Windows
Analysis Report
E09VCIAPRWC9ATV6.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7608 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\E 09VCIAPRWC 9ATV6.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7776 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7968 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=17 84 --field -trial-han dle=1712,i ,649223778 4614893330 ,170185311 5773800397 2,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.196.176.131 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1419156 |
Start date and time: | 2024-04-03 07:30:55 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 50s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | E09VCIAPRWC9ATV6.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@14/43@0/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.193.120.142, 52.22.41.97, 52.6.155.20, 3.219.243.226, 3.233.129.217, 23.219.155.173, 23.219.155.144, 23.219.155.159, 23.219.155.165, 23.219.155.137, 172.64.41.3, 162.159.61.3, 23.219.155.148
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.196.176.131 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Havoc | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.1948489877166795 |
Encrypted: | false |
SSDEEP: | 6:U8fQ+q2Pwkn2nKuAl9OmbnIFUt8d8fgZmw+d8fQVkwOwkn2nKuAl9OmbjLJ:5fQ+vYfHAahFUt8Sfg/+SfQV5JfHAaSJ |
MD5: | A64A4F4D4568397FF535CAC34BB73030 |
SHA1: | FE546E75C0CC07F155ED0B509B7E9C1D9D6A2F56 |
SHA-256: | 8EE8836161B830D5B6FA600885AA0FA9533F8D670104ED8AC958FC86D8187713 |
SHA-512: | FE28D718E81850F0BBAFE321D0506C15959CC3D90CFE1FA4888B69D21AC3A31C0C03BF0D6F0DB4DB7F510071F80E3D46D11C9AEB0AB4A36A9AA8E82362B320CD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.1948489877166795 |
Encrypted: | false |
SSDEEP: | 6:U8fQ+q2Pwkn2nKuAl9OmbnIFUt8d8fgZmw+d8fQVkwOwkn2nKuAl9OmbjLJ:5fQ+vYfHAahFUt8Sfg/+SfQV5JfHAaSJ |
MD5: | A64A4F4D4568397FF535CAC34BB73030 |
SHA1: | FE546E75C0CC07F155ED0B509B7E9C1D9D6A2F56 |
SHA-256: | 8EE8836161B830D5B6FA600885AA0FA9533F8D670104ED8AC958FC86D8187713 |
SHA-512: | FE28D718E81850F0BBAFE321D0506C15959CC3D90CFE1FA4888B69D21AC3A31C0C03BF0D6F0DB4DB7F510071F80E3D46D11C9AEB0AB4A36A9AA8E82362B320CD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.179721145331564 |
Encrypted: | false |
SSDEEP: | 6:UZ86N+q2Pwkn2nKuAl9Ombzo2jMGIFUt8dZ6zmWZmw+dZSDT3VkwOwkn2nKuAl97:Yt+vYfHAa8uFUt8/6zmW/+/c3V5JfHAv |
MD5: | 9D70AD0B913E5A34B6F9E78D432DD4B2 |
SHA1: | 7C29985D1CE8693B27C226703BC13E61B7321606 |
SHA-256: | 335C563E45715A080AD093E89272A06FDC8EF320BDB73FF7BE0157E95827E9F4 |
SHA-512: | B3FDF0CA24D5B6371C77A6B6CECA8CD79F11EC9F9F37B1D9887B872AA0CF5F5ECA057E84B187B07B55B97476F815920F33A4143EB2491BEF4DE403F24CD79527 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.179721145331564 |
Encrypted: | false |
SSDEEP: | 6:UZ86N+q2Pwkn2nKuAl9Ombzo2jMGIFUt8dZ6zmWZmw+dZSDT3VkwOwkn2nKuAl97:Yt+vYfHAa8uFUt8/6zmW/+/c3V5JfHAv |
MD5: | 9D70AD0B913E5A34B6F9E78D432DD4B2 |
SHA1: | 7C29985D1CE8693B27C226703BC13E61B7321606 |
SHA-256: | 335C563E45715A080AD093E89272A06FDC8EF320BDB73FF7BE0157E95827E9F4 |
SHA-512: | B3FDF0CA24D5B6371C77A6B6CECA8CD79F11EC9F9F37B1D9887B872AA0CF5F5ECA057E84B187B07B55B97476F815920F33A4143EB2491BEF4DE403F24CD79527 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.956796897039125 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZdAsBdOg2Hacaq3QYiubInP7E4T3y:Y2sRdsCVdMHV3QYhbG7nby |
MD5: | 7294F3CD2B53FB40232EB4D307445E02 |
SHA1: | 23D1F6ADEB860094B60BF174FB50FFACA82A44C0 |
SHA-256: | 3CBBFE3887A6C0514665955A33559519495351C47CEBC033E5A038C7338453E7 |
SHA-512: | D240E88EFC44D75FDDF870AED309AF2E869829AEA31B9BAC53C2E9C56F9105D0F9A282243B0FD4AD6B219949D18F8B843C0C90010CB288E3604C891006535DEE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ade65e3b-8b10-4974-8afb-17125fda149f.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.956796897039125 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZdAsBdOg2Hacaq3QYiubInP7E4T3y:Y2sRdsCVdMHV3QYhbG7nby |
MD5: | 7294F3CD2B53FB40232EB4D307445E02 |
SHA1: | 23D1F6ADEB860094B60BF174FB50FFACA82A44C0 |
SHA-256: | 3CBBFE3887A6C0514665955A33559519495351C47CEBC033E5A038C7338453E7 |
SHA-512: | D240E88EFC44D75FDDF870AED309AF2E869829AEA31B9BAC53C2E9C56F9105D0F9A282243B0FD4AD6B219949D18F8B843C0C90010CB288E3604C891006535DEE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.262845386415642 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7+jADFZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goH |
MD5: | 9D37E54C33C31A2DDD619DDD20F57CAC |
SHA1: | BA0E8CA662A23449AA0CAF7C71B7E52862FF19BA |
SHA-256: | 7555566FEB6B28294A58603E5191987592694374D87DC29CFCF93656BFE891CF |
SHA-512: | 06B39CC24308270F79BB85CD04C16EFF97C209AEDEFE0E3ED7632772D179DC44E3521C5E9028A9AC4BC1506A08B638F03AB56BF014F08E07ADF5E4800351F477 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.189415207781895 |
Encrypted: | false |
SSDEEP: | 6:UZYi+q2Pwkn2nKuAl9OmbzNMxIFUt8dZ2C7WZmw+dZ2dMDVkwOwkn2nKuAl9Ombg:YL+vYfHAa8jFUt8/2QW/+/2+V5JfHAab |
MD5: | BE12DA4A13CFE5D20FDA015BE2313D21 |
SHA1: | BFB250940735E1DD6A2FD4AB5F0C00EDFC390CDF |
SHA-256: | 924C513DFDFC802BCCC5722B02BE981ADDD3EA51057B5D0C4F6ECAB5AD6CE476 |
SHA-512: | 1180147044F3006A4B78A2721890364C605158B7A6C50180D55639506D565C3769E1AB907F72CECF4F4DE47014A2979AC9B3BC8090D06D166E92F62FE1500EA0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.189415207781895 |
Encrypted: | false |
SSDEEP: | 6:UZYi+q2Pwkn2nKuAl9OmbzNMxIFUt8dZ2C7WZmw+dZ2dMDVkwOwkn2nKuAl9Ombg:YL+vYfHAa8jFUt8/2QW/+/2+V5JfHAab |
MD5: | BE12DA4A13CFE5D20FDA015BE2313D21 |
SHA1: | BFB250940735E1DD6A2FD4AB5F0C00EDFC390CDF |
SHA-256: | 924C513DFDFC802BCCC5722B02BE981ADDD3EA51057B5D0C4F6ECAB5AD6CE476 |
SHA-512: | 1180147044F3006A4B78A2721890364C605158B7A6C50180D55639506D565C3769E1AB907F72CECF4F4DE47014A2979AC9B3BC8090D06D166E92F62FE1500EA0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240403053146Z-151.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 95174 |
Entropy (8bit): | 2.0582939693607596 |
Encrypted: | false |
SSDEEP: | 384:PfTIP+Qt1ec+R9YtubRFn+5WQxDf2Jg3qOy4:nT6t1X+R8utFKGgs4 |
MD5: | 164D7476B6163E8510C6D14B021A57FF |
SHA1: | E1FEF8F2855BE64207CADBFAA06DDAAE6062A8A0 |
SHA-256: | 26385A370039F39DA0D3CDB5213FCF5B4A04A34A3479137064872A2FEDEF5899 |
SHA-512: | 6B807D79E2EB1462DF4C8B35018EAB6DDB2321BE149FA96A0DCCFA5C39AB4E46E380B20D706854ADED57F28EE90B28C21918F98E85A2A53E6ABFC5BEDCFD808F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445082040552655 |
Encrypted: | false |
SSDEEP: | 384:yezci5toiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rPs3OazzU89UTTgUL |
MD5: | 50367C0EE49C6A9CEE80CC720D6E6114 |
SHA1: | D9A21ED86318C412A5038792CBD2AB66E6843797 |
SHA-256: | 4AE933E5E1CA05C673FB456F696F9D7D649FE5F75CFBA6874726A5A425A3DEC7 |
SHA-512: | 1A920C975081016E6AA737BB3D231D971782665D67AC98E9D43D87F8C14D0358FEC4F24E1D96F1EC86C1FF43A4ED71F7176A62F20FFE5220F327F0663FB91D35 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.771593998216518 |
Encrypted: | false |
SSDEEP: | 48:7Mxcp/E2ioyVGioy9oWoy1Cwoy1uKOioy1noy1AYoy1Wioy1hioybioy8oy1noyn:7IcpjuGFlXKQhNb9IVXEBodRBkv |
MD5: | EF2E6F904576A7965288B353D6AFFBCF |
SHA1: | 1785EF0710E57FD37CD74DF64D052D04B023D46C |
SHA-256: | 9F2F266EB236FF91C2C2540C225D46A8F2F8044C101A490C5FBAA7426E83255A |
SHA-512: | FB02084B7E16FA3803022134C7A2115D3C117576E7433F35C6D8BEAD463B6E5916E8B8B6BB093F6A86F660F18DC51916902D53C0D9B71AA4699E1E1BDEBE2F3C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 244540 |
Entropy (8bit): | 3.3415042960460593 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn |
MD5: | 758B42992DDFC41CB5E57069C621B54A |
SHA1: | D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD |
SHA-256: | 55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D |
SHA-512: | 437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.362139249737611 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJM3g98kUwPeUkwRe9:YvXKXiK2Zc0v3+GMbLUkee9 |
MD5: | 6502CFDA4E288E771E8B5D4C90E98D2E |
SHA1: | 22E2D809B33CFDB7014BB1C18D77C51480BD5144 |
SHA-256: | A1E83C3C786847402CCF435FEF4B3A04914AB2EAE44F14EB17B91DF289B03F4A |
SHA-512: | 315E968411126AB9409B4C0D8D3F50F61754649BDF5D6F888E1949DAB19BD18ADEAB3317CC223442A057DE25AF51FD020F58D392DFF0C6D941D0827E32EDA579 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.308911051764833 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfBoTfXpnrPeUkwRe9:YvXKXiK2Zc0v3+GWTfXcUkee9 |
MD5: | 7F6B8B4D77FA14C393D8C14B77C8A614 |
SHA1: | B2AB2EFAAD285FEC65A2126C318ACD2438C6CB83 |
SHA-256: | C684213638ACD4C3C11851A98778E54F0E68889D6C1D1F7BEF792ECEE1615300 |
SHA-512: | 12F6BAD5338FDA717C9F1EAA18EFE09DBDF6E1BF16D5E2ABA3EA33B3097BDAEB9E68FE2EBAF4F22FABA4692AFA83CAEF4FA48A3181A4C55667E844F0303B6B38 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.28717054712264 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfBD2G6UpnrPeUkwRe9:YvXKXiK2Zc0v3+GR22cUkee9 |
MD5: | 5ED4A0DA31071A9465851865FD026693 |
SHA1: | 975DDE5D81EB9099ADF35378719B5E7C07D55649 |
SHA-256: | DCFBB81B03B826C01435C7CFC8DA6347D84A9979DC1F8A2D04A800AD193A27EC |
SHA-512: | 390CF8D394DD6D690EF4545ABED1CD3A441990071241423412E2C1FC200185EFE4A33C1D09DB447DD21772CDD15DCFBCB46C14CAFBF59CDB5C2FA66CC18DC6A8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.3491068037720835 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfPmwrPeUkwRe9:YvXKXiK2Zc0v3+GH56Ukee9 |
MD5: | ED2D100146F3FDF5240753422DFD0AC8 |
SHA1: | 52D7091A497B5613BC393278C80667D4A033FA86 |
SHA-256: | 2903B97B9115C63952A395906A439FE724B52DE5660B0F1598BA4AB15FF393BD |
SHA-512: | FF817B9B0D91B60105FAE0296BDC6721E22E38A7EB3C742673AB56B1672EAFE60A18862C42166E64FA73DE97EB8AB930EF17DE427B0C709DA8FEB23608F2500F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.3092886240992865 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfJWCtMdPeUkwRe9:YvXKXiK2Zc0v3+GBS8Ukee9 |
MD5: | 8BB3A889C32AE83F85A48ED2E16E57CC |
SHA1: | FC87ADC0CF75EDF685556BA453AC69BE3137DE04 |
SHA-256: | 7F97624B1DC0CB79CA791C0D1A53D471E4B25366F6E5FF5AB4A8F3BDE3A9C9BD |
SHA-512: | CF7AD13099CE770DD706893AAA91B42C563B81233B55D4192EA442D9065E8F65105AFE0133E072FF50E2252C3F0F20F417767B449282F26D7E24F4356671929F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.295873845793351 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJf8dPeUkwRe9:YvXKXiK2Zc0v3+GU8Ukee9 |
MD5: | 5AD40E1C812A33D02464FA81EED0C8E7 |
SHA1: | 1B36E7FC1F4460FDDC8DA70C3FD0BBDF11A865D4 |
SHA-256: | F69A89E5EB88C90838393479E57438904A3F8A8E56609B0F7D1C7270792FE289 |
SHA-512: | 9F55E9D8467C17AD0B6E2352DD2959AEB25943F6AAD4A8702C77F31BFBCA95799948E645DB46F00D4E2C99B384F818E74A305176F5EDFC26B0DD0D7E743CD78F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.300107672808338 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfQ1rPeUkwRe9:YvXKXiK2Zc0v3+GY16Ukee9 |
MD5: | E90AA7BB1E9C968F3A2EF87AA3E867D8 |
SHA1: | E701B1991414D9780F367B6C586A928CE17DF390 |
SHA-256: | 1786C44CE31CAADBF5A0EDD0D286C2741F3C1ADDE51D24BB22577BDD7BB381DF |
SHA-512: | 5729CA6F6E8CB52857D39EE8176812142A36ABD343DCCB347C253842C78E092EB69E25441BE8774AE1E9DEE6F93BCFBF90D8C5ED02EDA76AD218A5A13F3EC698 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.305176929850762 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfFldPeUkwRe9:YvXKXiK2Zc0v3+Gz8Ukee9 |
MD5: | 158D8AAFD2EB199D7D062DDA27CD10ED |
SHA1: | AF4EAF763D5AC2B1B87E7EEA760A7E4EFA003E4C |
SHA-256: | A17A68B87FDB8D6D1E224DD34E9FDD911F7328B1415CD69F4185B59BA74FFA39 |
SHA-512: | 6066C4BCAD196089E04EBB8205DFD8200086AEE9CE667D47F898505E394AC37478696C88616B56F548A532FFF88CBEAC61A4BCF18EFB463FD60433009C3087C9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.321764751505739 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfzdPeUkwRe9:YvXKXiK2Zc0v3+Gb8Ukee9 |
MD5: | 26DE3AD3E7771562D9421DEBA5890537 |
SHA1: | 9907F2F4AD26C64D1D411A38E038DA840AD95BA1 |
SHA-256: | 9E2D5A26D1E6BD9C154FF6016208577C7831B21AC9E46894D47B0C5E5A531405 |
SHA-512: | 73FF362361D433EFC2F605D762212C6DD809E039D86BF04DD38409094CF8C2495B428092830C6C353AA6C7122FE1843B1FAD9A6D5A0E4AAB398E61EDC55084AD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.302458344741443 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfYdPeUkwRe9:YvXKXiK2Zc0v3+Gg8Ukee9 |
MD5: | A163A7DAAE6E068549328FFFBBCB52D1 |
SHA1: | F6228C45D2F2E6E428B9D6234C3E90F514EFF62D |
SHA-256: | 4BC1297E30974C7C55CC00912433C2D2F1C52AF136915D475053B0AB84E2AB08 |
SHA-512: | 5A82162DFE633A9980CB8DF8CA19E9F675E43492CA6AD9E5DD8E977B202C72EBBC5D9D9E57671D5954965C6D79276D45192EF4D5C959C5F2B9AA2857E4BFF70A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.776466739731272 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xuzv3prLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNyx1:YvVxHgDv3W2aYQfgB5OUupHrQ9FJK1 |
MD5: | 7D1EC4D7CD11CE578F90CB5CACC7C482 |
SHA1: | 6C05D0E572A42103FBB0DDE59328675A863ED824 |
SHA-256: | DD7A7B9A214C6CB1CC28BAB83F08B08F1DA7BF4EBBA35CA0C17C36C28C9A8AF0 |
SHA-512: | EEE8C302608DAA5E34CA83E68E2CDCEDBCD478509973351E2578019EAF4DB40FB18F1F63F27011D25BD20940DE9C3AB647058281CCD6125AF3A95F1E2E286DEE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.28598854657516 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfbPtdPeUkwRe9:YvXKXiK2Zc0v3+GDV8Ukee9 |
MD5: | A2308E170765A7BBB7F6E5C555466421 |
SHA1: | 6C36A9737A25B56675A8B384534A782979C2D44F |
SHA-256: | 862FECB849609D8E7BF46772AE7825FAEDB29D4C8C9AC00A5475FE4A55E3466D |
SHA-512: | E3667157663B6BD597D6DBA4A6D89F47998AD274E68A21A456C4D5E1C6BF829F498317BF84B81D43540721222D780E00E31758C4D10A09AC880E1623401950A1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.290674026373771 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJf21rPeUkwRe9:YvXKXiK2Zc0v3+G+16Ukee9 |
MD5: | 5A831A38386D4093688F63BA24E0456A |
SHA1: | 1718343BE91F0A7C7DA6A19E40FD1D3C2388AB44 |
SHA-256: | 96187F6027E2896028A8B40FC839A230BD7B8F2DB07874E6930349A5938217B7 |
SHA-512: | 26A2561A65A0873A1754BC9341AB1E4E6E797453DAF0647A4758D65F500564EE4BBDF12C5F307C108A315B63EAC4A6F1339555361098540D84840CE59C33D1B0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.308999655425369 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfbpatdPeUkwRe9:YvXKXiK2Zc0v3+GVat8Ukee9 |
MD5: | 802872522EB83115BBEFEC97E0CAE432 |
SHA1: | 398100B50AF7B38C2D1A93B187398C96977A0ECB |
SHA-256: | C41CEBCAA5BB7613C9BFCC62C5D0E8D9D0E1C3A982A8743F57BB486DD97CD2C3 |
SHA-512: | F7662CA6DC31F7E3AC4A7C5F658B072C5382000C7C3B3AADD164FE951DA910B3F7AB19A27084CE09FEBE908969BB387F73C54776DC37F3C0ACF2FBD5B489683D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.266027127783016 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfshHHrPeUkwRe9:YvXKXiK2Zc0v3+GUUUkee9 |
MD5: | 953593E69017857C7DE2BF2C20489929 |
SHA1: | B0C9DE7FD6785B34E3F99F208DD87EFB2BF8A92B |
SHA-256: | 5A817D9936286B2715A01D2602B7D78F1371DEB8616FC937A81778FAF416C9FD |
SHA-512: | 835323CFA91F412B2C7E9C66ACFB6AEE4A1A07ED90472426E721E7F415C80B1D063D692F4EB727B84069EB7A8B33C0B3EA08951290880F68A0A3AB9BD02F287B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.369507974546643 |
Encrypted: | false |
SSDEEP: | 12:YvXKXiK2Zc0v3+GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW2x1:Yv6Xuzv3I168CgEXX5kcIfANhfx1 |
MD5: | 4016AD60CD59AC01E115E4B1C54C1C36 |
SHA1: | 36991DF2B25A4F566AEADAA738797A19EF6502E0 |
SHA-256: | 825F59BA65D5A86BCF3762C3E799EEF864C4B1CD592214E2A90A71579C22E9FC |
SHA-512: | 1542124E3A24071E4C4EDE7142A12B54F440B5C14AF8EFA4D06F6218BF9107EE3F9533117D37C93BD5239D9373D359564698ACF99634E94C0D8D4AD666462153 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2813 |
Entropy (8bit): | 5.113862520863091 |
Encrypted: | false |
SSDEEP: | 48:YBfBQ9c3Nt0RAuzBx9xSx+VgPWAtptQ9e:Ou9mNt0RAu9x9sxXuAwe |
MD5: | A5CE7953A2F681EC5DB583773DEE6C81 |
SHA1: | 11A4D431E14D6E03E87228F2B28B5FC1B30BF987 |
SHA-256: | 39E56685F2904B4F4C398B01D8F354EAE231290133B6B5F484F7CFFB8BCC2B8E |
SHA-512: | 57962F96A58148A1DAC209223258AB855028FC35C4B3BA0E3DD278F7B10A24EF5330B2B539BA0AB68C0F1377438258FAB35C57E2D130879DA919CBC2A6757701 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1871108757732023 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUU6SvR9H9vxFGiDIAEkGVvpI:lNVmswUUUUUUUU6+FGSIt8 |
MD5: | C72480ED10A8F40E7DBC8441B5E31952 |
SHA1: | EE15CE9C008D3D06D3FFA0B06F4F22FE9AE5D87A |
SHA-256: | 328B84144B96AC622B2862C6AC1D0E95F576DCBAC2650E8D04C5064722FAA26C |
SHA-512: | 5B250BC51ACF101F17B9B2A9DA30E941DF30D988F613E8561262AE0986AA0287920A8E2505A65FF2927ED560146ED439145203AEC82AB35A51A84E446FC4CCF1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6078435123725936 |
Encrypted: | false |
SSDEEP: | 48:7MHKUUUUUUUUUU4vR9H9vxFGiDIAEkGVvzWqFl2GL7msj:7FUUUUUUUUUUwFGSIt1WKVmsj |
MD5: | 3CA9A1FA7833361EA8E3BE6FB5487CFB |
SHA1: | 079D9672941D629FC4BBB20CA6219504430FA67D |
SHA-256: | 9E227F8E0BC6151ADEA4E7E0316DF586525F49DB56CA4E646645A057EC1BEEEE |
SHA-512: | 8E7B20F8AE4ABAB90E30722BEA3937C27E481378CF54C12781EBBC04879314C3E8FB756A838EBF5FABEC04004D4981B3A55DB7F8EA11FA7E7FED45D6D2B89A97 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5248044522866877 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82bkw9:Qw946cPbiOxDlbYnuRKX4O |
MD5: | 68A6636600D888A9FE990D400F1B865D |
SHA1: | 13911171920BBF506F9DC2B99F1BCBB07B31344B |
SHA-256: | 05A06C7BBDC85719D85273404E1B264F7E53D439BE15B9181F9372E85DC65B3C |
SHA-512: | C6437C675F363047137D497CDB0ECE98B0978E846DDA1F380D3896080C5167AE6B350EE70F5FE6C5BE01A337A5053E59927FE135F3BB4C1929B556222511744E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-03 07-31-44-181.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.327028141494266 |
Encrypted: | false |
SSDEEP: | 384:Wce5GAvQ61uYbtJyAkshsds3s+/LMVTRk47exS2T3jpokOndb8OO5J3AXN0RPBW2:Y/R |
MD5: | 395373BF402A61872C8C00F038D5CCBA |
SHA1: | 2893F760B8F3A9BF2FD5897186133B3A915D4CB6 |
SHA-256: | 2B506DEC36F0D8772C03ED84C560F916FD53BED262845A57C50B53F44B853D30 |
SHA-512: | 48554E48F06282D55013095E9480BC34740A1B15EC8E5EF7B795C405DF97BC91B61839A4EAED85FE9C4666D5D62DBDC3109CFC9B6EA1FBC56AB6FDF321583C7B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.385474524136605 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rr:f |
MD5: | D2E77F5EF7BA03611F4183A3C9C652C9 |
SHA1: | F1D17EDF5649D24D6DCF57F47399EC6409AB1034 |
SHA-256: | 1BF3538BDADE29B96E77F759DD1FFF5185E5C312E77E06C8AD3123F561F84CED |
SHA-512: | 1ED620683F84DC2BA28F134D237F8C7A2A0F08DF02473F197F1EA0BF55816CC25EC283DC1A54D68F7CCAD5FE7CC2CC7ECB5AF257F7BEAA74FE07D6EE54D49E9A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru |
MD5: | AE1E8A5D3E7B2198980A0CA16DE5F3D3 |
SHA1: | A1DB2C58AFC81E6A114A8EB47BE0243956F79460 |
SHA-256: | 8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F |
SHA-512: | 5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.770842467948956 |
TrID: |
|
File name: | E09VCIAPRWC9ATV6.pdf |
File size: | 35'307 bytes |
MD5: | b2d1080beed9ef9b39290e12d87114fe |
SHA1: | b77015962e5feced7c0327aac5d392e2e20980a1 |
SHA256: | 3bd56d06d88a736f85312de61c47d839b3f43880d24e4f0a90e386f37a919886 |
SHA512: | 2ac3d3da2bdec67964df256340c6c625b14ebcbd4ef3f36f86d6331e77484d995d423e476b8ec259c631dbc968384efa1a48a0522341dd33f5b02a29f7c3f4c7 |
SSDEEP: | 768:sEnzK+NryZdM2uR6Fx5csYa9C8lXs3f88f8nCDX9LSom:lzKerB2Vz5csvQv80Bm |
TLSH: | 6BF2E014C92FF06ECC5609BF1EEEF49EA7F4F970A8CC227F7D5A53A4565000B502684A |
File Content Preview: | %PDF-1.4.%.....2 0 obj.<</Type/XObject/Subtype/Image/Width 1024/Height 884/Length 34076/ColorSpace/DeviceRGB/BitsPerComponent 8/Filter/FlateDecode>>stream.x.....$.]..;.5@.....^.&..t....%.<..Cz!..N...8`....,..1..l...`.$[..6.....n.6....6.4ZmY...H.....K-.... |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.770842 |
Total Bytes: | 35307 |
Stream Entropy: | 7.759797 |
Stream Bytes: | 34181 |
Entropy outside Streams: | 5.311396 |
Bytes outside Streams: | 1126 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 7 |
endobj | 7 |
stream | 3 |
endstream | 3 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 3, 2024 07:31:54.901312113 CEST | 49740 | 443 | 192.168.2.4 | 23.196.176.131 |
Apr 3, 2024 07:31:54.901339054 CEST | 443 | 49740 | 23.196.176.131 | 192.168.2.4 |
Apr 3, 2024 07:31:54.901412964 CEST | 49740 | 443 | 192.168.2.4 | 23.196.176.131 |
Apr 3, 2024 07:31:54.901582956 CEST | 49740 | 443 | 192.168.2.4 | 23.196.176.131 |
Apr 3, 2024 07:31:54.901597023 CEST | 443 | 49740 | 23.196.176.131 | 192.168.2.4 |
Apr 3, 2024 07:31:55.299734116 CEST | 443 | 49740 | 23.196.176.131 | 192.168.2.4 |
Apr 3, 2024 07:31:55.300086975 CEST | 49740 | 443 | 192.168.2.4 | 23.196.176.131 |
Apr 3, 2024 07:31:55.300106049 CEST | 443 | 49740 | 23.196.176.131 | 192.168.2.4 |
Apr 3, 2024 07:31:55.301235914 CEST | 443 | 49740 | 23.196.176.131 | 192.168.2.4 |
Apr 3, 2024 07:31:55.301315069 CEST | 49740 | 443 | 192.168.2.4 | 23.196.176.131 |
Apr 3, 2024 07:31:55.308335066 CEST | 49740 | 443 | 192.168.2.4 | 23.196.176.131 |
Apr 3, 2024 07:31:55.308398962 CEST | 443 | 49740 | 23.196.176.131 | 192.168.2.4 |
Apr 3, 2024 07:31:55.308518887 CEST | 49740 | 443 | 192.168.2.4 | 23.196.176.131 |
Apr 3, 2024 07:31:55.308527946 CEST | 443 | 49740 | 23.196.176.131 | 192.168.2.4 |
Apr 3, 2024 07:31:55.362086058 CEST | 49740 | 443 | 192.168.2.4 | 23.196.176.131 |
Apr 3, 2024 07:31:55.480076075 CEST | 443 | 49740 | 23.196.176.131 | 192.168.2.4 |
Apr 3, 2024 07:31:55.480315924 CEST | 443 | 49740 | 23.196.176.131 | 192.168.2.4 |
Apr 3, 2024 07:31:55.480407953 CEST | 49740 | 443 | 192.168.2.4 | 23.196.176.131 |
Apr 3, 2024 07:31:55.480804920 CEST | 49740 | 443 | 192.168.2.4 | 23.196.176.131 |
Apr 3, 2024 07:31:55.480829000 CEST | 443 | 49740 | 23.196.176.131 | 192.168.2.4 |
Apr 3, 2024 07:31:55.480839968 CEST | 49740 | 443 | 192.168.2.4 | 23.196.176.131 |
Apr 3, 2024 07:31:55.480870962 CEST | 49740 | 443 | 192.168.2.4 | 23.196.176.131 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49740 | 23.196.176.131 | 443 | 7968 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-03 05:31:55 UTC | 475 | OUT | |
2024-04-03 05:31:55 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:31:41 |
Start date: | 03/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 07:31:41 |
Start date: | 03/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 07:31:41 |
Start date: | 03/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |