Windows
Analysis Report
P&A COFFIDENTIAL - 200 - March2024.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7268 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\P &A COFFIDE NTIAL - 20 0 - March2 024.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7468 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7684 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 84 --field -trial-han dle=1728,i ,155287838 9865564202 4,13473473 2421568419 25,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Static file information: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.56.8.145 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1416010 |
Start date and time: | 2024-03-26 18:29:26 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | P&A COFFIDENTIAL - 200 - March2024.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/48@0/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.222.192.182, 3.233.129.217, 52.6.155.20, 52.22.41.97, 3.219.243.226, 23.53.35.208, 23.53.35.200, 162.159.61.3, 172.64.41.3, 23.215.0.36, 23.215.0.48
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateFile calls found.
- VT rate limit hit for: P&A COFFIDENTIAL - 200 - March2024.pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.56.8.145 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Moobot | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.250754727401422 |
Encrypted: | false |
SSDEEP: | 6:FQQq8JE+q2Pwkn2nKuAl9OmbnIFUt88QQq8G5Zmw+8QQq8GtVkwOwkn2nKuAl9Oe:2QdvvYfHAahFUt8xQdG5/+xQdGT5JfHi |
MD5: | 20F4E22A7E6FFDE4BF9D547379C72F36 |
SHA1: | 690841E8237A4F98A6D7DC7E54ADD0E493ABEB48 |
SHA-256: | D36F2D0448FFC1815B2532E35EE71D2FF500DFED69EA5EA3BC2EB281814C61C6 |
SHA-512: | 502BE5D2BC5BB6C631463A89FE6806882E94070341658756F45B78F937D10792482FA51A7BA1658F77556257ECBB8E68D7905E9A716D4619E99ACB34B4DEB9D9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.250754727401422 |
Encrypted: | false |
SSDEEP: | 6:FQQq8JE+q2Pwkn2nKuAl9OmbnIFUt88QQq8G5Zmw+8QQq8GtVkwOwkn2nKuAl9Oe:2QdvvYfHAahFUt8xQdG5/+xQdGT5JfHi |
MD5: | 20F4E22A7E6FFDE4BF9D547379C72F36 |
SHA1: | 690841E8237A4F98A6D7DC7E54ADD0E493ABEB48 |
SHA-256: | D36F2D0448FFC1815B2532E35EE71D2FF500DFED69EA5EA3BC2EB281814C61C6 |
SHA-512: | 502BE5D2BC5BB6C631463A89FE6806882E94070341658756F45B78F937D10792482FA51A7BA1658F77556257ECBB8E68D7905E9A716D4619E99ACB34B4DEB9D9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.19288558075926 |
Encrypted: | false |
SSDEEP: | 6:FQQq86oU4q2Pwkn2nKuAl9Ombzo2jMGIFUt88QQq86LTRNJZmw+8QQq86LTRNDk7:2QdbU4vYfHAa8uFUt8xQdudNJ/+xQdug |
MD5: | 334F71F6614126DDE85E3A68DC044AE4 |
SHA1: | E3EB3931F718C616B947F77BFA5727DF83C93F6B |
SHA-256: | 954FF356233403DC9D7F79DF613C985DC50738F7D8F277DDBCDF818803E3E7AE |
SHA-512: | B59F621F47902C9A91098E68F15CF51A43A0FCB782A36824F16DAAAB97334E11AD28B166819A474C4434C86C5E81B99847F97B5CBAC116255A9B327B5F95446F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.19288558075926 |
Encrypted: | false |
SSDEEP: | 6:FQQq86oU4q2Pwkn2nKuAl9Ombzo2jMGIFUt88QQq86LTRNJZmw+8QQq86LTRNDk7:2QdbU4vYfHAa8uFUt8xQdudNJ/+xQdug |
MD5: | 334F71F6614126DDE85E3A68DC044AE4 |
SHA1: | E3EB3931F718C616B947F77BFA5727DF83C93F6B |
SHA-256: | 954FF356233403DC9D7F79DF613C985DC50738F7D8F277DDBCDF818803E3E7AE |
SHA-512: | B59F621F47902C9A91098E68F15CF51A43A0FCB782A36824F16DAAAB97334E11AD28B166819A474C4434C86C5E81B99847F97B5CBAC116255A9B327B5F95446F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\891b8254-5774-479f-82d5-6b9582ea3f77.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 474 |
Entropy (8bit): | 4.9693552056971155 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZKWsBdOg2H7caq3QYiubInP7E4T3y:Y2sRdshdMHC3QYhbG7nby |
MD5: | FDA538C3358C35BB6243E471DBA786A5 |
SHA1: | 0668AA655A6ACB69D0B835ECD2AC08C12E4D8D5D |
SHA-256: | F78D264AA6898049E763E113B18C4EBA0C8D84549BE8180568DFA42F06321539 |
SHA-512: | 0F26EAFAD495B25B5D5329E8BAD8B3FCD924E6060791421E2473F650AD0EE0BB9E551A996C294AF2624E036D17308BE511DC22202024072BB3E7F0C8E1212FE2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 474 |
Entropy (8bit): | 4.9693552056971155 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZKWsBdOg2H7caq3QYiubInP7E4T3y:Y2sRdshdMHC3QYhbG7nby |
MD5: | FDA538C3358C35BB6243E471DBA786A5 |
SHA1: | 0668AA655A6ACB69D0B835ECD2AC08C12E4D8D5D |
SHA-256: | F78D264AA6898049E763E113B18C4EBA0C8D84549BE8180568DFA42F06321539 |
SHA-512: | 0F26EAFAD495B25B5D5329E8BAD8B3FCD924E6060791421E2473F650AD0EE0BB9E551A996C294AF2624E036D17308BE511DC22202024072BB3E7F0C8E1212FE2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.248932152293095 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7RURjORZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gof |
MD5: | 20F1592EB74B4AB96FCE52360CDF4BD3 |
SHA1: | CE64AAD89AAC3C006BDACBD72C5A313E6652AE2B |
SHA-256: | BD05E81458FFBFBD8A26FB1B078E7180B0CD7C61E4466B9379E417D43297343B |
SHA-512: | 6AACAD1320D05E889D60C64C03BB840F37BCC69159A78C43E79BBCDA71E5BB41DE9853EA4E36CC9B806BC35F9BB038CB20A56D5C53A70F9D6AB99787CC667252 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.163818246713197 |
Encrypted: | false |
SSDEEP: | 6:FQQq8kXU4q2Pwkn2nKuAl9OmbzNMxIFUt88QQq8/F3JZmw+8QQq8AF3DkwOwkn2v:2QdkE4vYfHAa8jFUt8xQd/NJ/+xQdANf |
MD5: | EC7636800989387E339C6B83B1A1123E |
SHA1: | F22A6A9CC2FF275461A256CDFE724430FD8A87FA |
SHA-256: | 07B5080C11598FB63DA66A96E9A232AF69AC33D3841DE18437A6D5A82FE55A7A |
SHA-512: | 5B4A280DEC3A3F73CA3F0847337514B8651F4D65DF8DA90B4F9DA675490C43DF0CD5C55356347DBDD733F0E6A32FC61AC79B1CF5BC81B5346D066B4CF08A025B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.163818246713197 |
Encrypted: | false |
SSDEEP: | 6:FQQq8kXU4q2Pwkn2nKuAl9OmbzNMxIFUt88QQq8/F3JZmw+8QQq8AF3DkwOwkn2v:2QdkE4vYfHAa8jFUt8xQd/NJ/+xQdANf |
MD5: | EC7636800989387E339C6B83B1A1123E |
SHA1: | F22A6A9CC2FF275461A256CDFE724430FD8A87FA |
SHA-256: | 07B5080C11598FB63DA66A96E9A232AF69AC33D3841DE18437A6D5A82FE55A7A |
SHA-512: | 5B4A280DEC3A3F73CA3F0847337514B8651F4D65DF8DA90B4F9DA675490C43DF0CD5C55356347DBDD733F0E6A32FC61AC79B1CF5BC81B5346D066B4CF08A025B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240326143020Z-165.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 4.249578182093631 |
Encrypted: | false |
SSDEEP: | 768:HvL+S+l++k3l+h++2V8kpR2n56kF2VC4UnaNL2mdlVP2Jt:P13ekDy6FX/FY |
MD5: | D4DC861454BAE6D7A79D27EF9EEA193B |
SHA1: | 4E58E081311971D1E79FAAA5398612F1BB155120 |
SHA-256: | 34B3AEE6411872E404C7F6670E2B6506E08EA9DF2B0EAAC38C9FB5FF70968002 |
SHA-512: | 72A33A2694218393538218E39CDC7FFF41841758331A651D0BE0DE1EF3EEF621F1DEC5E05C39F11B9F959474DE1271C8019BC911DDA050A5C949634FE64C1037 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.44521917177034 |
Encrypted: | false |
SSDEEP: | 384:yezci5t2iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:r5s3OazzU89UTTgUL |
MD5: | F91072EC6752202A74139D3F556C567D |
SHA1: | 996DCE375395E94A6AA0CC01EAFFBE0A02EF97D4 |
SHA-256: | E041AE9AE7DD4D98FDFC38CE72F079FCA85F6F3204C46B053B1513726A35BE35 |
SHA-512: | 47523937D2F6387BBF9FAC7E4FD8CF1B14E4BED4E67547F097C75C8655AB10E4D83E1EA309FC893FB25BC58C9A6C8DDA68D0154CD6A8576CC28ED745FA769A12 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7758292739388306 |
Encrypted: | false |
SSDEEP: | 48:7Mcp/E2ioyVnioy9oWoy1Cwoy17KOioy1noy1AYoy1Wioy1hioybioy3oy1noy1h:7LpjunF+XKQeob9IVXEBodRBkA |
MD5: | 8FE59CD3E385E85BD27B9EB75BAE78A4 |
SHA1: | B1DA1E1C6A180A7095BF13ABC1AD24417F3CA335 |
SHA-256: | 916BDB7AC64446E6F314C6338020B78ADAE64AEE25FF0D9431998B1BD0068CB0 |
SHA-512: | E90F6683B1EE13C68FCB10BC8197AD455D07A62EC62C05CC1E2277D936A3E70DD221A82146F0B72F6025D1B159D0EAE03488183E09A92732061C5C8BB6DA00D7 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.368162953907012 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmQhE1HVoZcg1vRcR0YVPeoAvJM3g98kUwPeUkwRe9:YvXKXmN12Zc0v8VGMbLUkee9 |
MD5: | 92D0EAC6F35F7FCA8482A555C348160B |
SHA1: | 066275E03A0DCB3AFF9BAC403B93980A8B2B2362 |
SHA-256: | 014FF13C09DFA71466431314C667541936ED0628CCA5B92B0FEE9BC43AB9B8DB |
SHA-512: | 07DA08F761EA98D8260F0001EF895796365A0A3063398FA22D8232ECED5C477BB96BEFB34816641FD2587886A894C0C5E3EADA0D2FE93D9B130715A4DE646781 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.315901895328102 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmQhE1HVoZcg1vRcR0YVPeoAvJfBoTfXpnrPeUkwRe9:YvXKXmN12Zc0v8VGWTfXcUkee9 |
MD5: | CD1CB844D89CE70E45CCE2D3435EFBC3 |
SHA1: | 490738870B379424387E756594DD91BC883E6354 |
SHA-256: | A89952FFC3E689958B866C8807940C245BE06547A0EEA005CF7CE55691010F65 |
SHA-512: | E26979C18EECC111A7438C319F18C8754884B66F4927E8587C414935829D6D1C94F0EBCC5DBC06D14C4E1E633D80223D385B5E7DCE864B08F8EDBB909B9E1158 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.295919612144461 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmQhE1HVoZcg1vRcR0YVPeoAvJfBD2G6UpnrPeUkwRe9:YvXKXmN12Zc0v8VGR22cUkee9 |
MD5: | CA0665D02B569433E664AAA4E46F20F3 |
SHA1: | 58D0583A9184C991B3ED2F22126AB56A975EB337 |
SHA-256: | 1C18D3608A72FF63AE72DDE0AA48FD66A8D32E40FC5084C5728DD81477B3ABC2 |
SHA-512: | CFD1147D24CB2C788E9213BE94587E347F5BE4C9B64443169F539ACF0C8663E51DD906D7816F06C3B18F833318B7309CF42B3188B78E3E6367F285BF125798FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.355341865982515 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmQhE1HVoZcg1vRcR0YVPeoAvJfPmwrPeUkwRe9:YvXKXmN12Zc0v8VGH56Ukee9 |
MD5: | 9D471E59CD9D30B072E43923336EAE59 |
SHA1: | 2787B24B850565A8D7159B93B662D9B60E3B00D0 |
SHA-256: | 1D9EADC895D810DFDA7940A7B820578812EBED3B41730621E8A7F8B32EE5D88D |
SHA-512: | 97FB1581EF1965E8A35B490F10A78626E0C46251C09FD44AC2254E122009F43C2014B73E62073E1F1F69F1EFFFE06B698D3F32704C253A8E6A9C63D9DA7EC223 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.313639956462925 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmQhE1HVoZcg1vRcR0YVPeoAvJfJWCtMdPeUkwRe9:YvXKXmN12Zc0v8VGBS8Ukee9 |
MD5: | 822B1BEFE62C1E95EDDCABD93008653E |
SHA1: | 849188FD3967E988BBB283104C970C7875AFFE81 |
SHA-256: | 7FC76824AE457ED4BEA0CC12F08C1250E8727D2CEFC64926855D008618163902 |
SHA-512: | 9F1ABC76AD4C8EEC6BD5DEA5EB59F4A2E0315599FEB619C73905A4837D4244F87D83591D199B1ACD00AD0F23186A8EB2603E5B12EA6F78E8B96CCF0B84B74E88 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.302160356985054 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmQhE1HVoZcg1vRcR0YVPeoAvJf8dPeUkwRe9:YvXKXmN12Zc0v8VGU8Ukee9 |
MD5: | BE094F076171FBB94670C3ABE193AFB9 |
SHA1: | 848DF8A25A418B5BABC6E0CF20CAA9E829800E3E |
SHA-256: | 740ED9E14EB461CBF590735F4EFBD642611C6382FF1CE84A029678382B1D2300 |
SHA-512: | 47DA39C9306B22D0512A33B69832B9B12ECE78A4BF12690CBA9D234873090C0D40E249F5A24C3C4DBCF7440E5E8AC811F0C3815ABE9E60F86A7157D520D9FC8F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.305195014102704 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmQhE1HVoZcg1vRcR0YVPeoAvJfQ1rPeUkwRe9:YvXKXmN12Zc0v8VGY16Ukee9 |
MD5: | FD8736E9CEB999DC00AC274CA812CEB0 |
SHA1: | 6E2935D20684EB91CCB72EC54AF9BAD6A36CCCE9 |
SHA-256: | B9DA378CF5E1ECFC324C20D7169C98B00E72A84B4010DB3EF91C3DDF8E914DB6 |
SHA-512: | D6D5452C4C55D8EC5BFB5670205360A3C55AE8EE319FCA053F70ACEC35292648C2E1C6FB553F12B1765BB53B50C44BE80AB36AE7EC053C24430AD89EDCBBD908 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.31141275665595 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmQhE1HVoZcg1vRcR0YVPeoAvJfFldPeUkwRe9:YvXKXmN12Zc0v8VGz8Ukee9 |
MD5: | 776F4730C357E22647680938C8C80184 |
SHA1: | 451CBD92E0580217FC0D09FD99053A3CD871D48B |
SHA-256: | A10E17C605851C370F4100628D2EDDE47F8375A2205B45B723DF5A6D0ED8ACA0 |
SHA-512: | 2AA6B79B52923C4FFDAB7C04B6495979AEF10BDCBEFB72480ADB6C64516E91A69A529E191B63722EF233B3B033ED4B8578E3C46954D5A00579395E4D5BFDE3A7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.326359675145172 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmQhE1HVoZcg1vRcR0YVPeoAvJfzdPeUkwRe9:YvXKXmN12Zc0v8VGb8Ukee9 |
MD5: | 3F09A03CA8FDB18C38070FC782C7A87F |
SHA1: | 71332325C2BE98234E161E4D960207EFE78E6FFB |
SHA-256: | 4590FB03FA6BFE6CD0AF6D32B027B0A82C6F4F735CFD21B5D8B4222D33294483 |
SHA-512: | CBC4140E146A94DB89DABC51164AEF659732B623BF98F1AD4F63EA21D931FCBC536043881AFFEFC4913DEA6D9A0C38AEBAE89400748366A708DC0BC3A8037B03 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.306854846645189 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmQhE1HVoZcg1vRcR0YVPeoAvJfYdPeUkwRe9:YvXKXmN12Zc0v8VGg8Ukee9 |
MD5: | F06E2268F6B272E52B820D12D50A794F |
SHA1: | 5708F49EDEC8FAF71D5E37316CA0B8CAE7AE9B84 |
SHA-256: | D6F9AC7C49D654118C3C8C03F40B11F70190DEB49EC89C79B558F245ADD9C292 |
SHA-512: | 58BA23B643B0CC2E2FF38440C6E1CF773B3CE621FDC6A7992E793DD11622184C6BD93CB1246E6EC08BE1654DA48B922B65CCA75BDA225753297B5C8F5FDFA033 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.777700446385426 |
Encrypted: | false |
SSDEEP: | 24:Yv6X612zv8MrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNd:Yvnu7HgDv3W2aYQfgB5OUupHrQ9FJb |
MD5: | 3ECA763983665BA00BFD2187B33C292C |
SHA1: | 9AA05563C1832C56D5FD2406F1174814243DE9BE |
SHA-256: | EBC2E7E6941D27292CB6B91CC81E0CA1E4A378399DC67786D1DFE2E8F62CCF9E |
SHA-512: | E493C10AACCD895D20C955EA254BA66BA30CFC4E6790B8F96B0534602EA65E5F0F160F61E46026C71BE022A6EDD59D26EE245B16882B3071AF2A0008ADC35D2B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.290354831970975 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmQhE1HVoZcg1vRcR0YVPeoAvJfbPtdPeUkwRe9:YvXKXmN12Zc0v8VGDV8Ukee9 |
MD5: | 351C8FE7F03FDB05450BC9139EF7C0B7 |
SHA1: | D9CA0D456D90D93774296206860B91FD6706D126 |
SHA-256: | 62DD891A966748C566559AFE177542FEF530EC47C7053E017B4249A0B96A8049 |
SHA-512: | BDA89B8FA36BD3A021CE0053D2975C82B8F637AD52E44DC59E5FC4C1EACC00A070162E4E7D8D5D740E5A81875ED04F9F866ECBA5DB52A39F5F97C0F9E4CF3FE3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.294786785310354 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmQhE1HVoZcg1vRcR0YVPeoAvJf21rPeUkwRe9:YvXKXmN12Zc0v8VG+16Ukee9 |
MD5: | D60E509D793855F0A9FA0BA0CD2E3A6C |
SHA1: | 69EDA04023B7DE882C5D33A10B28E9CC6BF94E8E |
SHA-256: | 36CD3C9D99D580816345A0D5D1810DA52F38B50ECF1437F9B0D105D3F6A1FB3B |
SHA-512: | 65C55750F6F98F5CA05C2BB3C7C3C8A93FE3DA43580A6888F3250CA80222A2016073DC05BAC7F43594DC581CA5FC6D3C4C40296BE6811CE08F000333E429438F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.314230312488505 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmQhE1HVoZcg1vRcR0YVPeoAvJfbpatdPeUkwRe9:YvXKXmN12Zc0v8VGVat8Ukee9 |
MD5: | B1467DFF16899A4573A7C4D9A0DD2EFB |
SHA1: | 5F2D3A5D72AAED3D135B2FC90F79536F096B7351 |
SHA-256: | B0E578C05AAA5F29BB12492A2C10EFEDF430D6A2ADC47548A8D46975C65885A3 |
SHA-512: | 1D38F70580C68FBE0608CB59D659A27BBBE9723686C7ECDF5518AEFAE04AF610CF0A3C88F68505A76357512B4B13ED547351E0F46460A2ECCE036ABA581F9F9E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.272328365358888 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmQhE1HVoZcg1vRcR0YVPeoAvJfshHHrPeUkwRe9:YvXKXmN12Zc0v8VGUUUkee9 |
MD5: | 4D19EE6A8A786B3460D89EDABFA07F33 |
SHA1: | C0F67CF7F6D53F0CAB15D527E843B4A5C7E0DF7A |
SHA-256: | 973B3C4C4DB5C9F365675CE47E0A2FAEC757F0F55EB55691EEE1B28BFB0993FB |
SHA-512: | 5B036AEDE303EDD2E6353A4AB7BAD53607CF569061397BEB333C67BE4E7F252219CEF6712A6368B31F2B640353136D2A19CBE548F75BA41E3FD47BCA503B6184 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.3687169520104145 |
Encrypted: | false |
SSDEEP: | 12:YvXKXmN12Zc0v8VGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW5:Yv6X612zv8x168CgEXX5kcIfANhc |
MD5: | 79B21867142B9171619E84459117AAA1 |
SHA1: | FCAC224F408EF64CFC38BBFA12C8C43C324D7AB2 |
SHA-256: | A85B47C3DB74B299B9486AC471C257E92BBA290ACAB41B3CB7A527671C96F194 |
SHA-512: | 7AB14FB89D4E0F13D70B5A8CE6AB2C72A21C1F578D9A41172F58FF4304830B4661B7034C6DE0E1E3FD661E9D0F3DA854B15D1B01D1C3621A6E99F78CDD8A68FC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2813 |
Entropy (8bit): | 5.134818011298555 |
Encrypted: | false |
SSDEEP: | 48:YSP1SNcsloQpbPzlSnezLq9G8BqIAuwLaenpE2OV9sqPF:Sz9tblhfqhq9zpu9F |
MD5: | 15192487F870ECDD16A61777B500D3AF |
SHA1: | 277371D2312C92ED78C2B66613318670E1EEB171 |
SHA-256: | 382C8B228019C2299CF71345537A36DF5290A5FFEDE337EEAC76E3932A714C59 |
SHA-512: | 64EF143B176B3F391C4CD1941C5F2216789AD1AF47495634022396C4D0F579A3F8359989B2B1A0A9587FC534220167D04161EA12F2CCC99CDCAF35C92E095BE8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.18870714078863 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUySSvR9H9vxFGiDIAEkGVvp2U:lNVmswUUUUUUUUyS+FGSItyU |
MD5: | F8D83C9BB12FB0BA473CDD711A880C5F |
SHA1: | 2B1E4C50D4823AAC27379D99EF7E5D0443FCA150 |
SHA-256: | 775C35CE89557B54F834C641291F31122F68A338C2FD42C127572F5D539DC9C9 |
SHA-512: | DCEF88CE5BBC91A9ADDE90837735DFE70A4FA3ABCF64879E1B5DB3330DE68EEF682EAC00D32F9DBF5A40E3C95A1F9F9FD978A1DF15C3828DD263CCD6CF5F1D48 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6070371408343163 |
Encrypted: | false |
SSDEEP: | 48:7MSKUUUUUUUUUUyAvR9H9vxFGiDIAEkGVvhqFl2GL7msE:7yUUUUUUUUUUy4FGSItrKVmsE |
MD5: | E61562C2820EDEF706A58FAD4096A600 |
SHA1: | 5D925886C3062547650274AC2A2B1DC6FEE731EB |
SHA-256: | D77F3A93FB5BFDA66E4B0DAC5480F5329D86072AD452C46093A362E2FE7817A1 |
SHA-512: | 294B1001D2E24394E45AEC2B721169F8D76E5472EB4547ECF5B236F1B459215401BA336ED41DCF3D69E1D676DD8FEDC74D08BD9566350BA7E0889575EC3EE2CF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgRve+QkF3oPHHda9P1u5toqr7y4aCIYyu:6a6TZ44ADEde+QkF3ofdaaLaCIK |
MD5: | F5BE592721AE8E71BD2BA2602FADB223 |
SHA1: | 070AF888F7AD78E366930A1837093B0C26843B72 |
SHA-256: | 8AE1733372BB61B96095B386E085F2327D29058BA5DA2FA8D22C5747FF218A8B |
SHA-512: | D506807E43228C72F362645ED274A84D1519AC7A6E5B50025509AD3CC678A15164E6A94AF02BA60DC365CA8563483C23F2102EADE6085E7DA04E1F6048AE46E0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5263912796263748 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8mdUTdDCH:Qw946cPbiOxDlbYnuRKvR |
MD5: | 444B57B72BFEBBF6CBFE84C8ADCED3FF |
SHA1: | 53804A38A9D6360638AF2489B883C483862D36C2 |
SHA-256: | EED2D34AB97BFAFA86764A5C5E037365ACA99D644E4F9A90D6684145F79C1343 |
SHA-512: | ED73CF73328FB0516365168D3B604B17EFE3417502570C72CF543427AFE8B59F3300D4A9A701E2F31ADF6898408AF94DD557602AA580322D8437F3299CF1F2E2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.049248978004803 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOSTwpCDCZpTwpCDCZvLCSyAAO:IngVMre9T0HQIDmy9g06JXrtjstRLlX |
MD5: | 1B21ADC0E77E9F16AB365F9C72A8A173 |
SHA1: | E54E9BEFF88831A564848909513E41A035CD539B |
SHA-256: | AC5BD9952ABAC32DE1062FDF5117FBE3E42A44A9CAFBDCE04EEFADBF54E5EAA2 |
SHA-512: | EEFF8AC015C40F1620521F7303610861C2D286E9815F283C382B1C12226A90D5FB36BCEA407157AAEC8125A04701904391B0BF25340A6E52CCA34EE33D97EEB8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-26 15-30-18-401.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.312437990122856 |
Encrypted: | false |
SSDEEP: | 384:KQelZPQXY5HwTy+/ORISRA0L3BDJ565K5V5x5m5i5w5O5G5Q5W5bWEWK9nWhtWnK:l2UErXgse4A+wypBmWs17k5kpMpbuu9p |
MD5: | 96F7D95E8855D4F645FEE370FBA03919 |
SHA1: | 073400204754D7F25B183E001225B2DCDC80FF84 |
SHA-256: | 9D7DC0CCD367377D3A118C568A4028AFF414AE243A971ECFF7B671C17ED2BDCD |
SHA-512: | 0A53EDFE47B0DB2A899C2860FF04BACFEDC492651C16BB55DBF9610D11E911539A66697A9044FC94863851D755E2B3EEA0B25900AF062BFDECA6573CC79AC68F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.393696870655729 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rV:Yw+fHJttuoiGc |
MD5: | 49A7C9E61C0C039FC78816DF2EFCD586 |
SHA1: | E907FDF693D547AABE5879DF923673EF27C10BD2 |
SHA-256: | 81DA290778E488C27EAFD0F7FA27B317726E9C70E383277B5830F476010BB2A8 |
SHA-512: | 49E3FF32A38ED5A0EFE3C7D69F1B38A98E8440EA44F3C8FCD6F5B2FC4FAAF8F3C33235E74E301869D26D989C0417473D6CB5639BA7F6167F3D4A8873766EB74A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o+W/aGZ7wYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JV+W/aGZ7wZGk3mlind9i4ufFXpAXkru |
MD5: | 2E14F72330170415FE766B61E6946D8D |
SHA1: | D1BC8D68314F009AADE06BB5E1937677D56E9845 |
SHA-256: | BEC005490D369FC38BA239FE354BE79B291670C9243342D9121299EFA4C07812 |
SHA-512: | 532F44EF838804E08F6DB7EFECCBBA0659C3595D84C6520AE0423FB4A493003B7F6BC96AFAF260DD3E91B0CD4C734095FD138C870CC0D7B0C53EA06738CB26C7 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.997542266237233 |
TrID: |
|
File name: | P&A COFFIDENTIAL - 200 - March2024.pdf |
File size: | 9'757'161 bytes |
MD5: | 45b0a437ed459fcc350c3b9dbc0782de |
SHA1: | f9fc110c41f4b2da0dcf0e4c3527b6a046d26008 |
SHA256: | d8f46aa625f15894ee28e6bbcb1ef19ff64fc764dc99aa9f87d80af3513ea8e2 |
SHA512: | cf280cc4cb57170aa59100ea12b04394209595987ea0ee0073bc412cb86a0bafa7fc5d0aa99b2d4ad79002c7021dfb1a79356569d4b820ca3ed6fff43b6032ed |
SSDEEP: | 196608:uZD4vyUQ0PaBuPOetU1AVRe/QJtnv6ETqPbuYArd23L0o:JxpbU1AVrtniNP78d234o |
TLSH: | 30A63365A5619D30E50C493F8F6C64981CA6F4CA9D842D82B33F76CBBF72B76183E508 |
File Content Preview: | %PDF-1.4.%......41 0 obj.<</Linearized 1/L 9757161/O 43/E 8104362/N 5/T 9756221/H [ 3376 372]>>.endobj. ..xref..41 154..0000000016 00000 n..0000003748 00000 n..0000003811 00000 n..0000004330 00000 n..0000004443 00000 n..0000006348 00000 n..00000 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.997542 |
Total Bytes: | 9757161 |
Stream Entropy: | 7.997796 |
Stream Bytes: | 9730960 |
Entropy outside Streams: | 5.245447 |
Bytes outside Streams: | 26201 |
Number of EOF found: | 3 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 194 |
endobj | 194 |
stream | 158 |
endstream | 158 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 5 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
70 | c086aaaaaaaa86c0 | 8a37a9f20a64a1f4e0729a4ab93ecc42 | |
71 | 0000000000000000 | aea8a40e8e1efffbfb60a7ed7bbd5b16 | |
72 | 030f7db4844e9727 | 2a13e3be692b6b61007101094ca83483 | |
21 | 5e3698d2921434a4 | 71c3b66010d71aa49ce2b55c64d22cfe | |
22 | 00d8ccd8d0a080c0 | 620d607b433dce0d15e438347e7fc01f |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 26, 2024 18:30:30.124172926 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.145 |
Mar 26, 2024 18:30:30.124212980 CET | 443 | 49739 | 23.56.8.145 | 192.168.2.4 |
Mar 26, 2024 18:30:30.124293089 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.145 |
Mar 26, 2024 18:30:30.124619007 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.145 |
Mar 26, 2024 18:30:30.124634027 CET | 443 | 49739 | 23.56.8.145 | 192.168.2.4 |
Mar 26, 2024 18:30:30.606182098 CET | 443 | 49739 | 23.56.8.145 | 192.168.2.4 |
Mar 26, 2024 18:30:30.606775045 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.145 |
Mar 26, 2024 18:30:30.606802940 CET | 443 | 49739 | 23.56.8.145 | 192.168.2.4 |
Mar 26, 2024 18:30:30.607939959 CET | 443 | 49739 | 23.56.8.145 | 192.168.2.4 |
Mar 26, 2024 18:30:30.608002901 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.145 |
Mar 26, 2024 18:30:30.610596895 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.145 |
Mar 26, 2024 18:30:30.610698938 CET | 443 | 49739 | 23.56.8.145 | 192.168.2.4 |
Mar 26, 2024 18:30:30.610768080 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.145 |
Mar 26, 2024 18:30:30.652245045 CET | 443 | 49739 | 23.56.8.145 | 192.168.2.4 |
Mar 26, 2024 18:30:30.662770033 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.145 |
Mar 26, 2024 18:30:30.662790060 CET | 443 | 49739 | 23.56.8.145 | 192.168.2.4 |
Mar 26, 2024 18:30:30.710587978 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.145 |
Mar 26, 2024 18:30:30.770324945 CET | 443 | 49739 | 23.56.8.145 | 192.168.2.4 |
Mar 26, 2024 18:30:30.770394087 CET | 443 | 49739 | 23.56.8.145 | 192.168.2.4 |
Mar 26, 2024 18:30:30.770546913 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.145 |
Mar 26, 2024 18:30:30.776161909 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.145 |
Mar 26, 2024 18:30:30.776190042 CET | 443 | 49739 | 23.56.8.145 | 192.168.2.4 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49739 | 23.56.8.145 | 443 | 7684 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-26 17:30:30 UTC | 475 | OUT | |
2024-03-26 17:30:30 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:30:14 |
Start date: | 26/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:30:15 |
Start date: | 26/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 15:30:16 |
Start date: | 26/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |