Windows
Analysis Report
287f30b29d08d.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7428 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\2 87f30b29d0 8d.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7596 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7796 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 72 --field -trial-han dle=1560,i ,831715261 8337752444 ,123012176 0921758710 3,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | ReversingLabs |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.48.8.182 | unknown | United States | 20940 | AKAMAI-ASN1EU | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417530 |
Start date and time: | 2024-03-29 15:09:30 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 54s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 287f30b29d08d.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@15/46@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.221.240.182, 3.219.243.226, 52.6.155.20, 52.22.41.97, 3.233.129.217, 23.215.0.48, 23.215.0.36, 172.64.41.3, 162.159.61.3, 23.62.230.184, 23.62.230.207, 104.97.85.154, 104.97.85.183
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.48.8.182 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | PDFPhish | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | XWorm, zgRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASN1EU | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.233137026372117 |
Encrypted: | false |
SSDEEP: | 6:FKGfEeQL+q2Pwkn2nKuAl9OmbnIFUt88KGfHcGKWZmw+8KGfHcQLVkwOwkn2nKui:rEeQ+vYfHAahFUt8G8GKW/+G8QV5JfHi |
MD5: | 755E6AC5518EC4C267FA31BE9C2A7363 |
SHA1: | 82CBF8134F0A4A86EC563B09D8E026DDF1AEB459 |
SHA-256: | ED1C4B269416EAD1695199187758EAAB1E582F2CC328112BBB36E7F044F59A01 |
SHA-512: | A3EFABC6CC5F85CD12AD422CE860719AC364C74AF46E45CACB98C4D6375AFC5C7E039FD25F5E44C5BC7EF82BC82FE7BE277570A590AD9D0274D501EC182A0A5C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.233137026372117 |
Encrypted: | false |
SSDEEP: | 6:FKGfEeQL+q2Pwkn2nKuAl9OmbnIFUt88KGfHcGKWZmw+8KGfHcQLVkwOwkn2nKui:rEeQ+vYfHAahFUt8G8GKW/+G8QV5JfHi |
MD5: | 755E6AC5518EC4C267FA31BE9C2A7363 |
SHA1: | 82CBF8134F0A4A86EC563B09D8E026DDF1AEB459 |
SHA-256: | ED1C4B269416EAD1695199187758EAAB1E582F2CC328112BBB36E7F044F59A01 |
SHA-512: | A3EFABC6CC5F85CD12AD422CE860719AC364C74AF46E45CACB98C4D6375AFC5C7E039FD25F5E44C5BC7EF82BC82FE7BE277570A590AD9D0274D501EC182A0A5C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.165974593222396 |
Encrypted: | false |
SSDEEP: | 6:FKGfaFN+q2Pwkn2nKuAl9Ombzo2jMGIFUt88KGf4Zmw+8KGfIVkwOwkn2nKuAl97:raOvYfHAa8uFUt8G4/+Gg5JfHAa8RJ |
MD5: | 12F734A4146C08971E95C9989711AAF0 |
SHA1: | 0594681B7E25D83AA7CACFC096897019D8F9937B |
SHA-256: | 872D93B1D3D1B6BC30E732D073F31A3B9523588241F45CF528BB2D03C7315FBE |
SHA-512: | 2822A2AF9D52403FA77E8299F6EAA66BE3E386D45EC9E1C1EB8F1CBD14F694D6B04182FD589F1138191FF3B174AEBEE840E8D894F7F91252D16DAD440735C4A5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.165974593222396 |
Encrypted: | false |
SSDEEP: | 6:FKGfaFN+q2Pwkn2nKuAl9Ombzo2jMGIFUt88KGf4Zmw+8KGfIVkwOwkn2nKuAl97:raOvYfHAa8uFUt8G4/+Gg5JfHAa8RJ |
MD5: | 12F734A4146C08971E95C9989711AAF0 |
SHA1: | 0594681B7E25D83AA7CACFC096897019D8F9937B |
SHA-256: | 872D93B1D3D1B6BC30E732D073F31A3B9523588241F45CF528BB2D03C7315FBE |
SHA-512: | 2822A2AF9D52403FA77E8299F6EAA66BE3E386D45EC9E1C1EB8F1CBD14F694D6B04182FD589F1138191FF3B174AEBEE840E8D894F7F91252D16DAD440735C4A5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\95192160-fdd3-4d2a-94b5-e90de8e739b9.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 474 |
Entropy (8bit): | 4.963278023162862 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZAspksBdOg2Hacaq3QYiubInP7E4T3y:Y2sRds6bdMHV3QYhbG7nby |
MD5: | 80D7E128E248925F29611EA1D05F748E |
SHA1: | E5FB9CB81C37E973556A8D7828D019A9C50FB3F1 |
SHA-256: | D148302551D43D14E37640B97A86C11C085D12C404A368E52ACC524FD5C1CE73 |
SHA-512: | 2D1FA346984D89D9FC01972E924134DB17271B54CAA3B304467615BBCB15F6A74AE6D5F90379D52D073931C6EEC50CF41A1FDAC37B9B7B50AB05874644A8C767 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 474 |
Entropy (8bit): | 4.963278023162862 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZAspksBdOg2Hacaq3QYiubInP7E4T3y:Y2sRds6bdMHV3QYhbG7nby |
MD5: | 80D7E128E248925F29611EA1D05F748E |
SHA1: | E5FB9CB81C37E973556A8D7828D019A9C50FB3F1 |
SHA-256: | D148302551D43D14E37640B97A86C11C085D12C404A368E52ACC524FD5C1CE73 |
SHA-512: | 2D1FA346984D89D9FC01972E924134DB17271B54CAA3B304467615BBCB15F6A74AE6D5F90379D52D073931C6EEC50CF41A1FDAC37B9B7B50AB05874644A8C767 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4443 |
Entropy (8bit): | 5.2523729366410326 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7fuR7y6:etJCV4FiN/jTN/2r8Mta02fEhgO73goA |
MD5: | AFCCC0B6CBD0DFDFC1BFEB5E8B7B2B5C |
SHA1: | F993F8BBE1D05CD0B6346D0B8D253CC96AE0382C |
SHA-256: | 5645E36DD7DA2D357296FFDDF4ED3687D59EB315FD1331C74E0C1601AC875555 |
SHA-512: | 032D36A4952DC114DFE717C18B0960D933BC48136906375CE4202B8F07E840C73C3830B44B36C2ECA808528C714C3C22A69AA06E552F80FCF7F4336C4F077432 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.203369753708547 |
Encrypted: | false |
SSDEEP: | 6:FKGfKL7+q2Pwkn2nKuAl9OmbzNMxIFUt88KGfKLzZZmw+8KGfKL0VkwOwkn2nKuP:rQivYfHAa8jFUt8GQzZ/+GQU5JfHAa8E |
MD5: | 536D3F416021A154CD173D5726E06335 |
SHA1: | D808B25B348486BF009A64E40DF81568C582AD53 |
SHA-256: | B589750B9336DC773C243E0D03989AE812849126CD175F13AD99A12DDA34EB71 |
SHA-512: | 5D5BA1E04399BFE3CC7C99E7D079F9585D8EEF17A842E6A909AB7158BF4DE22EF91D76C7B278AB7DCB2F4F0639423BF2E722ADBAC3F445574D095956558D6726 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.203369753708547 |
Encrypted: | false |
SSDEEP: | 6:FKGfKL7+q2Pwkn2nKuAl9OmbzNMxIFUt88KGfKLzZZmw+8KGfKL0VkwOwkn2nKuP:rQivYfHAa8jFUt8GQzZ/+GQU5JfHAa8E |
MD5: | 536D3F416021A154CD173D5726E06335 |
SHA1: | D808B25B348486BF009A64E40DF81568C582AD53 |
SHA-256: | B589750B9336DC773C243E0D03989AE812849126CD175F13AD99A12DDA34EB71 |
SHA-512: | 5D5BA1E04399BFE3CC7C99E7D079F9585D8EEF17A842E6A909AB7158BF4DE22EF91D76C7B278AB7DCB2F4F0639423BF2E722ADBAC3F445574D095956558D6726 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240329141020Z-157.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 0.010281203479617362 |
Encrypted: | false |
SSDEEP: | 3:up/ql/nasxRj:upCl/Jj |
MD5: | 00DB8ECE00238719F9D531102091F31C |
SHA1: | 2C93F28D42D242532093FAB1BB7DDE33EEE810D5 |
SHA-256: | 95444CF39A1424F48C5D069EE1F263B613F89D22C379C4A2886F6FBE160BC00F |
SHA-512: | 4DE0801AAB1297B9B6A4BF85631650BAFB042F1C211D2C012D601F8FDB7836FA6AD5B5D04B0FE1F4CF50D987C94B2ED6B5FDB8A3075BAC7D30D9FD8CA1840008 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444931766858254 |
Encrypted: | false |
SSDEEP: | 384:yezci5tOiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rhs3OazzU89UTTgUL |
MD5: | B65ED0D35D38E3780034D88143DB50B0 |
SHA1: | BF8904EDA08B9C3ADA0605A565D56F51F361780C |
SHA-256: | 8648CBE670A9C94A6D269CA28E5E7F2268A9534BD60B6ECA4629B4A5D95121EF |
SHA-512: | 30A2B9D920A63F635B277CCFD9C0DDBF2ACC8E2BD372247B63560B3824E059A5543FAD3D8D14CBA62AB5E4B1208EC9E9B7357897120F58C9B58D95F14E590812 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7739430914839875 |
Encrypted: | false |
SSDEEP: | 48:7M9p/E2ioyVjioy9oWoy1Cwoy17KOioy1noy1AYoy1Wioy1hioybioyDoy1noy13:7upjujF2XKQiib9IVXEBodRBkU |
MD5: | 5545181E4286C90817FF4AC8DEE267DB |
SHA1: | 14F5D92A48139B5ACC563834D05875E3E5BB71C9 |
SHA-256: | 46C33F18BE0CF275A44BF170B69FD7C2876F2BF31B5F77787864A7DB2EA54A3E |
SHA-512: | 58631D9818AB40AC70B16AE4ED0173914C20D6A82DBD5253E3B0246A63BF6896F4AE3D70C72322D0C5513A9B2033D938FED0006A8EADC252587AF3FDEDBAB27B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.372793397456728 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJM3g98kUwPeUkwRe9:YvXKXXsYLSWZc0vpGMbLUkee9 |
MD5: | 1A8F15CA59CE97A0595F673AAD848D4F |
SHA1: | F236BAC2935736B417727FD03C512DEB75E9EB2B |
SHA-256: | 6FE790A8661A4C504DC3C67DF54F2B694D143FE6E0912C96D4A5AC3A86ED8F2C |
SHA-512: | F1877A874F95566E84613BB64734D174E0C42E6D654485C839F42649393079E43CC0449911A81B13C0456FEED94FD32BFE13935647689A3EAA50905B96164BD7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.322374271153097 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfBoTfXpnrPeUkwRe9:YvXKXXsYLSWZc0vpGWTfXcUkee9 |
MD5: | F2C92F74625A272B170FBAA42646539A |
SHA1: | 5548C7852A32201A0DB998E64640DC04BFD30CD0 |
SHA-256: | B2E16093DE36C48B98C3D6AFACDBC9C374B766A4FA90DB38F326055A75F756C8 |
SHA-512: | 3F4F1F1346B958F685CF142408F637DF64C8F5EDE0E1EB73293FED3078FD61A8D130E8EC986D20D7F0B06C4EDB07FC5D34576C731D578830BA5D7CDD9368EE28 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.300513185898365 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfBD2G6UpnrPeUkwRe9:YvXKXXsYLSWZc0vpGR22cUkee9 |
MD5: | 477669AC63A4B9B10649170B15782EA7 |
SHA1: | 3DD17C269A384B267064421FAE6A7C3467004C6B |
SHA-256: | 7A86E89224C77899ADFDF08A4C531D0F4EC474A891546E89DAFA5C9679FE84CB |
SHA-512: | 7E579D40EBE90A46936542749E41D35228F584F3912DEE201DBE92F03751C21608BE60252C862C1B5D8B01F6BC0BBAD51CCD42EBFAA3B71FC10D46BE22B9F6E8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.360134781235731 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfPmwrPeUkwRe9:YvXKXXsYLSWZc0vpGH56Ukee9 |
MD5: | 8779E7CEB5485F3D39729C3076DFE45D |
SHA1: | 2F765BF766302CCB51C7BA9CC6B00FC05B04DAA5 |
SHA-256: | DFF989943D391AD1F21D00BBA17B3B695FDB38D9570E8963A0B256B14DF1A5BE |
SHA-512: | 28C6FA378FCFDCBD679F6141D17095EDE9A7A50AB7537B644BCC5F186813FB6E7631FD64B9A02D89E8789654FF6B2357A47FCEF3991E7BE9B87B7A8980350DA9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.320656605873056 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfJWCtMdPeUkwRe9:YvXKXXsYLSWZc0vpGBS8Ukee9 |
MD5: | 13DDC52A7E503574F57057EEF258DDE7 |
SHA1: | 7DA162692F3DD8DE59778CDD3971D732BDBA588E |
SHA-256: | 0A1E1612AE1679E422DA4F41800F4FAAA3BAD2D5FA96013161298CB5D8EB6015 |
SHA-512: | F894815F9820C9C562E5368874E4CA396F68F0135E0F24D0446BC42513D52C73D3DE721BA96DAF03734386988AC4DE31D7705E051488BB054E57D2A4E492560A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.307199204803331 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJf8dPeUkwRe9:YvXKXXsYLSWZc0vpGU8Ukee9 |
MD5: | 54110D134E5F1ABFFF06FB574ADB5672 |
SHA1: | 38AB188C37E8393AFF5CBC019AC0574C87E3A1E9 |
SHA-256: | 9636E41DF16A19DCBDF64CAC3D56430AF77051676EE8E7EFAF4540E579950554 |
SHA-512: | 74F2DA798B37A31736B4350F713BFA045D9EF714FC8DA709EF50E70BC91FC0551B3AC618C2502637131F8662392ED0F240ADDC0643B2D701F8A48EC19D3C7D15 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.310716878613304 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfQ1rPeUkwRe9:YvXKXXsYLSWZc0vpGY16Ukee9 |
MD5: | BD1498EE41C3AEA267C32372C7C5D575 |
SHA1: | FACF3FD7A368B4ECA08F8F86269ED4DE8036F3CA |
SHA-256: | 3B26E23AA6C460091C3BB43E1E1F94D8A1D6A4BBA7D724C2587A72EF1A477D2B |
SHA-512: | 0EBAB08E08CDE61652D479516FA28E335D24EF2E97248C268EF21A32753E59CB1C3C7B16964F22875B6B30EE1E23CB22716865B883839EBA9C6797890AF1897E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.317961906172022 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfFldPeUkwRe9:YvXKXXsYLSWZc0vpGz8Ukee9 |
MD5: | 7BD32EA4408D4C003DC3921809F22442 |
SHA1: | FC09B5CD15858DC05AC4EF7371DF736242B2A9ED |
SHA-256: | 0599271FADEC4302EE3A4EB5F642760F4EB336EB508BE39390105B7FC77769CB |
SHA-512: | BA68503F707286E04D5348DF645423CC16E0072DAA8D1859974D349E5A19CB6C09AD5939823F48773A85E60AADC0C968A40D92913A2174306FF2DDBA5C91561A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.333304968798589 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfzdPeUkwRe9:YvXKXXsYLSWZc0vpGb8Ukee9 |
MD5: | FAD674C50EC89E517BB1B5ECE38395B4 |
SHA1: | BA96BBC8EB01F0E68EF3B43A01652F7304CD33F4 |
SHA-256: | 862FCBBD6BC84847C6A3DE09A546EAA0B31452A6B7787F13DEC73A749B428AA7 |
SHA-512: | E56E1FF33AEA66706C90FCA4DD74A4FFDE8312498FED769A0AB00ED7DD693956A2D514A951D0A64E07DE927214076AD92296914977C345EA545827AA8EA1DE16 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.313944333246429 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfYdPeUkwRe9:YvXKXXsYLSWZc0vpGg8Ukee9 |
MD5: | 94495CE269C97B1A4A1417EB39C808E6 |
SHA1: | 898190CBE899AD375B17E1BE4F2A3BC3662A8E24 |
SHA-256: | 028911447B8C41EE6AC99B282310170B319D20BB5CEA92A37647FED55B373E1E |
SHA-512: | 2C01B01DF5CC76E63AF677BB9ACC64EA268C31CDF5AD588C26EBF55C81A045469EE679C0E45FA8428E454E53EC9BC0403C224BDD4F8863A30DA343F07025091B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.776150120226268 |
Encrypted: | false |
SSDEEP: | 24:Yv6XXsY2WzvIrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN1f:YvosYjgHgDv3W2aYQfgB5OUupHrQ9FJT |
MD5: | 368BCF46B5460C4A2B7A5072E1500655 |
SHA1: | 8CEC30323DFEC413992461E11BE5AD99CCCD504C |
SHA-256: | F7A6D860419151EC95B1873295E1DC1073F0542576FEE6DC85E6A9B14E927AE4 |
SHA-512: | 2D29AB1311454B6629B1E964B43CF9F0B79EFCA569FED71132669AAA09699DFA4BFD7A55CFD7BF44D9AAEDA55954BE143544935869CD86E674ED99F99F003FBB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.297395593578393 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfbPtdPeUkwRe9:YvXKXXsYLSWZc0vpGDV8Ukee9 |
MD5: | 79F988936536FC3EF51CDADE52C80F06 |
SHA1: | 137C1A2EBBA85424E7388D52A721471E6B3F4AE9 |
SHA-256: | 30E86C9568D9D597EB497CD93FB2EDDCB2730531196A02BA199FDF4B9B001FFA |
SHA-512: | B2C826FE2033290267D2C93B4C813E5AD76E7881E921E76F407CEBF442C14CC286A5EF1252264EACA0903970EDE2A60DFD53B7AF3231850625100EF27D30A2A1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.3019256759994065 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJf21rPeUkwRe9:YvXKXXsYLSWZc0vpG+16Ukee9 |
MD5: | 3AB14A76B80AEDB193F2D5B0E872024D |
SHA1: | 04834E99B2A1AFC334EC3AFC8FED569E7C19EB66 |
SHA-256: | 7D90DB161DCD6432A1ABD159640FF64F4652925B047A7DE5FF552456793BFA2F |
SHA-512: | BFD1A33D1B9C898E6D546DEDD1B65CE6616B04B7FC4880292B450C162D47A17ECD11E776CC6B3A29494B8DDBA83B4CA13E177AFF8712FA508D3C8640A6F42FD2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.320779462004577 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfbpatdPeUkwRe9:YvXKXXsYLSWZc0vpGVat8Ukee9 |
MD5: | 22F029044D9ECD1DD1AB135CCCE35D25 |
SHA1: | CE4F5A263E4BF7D3D00D15225AC6A5898D0AEFE2 |
SHA-256: | C84F321F6220B36E866757250FB8FF1465ABAD0D907150169556D6812159CCD4 |
SHA-512: | 62277D316D87487E7C4B09DF2C44438D9BE79B2D867C6AC89EC4BA0877FAAAF60E4D95EE4AC43D8D99D20F39FD849478C8891613B0CA82338828CE53A1BDC0BF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.278946212247505 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfshHHrPeUkwRe9:YvXKXXsYLSWZc0vpGUUUkee9 |
MD5: | 4DB3225F2CEB6AF976E9C460EAAC3880 |
SHA1: | C6EF0526B1DF43310F8F083B2CBAC9D9DCB2DB6F |
SHA-256: | 3CB7E740478C987B62247668331A023F32ED25B0386918BE0D0AA8445DB50B0D |
SHA-512: | FD45E28003A15DEC9916EA09D7554F105CF7C3B84B8475E1C110451D9949DE29B2FF5AA848D9E5F39DBDDFD329A269F300E302B9EF71332ED7E797CDFBB8E899 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.366891660710241 |
Encrypted: | false |
SSDEEP: | 12:YvXKXXsYLSWZc0vpGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWhf:Yv6XXsY2WzvF168CgEXX5kcIfANh+f |
MD5: | BE841C1CF1BAAA9C986EBE68F9CF2D1A |
SHA1: | 3AC8A02874DF6770FBE8835C650FE7B828384ACD |
SHA-256: | 8E9EAF2105C339F804BABFC019FDA68E754AAC9B9B516FFD86EF49786938EF93 |
SHA-512: | 1DFC94C73C432F172955F1B36D010CB1C37CC2171B625113648F621D56D8DEC573E8520A37B347EAF2DFB65E1A5AF47C73BCE2EC115D16CC837E12BA2919949D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2813 |
Entropy (8bit): | 5.1213424060069 |
Encrypted: | false |
SSDEEP: | 48:Y7BOVKtHxZaTH8FHZA3HwHOHVercHKH8HrVRHW7HSh7HJCFHE49tHVQHaHt:hMxa8BZAX+44rScyrVVWT2JCBhpVest |
MD5: | 37F3200219063773190EAA606FE893B2 |
SHA1: | D5DC0FD7023AECA3DA2F0BAC227FE2528B43566C |
SHA-256: | 602AC291C47056C000D5927A55BAF431369B3A2A2AC85410C072DAE14F2A47D5 |
SHA-512: | 1E337083AB994252DF22F7FAEE6BEF71BF7735A84495E37C6AC337E57251705F9B06204226DAFBB6AC7BD9D7C880D2B2B775CF333A2625EE4BD42469D2F28D7C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1887169922323002 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUU1gSvR9H9vxFGiDIAEkGVvp5+:lNVmswUUUUUUUU2+FGSItw |
MD5: | 25508790A93C727484E08B32474916E3 |
SHA1: | C8DE061BFC497E2F154A94B14CE8B85E6736A26A |
SHA-256: | B634B2EA27211BD2F894F2CC5363EA98CA17983D027ABD66D8F250945CBFB14E |
SHA-512: | C0B6BCE92C126653690495241A87E1EBFF1C824F8325EA843D28D24F36D213868D411FB7B69F9F235721A54E843CCA78261B637D4278392CA732A7954FA63C2B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6069755475838965 |
Encrypted: | false |
SSDEEP: | 48:7MgKUUUUUUUUUU1SvR9H9vxFGiDIAEkGVvwqFl2GL7msJ:7gUUUUUUUUUUEFGSItaKVmsJ |
MD5: | BF596FBD94A58D5A8C752FAD11605C13 |
SHA1: | 43963CFC46A06C6BD174244BBC4629393CA95348 |
SHA-256: | 40E35D66F54E4196F62816B03A22DAC55C8D47D6C905112D5AE1BA8CA9E296E9 |
SHA-512: | 8EE3BFF6F4BB39AEE98B91236C806B6679FED970F60C796579CFDAE204E3ECFE8E62B7B3504F1825BE53AF6CE0DC848335A443A9EB157D211FF49757AECBBFD9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgIH7v2mP4x4QZbr2+bYULQSY+Yyu:6a6TZ44ADEIHL2K4xh2IvJK |
MD5: | 314B26049494B9487DB7C07D80ADC7E3 |
SHA1: | F2A60188183413D98A1444B310BC3931E662EFCF |
SHA-256: | 03806A258FA0222248800423856B82F3A8CFEBCB6EEF3FE43EBB3718DBA5589C |
SHA-512: | C012A8774591228786E87A6935C4C0ED5BBFB1FDEAD36D4EF8ECEE7BF82D318EC4F88329E33C7B4D1318E99A001F81438147974784A909AAE454770B3371EEB5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.524398495091119 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8xUFRnBCH:Qw946cPbiOxDlbYnuRKvi |
MD5: | 6D60977DE78F26687DEF7B9307A3C040 |
SHA1: | C7D79AB3758691BA90EB0E1EDF6FDEED0495F5BC |
SHA-256: | FBF2D48ACD510332B711E52E01EF9B9C000A8B2DC70425C0C6E5EA3D75520B3E |
SHA-512: | 350BB95CEEC4E0629F8B9EF7A762D8B43A22BD4B451B8A1F28915A1314B77BC93B337D2A4EEC2E90474FB74DBD2A154AD2B356F035EB7F391A0AC0F72BD4E7A8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-29 15-10-18-089.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15097 |
Entropy (8bit): | 5.344828542287071 |
Encrypted: | false |
SSDEEP: | 384:iHE8g8L8QxQxXx0xLx+xt0x+x+xlxBx7xYt5tbY5YbzgzIzlzo2cXlVl9ljln5uN:3+jk |
MD5: | FA35B4E27BFA2E3A3AC3B35C8F158389 |
SHA1: | C89395D75C555EFAF6C8E82853BF2918F4F975C8 |
SHA-256: | 7CA2A8866A366420D3977D418AC578357027AB50150ED680E40DB65CD8461B2F |
SHA-512: | F4AEF551C97EAC6E81A56A1EE202A8EF68293FBCBD186CC79C71B47F13AD9F200B9175D948D63D9A63533A173C35F8E20E234B597A253DAC969A42AE61A52DAF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.390256129328561 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rc:Ah |
MD5: | 3F7490AF3115DEDC8E21231ED3F9DB06 |
SHA1: | 40983CD2B9AE4381F1CBA717224566849D2585D1 |
SHA-256: | F8FBA658C0B7EE2299E8CA74CE2BBFD3CD66ABBFAB06006A38E3198B3432FC3F |
SHA-512: | 1623B63EF9FFEA068C41272EAC29CAFA49C96DD7B42735A366539D48C6F4C94BF2217157C7E0D1D1EF51AB476ACA14A69103DED37351022CB0DBA69F33324623 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLkwYIGNPZGZTodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGzGZ83mlind9i4ufFXpAXkru |
MD5: | AB9AB7524370F33FCB9DC48C196C6192 |
SHA1: | C0EB3BBE2884C9D081F2D09310D71F381818DDFD |
SHA-256: | BBE7F54A87E89788FA9E2DEB351A34B8DD5D2F4789EF86D13FE5B0C7450F8213 |
SHA-512: | 6532803EF05D96E197EEFC9AC1DCCC6C37B568F679379289220F84300C429410BE03C4E6A225589C774522097F61FDEBE8F5336B4165CD7CF9472DBD484FA3A3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 669332 |
Entropy (8bit): | 7.976659911351141 |
Encrypted: | false |
SSDEEP: | 12288:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1mabFhOXZ/fEa+DNh3P6Q21IvHx75/eOMn:6JJJJm942egf6MNB1Dofjc3PJ21k7Rev |
MD5: | C4B24E98358EC87C7F853C86A641C2DD |
SHA1: | 037F2682BE3AADCBB7149AC18ED434FE005FB132 |
SHA-256: | 88C547944F788B7B436D7AAE8530462183F5D714A5AAFCA3FF743E66D420E0AC |
SHA-512: | E91D631E4F145E4D9DB6AC5A2ABE3CCA4C096B97A1B092239FB3A694FEB6FE44382670F25B7602FBCBE6BDE5B03FEE5579E14A688CB6FECACE2358753BF38EC5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.044809903295322 |
TrID: |
|
File name: | 287f30b29d08d.pdf |
File size: | 34'155 bytes |
MD5: | c5e953f8ec611737a59e1f0cc8254383 |
SHA1: | ca81719de5a329343b7b72042ff7e909f8568499 |
SHA256: | 342365d304a3c45d517c13f2dd1a6a53da1aee851f250637a1c4efedf6e61ea5 |
SHA512: | acb2321e273de796dea791134175d467f9fff05cf92ef36dad65c737566092e47cef32d34d0f48eadb71e2be30a78b004e6d86ee3d55cf2dba668797f9f55517 |
SSDEEP: | 768:HCh4IvbkbudWdF7JcfIBonPvssPYWg1yG:fibNwzjoP0QqyG |
TLSH: | 81E29E3092171E0EE8E74B597C7134098CBEF46281E4619278628EB6A48EF945F377F7 |
File Content Preview: | %PDF-1.4.1 0 obj.<<./Title (??)./Creator (??.w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (??.Q.t. .4...8...7)./CreationDate (D:20240327171442+01'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endo |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 5.044810 |
Total Bytes: | 34155 |
Stream Entropy: | 4.760253 |
Stream Bytes: | 29940 |
Entropy outside Streams: | 5.135514 |
Bytes outside Streams: | 4215 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 31 |
endobj | 31 |
stream | 7 |
endstream | 7 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 15:10:28.972302914 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 29, 2024 15:10:28.972336054 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 29, 2024 15:10:28.972418070 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 29, 2024 15:10:28.972596884 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 29, 2024 15:10:28.972609997 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 29, 2024 15:10:29.267375946 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 29, 2024 15:10:29.267911911 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 29, 2024 15:10:29.267924070 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 29, 2024 15:10:29.268820047 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 29, 2024 15:10:29.268914938 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 29, 2024 15:10:29.270766020 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 29, 2024 15:10:29.270828009 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 29, 2024 15:10:29.271063089 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 29, 2024 15:10:29.271070004 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 29, 2024 15:10:29.313333035 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 29, 2024 15:10:29.367908001 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 29, 2024 15:10:29.367957115 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 29, 2024 15:10:29.368009090 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 29, 2024 15:10:29.368359089 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 29, 2024 15:10:29.368367910 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49740 | 23.48.8.182 | 443 | 7796 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 14:10:29 UTC | 475 | OUT | |
2024-03-29 14:10:29 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:10:14 |
Start date: | 29/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 1 |
Start time: | 15:10:15 |
Start date: | 29/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 3 |
Start time: | 15:10:15 |
Start date: | 29/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |