0nZiQ0YARWDoAvJfBoTfXpnrPeUkwRe9:YvXKX2Y2qJ0cJWsGWTfXcUkee9 |
MD5: | D68EB7FD5A44A07819FFB40590DF32B8 |
SHA1: | 3035031ABEC2485F3D18D70510D03707273BC90A |
SHA-256: | 615860E8E8E3D5CB17E5113DBFDF6C8006C03632067409B6CA5CCCE89A4C272E |
SHA-512: | F1B6D602CC092423DC0AD43D9DFE7D0BACA1B3970934410F3EF63DD2D17FE4AB888E4AB2FB4D5233983C7DF377D05F749CBE4582214EC59F2F9FE311DAB821E6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.300913674118101 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZsY27GJ0nZiQ0YARWDoAvJfBD2G6UpnrPeUkwRe9:YvXKX2Y2qJ0cJWsGR22cUkee9 |
MD5: | 657A7196ED9F01351F7B722B95D37626 |
SHA1: | 5705F798C321525AA3E6738B955739211A1895EC |
SHA-256: | 4603EE7E3852C0C0A180101AC86FE0D89CA1DCC7B610D8165A7CF6502A9CEC65 |
SHA-512: | 5C025D680B70D9F25EAB05F54063DECA2F814CEDFE24C83BB8F92EC0ECE00F93C969E4806DD062CECA1038B19C44D60ECA7C8F3F11123E8AF80BD4948BF9D5FE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.3496299267133995 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZsY27GJ0nZiQ0YARWDoAvJfPmwrPeUkwRe9:YvXKX2Y2qJ0cJWsGH56Ukee9 |
MD5: | A51BBC9F9F4CB2FDF08946D29A56EA65 |
SHA1: | 2E647072796A91199519445B52CFA23A38862329 |
SHA-256: | C532AEEFF5B82A3373F4D6FB2305167B56BB4F9C7479419F96002E9C185BED51 |
SHA-512: | 706933A106FD5EA008254A82263F7F038B35C84C6041264FB453895F9E7D51660B09E4B8C5AA6B27BA29DC46D141AACDB00D5E8FCFF9DC4A8DBB0AB8F9A4E68F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.315715031851807 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZsY27GJ0nZiQ0YARWDoAvJfJWCtMdPeUkwRe9:YvXKX2Y2qJ0cJWsGBS8Ukee9 |
MD5: | 6074EE8B7575454D5259DC5D71BF1223 |
SHA1: | A68A9DA4BC698634ADE625C3787AAF569183BF81 |
SHA-256: | 11CE0ACDC1385D7F9E71185A3596D9A4CDD118DABB11A769DD17916BFC7716A1 |
SHA-512: | 4164C4163996F56415EA26B239EC3553225CC35F82736ECFD5A2D857C194E3D1EA6216032A8E3543C986B7810C169737C6A4F7BA05579ED082D521BFF9A4A3EB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.299611961576938 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZsY27GJ0nZiQ0YARWDoAvJf8dPeUkwRe9:YvXKX2Y2qJ0cJWsGU8Ukee9 |
MD5: | 159A7817DBEC881D9832D0CD15BE320B |
SHA1: | 2B5FE364D1170984B64379D3A7BB3CAC0F104105 |
SHA-256: | 4A2C3DC3277EC00D4BC53D65C3C31A3C10EFCA17C5F1EEE7266580977F13207D |
SHA-512: | 15C877017C2DEB9B52C680F86F696C3BA7C1AEE982DDD9BFA0DD2EC96195990204512C8143433431D27BFBFDC5C0C2DE5BD86FF689E26CDC2C7B2AC932D07389 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.30286799719272 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZsY27GJ0nZiQ0YARWDoAvJfQ1rPeUkwRe9:YvXKX2Y2qJ0cJWsGY16Ukee9 |
MD5: | 9C9F529EA8970E450A0672E751A9E843 |
SHA1: | 16FE671E4B6711F20F1A6FA6F3B7228FF428626A |
SHA-256: | 6C88079742199DF98C3CADAB5C4EE2D4455FAE2E2FBC401005B1F9BF06D42A9E |
SHA-512: | 108919664F0B488AAC2D802837287697D48E3F089AA52652FDBAC85842F78CB4F1A1012548494198F186018937BBEE609A7ACFD93C8056EB47D1F1F1E7EC2784 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.309260600894244 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZsY27GJ0nZiQ0YARWDoAvJfFldPeUkwRe9:YvXKX2Y2qJ0cJWsGz8Ukee9 |
MD5: | 36DC62C2C99B5D26A1847012B121F576 |
SHA1: | 650569B0BB027D34745FE6A84DD94481D6C1F4B9 |
SHA-256: | 500AFC14CB291D6DB2268C488F8A70A93640C893BF1F6DB0D9D4B855AF165672 |
SHA-512: | 2DA93D309D5BE98BF152902D01D0721FE55E55E41EFBAF9DF7EE87CD35B58A20321B132ACF770BB583658A297BFFFAF48792D6ECC7BD4328957D28E0B4C04AF4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.326890117902809 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZsY27GJ0nZiQ0YARWDoAvJfzdPeUkwRe9:YvXKX2Y2qJ0cJWsGb8Ukee9 |
MD5: | 73C43F787495F442899E9B32EC234C8E |
SHA1: | 8BAC6719EBACA3BB086B42AA83C9C184DC6D7B7B |
SHA-256: | B3ECDDABF76566066A57EE03D41DE27957411253D2F9A7AA3E7224B756B2F966 |
SHA-512: | 179E02A2D9E1EF13F3B9DFDD54C50DF9DBFC8E0D93A5EBF32B5DBB1BF9B13D8224C32574FFAD2E49FF13E33CE50DCA2CED2B2163D2A52DAF49FE4E174257CCCE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.307690120129456 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZsY27GJ0nZiQ0YARWDoAvJfYdPeUkwRe9:YvXKX2Y2qJ0cJWsGg8Ukee9 |
MD5: | 565E16A9676F2D9FF7F86362A7D284BE |
SHA1: | AAF1ECD53871A5B418F1E1912D908830FF3E0FA8 |
SHA-256: | A2D8730331501D7863A7278EF905055924EBA7DCB4CD09F7845860BA4BCB3111 |
SHA-512: | CA4183A7467289D3322085A8BA3531FE04C90C39988B4B0C5E2D7AE3CCEA3963B56707345D3818936743C90B23BB3057FC6F0686C61263C9CF7BD916CC93052E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.774569178770522 |
Encrypted: | false |
SSDEEP: | 24:Yv6X2Y2WJW7rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNrb:Yvx0W7HgDv3W2aYQfgB5OUupHrQ9FJZ |
MD5: | 49B5BEDB2F1054EAF1E2B866DA553506 |
SHA1: | F6F10D7A19901F1708E1789C395B62773A09A8A7 |
SHA-256: | B5114DB4BDAF32299B02837EB4226D09D2E7356122D476F2EDF9A6A05009A804 |
SHA-512: | 59FACC39B8D45F988FFDA4E45AF8D4295C249440C813460479ADD26C9661DD25F4251FBE7F9099B2AB208716D4E09AE08F84289E910A5528F45E349D4E14CAAD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.2911843647440095 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZsY27GJ0nZiQ0YARWDoAvJfbPtdPeUkwRe9:YvXKX2Y2qJ0cJWsGDV8Ukee9 |
MD5: | 535C86C802C5A446FCD921E4B9E66BCF |
SHA1: | 80636B91495B25A4BBC0B357BF531F7058C0CFD3 |
SHA-256: | 159FFB576BFCCDA71C1C17A7A2A8F95900F27903485657DA90DA1062BB66398F |
SHA-512: | 95FEE94B5BD4E103366568B96E2290356CB6F7F92D7E53DF54B0705B014B52D59835BE21A1E96AC997EB7C2D906E472EC5A10D90D6FA17698B7DE4EF4033A507 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.294672127804208 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZsY27GJ0nZiQ0YARWDoAvJf21rPeUkwRe9:YvXKX2Y2qJ0cJWsG+16Ukee9 |
MD5: | 17926103687FD8AD81A01B1A8CD8C190 |
SHA1: | EBA418A2203F5FCAB2156F323EE171C349D2434D |
SHA-256: | A0F8DD68D9AD408AB064CE455B3F9A170145A2A55883B7FAEE8C7FDC67F182A7 |
SHA-512: | DB3CB45F806360886A055185CDD1CC2C078F24DE198C47333BD052B4E343BEB39E0F8B1A7D9157D48F1454D0A2055985FBE329F6C280573AAB5D4B321D93AD13 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.313919225846657 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZsY27GJ0nZiQ0YARWDoAvJfbpatdPeUkwRe9:YvXKX2Y2qJ0cJWsGVat8Ukee9 |
MD5: | 8BA78A9D21087F3C564D924BE763E06A |
SHA1: | B78C727FE614CC52DC436EA3067104C47DA44D65 |
SHA-256: | 29E913031C85FD3A3A88F8D34DA20397BA6CE70934DEF40F11451743DB89C34C |
SHA-512: | BE088C844980BC9B27FC06288F0A6978F6F908ECE86A214B859DE5CBB1294A1B6C7E53439859DFDA57EEB18EDFBF2CDD90A284E406968A88F975333E96EABB26 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.270153634536743 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZsY27GJ0nZiQ0YARWDoAvJfshHHrPeUkwRe9:YvXKX2Y2qJ0cJWsGUUUkee9 |
MD5: | D761952E27224C47E46E085FD437BFD9 |
SHA1: | 36B9969486378393BA28BEB2D2013DFE7BB9259A |
SHA-256: | A9EFBA72CDC7A899AC59E417E83775E33D247EDE810FAE4D84E55ABD93A70E98 |
SHA-512: | B5939440EC1BDD3F428803543B27C8B49CE3BFCEC44DFA429E0CB0C458DE59B82D6806C6E6921702BF9E21F7A8A3CA398960AFBE1035A9D7690E64ABDB4DC566 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.359200512118868 |
Encrypted: | false |
SSDEEP: | 12:YvXKX2Y2qJ0cJWsGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW/b:Yv6X2Y2WJWC168CgEXX5kcIfANh8b |
MD5: | B0615FF32C550FB3333EE8B117366C62 |
SHA1: | 1E7B8C6172FFE68580E5BBEA822831E73D755855 |
SHA-256: | 185DB6A88043F3D37A45A5D5B76E969B0DAC931B9F47C684CD7FD31B5D2C71C2 |
SHA-512: | 18074B95C8514D24E5F71CDE56C3DB80B9A8BCEB4D7C63260603B46B70FDEFC675479349162DEB03096A366918A7B1170D250A3D560F36C54D5AA6A1D7C67FAA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2813 |
Entropy (8bit): | 5.126760157922926 |
Encrypted: | false |
SSDEEP: | 24:YkT3TynhCGeTnqA7IU2loVByqBHGuhnaEBYayyrNOkmyiwP5cj3Qvj0SzSNG/2Cb:Ykkhle7qNCDBmulIg7lsGdTRMVc98AF |
MD5: | 8C341A874736C0EAA088DD9B6393E081 |
SHA1: | F8D1F419D4FA040F54F66533DA3D95E98D39C8A8 |
SHA-256: | 0F26A7F6FD004001308DD377965C011AA196B8FB95289C3C37C80A78E1E6C56F |
SHA-512: | B955764DD28CDC39145C93A150E0A040AEBC94EB0FADADF6E7DC61093C076E8371F1D348BFA62EAF991170D2981BC21F301EC82AD598A48CA7EE0E6EC103B153 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1428846363103677 |
Encrypted: | false |
SSDEEP: | 24:TLhx/XYKQvGJF7ursYGqfRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUue:TFl2GL7msYGuXc+XcGNFlRYIX2v3khGw |
MD5: | D32BA1DF38515C41F969F210DC74E44A |
SHA1: | 490FDF259460AAEECF5821ECD9DFEE5EEBDFCA89 |
SHA-256: | F5A1BB96294943C110A7C99329094C652191AEEA148C2BC9C3EF795DFC999ABB |
SHA-512: | 333F9879E8979F2FE8B6436B1F2BD2BCD2F74530A460BDA1A11E2F7EFD744EE0F4B7E9F75A7769953682BD26BDB5B4444FB59C6221689BD6B6BA6ACC910A0DC1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.5499350062539274 |
Encrypted: | false |
SSDEEP: | 24:7+tXgGqfUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxwqLxx/+:7MQGRXc+XcGNFlRYIX2vtqVl2GL7ms8 |
MD5: | 36FB6CD692BF3C231ABF0BA59FFEFB0B |
SHA1: | EC023E00B1EDE51FF038827289052B0206AE955C |
SHA-256: | B74F1FC4C015C855B3E2B200BC4A7D920C9F833565F84D54F4F9BC0D5C004D67 |
SHA-512: | 931470E40AD743890539A17B81EC0AF9A8492FB4B0DDBB4AAE2A0DECDD5D1EED21A4D61FEBC88D94A259603647924A343FD9096BBE925CF33802C4457F9B5621 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgEBEa9SQYlwcrxc8LO8GmnZTsgYyu:6a6TZ44ADEEBEFrlwe68ZGwbK |
MD5: | 406B9DF0882D4F85C6DAC3BDF4686397 |
SHA1: | 8896B56A63A93D78D0AAA01B88EB296B7D3176DD |
SHA-256: | E25AA1F08BD83ED691E8980429BE2B8C26C4205F4EDE0F805C557DA0936202CE |
SHA-512: | 92B0191B2EB1642DC03913478810C54F1E2EED536A97E16B916A92EF42D1629954449B0F2E9DECD82C799936DE6AD2AD721EB2D640C5058C8FB090A2772470F3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.536003181970279 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKUFqH:Qw946cPbiOxDlbYnuRKSUu |
MD5: | 483D9935C5A925D27C3BFDFF13D4E163 |
SHA1: | C8F57C3F7738CC54135AFFF2B68F7D3DDB452E6D |
SHA-256: | C10B08924FDEBC17DF04B2D1485F94866931DD5A91D94737CEF143DF2803A9F4 |
SHA-512: | 2B697F1FED759CAEC566E9F139258B74260F7267EF8B39A421FED669BAF38FB6F664A4CFC12E6837C6893AB01B945DB4A6A7A387EAA808814ABB8DBF5504CFAD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-18 17-04-47-681.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.338264912747007 |
Encrypted: | false |
SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
MD5: | 128A51060103D95314048C2F32A15C66 |
SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16601 |
Entropy (8bit): | 5.333431100976649 |
Encrypted: | false |
SSDEEP: | 384:jOMfrh+J2LpuJKPrjP87VMt7tftytRtJR+mADADtP3WAYIxgE0j06bkQ6v6Tums4:jXBtMDCR |
MD5: | E6343FAF705585D2B2D1C4834C0CB48E |
SHA1: | AC4D902574F25B70BE3365A63696B15C8EEA1EAF |
SHA-256: | 5A95F32D92D2078CA30EEF4E156C80B037746287A9B32C73D48A2C608DBF78D5 |
SHA-512: | 4BE3DE2AE74039E3D642D87A6A06B371E45A9CC9B7861A6DBCD6A975A1253652E593E904A705D96D5B1F9D944FDA1DBB399FC736654B704811FCCF91DF466577 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.394476362690943 |
Encrypted: | false |
SSDEEP: | 192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbr2ZZtO9Ytw0Wws8cbwIHrVcbE:V3fOCIdJDeEZZtO9Ytw0WwmH1 |
MD5: | D8B489174A39D8119D06F290742AE768 |
SHA1: | 461A61386C04DAA4A235C9D7F782C0DC7252AEC8 |
SHA-256: | C2EB0C0E94E047A8845EDE2EFE9AC4031A592681A854ECFFFB4AC816AF103383 |
SHA-512: | B45348D0FF9E3B3194AC3E3F9B21B76C6CB90867E24AC8A909DB97CD89CDAA8152A33C5D63721BC1667F13B2B62FE0249C7A63C9271EB6EDCD295930B7AC9462 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJxdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07c:JVwWLaGZDwZGV3mlind9i4ufFXpAXkrj |
MD5: | 96E2EE6506759519A5E3E5E550F28388 |
SHA1: | 477522A699526F3EC2270AD0B3D3B8D6609F8BBB |
SHA-256: | D135FEF8231B87D1F758B3D31FC5467BC933321F7E8EACB316F933DBA36474D5 |
SHA-512: | C84E93CB72ABC0742C44BF13608472EDD30BE64358C0DA350D9D54C0A88EC45931D48CE1DA823FC527E5134E7277B16AFE0521F2716C067A519FDD390DB315CC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLcGZtwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLcGZa |
MD5: | 22B260CB8C51C0D68C6550E4B061E25A |
SHA1: | DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E |
SHA-256: | DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0 |
SHA-512: | 503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.991372040083368 |
TrID: |
|
File name: | FDrive ).pdf |
File size: | 4'401'065 bytes |
MD5: | 410213409ab017ba5acff390f4d8beab |
SHA1: | 012f7ca37a6b276dca0431b0b327f2e42a4c1c5d |
SHA256: | af4c8a610a96b0d868ca651bf600ffbec8a016745596d667bc138c070fbe5b3b |
SHA512: | 1f2f1b43b0e4f75d2984608908cd80fbafdd3e5a60d82c3de59b30e785f4ea6678a06e67abe592c14d6b578ff56b612827b3138ccfd48e1e2314c415f92d5049 |
SSDEEP: | 98304:63WesiJlPE+q0ZHHPCW7gfufXaeHjjxi9Jtf98qJ5ivf:63YINLaW7Zy0GJtf983 |
TLSH: | EB162364E5F9E45CCCC18AA0AF0F35D8858A40E15F1858B7346CAA463F85CD0FE9D6FA |
File Content Preview: | %PDF-1.5.%.....4 0 obj.<< /Length 5 0 R. /Filter /FlateDecode.>>.stream.x.3T0.B]C ani....U.e...E........\ .f.F`.E..i@%.z&.`.p.P'D..~...K>W ........endstream.endobj.5 0 obj. 74.endobj.3 0 obj.<<. /ExtGState <<. /a0 << /CA 1 /ca 1 >>. >>. /XO |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.5 |
Total Entropy: | 7.991372 |
Total Bytes: | 4401065 |
Stream Entropy: | 7.998984 |
Stream Bytes: | 4281845 |
Entropy outside Streams: | 4.703460 |
Bytes outside Streams: | 119220 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 1351 |
endobj | 1351 |
stream | 518 |
endstream | 518 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 155 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
10 | f0f0f0f0e0f0f0f0 | 73e8589ee0555b85c38c0a77a1284c29 | |
21 | f0f0f0f0e0f0f0f0 | 73e8589ee0555b85c38c0a77a1284c29 | |
33 | 0014411637371441 | b1412dbf421e36104b664f58369533e5 | |
45 | 030b35353735373b | 0e3507531e71d08288efea98beca112f | |
74 | 0202040913061d72 | ef45f65470a085011d84c17f0ec36b47 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 18, 2024 17:04:57.838972092 CET | 49709 | 443 | 192.168.2.6 | 23.47.168.24 |
Mar 18, 2024 17:04:57.839000940 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.6 |
Mar 18, 2024 17:04:57.839111090 CET | 49709 | 443 | 192.168.2.6 | 23.47.168.24 |
Mar 18, 2024 17:04:57.839359045 CET | 49709 | 443 | 192.168.2.6 | 23.47.168.24 |
Mar 18, 2024 17:04:57.839375019 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.6 |
Mar 18, 2024 17:04:58.192114115 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.6 |
Mar 18, 2024 17:04:58.192568064 CET | 49709 | 443 | 192.168.2.6 | 23.47.168.24 |
Mar 18, 2024 17:04:58.192584038 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.6 |
Mar 18, 2024 17:04:58.194271088 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.6 |
Mar 18, 2024 17:04:58.194361925 CET | 49709 | 443 | 192.168.2.6 | 23.47.168.24 |
Mar 18, 2024 17:04:58.196252108 CET | 49709 | 443 | 192.168.2.6 | 23.47.168.24 |
Mar 18, 2024 17:04:58.196369886 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.6 |
Mar 18, 2024 17:04:58.196451902 CET | 49709 | 443 | 192.168.2.6 | 23.47.168.24 |
Mar 18, 2024 17:04:58.196459055 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.6 |
Mar 18, 2024 17:04:58.249792099 CET | 49709 | 443 | 192.168.2.6 | 23.47.168.24 |
Mar 18, 2024 17:04:58.286581993 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.6 |
Mar 18, 2024 17:04:58.286804914 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.6 |
Mar 18, 2024 17:04:58.286866903 CET | 49709 | 443 | 192.168.2.6 | 23.47.168.24 |
Mar 18, 2024 17:04:58.287708998 CET | 49709 | 443 | 192.168.2.6 | 23.47.168.24 |
Mar 18, 2024 17:04:58.287727118 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.6 |
Mar 18, 2024 17:04:58.287736893 CET | 49709 | 443 | 192.168.2.6 | 23.47.168.24 |
Mar 18, 2024 17:04:58.287776947 CET | 49709 | 443 | 192.168.2.6 | 23.47.168.24 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49709 | 23.47.168.24 | 443 | 6044 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-18 16:04:58 UTC | 475 | OUT | |
2024-03-18 16:04:58 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:04:44 |
Start date: | 18/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff651090000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 17:04:45 |
Start date: | 18/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 17:04:45 |
Start date: | 18/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |