Windows
Analysis Report
W-9 Blank - March 2024 revision.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- Acrobat.exe (PID: 5912 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\W -9 Blank - March 202 4 revision .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 3552 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6340 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 60 --field -trial-han dle=1576,i ,176694405 5093436156 6,20576645 9977317452 1,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.54.200.159 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1427110 |
Start date and time: | 2024-04-17 01:57:16 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | W-9 Blank - March 2024 revision.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@15/46@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.36.68.10, 34.193.227.236, 54.144.73.197, 107.22.247.231, 18.207.85.246, 172.64.41.3, 162.159.61.3, 23.209.188.149, 23.209.188.151, 23.49.5.143, 23.49.5.147, 23.192.229.132, 23.192.229.136
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, p13n.adobe.io, geo2.adobe.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.54.200.159 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | LimeRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | STRRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | NetSupport RAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.226761538250914 |
Encrypted: | false |
SSDEEP: | 6:ZViUjI3+q2PRN2nKuAl9OmbnIFUt8WViUkaZmw+WViUk2VkwORN2nKuAl9OmbjLJ:HsOvaHAahFUt8CZ/+Cz5JHAaSJ |
MD5: | 5D6BC45FB7008CE920EEF51F0C5A29E2 |
SHA1: | 817D9A3138809C9848C2E9482135EFF74579E139 |
SHA-256: | 09F424697F28F889BA84E28F4A09EB035053A837F43680ADF5AD4E68C4A023F1 |
SHA-512: | 11F376B3E6651E63E1EB20CD61BFED53D2AA75FD6C11CD106D7466C9BC991C06A870877D62C36DB8B2D766AC55F80892D9DDF23D4293D3987E2FF0A50C6FCA83 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.226761538250914 |
Encrypted: | false |
SSDEEP: | 6:ZViUjI3+q2PRN2nKuAl9OmbnIFUt8WViUkaZmw+WViUk2VkwORN2nKuAl9OmbjLJ:HsOvaHAahFUt8CZ/+Cz5JHAaSJ |
MD5: | 5D6BC45FB7008CE920EEF51F0C5A29E2 |
SHA1: | 817D9A3138809C9848C2E9482135EFF74579E139 |
SHA-256: | 09F424697F28F889BA84E28F4A09EB035053A837F43680ADF5AD4E68C4A023F1 |
SHA-512: | 11F376B3E6651E63E1EB20CD61BFED53D2AA75FD6C11CD106D7466C9BC991C06A870877D62C36DB8B2D766AC55F80892D9DDF23D4293D3987E2FF0A50C6FCA83 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.144805153609905 |
Encrypted: | false |
SSDEEP: | 6:ZViU/Aq2PRN2nKuAl9Ombzo2jMGIFUt8WViUPwZmw+WViUrzkwORN2nKuAl9OmbX:H/AvaHAa8uFUt8Co/+Crz5JHAa8RJ |
MD5: | 943567F8BA3F40F765C4919091BD71B2 |
SHA1: | FB4EDD0DEAED8F763A21810B0D79E0FDEF863563 |
SHA-256: | F5F67791BAFB969085D61CF28AF77FE9725A1CDAFF1A1075B56A13EFAA3ACB05 |
SHA-512: | 6F173F8AD530F117FCDC8EE3000CC580C94098CD26061611D3A933091EC1545D6D6E501DB0CCB30CE2CEFBD980AE928254C3633BDC5329F8FB5F094676C6D87F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.144805153609905 |
Encrypted: | false |
SSDEEP: | 6:ZViU/Aq2PRN2nKuAl9Ombzo2jMGIFUt8WViUPwZmw+WViUrzkwORN2nKuAl9OmbX:H/AvaHAa8uFUt8Co/+Crz5JHAa8RJ |
MD5: | 943567F8BA3F40F765C4919091BD71B2 |
SHA1: | FB4EDD0DEAED8F763A21810B0D79E0FDEF863563 |
SHA-256: | F5F67791BAFB969085D61CF28AF77FE9725A1CDAFF1A1075B56A13EFAA3ACB05 |
SHA-512: | 6F173F8AD530F117FCDC8EE3000CC580C94098CD26061611D3A933091EC1545D6D6E501DB0CCB30CE2CEFBD980AE928254C3633BDC5329F8FB5F094676C6D87F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\277dd1d6-3c9f-4726-b373-68efc296bc69.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.98937591086441 |
Encrypted: | false |
SSDEEP: | 12:YHO8sqZcsBdOg2HFcaq3QYiubrP7E4T3y:YXsGdMHk3QYhbz7nby |
MD5: | 657F6C75329D3AA08F4E8DBE302C07DC |
SHA1: | 93DA91F24B1A1DC1E0F2966B3002DD2678379747 |
SHA-256: | 715CACE1F4F1E51623F56EEA0A9765BA7F349C3C9C6B168FD764ECE42F145ADF |
SHA-512: | C671BB1809256CD5C620B8D311309B0175EA8812ABAF111448C357C045C1FB6EB597D90B30F68B866467916B9E38BC478944C7BAECFF06ECB1F883E93D8789DD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8848a2dd-243e-41bc-921a-0039a5e3c480.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5dd78f.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.230966421438717 |
Encrypted: | false |
SSDEEP: | 96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xekC+eW5aY:OLT0bTIeYa51Ogu/0OZARBT8kN88hPWB |
MD5: | 90A006B22AC5301A5297E61F6329C1D2 |
SHA1: | 8DC487F49E9B7B7EA833E0F74C548572315B7E46 |
SHA-256: | CB16C3C04F6530B677638D5C9AA0CC78D768B1485AA3A4B30A5E0FD16F4D02E9 |
SHA-512: | A296353EC2351666518B5B426E1C33F5356493011F43E4878FD891835DB0F267BD6C0F601D82615CB437952070876728787A1E411D2F83D3DF985B4873AAF740 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.201991418835146 |
Encrypted: | false |
SSDEEP: | 6:ZViHvIq2PRN2nKuAl9OmbzNMxIFUt8WVinZmw+WVi8kwORN2nKuAl9OmbzNMFLJ:ovIvaHAa8jFUt8V/+q5JHAa84J |
MD5: | BA3D7D9AF94AB3DA7506045AE23872C4 |
SHA1: | 8DF995F274B280539D180BE5D2903F02B879F747 |
SHA-256: | D10CEF105CA057D35DC6A406F5B5C5AA8F1EBB57929141D26DBB9867ED811C6B |
SHA-512: | 97B7F3491AFA6CC595E0B050BF767636D30A494E72CCA03C888AC50B52BAD17E2BD963B55B6F8176DC5269E6D859AE6CC456FBA9F45A3CB6DA7E6E2CDB05D6FA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.201991418835146 |
Encrypted: | false |
SSDEEP: | 6:ZViHvIq2PRN2nKuAl9OmbzNMxIFUt8WVinZmw+WVi8kwORN2nKuAl9OmbzNMFLJ:ovIvaHAa8jFUt8V/+q5JHAa84J |
MD5: | BA3D7D9AF94AB3DA7506045AE23872C4 |
SHA1: | 8DF995F274B280539D180BE5D2903F02B879F747 |
SHA-256: | D10CEF105CA057D35DC6A406F5B5C5AA8F1EBB57929141D26DBB9867ED811C6B |
SHA-512: | 97B7F3491AFA6CC595E0B050BF767636D30A494E72CCA03C888AC50B52BAD17E2BD963B55B6F8176DC5269E6D859AE6CC456FBA9F45A3CB6DA7E6E2CDB05D6FA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240416235758Z-276.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.5815784782085038 |
Encrypted: | false |
SSDEEP: | 96:w1oZMqX8efH1MyTDMT3M4M3qAM4MtHhMM47zFiM6MMrMMx6XgMMMMM4YfI4MM1MB:3AHoAePgT |
MD5: | 64F36373DD14F2D05E45B3430EABE0DA |
SHA1: | 6B293984AE01F9253421DC20BDD718644F4DB4F9 |
SHA-256: | D1E3F20F275AA7B1BD1E31D606C2A1FDB5AB0E400BE608517039BEB408AF0565 |
SHA-512: | B1418272765CD3B554F93169A313BE584E819DD92668FA68AF9CB0281582683C8C290C5CD5739FB729C56DF8E0F9E2809FAC27C4B0DA310080DE4E3010B66C07 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | 192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2160291275063093 |
Encrypted: | false |
SSDEEP: | 24:7+tdIlqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+S:7MdeqLmFTIF3XmHjBoGGR+jMz+Lhx |
MD5: | 2DD0B6DBC3609ECD62F0D0CC160BF68D |
SHA1: | 484238314BBBAA96DC2CABF984ABBD2972C7654D |
SHA-256: | D6DD29DED7BCA7D858DDCCE4E4DABE4FEBC116E625F5F88E422443975D5BAADF |
SHA-512: | 7E9D35098A420B2BBCA98652ADE35C360755E34E76B4951E31E668A4E5103A2B7F5AD30D21E1F96A2A544EABAFF74FB3D44451046D9291CE94EF01B8805A6793 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3799279538630085 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHVfgZF5IRR4UhUR0Yc8DoAvJM3g98kUwPeUkwRe9:YvXKX12WRuUhUg8sGMbLUkee9 |
MD5: | 133E86228BB7B7CAD2CFF801FD4C9C0A |
SHA1: | 203E3D2951163862D43F00F20F155857AA341005 |
SHA-256: | 47607FE4973200CDF933215099E099AB9D11C0F022D151C18819577AC414C0AD |
SHA-512: | D3E8D8E3E6DDA1EC7DEBBB43085590A3028D79F74069B7CFDF1467E69303141AF006B1D2C15B0F23620D38D39727E70A13A6D666EBA764EB8BF20BF415E7873D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.327392463761877 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHVfgZF5IRR4UhUR0Yc8DoAvJfBoTfXpnrPeUkwRe9:YvXKX12WRuUhUg8sGWTfXcUkee9 |
MD5: | C696A63C6F32B11D2BC9EF514E3C0322 |
SHA1: | 079E502F5023CB14D13BF65353979517AF9B26FF |
SHA-256: | FEF9A1BE3ADCA773EB8906F8F7886973CC59098F94BEF0C0B2794C28819897CF |
SHA-512: | 955706ED14D841FF8A38E4F084AE710CF8E9CF002F612564317E953858167BFFD9B96421956D5ACB7787D8B83464C03B1AD595440F2A1800B0A7E464EBDCF660 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.304557817607058 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHVfgZF5IRR4UhUR0Yc8DoAvJfBD2G6UpnrPeUkwRe9:YvXKX12WRuUhUg8sGR22cUkee9 |
MD5: | 858733A8FA906F9611E47851B5FD037F |
SHA1: | 7EFF231B4F29F20167A8FDB6EED1EBA4C347FD31 |
SHA-256: | B8A170E80BEEA166420E1F841A1437E1CF31B22FFC320CAFBE771D1149CEC7B8 |
SHA-512: | 68A24C8E2787651930F554F233DF46CF63AACCC78E4C7643AD0533B74AA932452A035088DC947FC36DE342130DEED3E1E70C236F0E50A85842C56702D017301E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.368889355500349 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHVfgZF5IRR4UhUR0Yc8DoAvJfPmwrPeUkwRe9:YvXKX12WRuUhUg8sGH56Ukee9 |
MD5: | DEFBF362E16AD9EC0ED847C5DA210434 |
SHA1: | 1DB95D466AB9F9F134B37F70EB63347FE6E4D4A0 |
SHA-256: | 9880C2C4EA25C96BBE5597B3F5E026494EAE73A15A0137E682A230CC8205A092 |
SHA-512: | 70998352CFA50E2FFAEC2F531D8FAFA5C967C4813E470409F9FB8F9B0B2CD96229EFF455C6B505BD777EE839437905C88203E317BA5AE0E20AA8ADEF921BB373 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.3347834475288725 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHVfgZF5IRR4UhUR0Yc8DoAvJfJWCtMdPeUkwRe9:YvXKX12WRuUhUg8sGBS8Ukee9 |
MD5: | 89EB9CC13C01F2058E582C33CBC8417E |
SHA1: | 8B17E4319829BC0FD3023C6C9C45C1688EA23D83 |
SHA-256: | B1BD7E8CB0445931FB57DC8916CECC97E68404AE72C9773449F5A4FC7F07DB58 |
SHA-512: | 06289AA0A4AF66C277B19D0C1AB98B2F0AFF4CB3C58001926AB01CE6ABC6BE72BAF241FA5E6CAAC0FDA8BF75DBCF6423EABC8444FC02362C9B7D262D4C31F5BF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.320450183976785 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHVfgZF5IRR4UhUR0Yc8DoAvJf8dPeUkwRe9:YvXKX12WRuUhUg8sGU8Ukee9 |
MD5: | DEC37824BE1C6F401DF5C540E34749BB |
SHA1: | B9772E41E4696F2CC338C8A1977E04759B81C869 |
SHA-256: | 06FD1C3BD920ACC3346A3D40F43918AA1D2F710EC513E91BDD76B03D8BBC101E |
SHA-512: | E2E52FAC4F4FC376029D53380661D1CF406542D6F42BBEC1BA8D2D4579BE31DAE2500A5ADBDF27653868448631EE3ED98925480C86B56C84425231FAC98722E7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.323183130885091 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHVfgZF5IRR4UhUR0Yc8DoAvJfQ1rPeUkwRe9:YvXKX12WRuUhUg8sGY16Ukee9 |
MD5: | F2DA25A8B6DF229237A60BBAF65A334A |
SHA1: | 87B16A732BA87E43731280631CFA5DFEB53ABDB4 |
SHA-256: | ECAC5E62CF7FCFB9713CDC5ADDA2FE6171B1E5AA5DD0BED8DE2DA2A553E955AC |
SHA-512: | 46017307DEFEE8BE32426C0B796BBDAF74CEE39489028B8BBE222B6E13AE2CFFB8546E188C57B7B221E943152A18843CD5006AC0FA0B580CAD0A52C978B09FDF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.332890712681591 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHVfgZF5IRR4UhUR0Yc8DoAvJfFldPeUkwRe9:YvXKX12WRuUhUg8sGz8Ukee9 |
MD5: | DE0C5ED1054D7937F24E3622D4E3B7A5 |
SHA1: | FD5E3353D2856649430AFF288882C6EA92ABC84C |
SHA-256: | 83D8961AD26B74EA698CFC5CF917D611C820431154E3125411D4914D70525EF4 |
SHA-512: | B60BDF555DFC8E832865C84306F5C26BAAD0E9AF670CFC6D6B71DFF503242D4A505B08160713F2C33D5329614ECEE4FD32375453CE17A9127AF76B77C7D29AF7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.744501453333552 |
Encrypted: | false |
SSDEEP: | 24:Yv6X1TUg8UKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNa1:YvwTUUEgigrNt0wSJn+ns8cvFJO |
MD5: | D200DAA156AAF673703DE58FF3BAA4DB |
SHA1: | 4AA276B4961B87FA2D709B871E322F24962ACE3E |
SHA-256: | 16BFA370504D52F7F6D138AE09DBEB962BE0919A8F7D3701439E3606E856EB56 |
SHA-512: | 92EA97E5C1CC665C6DA88BABC693FA3025740B212552F4209BF86B9705B5B95D7802C7B5593D73724EF40660578E138B713561A1DCF495AE6914F201FEC7113E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3282178203173585 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHVfgZF5IRR4UhUR0Yc8DoAvJfYdPeUkwRe9:YvXKX12WRuUhUg8sGg8Ukee9 |
MD5: | F2717EE14567A2E464CA37037B65B142 |
SHA1: | BDF94A3036CBF0B3E1F6AA6E9F5C632BC89D700C |
SHA-256: | 43DB24011ED29CFB277D2B3A1AC2330DAF369BE7BE2FE77431B7C5F462AB1679 |
SHA-512: | B9BC185794C294A1353F8A907EF1E259303DF90E660FFCD06B3E96C78954A32E83391959F4900022D2E75752DBF4CA85287C86534AC46C0C85779FE591661EDE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.780513718701534 |
Encrypted: | false |
SSDEEP: | 24:Yv6X1TUg87rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNC1:YvwTU7HgDv3W2aYQfgB5OUupHrQ9FJy |
MD5: | 2661BFDB32BB997FF300F765C944ADFD |
SHA1: | 8BF91A0569CF0780C41060D2F3C9270177E0D175 |
SHA-256: | 971C95B2AE69A139FDF2D68DEC0B104224ADE0A67F6726C13A4B076905479D43 |
SHA-512: | C400DBC99CE12E958E00FC71D703E065F13E96E29BE0ABE3D392F305C4779CD93E2AA3374617004AE7349F41E0ABD9683701D5C8CA5060EB3B4E474314B75528 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.3115709810818235 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHVfgZF5IRR4UhUR0Yc8DoAvJfbPtdPeUkwRe9:YvXKX12WRuUhUg8sGDV8Ukee9 |
MD5: | A692F1EA9D3EF037F8A8A8BE51260D92 |
SHA1: | 0E86924E43C9FFD170AC5A93F6988F7CE440DEF7 |
SHA-256: | 5BCDD0EF8EAEEC0AE62FA9C6DF74483F0F25F3ECA2925A8C742E5647655D2A29 |
SHA-512: | D5053345FEA89F9C4CB4F0361B1CCD058ABA27314D747FB391A3702BB460EED9301C5DE38D488D736EF234781ED36EC8327509C0ACB9CD82EF3293429DC2F042 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.315028497556544 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHVfgZF5IRR4UhUR0Yc8DoAvJf21rPeUkwRe9:YvXKX12WRuUhUg8sG+16Ukee9 |
MD5: | 4B7325B5A479FC78BB82E0A006C44E34 |
SHA1: | BC96AB9C7A3D50793C6C987612B7408199B3C29D |
SHA-256: | 6D107387AE6C3C550A0503707B0F82F505CD52BF533B6AB898D4BC9B7A8B3A66 |
SHA-512: | 1B2B826CAF3330B2A356A12983B694BCAE22E1C56C7B2BB62EE98A568AA9074E7BDB5D846455F4C8529974DAAD7C0E93CC2B7A827BB76105A31E6F33AB0B297D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.334446926034559 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHVfgZF5IRR4UhUR0Yc8DoAvJfbpatdPeUkwRe9:YvXKX12WRuUhUg8sGVat8Ukee9 |
MD5: | 23E4D7D98B1B98E805FEE5B2770CCC33 |
SHA1: | D22E9F562D41871986E6068020DCEBE9A02A504E |
SHA-256: | AD8409AB98D5CFA8FE52C44525FC9316FF159361E6A0470BA5A304C675259BAA |
SHA-512: | E9FBBCB04BC2974FFD3D46D4CB7ED2537B08F3FAEF684637250B1577B0CF76C4ECD6F8AA682F33DBC3F3FBA9DC3696E7CB241FB7EE2B0E2F60FAF203160D31A5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.292757041284796 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHVfgZF5IRR4UhUR0Yc8DoAvJfshHHrPeUkwRe9:YvXKX12WRuUhUg8sGUUUkee9 |
MD5: | 7C1233615CF5FD8F8758C8D435295D66 |
SHA1: | 29E0F657F23DEB9D1192D7BAEC2FFA8393B9D39D |
SHA-256: | CB87FFFA809971790330A374DF39E288F3D9F501F673AD6CB566C40D281BC1BD |
SHA-512: | 4411EEA64CAF23761784F200D35C631C6AE254153B18AE00E5F78887B31663FFA5B2FACB25277CBC8A0DC94F367B1AF77B5534A3F6E64C6B031A4187B9BFB70D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.375889835412844 |
Encrypted: | false |
SSDEEP: | 12:YvXKX12WRuUhUg8sGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWe1:Yv6X1TUg8C168CgEXX5kcIfANhT1 |
MD5: | BED6D8F0D60AABBA5FC066C2D4F8B7BF |
SHA1: | FAEB714C20D5A35A78148B18038C2CC657F2E0A9 |
SHA-256: | 782E497589C74A5821E372C5CB38EDA1A79B6C0447ED24A1D1DF779364C65372 |
SHA-512: | 70FDF5031EC98C2D5401276F0A06B4D2A0AB631DF416669713CCA0898101B8AABAA3F258B481DD5F9C3BB414CCDCA8825C190E5C9613C7603C6FDD9A182777CA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.122750575166613 |
Encrypted: | false |
SSDEEP: | 24:YirHlF7yLaRCMlhGSJU82VKPvHGa2sayHYtkj4HI9R40PjVgivvj0SyfwbC2W7XW:YiqMlemUrKotMDVvv7KPXOpa9oZ9jR+2 |
MD5: | 744AE0CB61EEA6C0AED6E4B968B2A319 |
SHA1: | 1F08CB41F7E6F83E02AE2BEB0193DEA02A652F29 |
SHA-256: | 5DD62319AA7DD1D74B4C41CCF824EEABE69E7A3610E5BBDA495F9D694FE7FAEE |
SHA-512: | 37BB25C0AEB2A2F62048F69A9AA5C92E4A92B28DCE4CE8661B02D61A67328C7FB76C8A0556B70FB17E4103AD81E9A9E9BD4D94688AB48FC33CAF778D7848B582 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9969671513885456 |
Encrypted: | false |
SSDEEP: | 24:TLxx/XYKQvGJF7urs4cY9QRQ6QudvVX1r9X9OS9VkVXUt6:TVl2GL7ms5YEtLVlrdoS9VkVJ |
MD5: | 507995DD73452FF540C7707A61C67DB7 |
SHA1: | 8DC4ABEE2D4662B3B46B1C1EE492B78C5D350E56 |
SHA-256: | 53D12DC98A4C81589A96EC8A108444EBD524CA7DBD27B5B586017F75DC469F1C |
SHA-512: | D927A6904D498AC33DDFDDDB2CE64DFA9458072D1BD9F0C28E326E02C672AB0EBC595CCC6AE26D658D233731CB0592284874DF216493F03B5C3132957DC99D2F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3614163327737432 |
Encrypted: | false |
SSDEEP: | 24:7+tEY9QRQ6QudvVXqcL49OS9VkVX1qLWwx/XYKQvGJF7ursLY:7MEYEtLVacMoS9VkVFqll2GL7msLY |
MD5: | E1965652DD842D786D51BBBD5F4A9CF2 |
SHA1: | 6C188F8D6B84AF67A95914EE1B36609C64450944 |
SHA-256: | C810E01402D0255ADE209E5FDEDD88B1C3EEB3E461B3575E5825B3B4350B1FBA |
SHA-512: | C98738E6D2A85080F6CF3C9A61E5E2AE6A6B8C9B4E9750E024672A669E1514C4E4C76AA40DFB437C9C8B47E5BDB4577338EA5A65D53D99377F277F466D69C488 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5177502348333967 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8niQH:Qw946cPbiOxDlbYnuRKEH |
MD5: | AD2F902B4800A7E86C825D1A59C1F189 |
SHA1: | 7D3D83E29341BBEB52A7FDAA6BD985299D6832CF |
SHA-256: | 0A7886F2D1CFCD7D5B55EFEA0BC3F16417F53E65092469ECE6C57D061899EE19 |
SHA-512: | 8A96C84666B82E30768DCB8FE3BD2E1DA7F09159F72355A54C075A43869D3F1FC8704DF52F129662FA385FBE0993690DCFC80F42AD37A29CAC048A2928DA29F0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.04819771073566 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOimj3tmj38CCSyAAO:IngVMre9T0HQIDmy9g06JX93i38ClX |
MD5: | 2DF23D079FC83EAE8114D25CF4A634AC |
SHA1: | 9CA71AC208EDE2BA0257D6A45E2952C26BB86A66 |
SHA-256: | 53E65E7F4B95A55E719397CEC703A41E32E0C6EA8C7334322A5404D270F206BD |
SHA-512: | CFC8D18D4387BADB309630F2DDE5BFE72DF5B6DC89AC57E361FD70E0768C53AF1B05FA8E297BCA7023B3074E4F7C4C8E758E4E842E3A7F2E42D3C84419604E98 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.054390790876946 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOOcHxlcH9CSyAAO:IngVMre9T0HQIDmy9g06JXecHxqH9lX |
MD5: | 592075E11999BEE229874A7ED2ACA2F3 |
SHA1: | 06E46BFE89F230EA86AEA71C7B19CA2A842F7502 |
SHA-256: | C085E35FBEB7D414BE7846E7A28D55106376444969F81EB4FF41BDE32C1EB3C9 |
SHA-512: | 6BF8AFFE32FB85C215A5D71F884E3DFE93AD83287947040AD58C6A20B0137341121DD1367B509DE34A36B7E4A147375E66E7A38F828CA36FCCD7D3A34E246AEE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.059696369522269 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOykcX+nGnXhTkcX+nGn/CSyAAO:IngVMre9T0HQIDmy9g06JXCpYGxlYG/R |
MD5: | F97AA699D6F4DC9FD50FBB082C6E3343 |
SHA1: | CF39E438F2D23755C8A87AA6751463C9927DA7CB |
SHA-256: | F4A83AC8E27433EBC2018C1F42F1BEEF58BDC7150E878468E61692F80D6B0B3E |
SHA-512: | CEE709FABF299395F844BCF0EB52F78303191A4A690711A5E2D39EB2ABAA834C04F9C726281CF6AC01CD272779F8BDC1104DF582FF4287FAB47C97D86AC077C4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-17 01-57-57-386.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | 384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.372070094762051 |
Encrypted: | false |
SSDEEP: | 384:8Ww/4W1lO7NzY+gtB6HgC76epw91XP5TQF3xpXpEfC4mNXSgFM2wZ9gR7xfSF1Nx:pO |
MD5: | 81B38F74129CB9C1A084DD88060AB41D |
SHA1: | 9E57BE186D698B131D993CBDF7A3E1DDEC24430B |
SHA-256: | E0455E64A8922EE8C02D338E11CF3D4BB330CC9A85D4C72297F9E476240F3A01 |
SHA-512: | 267039101489DDB8CE2422FF42C94337878BA92AB0E6048574CDB78968A1EC9A6D8344C90D23D040351BBD1C793C7B2E6DFA775CD95956A7EBFC5288DD302368 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.42523861935409 |
Encrypted: | false |
SSDEEP: | 192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbUcb4IVbcbB:fhWlA/TViVo |
MD5: | 5020DD61018F8E21AB9E2A7F2F3C27CE |
SHA1: | 0F159C73ACB880E4D50C8939C9DD7150BE9315B0 |
SHA-256: | B95A5EC1A85DD7179C1CB8D72667FB10206D96334A8F218E585570E8724A9044 |
SHA-512: | F254CA8CA35BACF0518596FB6CEB9B38DA6A7A3B54EB812D886441BD4D421C34B51CCFBE668F0A89D08D3FCB5E8B989822DEAE01C307FFE57F0DF4F7E1444DB8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:bWNh3P6+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:C3PDegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 59EE5E2FB56A099CAA8EDFD7AF821ED6 |
SHA1: | F5DC4F876768D57B69EC894ADE0A66E813BFED92 |
SHA-256: | E100AAAA4FB2B3D78E3B6475C3B48BE189C5A39F73CFC2D22423F2CE928D3E75 |
SHA-512: | 77A45C89F6019F92576D88AE67B59F9D6D36BA6FDC020419DAB55DBD8492BA97B3DAC18278EB0210F90758B3D643EA8DCF8EC2BD1481930A59B8BB515E7440FE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xaWL07oywYIGNPUGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JaWLxywZG6GZn3mlind9i4ufFXpAXkru |
MD5: | FFA982D6F2F9B46A1DECDD28BF3EF0E1 |
SHA1: | B1D05ED9BD6A80BD0E3377E9F62B47EF83FCC0C8 |
SHA-256: | 93D954FA4BBEDCDFBC7BF14FA1BB3986056261F4A5035C3CFF229FF16D12B78B |
SHA-512: | BF2931508F2039FFF4A74EC9B2FF2706FCF05DC5D56E22CA9C74B7C4AF9E8B4173419791DE648FD77AE7C4B441734E7C70C964A2B91C816FC98C9BA78BEB7879 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m |
MD5: | 774036904FF86EB19FCE18B796528E1E |
SHA1: | 2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16 |
SHA-256: | D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD |
SHA-512: | 9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLaGZ4ZwYIGNPS:RB3mlind9i4ufFXpAXkrfUs0kWLaGZ48 |
MD5: | 1D64D25345DD73F100517644279994E6 |
SHA1: | DE807F82098D469302955DCBE1A963CD6E887737 |
SHA-256: | 0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC |
SHA-512: | C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14456 |
Entropy (8bit): | 4.2098179599164975 |
Encrypted: | false |
SSDEEP: | 192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ |
MD5: | 32FCA302C8B872738373D7CCB1E75FD4 |
SHA1: | DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1 |
SHA-256: | CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6 |
SHA-512: | 57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.795081950047265 |
TrID: |
|
File name: | W-9 Blank - March 2024 revision.pdf |
File size: | 140'815 bytes |
MD5: | 4e7f7065f6e4a526452ffacb0134bc50 |
SHA1: | 3c265a136ba7fa236cdfc7b8f8b7853ed6c63e08 |
SHA256: | 2d420cbb4123dcf1fb82595b2359cfbb5d81f00b9df9d359fcc7af361d093f53 |
SHA512: | b2024cd63a5a9e3a2245b72c36bdfea1f083373b01e7e2acc3e5f264053ba6e3030073d5966dbc1f01f99c221dea28e1c24c8b9b44e1de812faa5d565e1c1df2 |
SSDEEP: | 3072:NZ99tHvNziv76ksxL+dugQh2h7nU/SQqwCe+l/OrHKq:NJtvNis9+dHQh6HQECHv |
TLSH: | 8DD3E084570358E4D4534A60B72CB66ACAFF70E67ECC28077D8C06D64F41E93B6A86DB |
File Content Preview: | %PDF-1.7.%......1031 0 obj.<</Linearized 1/L 126744/O 1036/E 31275/N 6/T 126277/H [ 515 302]>>.endobj. ..1052 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<12253618B019F6419353B3C715534797><17D07252539C784A909EE21165D93 |
Icon Hash: | 62cc8caeb29e8ae0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 01:58:06.583720922 CEST | 49714 | 443 | 192.168.2.16 | 23.54.200.159 |
Apr 17, 2024 01:58:06.583748102 CEST | 443 | 49714 | 23.54.200.159 | 192.168.2.16 |
Apr 17, 2024 01:58:06.583895922 CEST | 49714 | 443 | 192.168.2.16 | 23.54.200.159 |
Apr 17, 2024 01:58:06.584033012 CEST | 49714 | 443 | 192.168.2.16 | 23.54.200.159 |
Apr 17, 2024 01:58:06.584048033 CEST | 443 | 49714 | 23.54.200.159 | 192.168.2.16 |
Apr 17, 2024 01:58:06.905601978 CEST | 443 | 49714 | 23.54.200.159 | 192.168.2.16 |
Apr 17, 2024 01:58:06.906270981 CEST | 49714 | 443 | 192.168.2.16 | 23.54.200.159 |
Apr 17, 2024 01:58:06.906282902 CEST | 443 | 49714 | 23.54.200.159 | 192.168.2.16 |
Apr 17, 2024 01:58:06.909843922 CEST | 443 | 49714 | 23.54.200.159 | 192.168.2.16 |
Apr 17, 2024 01:58:06.909966946 CEST | 49714 | 443 | 192.168.2.16 | 23.54.200.159 |
Apr 17, 2024 01:58:06.911760092 CEST | 49714 | 443 | 192.168.2.16 | 23.54.200.159 |
Apr 17, 2024 01:58:06.911760092 CEST | 49714 | 443 | 192.168.2.16 | 23.54.200.159 |
Apr 17, 2024 01:58:06.911931038 CEST | 443 | 49714 | 23.54.200.159 | 192.168.2.16 |
Apr 17, 2024 01:58:06.952056885 CEST | 49714 | 443 | 192.168.2.16 | 23.54.200.159 |
Apr 17, 2024 01:58:06.952064037 CEST | 443 | 49714 | 23.54.200.159 | 192.168.2.16 |
Apr 17, 2024 01:58:07.000041008 CEST | 49714 | 443 | 192.168.2.16 | 23.54.200.159 |
Apr 17, 2024 01:58:07.017849922 CEST | 443 | 49714 | 23.54.200.159 | 192.168.2.16 |
Apr 17, 2024 01:58:07.018043041 CEST | 443 | 49714 | 23.54.200.159 | 192.168.2.16 |
Apr 17, 2024 01:58:07.018121958 CEST | 49714 | 443 | 192.168.2.16 | 23.54.200.159 |
Apr 17, 2024 01:58:07.020896912 CEST | 49714 | 443 | 192.168.2.16 | 23.54.200.159 |
Apr 17, 2024 01:58:07.020910025 CEST | 443 | 49714 | 23.54.200.159 | 192.168.2.16 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49714 | 23.54.200.159 | 443 | 6340 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 23:58:06 UTC | 390 | OUT | |
2024-04-16 23:58:07 UTC | 247 | IN | |
2024-04-16 23:58:07 UTC | 120 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 01:57:49 |
Start date: | 17/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff744680000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 2 |
Start time: | 01:57:53 |
Start date: | 17/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff68f9d0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 3 |
Start time: | 01:57:54 |
Start date: | 17/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff68f9d0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |