Windows
Analysis Report
BFAH EIN.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7460 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\B FAH EIN.pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7628 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7844 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 04 --field -trial-han dle=1572,i ,564783643 0669080431 ,332211596 7871796701 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.205.76.135 | unknown | United States | 20940 | AKAMAI-ASN1EU | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417267 |
Start date and time: | 2024-03-28 20:24:53 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | BFAH EIN.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@14/47@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.76.104.172, 52.6.155.20, 52.22.41.97, 3.219.243.226, 3.233.129.217, 23.207.202.135, 23.207.202.166, 23.207.202.157, 23.207.202.150, 23.207.202.152, 23.207.202.156, 23.207.202.149, 23.207.202.158, 23.207.202.153, 172.64.41.3, 162.159.61.3, 23.61.11.41, 23.61.11.34, 23.61.11.5, 23.207.202.141, 23.207.202.146, 23.207.202.161, 23.207.202.144, 23.207.202.160, 23.207.202.138, 23.207.202.159, 23.207.202.145, 23.207.202.130, 23.207.202.169
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: BFAH EIN.pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASN1EU | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.234241555250704 |
Encrypted: | false |
SSDEEP: | 6:Fbf6vWWSOkQ+q2Pwkn2nKuAl9OmbnIFUt88bf6vWWcsQgZmw+8bf6vWWcsQQVkw0:Vf6v7cvYfHAahFUt8Yf6v6s5/+Yf6v63 |
MD5: | 4B2AE8B2720DE8685941000577F9AF76 |
SHA1: | 0B5EF660D6833CCCD30C2BB245D0E73742539137 |
SHA-256: | 5FAE8DB1A6E61817F5419E40FB166A18A410D77A3A758E462C5D69E8A2578735 |
SHA-512: | CB9C7B47003F5DD741167F0FA887AF31B37D46815C94AEE1E797BE3F10ED15A9D10722551506D6CBAC5AAEBF094A4BAAC094852CDAF441F4B796DA8F1527CAD4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.234241555250704 |
Encrypted: | false |
SSDEEP: | 6:Fbf6vWWSOkQ+q2Pwkn2nKuAl9OmbnIFUt88bf6vWWcsQgZmw+8bf6vWWcsQQVkw0:Vf6v7cvYfHAahFUt8Yf6v6s5/+Yf6v63 |
MD5: | 4B2AE8B2720DE8685941000577F9AF76 |
SHA1: | 0B5EF660D6833CCCD30C2BB245D0E73742539137 |
SHA-256: | 5FAE8DB1A6E61817F5419E40FB166A18A410D77A3A758E462C5D69E8A2578735 |
SHA-512: | CB9C7B47003F5DD741167F0FA887AF31B37D46815C94AEE1E797BE3F10ED15A9D10722551506D6CBAC5AAEBF094A4BAAC094852CDAF441F4B796DA8F1527CAD4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.156005971718818 |
Encrypted: | false |
SSDEEP: | 6:Fbf6vLQL+q2Pwkn2nKuAl9Ombzo2jMGIFUt88bf6vhPuGKWZmw+8bf6vFQLVkwOz:Vf6vLQ+vYfHAa8uFUt8Yf6vYGKW/+Yf0 |
MD5: | 55E30AB3A4110519D532F289FBDAB4EF |
SHA1: | D3A680FBFD010F2CED62412F2ED8AABCE7A84908 |
SHA-256: | 65A227D479130E55BC1DE8F589B6BCD525A177D8059123BB3EEAFEB1C096DBD4 |
SHA-512: | 84BC66816BE84C4AC204041F0E2FF8B4BB918E1D5CC54A337685C2C5AF68CBEF024BAA8CDC9026926D9744E702B3A347EE92C68BC30E2A9B02C177192DC92913 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.156005971718818 |
Encrypted: | false |
SSDEEP: | 6:Fbf6vLQL+q2Pwkn2nKuAl9Ombzo2jMGIFUt88bf6vhPuGKWZmw+8bf6vFQLVkwOz:Vf6vLQ+vYfHAa8uFUt8Yf6vYGKW/+Yf0 |
MD5: | 55E30AB3A4110519D532F289FBDAB4EF |
SHA1: | D3A680FBFD010F2CED62412F2ED8AABCE7A84908 |
SHA-256: | 65A227D479130E55BC1DE8F589B6BCD525A177D8059123BB3EEAFEB1C096DBD4 |
SHA-512: | 84BC66816BE84C4AC204041F0E2FF8B4BB918E1D5CC54A337685C2C5AF68CBEF024BAA8CDC9026926D9744E702B3A347EE92C68BC30E2A9B02C177192DC92913 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 474 |
Entropy (8bit): | 4.966884575788488 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZwtcJEsBdOg2HXcaq3QYiubInP7E4T3y:Y2sRdsHcJpdMHW3QYhbG7nby |
MD5: | 1780B7704733BF6C122EF2147AF2DDF1 |
SHA1: | 29D38052A59ED30BD5CC47F520A5C1DBAB960650 |
SHA-256: | B38D289F308E0F8EFB6DA06522B7959505CD2748541A163B09002C0D5CEB6970 |
SHA-512: | 6B343CA1EB50B1C158C5DA66F413162CAE8CC55C07AA513F0FE37D8E5EAEB0E25CB51E364B06674DF2D4B161BB0953EDE68E7DB07F32BE056F4D272D59729292 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a39c09dc-690c-430f-88b0-47cd397adf8b.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 474 |
Entropy (8bit): | 4.966884575788488 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZwtcJEsBdOg2HXcaq3QYiubInP7E4T3y:Y2sRdsHcJpdMHW3QYhbG7nby |
MD5: | 1780B7704733BF6C122EF2147AF2DDF1 |
SHA1: | 29D38052A59ED30BD5CC47F520A5C1DBAB960650 |
SHA-256: | B38D289F308E0F8EFB6DA06522B7959505CD2748541A163B09002C0D5CEB6970 |
SHA-512: | 6B343CA1EB50B1C158C5DA66F413162CAE8CC55C07AA513F0FE37D8E5EAEB0E25CB51E364B06674DF2D4B161BB0953EDE68E7DB07F32BE056F4D272D59729292 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.252382088301422 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7oxRhKghKUxZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gow |
MD5: | DD60E66AF56DC3F9237B63A0D2D30046 |
SHA1: | 55EAE783D782E2DF28BE188D165DCF64B96FDA2A |
SHA-256: | 8724AF8A5EB53A9C6B289392A00C4A4905FD6476F6723C59CAA202955228B780 |
SHA-512: | 0DA735CBFEED2217A0C3C89615B09F82824D602930DAB691D232F6BDA2E4F6964E057F17F93B6EE23FA4F9110C1FA455603A0C79EB26CB4A0689C74DEDE0E265 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.187571762474231 |
Encrypted: | false |
SSDEEP: | 6:Fbf6vQOMQL+q2Pwkn2nKuAl9OmbzNMxIFUt88bf6vQ0MGKWZmw+8bf6vQfPjSQLV:Vf6vQOMQ+vYfHAa8jFUt8Yf6vQdGKW/l |
MD5: | 851B58F0BFBAE3E15ACB8C005966F2ED |
SHA1: | 8691CBA2D73077B9F422BA05E9D2C9DC53C67919 |
SHA-256: | E934C8A528DDC367028D11C7F9748FE89D6B1F5ECFF8A3EBC55A4C1D011250CB |
SHA-512: | 3AC944AE79D4A43FC2690F2636977958EF36132CF7CDECFE8909FC9B428FEC8C660A38CEDCFEAE169D53DF5FA8663BAA2A27307991FBECC6ED75E0E8F4C9833C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.187571762474231 |
Encrypted: | false |
SSDEEP: | 6:Fbf6vQOMQL+q2Pwkn2nKuAl9OmbzNMxIFUt88bf6vQ0MGKWZmw+8bf6vQfPjSQLV:Vf6vQOMQ+vYfHAa8jFUt8Yf6vQdGKW/l |
MD5: | 851B58F0BFBAE3E15ACB8C005966F2ED |
SHA1: | 8691CBA2D73077B9F422BA05E9D2C9DC53C67919 |
SHA-256: | E934C8A528DDC367028D11C7F9748FE89D6B1F5ECFF8A3EBC55A4C1D011250CB |
SHA-512: | 3AC944AE79D4A43FC2690F2636977958EF36132CF7CDECFE8909FC9B428FEC8C660A38CEDCFEAE169D53DF5FA8663BAA2A27307991FBECC6ED75E0E8F4C9833C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240328192543Z-152.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 82710 |
Entropy (8bit): | 0.008364189526979957 |
Encrypted: | false |
SSDEEP: | 3:upll3l/8sfxRj:up/Bj |
MD5: | DF7E699C428831B8ADF21B83775E2DB9 |
SHA1: | FFCFD39CAFD28A32C5A4C7837E3E31CAD11F88D5 |
SHA-256: | 890E8D5937B5427AC08C483E2888680B5B66B738595A0949DCFF369DF4AD562D |
SHA-512: | 91B266733772492FA2438E8876DB2C532EA4A50719F508059A0A5FE4D24A5CD9C81C0093297C3791E7C0F78F2DA299B075EFF419E4B3A179CE2EC9D117F26431 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445124827132968 |
Encrypted: | false |
SSDEEP: | 384:yezci5tuiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rBs3OazzU89UTTgUL |
MD5: | DDA213C8107ECE7300926EEB06518170 |
SHA1: | 063D7E03CF2710C3147FB2854D6339D5700E8D1B |
SHA-256: | 87C669369E62BD29248A79B9BA972536B1C7C872D31214FC4EBC68EE031CAB81 |
SHA-512: | 5F820AC25B1EA61EA75B9C016685E7474D13A4926CB36224F046DFD813CE49DE2F8335D82257FEE6D1788618C6708E9DFCB81DDD2165FAAAC8A7FA197D51E7B0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.772500471914903 |
Encrypted: | false |
SSDEEP: | 48:7Mhp/E2ioyVLioy9oWoy1Cwoy17KOioy1noy1AYoy1Wioy1hioybioyToy1noy1C:7ipjuLFOXKQqZb9IVXEBodRBkA |
MD5: | CE8CA7C4CEA6B70CF4E1484B41F8139B |
SHA1: | 71D94A7A9BDD0F7B9D07B36DA527E6877FA5528D |
SHA-256: | 5FD93D922822BCCCC8388AE821E1D46DDFAE1F426654F9960CCF4035A0559D28 |
SHA-512: | 79A9C1DB09DC0B60C95E46B0DD5B03CC7458B6EF3FD0A644F8B4F7FC5D6C2A8D46542DCDFB2A281329C2AB15621E4B4EEE47B2ACFEEC43881BCD3E7AF2F3EE46 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 244540 |
Entropy (8bit): | 3.3415042960460593 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn |
MD5: | 758B42992DDFC41CB5E57069C621B54A |
SHA1: | D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD |
SHA-256: | 55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D |
SHA-512: | 437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.362032468864684 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJM3g98kUwPeUkwRe9:YvXKXeethEZc0vtGMbLUkee9 |
MD5: | EC1B14AD912E597672DADBDFAECABF3E |
SHA1: | C8B952C048765A5E264EA8DFDEB7191F33E74E17 |
SHA-256: | 3CD4D087BBA7D9EDA14E2C9ED2C3E2213F410B83A9217FDA454FEC9F27740485 |
SHA-512: | B43365EDF13C636BDD12DD596466096100989D2121CDED54965804470AEE46C9B82499407B6038D22D35785ED69AB2E74D4EB770B4A4E79A449CC2BDCD79496F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.311386192274695 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfBoTfXpnrPeUkwRe9:YvXKXeethEZc0vtGWTfXcUkee9 |
MD5: | A1FB17B83D402B30CEE05F14C49BC213 |
SHA1: | E56F414AF50BF0C5BC6503B3A332E1606E6F462D |
SHA-256: | A85F53E7F5670301381B91F7945DBB9D6E666F897C9648F385F80D1FA1CBBA2A |
SHA-512: | 763ED6B87F0A0E5E94F3926111A8FD59D0FE9E1C1CC1F2B809B05FCA5E6156EFB3287D0D34FD04F61D78A5124A1B987AB3E1730E9FF8059BBF422F84ACADFE5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.289645687632503 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfBD2G6UpnrPeUkwRe9:YvXKXeethEZc0vtGR22cUkee9 |
MD5: | 9FC9C526ABFCED3882EBEF507360E724 |
SHA1: | C4FBC49C8F7D7469101FF8EA5F35DBAA351F9712 |
SHA-256: | 1378C4D323D65E033EF54C7FDC2425466615E9B7207BB3840861758ABADC3C15 |
SHA-512: | 8DF198FF38A2ABDA6972E0B2E3C55B1270565AE15F8E7A1018275467C068FAEFA11F15A6C5111B202064D92A71BDBBF9CE0C78C06A63C244C061120F511F61AC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.34899627620186 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfPmwrPeUkwRe9:YvXKXeethEZc0vtGH56Ukee9 |
MD5: | 302057967207F3E2DDA4F81E720EEA83 |
SHA1: | C3D01E8D359A5416359539A6C6AC4B68FAB43D8E |
SHA-256: | D8A0D1EBA940F240435D306F772CD518A9CB9F6487D1B4B726B84FE8045FB7E3 |
SHA-512: | 709F0016B10F394CE64639613CD081FCB80B1604D49E8995ED29003FE68A1B7F3A4F96C63B8CA5ABD8AC76932CD488D22A35C907C918A6531D9052CE2986584F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.309263906743267 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfJWCtMdPeUkwRe9:YvXKXeethEZc0vtGBS8Ukee9 |
MD5: | 5BA7F1AD941C06F56FF28A474ACCA590 |
SHA1: | CE9566328CD47B5B287A147663AB5DFA9820FB04 |
SHA-256: | 221EE1E9A6CADF0544F71292ABAEE2F9EF3D615238B8D19A2D3B969211689070 |
SHA-512: | 50C600D99F29B50A559BF083C521C3C4ADE61ACB72EE4BEFAF4B289599F320C60E13DF5F8D852A2A60832281D685D4F6A54F4DA1439EE1FE57D1C510CFC10EC0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2958488718557835 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJf8dPeUkwRe9:YvXKXeethEZc0vtGU8Ukee9 |
MD5: | DB526263FA78EF9002A15F3C1A880E59 |
SHA1: | 33F4E7CA3127AB7DA0A6D6DDEDA91B46E58ADD39 |
SHA-256: | E78FC7B0F7108550BD860990F043810EDC20077D434C91BFB5DA702A27BBEBCD |
SHA-512: | B9DC4189DC85A56272A1E59E0B69B2D4DC6E21F9C1524FFA4949494B72B24CD26C8FF34014B685AA29FC276574FD494EE2F84028A3EFC38F86451F7D5D4AA3FF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.300648381576329 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfQ1rPeUkwRe9:YvXKXeethEZc0vtGY16Ukee9 |
MD5: | 0648AED2D7B15F76B3187E54EE8C79A0 |
SHA1: | 0AB7C17265E0586AD3CEC8AA8A37F2D58EEBB369 |
SHA-256: | 8B23D2E7BCED4806C45BA734D6B9241F90F999CDF2A9F64F0DB48DF16106914F |
SHA-512: | 7B16B61F0CA758D01F712C8B9A12F44404C6718991F39B64AC0275EA19EA4298EAD4CBAFDFC4FFD84F14C5805D0A154B298E729B398D54FA372F48DA2128D4BF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.306157125655247 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfFldPeUkwRe9:YvXKXeethEZc0vtGz8Ukee9 |
MD5: | CDCA87BB731110C69938683E46DE99C8 |
SHA1: | F084606D6BFB9B3A7A3AC37A6A6B2C922BE79364 |
SHA-256: | E501E4E79A132C8AE79E74281C203C7A3F5AB4B586EC56BD275C2F2B67C5EF65 |
SHA-512: | 3F26575654FAB5B2269D45CF53271EE618F5F9E5D7F7DDBB019AB65CDDE9EA4934CF844BDF189C7405CBF877968A41CDABA834AF5E27005E3783CF347B91D231 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.321210938334313 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfzdPeUkwRe9:YvXKXeethEZc0vtGb8Ukee9 |
MD5: | 5B6917D9BC0842E101CE8807B2508642 |
SHA1: | 8ADD41370C0B0A552BF0181DFD24E5A56B79170D |
SHA-256: | 7677711A4E9C474DD31572FD04C3A741C614C03299668B81A883B5034B47D1A4 |
SHA-512: | B6C35B9C160DB98AED200E1B3C79D33FE6731517556E162E59A053CEB0E5382C41BD7C63CAB00F9C74B9D381688ACCFE557D929EACF50EC65A69BE5AA6FC243F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3024333708038744 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfYdPeUkwRe9:YvXKXeethEZc0vtGg8Ukee9 |
MD5: | 0FE6A265CB332E6F3E6B96B79ACDB2B7 |
SHA1: | A441A61FDE92367809ED212210349FABF45ECBA6 |
SHA-256: | AD47D3CF2E06ADDEF18BE201CEA23AAEDFE985360CE45289FF7ADFF6B71ED074 |
SHA-512: | C21BCD1A4EBC91F93DA4FD94A5C82984F6991722DC0C87477046AC828B298B10FDB41866440212C0F24FFAAB32F1E4E9725279E2FAF6D668515CA65E8117DE72 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.776060400884781 |
Encrypted: | false |
SSDEEP: | 24:Yv6XXPEzvkrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNU:Yvs08HgDv3W2aYQfgB5OUupHrQ9FJK |
MD5: | 72494E99ACC16BE56282F58E7DCB4DBC |
SHA1: | 2A06553A97CA0193FBFA54845BDF06FD9AB8CB6B |
SHA-256: | CA3D34D0ABDE70F88028629560BF10663E7CD0478B91B4396413F0F8CAC58FA1 |
SHA-512: | EB831F2204619571CB02C6F386DECD7DA1530DF8FDD25F39BE4591F2914704A29652A47D7BD61A2EDFAA509FE8F0EC7B713053326FA4712C87A93E9E10D366C2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.285963744279773 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfbPtdPeUkwRe9:YvXKXeethEZc0vtGDV8Ukee9 |
MD5: | 5402271FB0A37F8F754489C1A2E08EE5 |
SHA1: | 1E75A367064B22748547E31233B06B2638B52433 |
SHA-256: | EB22FE4D2D7DF029B5733BE04DF6217F86F847E7DFF34B060A58426CBDF44C0F |
SHA-512: | E119A71F0AB89DE8A48CFED12CCC6399C4EFB2A61D3A5FB153B4B016BB1CC25D81AD2A75C35AEAB5506875D86DFD7A7B60EECE5DC7A595A1F252A819152E4D16 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.291224155155142 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJf21rPeUkwRe9:YvXKXeethEZc0vtG+16Ukee9 |
MD5: | D92AEB880F101A91806C425D579C8ACC |
SHA1: | 631B9D856C2154331B9362E11E979C86D8A990A1 |
SHA-256: | 70E24A8A3A0039B2C7C455CC2288EEDD23ABF8C7E10D1AC3446B9D23DD32ADD0 |
SHA-512: | 9DD83B59E63E44CD1BA45E5328A31E16A9120E4887B7C828CA3CC4CB9335E2B3A3CC46A370B848E83413F0E9A4FA728E793C247452B20B8D7D95DAE9AF40F963 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.308974681487801 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfbpatdPeUkwRe9:YvXKXeethEZc0vtGVat8Ukee9 |
MD5: | 708A31AD20DBCED659E97B5F4A2DD987 |
SHA1: | 3836CDAC6BFDBB39D94C44A7B28675B0B62FEE8E |
SHA-256: | AF36E2CA1E4FB722B0D0C576660BEE9F31B6111CB8D1D9E1C697F2EE69CAC0F5 |
SHA-512: | 907E9D8437058E2B2F65FD393E31E2D194BC1D58EC9BBA93363C371CB3A6213E92F51BF7C0C990E06BD24A52C510262359FE8110771CCC6EE179F39B79A1F290 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.267017605361674 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfshHHrPeUkwRe9:YvXKXeethEZc0vtGUUUkee9 |
MD5: | F928F65CC47C817835A3735E4F7142B6 |
SHA1: | 13DA96E03A10419399D3E8918EF41E285E658290 |
SHA-256: | B61787E12F03D20665FB26347A8C3D4674673921BA101E203C33D2DA073426F8 |
SHA-512: | 5196C36B29BF5FE6BAB0947A2A5E3C4B8829756EDEF8150FCAB3F315CD25E4CAF479793E38AA8B97D5FE5F5BF293851380735BEB5500D44EABE53C67DC3479F3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.368529924125033 |
Encrypted: | false |
SSDEEP: | 12:YvXKXeethEZc0vtGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWib:Yv6XXPEzvZ168CgEXX5kcIfANhd |
MD5: | AFA8BC76A3CAEFB08C5D29F83D694BB0 |
SHA1: | 2784148524FA75E0812FAD2527C85698B22F1F00 |
SHA-256: | 6CF63774048206D64D252484377E3CFA7A06665362E228145C632566457FC501 |
SHA-512: | 50A571432477830D77C7C7ED3453A3F55F2F156DB24DF0073ECCC0E1D0C77F3DD490F9FEB12FAB16E2817657B90880792990426F91DAFC7A7C34117DC6812757 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2813 |
Entropy (8bit): | 5.144601909806452 |
Encrypted: | false |
SSDEEP: | 48:YAOTcOwflvA4SLD0z9KAbgoQq+QAp1Wm55a6U/rB9cx3Jy:BhOwflvA4SLD0z9nbgoQq+QAGm55a6Uv |
MD5: | 682B2077429C763B649BF7DADF432CAF |
SHA1: | 93F925F0E56A993BD5A183AEDA7E2495A1F88006 |
SHA-256: | 240A003B7417E57B089F39B8EB75D414E40D83E403278E8116A9D96A29384385 |
SHA-512: | E21C45B7A7059F8FDA8F730E129689BEEDEA4CE68887CB3A779077B546020B2B865514DC894DCD5A5B806675B8EE875F574AC949C317380675454023048E6C16 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.188019120640845 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUvSvR9H9vxFGiDIAEkGVvp7:lNVmswUUUUUUUUv+FGSItv |
MD5: | CB9FE721FD85E920A3E03E45E1B92E08 |
SHA1: | F3475E94632AEB390DB8E2AFD455FF52D6DA3A17 |
SHA-256: | E69B08AE8FC808470BDE4E5AAE05771C51BCF4CFF25C1505BDFE065A2FD310D0 |
SHA-512: | E048004FE24570E791EE97777C3F2B4849EAAF2CB0F4DDD857C16FFEEF50894D510D5F1311A28EF729C23F8DDEB17BAA413F4822F6E8B7A133C7EB1144DDB3B1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6060419984200915 |
Encrypted: | false |
SSDEEP: | 48:7MLKUUUUUUUUUUTvR9H9vxFGiDIAEkGVviqFl2GL7msJ:71UUUUUUUUUUDFGSIt8KVmsJ |
MD5: | 4522B3CDAADB9DCE8FDD10DDE2B55626 |
SHA1: | 8148D73AB872C6CF4F627D4F2D6E872CBD34C6A5 |
SHA-256: | 49BFB8B7AED2BDBDB5E836CCED968E9C9E28EF25925B029A7C32A5541B5D1045 |
SHA-512: | 2D5FE9718A809FE57B70DEABDF6DB4A605156B7570C29005885745DF60A4D2E32D1018B6D3B68CBF6991C8E5E67FFB8773901317E85ED4B6BB9F2CA6F30CC7E3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgyoBuT35bDJauDNGIDRa5PfTQmYyu:6a6TZ44ADEyoBQ35EuDnc5nJK |
MD5: | 0B825CE86BD209F26DF17679A09DEE2A |
SHA1: | 401FC5BDB124E7ADBDCE7270432A5704F276FAC2 |
SHA-256: | 120B14FB7F6E6F79266044798F0D75DD36200A1CB6B8EE4123D0B7925EE7EF13 |
SHA-512: | E05D02496546F588A74AA1CC9A185CF4145298957C4D51E01AE07E3390271B5ACA51AE0CBB8E3CE9CB0A95FF99C196B5294F4F6F7197993036167AB6148B8D94 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5329345335875004 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rf6e:Qw946cPbiOxDlbYnuRKCT |
MD5: | AF4906B1912A3D1F33BE3314C7CDCAC8 |
SHA1: | B6331F6D857738FE5DDE4E35549418B8EC1169C3 |
SHA-256: | F194146FAC35B2DC3CAFFAE06CBA1538FF877955D3DF677010FA628789D9C997 |
SHA-512: | 597902D922205FA033647077F86A4BC9492F37A0485F2628FB13AE0C888AF7663F90586B1BFA00C7488A50260304D64778E16600428487E9FDACC7C2F139BC87 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-28 20-25-41-478.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.3448308128251645 |
Encrypted: | false |
SSDEEP: | 384:LQ3QdQmQCQkQfQ0QHQKQ4QfQ9QyQrQaQ0QgQ2Q6QRQkQrm0X6k95YqpvLtJNYm75:cACBVTIDwd/Iil8NDHxtOTzFP |
MD5: | D852FCCE1B5A3322C14BB67FD9129F14 |
SHA1: | D4AA3924BB13FC832262C6D9A7E0D1DBE241A5C3 |
SHA-256: | 7ECA726DA30BED8859A23C47B12F79FDDDE2948AF16DF91654FD4D2A2EDDF4D2 |
SHA-512: | 11DAF3E4C7EC06C1DDA99041B5FFC643490E7563022A3B95EC6E6748FEDA005CEBCC2EB8403E44E0D804FD83AE7D1125BA9E82D8644994114FB0674380D1C9D3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.387933359389475 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rH:r |
MD5: | A08048715E5FFC5A61A4705376D1CD0C |
SHA1: | F9B161AA45E2FEF0550F6A7A954CA2E9BE0371F9 |
SHA-256: | A54158468E2BFBAB2148556DC16AE541922BE5BDAF18422D84816DEF084091E9 |
SHA-512: | 9D791018738626027A604E9551AF7B3B1E364105B34FEAAC71BD5BD195F34732D8C58F28AA6959A8A6073940CD35E86E02CE934E958699D8ECC8C5CF9F1EC8B1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07+7oDWLaGZDwYIGNPJe:Jb3mlind9i4ufFXpAXkrfUs0rDWLaGZo |
MD5: | 9DE909C4C633E6829165A4F1E0FA55C1 |
SHA1: | 2E5FA5D6C1FC57BB2BBBD36837BBEB363C650849 |
SHA-256: | 8770BE5263FD11B1A805E381669C27C0E18DC265B6041D531454299C14D0C83D |
SHA-512: | 7AB5A4B1B23D21D14D275FAB5756193FDE3B5AC2FF8322EACF160D109E638D1A25CC723C463648252E023EF5B0E35BEB14989561EE4F9B37C124CBA3B82443D9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLRGZKwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLRGZKwZGk3mlind9i4ufFXpAXkru |
MD5: | BBFD5C2DB533CDA3D36078A62E71EE6A |
SHA1: | D60AAC38BF170D7B2C5EC1DC2FB25DB636D5B676 |
SHA-256: | 462155888A46175F8C17A6277CB4D5A3FFD1F512D74BA6FFF06967426AC686AD |
SHA-512: | 3988DE887EAF7092B4B8B03EF8BFC2DA552178A0C06657213F55726901EFE4C9EFD2C29BAE8FCF931D7F5C45860E03427CD589D87EB68A9655EA204D2B8468D3 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 4.4765243072906005 |
TrID: |
|
File name: | BFAH EIN.pdf |
File size: | 5'411 bytes |
MD5: | 4ade6ef77b904f97c0aa224a1985aa73 |
SHA1: | c4595a3bddcfff19cb2aae28a663d16c5f6d04d2 |
SHA256: | 55dc1c8b818b0b870db1082c39037dce15e693f156763a237af17e7916a81af3 |
SHA512: | 7580aad6a8f575ccf591045a7ff145821f44f6b4b653427e7dc28bfd7f6ddb2bda26358721ddf4e06faa41d2f4db774a93770f8fb4ee1e0135db635d4f75513e |
SSDEEP: | 48:838qpZ91poEs39RUB+xjkhPQFqadv+kcnx5HFVxlqkyvA26mQw8q7g6:83BZ90PwTgb2kcnx9FVVyl1RDZ |
TLSH: | 73B1A45D85A228841055791137E0165BC8CB80DB28986C57B99DCEAB1F00EA3BD93BE3 |
File Content Preview: | %PDF-1.6.%......10 0 obj.<</Linearized 1/L 5411/O 12/E 1127/N 1/T 5109/H [ 447 141]>>.endobj. ..15 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<58414DE312EEE1A9D53CFAC0F35A73AE><4BEBFD9A882D804DB1B72F82F2B138D |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 4.476524 |
Total Bytes: | 5411 |
Stream Entropy: | 3.784416 |
Stream Bytes: | 3984 |
Entropy outside Streams: | 5.294000 |
Bytes outside Streams: | 1427 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 12 |
endobj | 12 |
stream | 9 |
endstream | 9 |
xref | 0 |
trailer | 0 |
startxref | 2 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 4 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 20:25:51.969621897 CET | 49739 | 443 | 192.168.2.4 | 23.205.76.135 |
Mar 28, 2024 20:25:51.969655037 CET | 443 | 49739 | 23.205.76.135 | 192.168.2.4 |
Mar 28, 2024 20:25:51.969726086 CET | 49739 | 443 | 192.168.2.4 | 23.205.76.135 |
Mar 28, 2024 20:25:51.969902039 CET | 49739 | 443 | 192.168.2.4 | 23.205.76.135 |
Mar 28, 2024 20:25:51.969914913 CET | 443 | 49739 | 23.205.76.135 | 192.168.2.4 |
Mar 28, 2024 20:25:52.285443068 CET | 443 | 49739 | 23.205.76.135 | 192.168.2.4 |
Mar 28, 2024 20:25:52.285743952 CET | 49739 | 443 | 192.168.2.4 | 23.205.76.135 |
Mar 28, 2024 20:25:52.285763025 CET | 443 | 49739 | 23.205.76.135 | 192.168.2.4 |
Mar 28, 2024 20:25:52.286736012 CET | 443 | 49739 | 23.205.76.135 | 192.168.2.4 |
Mar 28, 2024 20:25:52.286808968 CET | 49739 | 443 | 192.168.2.4 | 23.205.76.135 |
Mar 28, 2024 20:25:52.288742065 CET | 49739 | 443 | 192.168.2.4 | 23.205.76.135 |
Mar 28, 2024 20:25:52.288806915 CET | 443 | 49739 | 23.205.76.135 | 192.168.2.4 |
Mar 28, 2024 20:25:52.289036036 CET | 49739 | 443 | 192.168.2.4 | 23.205.76.135 |
Mar 28, 2024 20:25:52.289043903 CET | 443 | 49739 | 23.205.76.135 | 192.168.2.4 |
Mar 28, 2024 20:25:52.336741924 CET | 49739 | 443 | 192.168.2.4 | 23.205.76.135 |
Mar 28, 2024 20:25:52.391746044 CET | 443 | 49739 | 23.205.76.135 | 192.168.2.4 |
Mar 28, 2024 20:25:52.391940117 CET | 443 | 49739 | 23.205.76.135 | 192.168.2.4 |
Mar 28, 2024 20:25:52.391997099 CET | 49739 | 443 | 192.168.2.4 | 23.205.76.135 |
Mar 28, 2024 20:25:52.392206907 CET | 49739 | 443 | 192.168.2.4 | 23.205.76.135 |
Mar 28, 2024 20:25:52.392222881 CET | 443 | 49739 | 23.205.76.135 | 192.168.2.4 |
Mar 28, 2024 20:25:52.392235041 CET | 49739 | 443 | 192.168.2.4 | 23.205.76.135 |
Mar 28, 2024 20:25:52.392297029 CET | 49739 | 443 | 192.168.2.4 | 23.205.76.135 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49739 | 23.205.76.135 | 443 | 7844 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-28 19:25:52 UTC | 475 | OUT | |
2024-03-28 19:25:52 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 20:25:38 |
Start date: | 28/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 20:25:39 |
Start date: | 28/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 20:25:39 |
Start date: | 28/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |