Windows
Analysis Report
W-9 (REV. March 2024).pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- Acrobat.exe (PID: 6264 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\W -9 (REV. M arch 2024) .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6156 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6640 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 32 --field -trial-han dle=1584,i ,264189746 8703573433 ,632709494 8391134971 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.46.201.17 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1427026 |
Start date and time: | 2024-04-16 22:43:24 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | W-9 (REV. March 2024).pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@15/46@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.208.129.2, 54.144.73.197, 18.207.85.246, 107.22.247.231, 34.193.227.236, 162.159.61.3, 172.64.41.3, 96.7.224.59, 96.7.224.58, 96.7.224.67, 96.7.224.9, 23.209.188.136, 23.209.188.148
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, p13n.adobe.io, geo2.adobe.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: W-9 (REV. March 2024).pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.46.201.17 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | NetSupport RAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.129617654237335 |
Encrypted: | false |
SSDEEP: | 6:lauB+q2PRN2nKuAl9OmbnIFUt8uwUZmw+uw0VkwORN2nKuAl9OmbjLJ:RMvaHAahFUt8u/+C5JHAaSJ |
MD5: | 4C1145656880B8C6CB634BBD7A5808CF |
SHA1: | B0317E8991E13C6BF3955E3F086262DBB2D78F1B |
SHA-256: | 487E9FE954A9C428A2B5A69AC3B7D71F73E92089762866DCC8E72255E73D1D8E |
SHA-512: | 603FDBB2019F76F4B14A4F92843F3951B5E0F80FA771A6FEE4A9A3773EF09E405BCE982C2FF43C606B9DB0B71631756F0D3D2E92201EC95815BCB7EA23A8F2B5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.129617654237335 |
Encrypted: | false |
SSDEEP: | 6:lauB+q2PRN2nKuAl9OmbnIFUt8uwUZmw+uw0VkwORN2nKuAl9OmbjLJ:RMvaHAahFUt8u/+C5JHAaSJ |
MD5: | 4C1145656880B8C6CB634BBD7A5808CF |
SHA1: | B0317E8991E13C6BF3955E3F086262DBB2D78F1B |
SHA-256: | 487E9FE954A9C428A2B5A69AC3B7D71F73E92089762866DCC8E72255E73D1D8E |
SHA-512: | 603FDBB2019F76F4B14A4F92843F3951B5E0F80FA771A6FEE4A9A3773EF09E405BCE982C2FF43C606B9DB0B71631756F0D3D2E92201EC95815BCB7EA23A8F2B5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.235420653767452 |
Encrypted: | false |
SSDEEP: | 6:8Q3udFN+q2PRN2nKuAl9Ombzo2jMGIFUt8xQ3GZmw+xQ31HNVkwORN2nKuAl9OmT:B3fvaHAa8uFUt8W3G/+W3Vz5JHAa8RJ |
MD5: | C79F304728C21DC204AEC670759FD1A4 |
SHA1: | 682B3BD5ABDD3C7225B88C8DE3E6727BAEE151C2 |
SHA-256: | C268FFF39D9D4D8205FF009071B8E567C0CD90B6A5B87268C919670626BDABF2 |
SHA-512: | 154620B8DB7EF8E0765612CCF5B02F82C95A860623AFF73447CAF1F257FD833CA082DB4CFEC6D309377049C5BA59602CFD746DB9C864B10B62DD13A513B1463A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.235420653767452 |
Encrypted: | false |
SSDEEP: | 6:8Q3udFN+q2PRN2nKuAl9Ombzo2jMGIFUt8xQ3GZmw+xQ31HNVkwORN2nKuAl9OmT:B3fvaHAa8uFUt8W3G/+W3Vz5JHAa8RJ |
MD5: | C79F304728C21DC204AEC670759FD1A4 |
SHA1: | 682B3BD5ABDD3C7225B88C8DE3E6727BAEE151C2 |
SHA-256: | C268FFF39D9D4D8205FF009071B8E567C0CD90B6A5B87268C919670626BDABF2 |
SHA-512: | 154620B8DB7EF8E0765612CCF5B02F82C95A860623AFF73447CAF1F257FD833CA082DB4CFEC6D309377049C5BA59602CFD746DB9C864B10B62DD13A513B1463A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\996abf3d-4caa-4fea-aaf6-efee5df46969.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF603891.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f795339f-6183-4a17-a53e-f055cde0f985.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.99087988827579 |
Encrypted: | false |
SSDEEP: | 12:YHO8sqZ+S2sBdOg2HVcaq3QYiubrP7E4T3y:YXsNSbdMHU3QYhbz7nby |
MD5: | 82A2A4B0C7C09747BA5583F543EC1028 |
SHA1: | 7156E64AE6C15C6B42B1E62AA8930883DCAB26D1 |
SHA-256: | A59E1993AD74A3B33CFDAA88C2C90FB32170784168CBE5DDE8E17FDCD37A67B1 |
SHA-512: | BD9DF671D418980FDF98AF8B043BDC6AC9628C13EF616EB758195BA53BCD7BB71C190CD0FCAF363BCA033A3665311E3439969407B17E0F9AEB2E924BAC2785FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.229304133875103 |
Encrypted: | false |
SSDEEP: | 96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xe/WzZU:OLT0bTIeYa51Ogu/0OZARBT8kN88uzZU |
MD5: | 61F251766AF01D6B29F46144EC5663E8 |
SHA1: | 710C3114F6F1A3A27EF802F24078A5D9FDFAC3EA |
SHA-256: | 70536E36BA7A66DA2999CB9A32A4B37E06E8F15E8CAE3D8A977FDD05EDC76258 |
SHA-512: | A218FDC815F4EA01091AE7404AE1FF0F60A7F6435B54AD6C913B120B42DB6BEEC02EB6EB9E4ACD7D453DF63985202EF2E77B594134856F3A2FC3912ABCA1FA3F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.150495354306953 |
Encrypted: | false |
SSDEEP: | 6:la+q2PRN2nKuAl9OmbzNMxIFUt8uccZZmw+uauTVkwORN2nKuAl9OmbzNMFLJ:VvaHAa8jFUt8Lw/+E55JHAa84J |
MD5: | A6A717AE982F3D8B2049419F9960B449 |
SHA1: | 4CB6753456B5054B1CF9B9B5A162858DD722BB11 |
SHA-256: | 72C0A7E2159106C141A5AFC90C94CE438F0FC98884B016B5EEB0E3DB32E724C9 |
SHA-512: | 5CFCCF26A1A98E1ADC52D9D207C7796FB8B2235FFA42BE5E68129226920CEFC3B815C80B4C9533B9AC791D06BADA628E2AF68CED96DE7722FB435558DBC12DF8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.150495354306953 |
Encrypted: | false |
SSDEEP: | 6:la+q2PRN2nKuAl9OmbzNMxIFUt8uccZZmw+uauTVkwORN2nKuAl9OmbzNMFLJ:VvaHAa8jFUt8Lw/+E55JHAa84J |
MD5: | A6A717AE982F3D8B2049419F9960B449 |
SHA1: | 4CB6753456B5054B1CF9B9B5A162858DD722BB11 |
SHA-256: | 72C0A7E2159106C141A5AFC90C94CE438F0FC98884B016B5EEB0E3DB32E724C9 |
SHA-512: | 5CFCCF26A1A98E1ADC52D9D207C7796FB8B2235FFA42BE5E68129226920CEFC3B815C80B4C9533B9AC791D06BADA628E2AF68CED96DE7722FB435558DBC12DF8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240416204403Z-262.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.5815784782085038 |
Encrypted: | false |
SSDEEP: | 96:w1oZMqX8efH1MyTDMT3M4M3qAM4MtHhMM47zFiM6MMrMMx6XgMMMMM4YfI4MM1MB:3AHoAePgT |
MD5: | 64F36373DD14F2D05E45B3430EABE0DA |
SHA1: | 6B293984AE01F9253421DC20BDD718644F4DB4F9 |
SHA-256: | D1E3F20F275AA7B1BD1E31D606C2A1FDB5AB0E400BE608517039BEB408AF0565 |
SHA-512: | B1418272765CD3B554F93169A313BE584E819DD92668FA68AF9CB0281582683C8C290C5CD5739FB729C56DF8E0F9E2809FAC27C4B0DA310080DE4E3010B66C07 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | 192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2155022085236449 |
Encrypted: | false |
SSDEEP: | 48:7MiVRqLmFTIF3XmHjBoGGR+jMz+Lhbkkgn:7TRf9IVXEBodRBkRkkgn |
MD5: | 7046E5D5109F475D70B56B8E44DCCD0C |
SHA1: | 8BE43222679512C563B82DD9E90D9C88F356D5F2 |
SHA-256: | D1780E734F96B7B62B2A37FD5656EB0359EA6C65969F331A3CCA5AD8089F1521 |
SHA-512: | 78B812388523FAF8B277076C49714CB3ADD26D987B5888E80C8AC31E3169DEF5E6B90D4D995C431C24C791F3AD9AFFF04405E000E122F8EA4ECC3678C5F1310B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3810393159409635 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBS4sxi3Q5IRR4UhUR0YHOlxoAvJM3g98kUwPeUkwRe9:YvXKXByeQWRuUhUbOlOGMbLUkee9 |
MD5: | BDFC0738B39296C69E4A98EA4497D4F0 |
SHA1: | D8A4044A140E0872A845ACFF10A52BD1275734AA |
SHA-256: | B642EBA0619F308BD8D58C8D7A8C6274FD7ED1D6A012D33783055FFA4722E027 |
SHA-512: | B1210644852A40EA0FB0EC4014CB44EE8529CFCE7E136E3AA26AE25AA11C5225BE326C5BFDC39351D32FF704D4F508519D5BD69C7E557DE9C89CAC3F3777BBCB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.330697406174692 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBS4sxi3Q5IRR4UhUR0YHOlxoAvJfBoTfXpnrPeUkwRe9:YvXKXByeQWRuUhUbOlOGWTfXcUkee9 |
MD5: | 8796048A02A57D025B4F1948DBC99A1A |
SHA1: | 18FF15FE44A41DB113006264B1DBEF59A137FB73 |
SHA-256: | 4F59B0EC2993B41D8303D7B75DA2E182ACEFD1128BA6E15C060490ADAB82A6D7 |
SHA-512: | ADD4387A9579B56CFB7FD60E49043CECBFB3874F7C6A9C4F573C7F35E752DC5686DAE70EFC96866587659066B5338AAB40E48602BABD69DD99CBCFB761D45249 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.309692441569768 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBS4sxi3Q5IRR4UhUR0YHOlxoAvJfBD2G6UpnrPeUkwRe9:YvXKXByeQWRuUhUbOlOGR22cUkee9 |
MD5: | 2392E7D57DF03933C5049257A64CE41D |
SHA1: | BADB4F4A38B2A75206A1E8B2B2B1801C9CB172B9 |
SHA-256: | 8050E494996C1E2CF492C540AF1D642ABFD665E175F782EBF4C34C9B5FFB8D36 |
SHA-512: | B268C062E1CFFF6CFC58FDFA97C723861B8AB5A57F8DE954936EF4EB979D083FA0273D40A8BA4F4A02BDCE7961542C8BF5858C8D8BE5187D5FA21A9458E59B15 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.370039712738932 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBS4sxi3Q5IRR4UhUR0YHOlxoAvJfPmwrPeUkwRe9:YvXKXByeQWRuUhUbOlOGH56Ukee9 |
MD5: | 2595B70A4A6784DAB2702867CCBE904D |
SHA1: | 77261F79C63F9D8B976D2A5AB16BFE0B666FDC03 |
SHA-256: | AC3B04CA7D466F642EA77D40D01375B655B93C24749D394ACEA1160E5497F539 |
SHA-512: | A74E66C100D6DD5D5569E33F5BDE5FE3C70E7D9E3BC1BEE8E60F47DC754E3015C673AC727C49391E2A41C36D496973A1D74D588B48ADF41A82C33980723452A8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.330012085036957 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBS4sxi3Q5IRR4UhUR0YHOlxoAvJfJWCtMdPeUkwRe9:YvXKXByeQWRuUhUbOlOGBS8Ukee9 |
MD5: | 778686093256AA8BA323E30F153DB654 |
SHA1: | 1EB249847DE5122BE165598542770A15B4496CFD |
SHA-256: | 08EC6CF8F35DF4BCD4AFB01FFB1A55280B4905309B50F64DA54F3A4FACA3A038 |
SHA-512: | 50800F504C579DBF3B45EDE3AD432F2A96B991A9540C866DB14855E7632FBF342789E8C64F616AFFDFB581430583076E981865E9765A1680A5B7FCC04F2E2BAE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.317606285023436 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBS4sxi3Q5IRR4UhUR0YHOlxoAvJf8dPeUkwRe9:YvXKXByeQWRuUhUbOlOGU8Ukee9 |
MD5: | 99F88D569D3A61E2FB13590E575B68CC |
SHA1: | 79DD70B07CF4325C9522E872002598DD8932E43D |
SHA-256: | A77543E2E5B3E5E7E14D4DB996E938A87EEEEA7181553246C44F440BA66D56FA |
SHA-512: | B44910A3A07D5E553EA2B8FED207BFF3B4BEBB2E292EA68EE6A2D920F28327C01919965BCCF91ECB75DA13B2DBD4DDC90A9D1D18DE2176E6C0117B99131FC21C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.319439026443645 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBS4sxi3Q5IRR4UhUR0YHOlxoAvJfQ1rPeUkwRe9:YvXKXByeQWRuUhUbOlOGY16Ukee9 |
MD5: | B1EE462A01EF308402454CD174722759 |
SHA1: | B49BA21BB8AE3CCDA2DF10D485C06944C3A3B081 |
SHA-256: | 013BA33613A810AB37593FAB079593EBB11436376C3E7404375AFB708E723105 |
SHA-512: | CC56C34866A0ED39EF8FE9CE986ACE1D57FD9F17515DD24A3BBDF70EAEFAFBFB342258B5C8959D2624E885F0FE8EA22DC57004F886FE3F79E95BADFE66CD7909 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.325573431916728 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBS4sxi3Q5IRR4UhUR0YHOlxoAvJfFldPeUkwRe9:YvXKXByeQWRuUhUbOlOGz8Ukee9 |
MD5: | 4CF9CC100B65CD2C1256F167EC714891 |
SHA1: | E7BCDA40C09D7DC1819675DBBFA3F1E832BD6C7F |
SHA-256: | 0612E946EBDC7A9663A30C342B0DBC1BD4F991B5DC002295435D53AED6F549C3 |
SHA-512: | B6FA8FC3E04F8F2250366B5EB61E2955DE77911A69EF968CE2C8B1F85852EEBC1E29D685902630AF5DE65957E395141F5B991746608E2F137F4BFF113168D985 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.74169180742761 |
Encrypted: | false |
SSDEEP: | 24:Yv6XBywUbOlKKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNGw:YvEywU4KEgigrNt0wSJn+ns8cvFJAw |
MD5: | F48CBF030899122C4DA0C83821DEE334 |
SHA1: | C1EF54F42CE881651E23F85384397AA30788B023 |
SHA-256: | F1AC0F3D0758C2E6FD5501FBADD7E542FD74685DBAF766492D44FCFDC8D33688 |
SHA-512: | D4C4F64303470D2D1A50CF6684A0F52BBEAB20269CD4593050C5E7455924E282C93B9A06F87D3D39395EF0F48D102769DC7898ABEF0BB66A06142AA3DB104601 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.323396928110994 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBS4sxi3Q5IRR4UhUR0YHOlxoAvJfYdPeUkwRe9:YvXKXByeQWRuUhUbOlOGg8Ukee9 |
MD5: | 55165A3B1A748D09C24CF19F80B58306 |
SHA1: | D2AAC87A4653D33DBBBD69B9B05C7AA85E67B2F3 |
SHA-256: | A226A751344CE6A9B97437CEB2D540152767ABC240AC3C06FF58127E209DA700 |
SHA-512: | 5567AFCE18A7B95BDB10A4336AF9CAD688C4C8495BD927837063DB201DBA18612546A5F24168ACE940DCDEA6AA47AA513CB9B35A8774B08C2224BC1433FAD457 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.77738605239997 |
Encrypted: | false |
SSDEEP: | 24:Yv6XBywUbOl5rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNew:YvEywU45HgDv3W2aYQfgB5OUupHrQ9Fb |
MD5: | 4E40C70D111F59A34A70C70145DCC259 |
SHA1: | A4E4493B90316EF0DE2BFCD9C1D2587C8FD326D9 |
SHA-256: | A831D30D5003EDD3632A0BE43390CEF066B6D24BF809E44DAEE704F3F63D2A32 |
SHA-512: | F37A5B002CF0CBF502A440EC033866745AEF356DF2B7D8B2537424AB8F0FA9CD9F618E17DD2ADE8C0D47289A9A7B0F299868196E2952E31F0680CF531E121FC2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.306783222155229 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBS4sxi3Q5IRR4UhUR0YHOlxoAvJfbPtdPeUkwRe9:YvXKXByeQWRuUhUbOlOGDV8Ukee9 |
MD5: | C6387A48C38C959B4CDB1EECA1C8E639 |
SHA1: | 50BC5F091038EB4C0409DD35601E630A20A36285 |
SHA-256: | 7954D2EB34F4352C21206E90292F27FBFB14BB8B874C2E6C137EFA711E624921 |
SHA-512: | 40A1741173EA3A695F9D8680C95A7BC5F3811A4A620A03A4D419B1573B79DE50B9FC3EAC5032138154F85E09683B3881540C8A61A27914B2BAB11D658A876047 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.3098386408032665 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBS4sxi3Q5IRR4UhUR0YHOlxoAvJf21rPeUkwRe9:YvXKXByeQWRuUhUbOlOG+16Ukee9 |
MD5: | 90687099F547E520DCBB74BE4F5995C2 |
SHA1: | 748C68F4280A3A9203CB34AEB811FC27C81D2D72 |
SHA-256: | DE125AE7994D62F167E4B35F3D4AB04CF0512982D14044B95E8613622615A235 |
SHA-512: | 7B7DD767A58E51777CFDBF9B1D6A770BBFC37290153D0E0551996793BC81C5692EC3548922D0A4A986D5AAB8E615DBC07CF94A7A60D5D09C555C6D2899EE444B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.330232056869141 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBS4sxi3Q5IRR4UhUR0YHOlxoAvJfbpatdPeUkwRe9:YvXKXByeQWRuUhUbOlOGVat8Ukee9 |
MD5: | 7B12330DE58B136A25344D91AA1F7795 |
SHA1: | 66B2A82593A9B9072B2A672D5E312994076B64AE |
SHA-256: | 0DA97F927EEBB4C3598DF2DBFA2F5A548314980AECC91846FF934108469A9DD0 |
SHA-512: | 2562BD082C55D0699906803ACA0633CC442B86FEBE4B3D8C68C295CE747FC9AA004953044C2F78AA5596925A2285133694AAD9631CD6B933B81BA2512E180B71 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.285363005826595 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBS4sxi3Q5IRR4UhUR0YHOlxoAvJfshHHrPeUkwRe9:YvXKXByeQWRuUhUbOlOGUUUkee9 |
MD5: | EFC9E3601EFDA6856F8D25E611C735FA |
SHA1: | 9869EEA717E495191FB7FB1109CFC12DBD82BE62 |
SHA-256: | E01D3B53179E98807CDA503272E1B37291741253EFB4A5250FA311C238273DB1 |
SHA-512: | EDAAB2F4F9918FA46DB700238CA6993D47AFFA441607BAB09101A81CC0EAC9F12B9CD39E7CF626B32C6CE2268CC4B077E953A542039B450402202CEA39FF22C7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.374682705343297 |
Encrypted: | false |
SSDEEP: | 12:YvXKXByeQWRuUhUbOlOGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWKw:Yv6XBywUbOlY168CgEXX5kcIfANh1w |
MD5: | DF06EEB115005783176FAC307B14FA0D |
SHA1: | 2615DC24E4CBF14CF1FF400425313627501B2D8F |
SHA-256: | 6B146C2B473A2FEAA8EC46A80A1C4295688857FE8999CF49239F957CB2F9BF93 |
SHA-512: | A07A27178D13AEACC08B78E545D11385D49D8ED71F75E11502EEF00E290B1AF9DE449201BA93753193B37FF053F28BE6F76A38CF4321A693882DEBDE1A9B0E49 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.111776094545587 |
Encrypted: | false |
SSDEEP: | 48:YqBOgRfka+4khc2wKp4y6V893JzhHAz96n3ZnBb1cWcuvp92cGmf:5BOgRsaLkh7wKp4y6V893JzxAz96n3fX |
MD5: | 53D082D7EC156090ACEE314EA4EBF6A5 |
SHA1: | 28F95FCE9E9D87204E2A614D076D15785370BF82 |
SHA-256: | B3BFF0E5E0771A12A7BB45E19D1DA0318131E745EA147634B331A53F6FB4DA6A |
SHA-512: | 83E0167949B3C0FC3E9334130B656E4AC3A40D678ED6B1A827922A51A19D5417EEB8BCA622E3D1455F5C05EF256E1826AEA58F53EB558BC98DA68691B67E6CDB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.996077623326902 |
Encrypted: | false |
SSDEEP: | 24:TLxx/XYKQvGJF7urs4cY9QRQ6QudzD1/4Eb4Eg0xqDUt6:TVl2GL7ms5YEt5fA |
MD5: | D68F621702364F2B4A938C62D82C96A9 |
SHA1: | 66C178DF30A27E9920DA8C64B18EEAC5FA2F4E3A |
SHA-256: | DAA204180352572BC3D11DAB0FC6A4D9DA79079466C9D7A4AEF5EBCF0614B11D |
SHA-512: | 634F2FF9812A4FDD6D32F5CF41F0D340C2E44B94FE7848725130852C0CD3511808C282FCEF55E9EEF29B9CF1D922E47CBA6DEA698F0D7FB37CA600DCEF9F5B82 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3583295223583143 |
Encrypted: | false |
SSDEEP: | 24:7+taKY9QRQ6QudzDqcLi4Eg0xqDoqLWwx/XYKQvGJF7ursl:7M/YEt+cUzqll2GL7msl |
MD5: | 221C6FC9763179C35E48C9F3F206351B |
SHA1: | 23A5E4D862B4858F5B7865D9C690DA1D1A9C5D79 |
SHA-256: | 9D605B0CE311571F0D7B1CA8ECA24F03C5F378FC1C364974BEA478AE3D659DC9 |
SHA-512: | EB0AFF6F471664534F8049670BACD2951A3B0296B439AA852C6EF6B9D53971BF813EF1F8B717445944C4C96770694239B88E0E67DDB44C89FF4C18705BFE372A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.505069684106714 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8eeWole:Qw946cPbiOxDlbYnuRKhL |
MD5: | C43EF410E1EF99A9E65C7207E3E358AF |
SHA1: | E518C4190E8F7A86A2CDDC8CAF034D613C74D48A |
SHA-256: | F290DA8C0F66FAD72CEAD08CC98BE178A8102AF64B2565B43C7A2B500E7460AF |
SHA-512: | B5FDDEF4599EB2FC4E35C7EED5A4A54FDE45AC6BEEABCA82AF6CE975B8127B62C3A8A11B105E9AE10CDE770A54B20B3C7E3E3FB2938D7E2F4EF2F02659EC9053 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.056656780374296 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOnmElwJWPlwJgCCSyAAO:IngVMre9T0HQIDmy9g06JX2ekWdkgClX |
MD5: | 952BF698F6B6921E0DA7C273B1DEEB4E |
SHA1: | CC12E3C71638866461A1D795308535258169CF7A |
SHA-256: | 917C5CC6470224C79F6FA83AA38552714F6F4DD4FBEA15FF70D3F5FBAD39780B |
SHA-512: | 81233ABCE586965D9859473BF2D6567CE82AC187DCDF93B838DF36BA0EC7FAC816279D7DAE19D2FE2B52CDD41D31594F6C29FD25DCF5E3C0191DD76BF188E643 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.056366984948425 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOr7+uaW7+u8LCSyAAO:IngVMre9T0HQIDmy9g06JXb7+ut+u8LR |
MD5: | 57CC433F5E721A1303677ED0420952EB |
SHA1: | 1250EBFCF833A93F68BF49CBADFB58C2723A55EF |
SHA-256: | 67BB464477111A8A41553EC4EF89723EEE4F742FF8712DEBF1DD69C338403270 |
SHA-512: | F0A73FC7C4854EE1A7B8D8BD7A7208434B04A09AE3C5B7BA26E21093D8C621A8779F24619989E51F5483A84F8BC00E964AE662C507BAA8DFDF82D78A4E20D4B3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.07008554567452 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROO5idkd/iidkdwmCSyAAO:IngVMre9T0HQIDmy9g06JXIkd/iikdTR |
MD5: | AB81E54998AAF474192B839C56520FBA |
SHA1: | 84B8129B8E06B1979FD319595DCBE1DEE225D058 |
SHA-256: | 02CA5B6CF8D72C4E55B8CF4EC815C88277999F8FD176FA5D002C7E7966315511 |
SHA-512: | D65BA39F5C6B1C5ACDF2C8157C69C99E4FFA11AE57A1C0285067E4909062AF7E98E46F3A8E7E88A0E0E748C4879FDA32ECBC1D88C3A6F096090C486FB9A7C40D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-16 22-44-01-739.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | 384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15112 |
Entropy (8bit): | 5.361727276084671 |
Encrypted: | false |
SSDEEP: | 384:nWjW9W2WYWGWZW2WhWgWu8WRW33XkW7WuWpWbW6WzWHW4WZW1HTnFkvZ3yWg6oC+:WasTVDgTI9SYHZSrQyPK21gz |
MD5: | 0104DE3C51693D647A96B3DE88F4F4A4 |
SHA1: | 74D7906C672F377656BC10195621CBEC2F0ED783 |
SHA-256: | 23888ECAA9BD4E5F17F5D2F25E0C0C26C22B67782038F36C62213146A99A8077 |
SHA-512: | BC5496BE5776CE43D0F6E61C86F7E781C7720760E912CFC1DA58CAE563916874B495D514C79A504AAA75D36112B3DF3A6071D90BF5A1AE8A23345970108A8E1D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.415017365931396 |
Encrypted: | false |
SSDEEP: | 192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbdScb4IlXcbd:fhWlA/TVmlg |
MD5: | 3194CF187CF2B4D207756F283033B187 |
SHA1: | A3398F080C4F27062079909426B6F84C900088C3 |
SHA-256: | 23D95DE3E2FA346CE826F3F55DBBB676E95B5C93D274092276B187303B4E4187 |
SHA-512: | 462D0E6DAD4930D888663B16DFE1859A895E635B67BA73026448EFCC45F5FCDE2B83E58B0DBCD596F22FFF2178A2212D6B7C7158381F397887D56C9F0252D385 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/M7oMOWLaGZ4ZwYIGNP8dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RVWLaGZ4ZwZGm3mlind9i4ufFXpAXkru |
MD5: | E787F9888A1628BE8234F19E8EE26D68 |
SHA1: | 44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5 |
SHA-256: | 3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80 |
SHA-512: | EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:NDA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLcGZtwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLcGZa |
MD5: | 16CE9EE406421C4550426BB11DF0B5F4 |
SHA1: | 308299E79688EB2F31ED9541F04ADDB5FFB6C1FA |
SHA-256: | 51015E606D0E8654DA47E0058B408B6A12D025C41D1655EAB797E9DAC618434D |
SHA-512: | 5E9642A4EF951D9158723321274AF9D9B6DB4607351C9033DDE6E7338AA7C5B6E236E0D63CC11FA6A7F2880F3ADC052340F919EF621DA04C80AD42EEB13CED55 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14456 |
Entropy (8bit): | 4.2098179599164975 |
Encrypted: | false |
SSDEEP: | 192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ |
MD5: | 32FCA302C8B872738373D7CCB1E75FD4 |
SHA1: | DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1 |
SHA-256: | CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6 |
SHA-512: | 57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.795081950047265 |
TrID: |
|
File name: | W-9 (REV. March 2024).pdf |
File size: | 140'815 bytes |
MD5: | 4e7f7065f6e4a526452ffacb0134bc50 |
SHA1: | 3c265a136ba7fa236cdfc7b8f8b7853ed6c63e08 |
SHA256: | 2d420cbb4123dcf1fb82595b2359cfbb5d81f00b9df9d359fcc7af361d093f53 |
SHA512: | b2024cd63a5a9e3a2245b72c36bdfea1f083373b01e7e2acc3e5f264053ba6e3030073d5966dbc1f01f99c221dea28e1c24c8b9b44e1de812faa5d565e1c1df2 |
SSDEEP: | 3072:NZ99tHvNziv76ksxL+dugQh2h7nU/SQqwCe+l/OrHKq:NJtvNis9+dHQh6HQECHv |
TLSH: | 8DD3E084570358E4D4534A60B72CB66ACAFF70E67ECC28077D8C06D64F41E93B6A86DB |
File Content Preview: | %PDF-1.7.%......1031 0 obj.<</Linearized 1/L 126744/O 1036/E 31275/N 6/T 126277/H [ 515 302]>>.endobj. ..1052 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<12253618B019F6419353B3C715534797><17D07252539C784A909EE21165D93 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.795082 |
Total Bytes: | 140815 |
Stream Entropy: | 7.954572 |
Stream Bytes: | 116159 |
Entropy outside Streams: | 5.026620 |
Bytes outside Streams: | 24656 |
Number of EOF found: | 3 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 86 |
endobj | 86 |
stream | 76 |
endstream | 76 |
xref | 0 |
trailer | 0 |
startxref | 3 |
/Page | 6 |
/Encrypt | 0 |
/ObjStm | 17 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 2 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 16, 2024 22:44:12.032625914 CEST | 49715 | 443 | 192.168.2.16 | 23.46.201.17 |
Apr 16, 2024 22:44:12.032711983 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.16 |
Apr 16, 2024 22:44:12.032982111 CEST | 49715 | 443 | 192.168.2.16 | 23.46.201.17 |
Apr 16, 2024 22:44:12.032982111 CEST | 49715 | 443 | 192.168.2.16 | 23.46.201.17 |
Apr 16, 2024 22:44:12.033065081 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.16 |
Apr 16, 2024 22:44:12.352327108 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.16 |
Apr 16, 2024 22:44:12.352731943 CEST | 49715 | 443 | 192.168.2.16 | 23.46.201.17 |
Apr 16, 2024 22:44:12.352767944 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.16 |
Apr 16, 2024 22:44:12.356354952 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.16 |
Apr 16, 2024 22:44:12.356587887 CEST | 49715 | 443 | 192.168.2.16 | 23.46.201.17 |
Apr 16, 2024 22:44:12.358150959 CEST | 49715 | 443 | 192.168.2.16 | 23.46.201.17 |
Apr 16, 2024 22:44:12.358381033 CEST | 49715 | 443 | 192.168.2.16 | 23.46.201.17 |
Apr 16, 2024 22:44:12.358544111 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.16 |
Apr 16, 2024 22:44:12.402607918 CEST | 49715 | 443 | 192.168.2.16 | 23.46.201.17 |
Apr 16, 2024 22:44:12.402623892 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.16 |
Apr 16, 2024 22:44:12.450633049 CEST | 49715 | 443 | 192.168.2.16 | 23.46.201.17 |
Apr 16, 2024 22:44:12.465130091 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.16 |
Apr 16, 2024 22:44:12.465503931 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.16 |
Apr 16, 2024 22:44:12.466120958 CEST | 49715 | 443 | 192.168.2.16 | 23.46.201.17 |
Apr 16, 2024 22:44:12.466120958 CEST | 49715 | 443 | 192.168.2.16 | 23.46.201.17 |
Apr 16, 2024 22:44:12.770591974 CEST | 49715 | 443 | 192.168.2.16 | 23.46.201.17 |
Apr 16, 2024 22:44:12.770639896 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.16 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49715 | 23.46.201.17 | 443 | 6640 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 20:44:12 UTC | 390 | OUT | |
2024-04-16 20:44:12 UTC | 247 | IN | |
2024-04-16 20:44:12 UTC | 120 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 22:43:54 |
Start date: | 16/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6685e0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 3 |
Start time: | 22:43:59 |
Start date: | 16/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d3bd0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 4 |
Start time: | 22:43:59 |
Start date: | 16/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d3bd0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |