Windows
Analysis Report
FICHE DE GAIN 2024.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 4900 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\F ICHE DE GA IN 2024.pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7192 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7372 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 80 --field -trial-han dle=1672,i ,224588385 5589128702 ,414346374 1450360039 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.123.200.169 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1427901 |
Start date and time: | 2024-04-18 10:12:48 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | FICHE DE GAIN 2024.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@14/44@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.65.92, 23.55.252.138, 18.207.85.246, 107.22.247.231, 54.144.73.197, 34.193.227.236, 104.76.210.84, 104.76.210.69, 172.64.41.3, 162.159.61.3
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.123.200.169 | Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.196251002228508 |
Encrypted: | false |
SSDEEP: | 6:sKwjq2Pwkn2nKuAl9OmbnIFUt8zKwWZmw+zKGzkwOwkn2nKuAl9OmbjLJ:DwjvYfHAahFUt8uwW/+uGz5JfHAaSJ |
MD5: | 82349CA7CFC477C6D8550C5AC88B42AB |
SHA1: | 39205DCFD8022267CE6E0DB5191857186C9C0565 |
SHA-256: | DA7AB78D65D2510FD6F88F56074D149A098914ECF83D7D0DCE38895C6D6FE0C6 |
SHA-512: | 2061400E1BE43E495B5D80042C100922CBD5D8702A7428C6EA462C0DF9623F85E85EE63FBD75562C69360D1CAC3218173A7080D338564C1A616A67FD7BDFD0C0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.196251002228508 |
Encrypted: | false |
SSDEEP: | 6:sKwjq2Pwkn2nKuAl9OmbnIFUt8zKwWZmw+zKGzkwOwkn2nKuAl9OmbjLJ:DwjvYfHAahFUt8uwW/+uGz5JfHAaSJ |
MD5: | 82349CA7CFC477C6D8550C5AC88B42AB |
SHA1: | 39205DCFD8022267CE6E0DB5191857186C9C0565 |
SHA-256: | DA7AB78D65D2510FD6F88F56074D149A098914ECF83D7D0DCE38895C6D6FE0C6 |
SHA-512: | 2061400E1BE43E495B5D80042C100922CBD5D8702A7428C6EA462C0DF9623F85E85EE63FBD75562C69360D1CAC3218173A7080D338564C1A616A67FD7BDFD0C0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.222467838951024 |
Encrypted: | false |
SSDEEP: | 6:sKaUB9q2Pwkn2nKuAl9Ombzo2jMGIFUt8zKQ5VXZmw+zKQ5VFkwOwkn2nKuAl9OU:DaSvYfHAa8uFUt8ukVX/+ukVF5JfHAaU |
MD5: | 84E33C1B7234DE04C104F70959CABD56 |
SHA1: | C509C9A2135CA2143A39EC2874CB963107C070F1 |
SHA-256: | 72A1A846AF63302EC4A9CC8D6367C3E73569F6D5C23963A11E35642863A8B571 |
SHA-512: | B24FA4E3C7F3933F0717D17FC1908142CE52D1CB17BC9EAFF9758B8857011D87F127ED98EBF97B909C6CE9D8D4FA22D23075A31ED7F0D22F86A48FB428023359 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.222467838951024 |
Encrypted: | false |
SSDEEP: | 6:sKaUB9q2Pwkn2nKuAl9Ombzo2jMGIFUt8zKQ5VXZmw+zKQ5VFkwOwkn2nKuAl9OU:DaSvYfHAa8uFUt8ukVX/+ukVF5JfHAaU |
MD5: | 84E33C1B7234DE04C104F70959CABD56 |
SHA1: | C509C9A2135CA2143A39EC2874CB963107C070F1 |
SHA-256: | 72A1A846AF63302EC4A9CC8D6367C3E73569F6D5C23963A11E35642863A8B571 |
SHA-512: | B24FA4E3C7F3933F0717D17FC1908142CE52D1CB17BC9EAFF9758B8857011D87F127ED98EBF97B909C6CE9D8D4FA22D23075A31ED7F0D22F86A48FB428023359 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.968396423364024 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZCsBdOg2Hrtcaq3QYiubInP7E4T3y:Y2sRdsEdMHA3QYhbG7nby |
MD5: | 79FD142CD8A1B42CD780BCC456FBBCEF |
SHA1: | 702BF4D241CD4769A3A4F512C7FE0895D0EC4FB8 |
SHA-256: | B3169A52F8CFB3A9EE8FA7C5325718397B623BB6DB02D8614438400E29166D1F |
SHA-512: | 449CDC2AB7B75FC809AD2DF384711A220D3CABA1CAF6ABFED37107C6991F11C292E5C868BBF61EF4E533E91281B5C7E0365C846B0D923321D2378DF8EECBB2A2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e6bac22b-e512-4d78-a913-9b4da19b78ee.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.968396423364024 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZCsBdOg2Hrtcaq3QYiubInP7E4T3y:Y2sRdsEdMHA3QYhbG7nby |
MD5: | 79FD142CD8A1B42CD780BCC456FBBCEF |
SHA1: | 702BF4D241CD4769A3A4F512C7FE0895D0EC4FB8 |
SHA-256: | B3169A52F8CFB3A9EE8FA7C5325718397B623BB6DB02D8614438400E29166D1F |
SHA-512: | 449CDC2AB7B75FC809AD2DF384711A220D3CABA1CAF6ABFED37107C6991F11C292E5C868BBF61EF4E533E91281B5C7E0365C846B0D923321D2378DF8EECBB2A2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.253987311534714 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7MZglvcjZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gow |
MD5: | BC79F19DCC577F7F9CABC259E1C2CC78 |
SHA1: | 39DA012BD9D528D192AFFAD8AC0C6AB3B863E44E |
SHA-256: | CB54F1EA86E51F301B9AC2B51147DA41A8A9EE01A23B8FFE08E5D32B1C2375AA |
SHA-512: | 5E5E3E0554386ED616A2FE7465713B13F6678B0F27BBD3C192BEF5D614B16CBF70045621209827F7765085601BA0BE55DEBDFD08A8EC56AF653A9B860581D15D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.106585080414353 |
Encrypted: | false |
SSDEEP: | 6:slLa9q2Pwkn2nKuAl9OmbzNMxIFUt8zlL/Zmw+zlLx2FkwOwkn2nKuAl9OmbzNMT:GIvYfHAa8jFUt8t//+tg5JfHAa84J |
MD5: | CF6FC19A31D4E826B47C531C88D01883 |
SHA1: | 782FC1BB406AF12887E8A16D4238435CF87238CF |
SHA-256: | 480A47E174284E4B8C09277443860F5A1801FC122885A2B33D5FED716FB08A68 |
SHA-512: | 69F51D5E987CAA7E5FAE27F1AE40C9C232B93E4C14DDA8BC89F159D271F1430C7D8055C5BF791853B3BBAD7C352EDFA3487B688AAC755A5D9C8AB582CD6FACC0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.106585080414353 |
Encrypted: | false |
SSDEEP: | 6:slLa9q2Pwkn2nKuAl9OmbzNMxIFUt8zlL/Zmw+zlLx2FkwOwkn2nKuAl9OmbzNMT:GIvYfHAa8jFUt8t//+tg5JfHAa84J |
MD5: | CF6FC19A31D4E826B47C531C88D01883 |
SHA1: | 782FC1BB406AF12887E8A16D4238435CF87238CF |
SHA-256: | 480A47E174284E4B8C09277443860F5A1801FC122885A2B33D5FED716FB08A68 |
SHA-512: | 69F51D5E987CAA7E5FAE27F1AE40C9C232B93E4C14DDA8BC89F159D271F1430C7D8055C5BF791853B3BBAD7C352EDFA3487B688AAC755A5D9C8AB582CD6FACC0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240418081343Z-163.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 3.581216414367434 |
Encrypted: | false |
SSDEEP: | 768:wUpwvrwSrsEyQe9933XEXK5ucmIoIXN7S4M1:6PXK5ucmIof1 |
MD5: | 7046622CA00F2C45E5CFADE689354E8C |
SHA1: | A17E912B39A2FD0B0C6B20BA84765A230384EC11 |
SHA-256: | BE1D0EF88A60FBA55830726ADAD04B9DF8464BC7E45B44644E45853FBCD3AAF8 |
SHA-512: | 568089C70007F6BC10CFC73C14ACD449D027D08947F562458FE7F7501953298CE63483334F9EC3575F218B073629E2DB20EA77F9ECE615CB9C483B2C4A7A2115 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445096566435648 |
Encrypted: | false |
SSDEEP: | 384:yezci5tciBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:r7s3OazzU89UTTgUL |
MD5: | DB4ADC6235CE6095EFBC350C0D8BCDF1 |
SHA1: | AB242C90E5335D31E0A3D2DF9B721C7E74121E6D |
SHA-256: | 3E057667E45C28F4152A5C9FBC75914650D6C3F44E493C2949D6CFBCC4D3B50F |
SHA-512: | EC21673BF3C27F7B4FEB308141811B7FA60BB05C699141BE80C67B5006247FCB83888824220FDEE2CA746641855F4C620C8598034B467AFF4ABBF680D4C3E469 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.774015332645779 |
Encrypted: | false |
SSDEEP: | 48:7Mtp/E2ioyVwioy9oWoy1Cwoy1oKOioy1noy1AYoy1Wioy1hioybioyCoy1noy1m:7CpjuwFLXKQr9b9IVXEBodRBkQ |
MD5: | 800169F7CAA1CA1B44128066AF798A27 |
SHA1: | 3A61C87D28E10E6F900391E37386A0B21E6D8424 |
SHA-256: | FB9D7224A3D3BFFDE44E61D386FE8D47B819BA9DD576FE15D29C42B75215D490 |
SHA-512: | C8C1677080721042A4095C2CE8C71E1803A8D9E08154AD7F9C5F8CDA141C4FB180FC25855E3CAC23FE2E41150AB1933E6232D54D615E904A4A2A41B267773391 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.362394838091672 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDUhjzqIR5Z9VoZcg1vRcR0YsjoAvJM3g98kUwPeUkwRe9:YvXKXIjzqI3ZEZc0vcGMbLUkee9 |
MD5: | 57D6F3C0DE75700BF1EFDFD1F00A4582 |
SHA1: | 3BCF5E56A2AAC596FEEC6A6DAC2B65A3D3E3DC2D |
SHA-256: | DDEF8BF63DEB2F573F1AF1D6689F70B1694F0204E021883BC418858047EBFC5F |
SHA-512: | 2DE820B097D59FCE1217C31E2D36DAC95885750AB5160506F69607CC1A8BBAE25271484D4D94890A741AC4B4ADB0C7DEB84D60EDE5099147B6160F1228D57A46 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.312038615218272 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDUhjzqIR5Z9VoZcg1vRcR0YsjoAvJfBoTfXpnrPeUkwRe9:YvXKXIjzqI3ZEZc0vcGWTfXcUkee9 |
MD5: | 3052F35BC5AF5DE00FC779ACBCA45527 |
SHA1: | CFC4E2A1F4001C805C0C6C5A3ED971668465884A |
SHA-256: | 149477E29ADA762013363C27AB972D16F56874E430654EA1AECEFE5A0AC7E63F |
SHA-512: | 0F508748F4D442612102A49C1773E98FD7DBBD80AE8FCB4D4F3A08DD55009843D18EF5CE16CB108EAC67B2A43BC4D8ADC90A3104CA727529F279662CDE444C7D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.290298110576079 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDUhjzqIR5Z9VoZcg1vRcR0YsjoAvJfBD2G6UpnrPeUkwRe9:YvXKXIjzqI3ZEZc0vcGR22cUkee9 |
MD5: | 258C8432117B137B52DAB970F1C8C248 |
SHA1: | 52745050F7E16A82BB1F77D8A752A6C8B844A92C |
SHA-256: | 3204D6A66F105012DB01D50A2CC65AEEA31F4975874E738BBC4764E66CA1C3B1 |
SHA-512: | 66D7D4728DD7BE2541710D9433306E7D48A2D84964D43C41D717140F82EDF9841910C8E7FEADD0A34FB636588AE5E0E6C626800FF00803B5FDF388CCAD9B6F04 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.349371360138567 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDUhjzqIR5Z9VoZcg1vRcR0YsjoAvJfPmwrPeUkwRe9:YvXKXIjzqI3ZEZc0vcGH56Ukee9 |
MD5: | E8B11758725D0DF98B4C0D407C8E2D65 |
SHA1: | 15DDFCD90BCF9946971FD2ECCE786623A76F4CC4 |
SHA-256: | 49479F2E8CAD6780E9ED7BC5282B342290FBD531E8F47FD1ED2341789584C8FB |
SHA-512: | C71416EAC845350BA1D2D33FD87D4204B50679B815C33079687E0D95D56D70BA407973037987D1CB2153A302B8AE5EA7C4DD0DCD45E6F368388636E39E6E5FEC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.307952198928605 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDUhjzqIR5Z9VoZcg1vRcR0YsjoAvJfJWCtMdPeUkwRe9:YvXKXIjzqI3ZEZc0vcGBS8Ukee9 |
MD5: | B7CB2D22235DDDCE1F2CEE0BBD55DD19 |
SHA1: | 393AD8ACE0F1931A87C69FABA698D5ADE3E9CDF6 |
SHA-256: | 83E9D2833FC71FDA429C60FCD62D935D42028D4D9DD99A4F9EFFECEEB8318A8A |
SHA-512: | F38847AFFAA61DA581809CDE6E0064851398C40D07F9ABC1CFB93D3FFECDFBC559AC37D16A991BCE161F508B4C55EE979A9C7E70136737DDD4A5B6A8AE03694B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.294523547697024 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDUhjzqIR5Z9VoZcg1vRcR0YsjoAvJf8dPeUkwRe9:YvXKXIjzqI3ZEZc0vcGU8Ukee9 |
MD5: | 1E5B8337AEAB07A276A98E1AF81125BE |
SHA1: | 540CE19BDC5A61B4437EF04E34499D4B2FBAD367 |
SHA-256: | F554B685FBF6462AC30E8A2B4AA349A54BD28F8A51EE577B37652FFACDA91989 |
SHA-512: | 8257B618ED86676BC8CD63EBC87485FE1B5E20AB2D6343E74038AAE40619975F157339D2929FBD246A3B3DA36C5797716B5EED5309A6B1425A1EB973947B30BB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.299062047033033 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDUhjzqIR5Z9VoZcg1vRcR0YsjoAvJfQ1rPeUkwRe9:YvXKXIjzqI3ZEZc0vcGY16Ukee9 |
MD5: | 2109F9198C1C1E9D6781C3711B38B70E |
SHA1: | 3FF8F9F19E1C8208316BF874F721CDE9321C9723 |
SHA-256: | 9EF9C3F17CAF4FA90AEB57DABB8C00A8F34E782AD075A416E40BD9D19A533B10 |
SHA-512: | B2B5CF80453FAAC29E0160BFC9AF691634E09077E3D30F44F4B50C75A7744C63D7A8F50ECE0C24DDFC809A8979FB5BDF72AE667551ABB3E048452A9AE16A320F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.302990732376627 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDUhjzqIR5Z9VoZcg1vRcR0YsjoAvJfFldPeUkwRe9:YvXKXIjzqI3ZEZc0vcGz8Ukee9 |
MD5: | 32E0B18F75A8A3FECDE581571C525B36 |
SHA1: | F159589BF789E6492052C68F9842D59811016981 |
SHA-256: | 22E44F0F7B74AF62F7809C263C3E181167F430AC7BCEC6C95C8C2CE20E6D931A |
SHA-512: | 79B1EF7962A5CAAA30A2B6E9DE8C0CFC37B6C5169ECA61DDA42025F322D7A2E37AA3F88DD5C1C5D089D3C62FBC1D34F25B35E5837773A42E44B7CC1C170C0B0A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.738930656601431 |
Encrypted: | false |
SSDEEP: | 24:Yv6XEBEzvEKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN9:YvYsEgigrNt0wSJn+ns8cvFJ/ |
MD5: | 794C447E820939CE1AA7269DA89B67DE |
SHA1: | 55BD2214C426AE30E0FC4EC35786CE489016AA33 |
SHA-256: | 8A0EE4A2FE64BF05B50F342B6F8DE8722E545F3E3E0312AADD506EE093267778 |
SHA-512: | 33CD6C40E55624BAD35BAAF2C9834461D7C3D098C4BE5D727315FB5A869D4713ED0738B49BAC301FBB5910AC218F20D980A559EE9188FB49F4FC3A36FB109DE8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.301108046645115 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDUhjzqIR5Z9VoZcg1vRcR0YsjoAvJfYdPeUkwRe9:YvXKXIjzqI3ZEZc0vcGg8Ukee9 |
MD5: | 12564171DBBC823555259D0315C1E267 |
SHA1: | 470299E3369D3D0E7C8B0C6E47E729E8A2FA3B9D |
SHA-256: | 7AAF6BE0552E8488C493A13C7AFB75363870594A3A0871E66A92B0872D2F2663 |
SHA-512: | 2F412D27498D2021F184AFCF9F8CB889F66E94214404CA9E886CCD2522456A4E23BA62F407D847DBF3CD9E3736721E2E97E3A6BF862621706E24742A2D10B860 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.777893444228802 |
Encrypted: | false |
SSDEEP: | 24:Yv6XEBEzvrrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN1:YvYjHgDv3W2aYQfgB5OUupHrQ9FJ7 |
MD5: | A7D31FAB7E07E0D582A56EAE06F80DFC |
SHA1: | F7306D8A6D713CB11B7C31154930CA80C1DE0C48 |
SHA-256: | DC2E5CB30A9A316973F7E7B1EB5044FB99753A0C950FD5B9CF20B825682AD5A1 |
SHA-512: | A8F909D2A35D959C8BD194C7216B280C20B1DAAEF13A815AEA6ED1800F6EA1A987B050C64FC567EC00BDD1A2E3699EDE4A29931113EDFE3CA89FD23BD7FA3467 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.284647528878118 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDUhjzqIR5Z9VoZcg1vRcR0YsjoAvJfbPtdPeUkwRe9:YvXKXIjzqI3ZEZc0vcGDV8Ukee9 |
MD5: | 44CB77CB1128850E0635DC5963C79011 |
SHA1: | 2573A49EA58F52BC177830C1AD297F4C5CE6ABBA |
SHA-256: | 58CCD3050192AC5A5C1B930CD602FFCF1F8A4CB039BD6E3B00441B84C7E38E19 |
SHA-512: | 9D12194EC1B5F8FE80FBA402EDD7F8011BA523FAC83CF09510AE289EA36A72BC4EFBE820F5E4DD49ADC01D701C39D5442F1C1E946F4D099A348020DD1F9C14B9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.289610184121545 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDUhjzqIR5Z9VoZcg1vRcR0YsjoAvJf21rPeUkwRe9:YvXKXIjzqI3ZEZc0vcG+16Ukee9 |
MD5: | 02C75DD67F24940F9DCEDB2E5C642AF6 |
SHA1: | 1D0F0B6872E73B0C0E7ED8E78BD13F13AD63ADC7 |
SHA-256: | BF4A82AC121938FB9198AA234032F00C7CE3E538A09D78867186F35A6A6C8616 |
SHA-512: | 23BEF02D8EA3BE4C76310CA51700B24DF5A53B01DC2715F08EA2BAE7807EA177575F8267FE6E5A48871604B3718AB91F4B678D26C2B8111E9879626DAC3FFEA2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3076493573290415 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDUhjzqIR5Z9VoZcg1vRcR0YsjoAvJfbpatdPeUkwRe9:YvXKXIjzqI3ZEZc0vcGVat8Ukee9 |
MD5: | D5308AEEED6DAD918000F6A42B5CB08C |
SHA1: | DE89B7DA2957FB7B5EA30AC9175CAAA4B21C2729 |
SHA-256: | E98D1FDCCFE757E732D25A7BBD7711FEDBBB60F9FDD8995D803591394641DD39 |
SHA-512: | 42B7A3AC8AF75E6FBC0F30B721F5B470A3CAF60A4B1FDE3FBC57CA111E9E32787F4647C74018801855D0DDEF7F647EFF52279E097CFED67D7D0ACAA28349BE5E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.263817998167544 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDUhjzqIR5Z9VoZcg1vRcR0YsjoAvJfshHHrPeUkwRe9:YvXKXIjzqI3ZEZc0vcGUUUkee9 |
MD5: | AC5BF037A8158580BD0F2BE8B8B073E1 |
SHA1: | 5F58EA8CDC19EEACE36D84836524E4EB8AD29200 |
SHA-256: | 5C6FFAAF392D1CB2FDDC043B3BE19313A4A849171A479B7E00363117016528B1 |
SHA-512: | 9E846D2BF674E7AB43E377C902CA862D8C228AA22035E2DFD710F7E7C0D2D92765677E84E356BA7DB02EFA894A8D8E5D8859901B06CEFC703AC1602CF557CF77 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.366196954619168 |
Encrypted: | false |
SSDEEP: | 12:YvXKXIjzqI3ZEZc0vcGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWZ:Yv6XEBEzvy168CgEXX5kcIfANho |
MD5: | 821D4C2B3FBD601990EF2ADF10788C1C |
SHA1: | 9462B43924160AAB864804EF77437EC70B11032F |
SHA-256: | 49D895D37457FA68372AF2B39D062D7BD41DE99274E27D757D41EE37C2410C23 |
SHA-512: | 96244CDE9CC710BE4ED5585410DECDACF614286CFA9C8FAF64E66589C28928977F9204AFA961B83174B351BA3C751A6C29393603DDD51F8A5B08C1CFABB240E3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.128920383276001 |
Encrypted: | false |
SSDEEP: | 48:Y8m3VpaZcdUSxFq8unObZXD+oT+abZ+B4cMMjHR9U5Q:DexzFJT+uB45dHvF |
MD5: | E8FA17D60F671029002752A174876D19 |
SHA1: | 7FDC8F7F957A24CDD28FE5604FCD957DF488BBF6 |
SHA-256: | 859112E2431DD309FBA63E2D7B90AA35229B4E559FD3F21559468C2CC9F35B0A |
SHA-512: | 9D086FF61A0918FBA3B5FA892E7F505B54772BE8B3A1FB49D53C32D74587A26F5016E704B8DB41DB3609B4C6310D30954C28812AFD5CE31CDCF1AD59226CFC09 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1863677753820252 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUMzSvR9H9vxFGiDIAEkGVvpAr:lNVmswUUUUUUUUMz+FGSItMr |
MD5: | A0E66063FE0FDB3DA9E48B80E78CC8E5 |
SHA1: | 163E7E10058394B8B5CF81E2F6F5004DC37E5F12 |
SHA-256: | FFF017BCC40679771AFAAEF6F03D0D351DF66B1D695A45B364687912F231445E |
SHA-512: | 50599F629CD0F40BE7BCCD82599DC0E2E704CA1766DA8B673299E3B387CD558E6674B256DCD831ED3CEBF2D88A9281F3E5C6EFF03ABB9500541263D9350AA640 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6069153652321457 |
Encrypted: | false |
SSDEEP: | 48:7M8KUUUUUUUUUUM3vR9H9vxFGiDIAEkGVvsqFl2GL7msa:7wUUUUUUUUUUMPFGSIt+KVmsa |
MD5: | 1409BCD702CDB38516C2777985B8B421 |
SHA1: | F308089A19C303BB1D67547B3C7A40FCF597739E |
SHA-256: | AA006F79D62A48566B4C11A0464D06CA6681E69F04A20DF3B675EEC97D6D29FA |
SHA-512: | 725EC35DDB19A932DFE9D7DD45EF75F54B6B626A5C532A298960C2E7260709CBAB508045D6A6842A781A23442FCFBC9662B250157BEB4CA6467C8C6D02458D74 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.518261198325562 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKkadN0:Qw946cPbiOxDlbYnuRKSO |
MD5: | A3C14026DF4562E07557D67D0F383045 |
SHA1: | BF2F0BD0E3CEDDABA850EE72B9379A7DA546A2B3 |
SHA-256: | 3A11733727B399B3358214B7CC482C18816E67D0056AA11A110F1F6EC3998D9F |
SHA-512: | 855A9804AC73E4D832B7A3F065D8810106551E83FBE6F3797DF33ECA3B16C3121A5BF9B37565A003C93C004F329077400326AC058B1BA41C840117663749265C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.05100661932404 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOFzTaheXezTaheqbyLCSyAAO:IngVMre9T0HQIDmy9g06JX0eX9eqmlX |
MD5: | 6ABF384C53C330C9E31247C2EA67476E |
SHA1: | 1DF7D850EE546BC85C86673E15692CA77EC67BDC |
SHA-256: | 77E58A44810D574DF240A4FC766C277C62CCF368FA1024305E1F74EF4F4C59FA |
SHA-512: | 8414F329988E25D342D48B61E5D6634AEF2E7C6B57151165C28B869D0F6AFFC6537B54812ED0870C1DD2AF61A52E55D8C9F45EFAEB86A0CA020655F9964E7308 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-18 10-13-41-697.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.333389848606344 |
Encrypted: | false |
SSDEEP: | 384:cqL9h9c959n9e939G9ti9o9x9rwuw4wvu7c0c4c+cSDBDND4DPDDlkKkukckCLb2:Q6k+/at |
MD5: | 5F8C176A7F024D1BB1912A37C1F0BF4B |
SHA1: | B620BD58F6DE979F9A74EC9856B98639BEA32A61 |
SHA-256: | DCB4D3926A6792F2F1B45BEB196C061BDF534C7720124BDB2BAB8B2A30353C35 |
SHA-512: | 15405CA718702784F88DF600CC80A440FB09FDC042635FCE74799C7F3185F2A386037757C249D43795E9DF90D25E30BDB5B5C5B564D57464CDD8A37BA370C6AF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.386441418872017 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rF:p |
MD5: | E9CAE47F5B8594ED1CED7A81A1C76CCB |
SHA1: | CB5AFE8A76255EADEF28A0E664A6680E8F873050 |
SHA-256: | 1698BABD6A2A524CBE603D60FB6134D47989BFAF6E0D8A64D21FAFFDCDA8D053 |
SHA-512: | 03BEB01D6281926A2288769F9E2A617CBD6C9BB519FF4B984A74115BEBDC2770D1BE88D7136E589ED98D3F56F17C04D584029BCE87DCD2C22772EFDFA69B07D1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.967833919348704 |
TrID: |
|
File name: | FICHE DE GAIN 2024.pdf |
File size: | 177'255 bytes |
MD5: | 9b71bdfa35a3a3e158eba22b8a3b9c79 |
SHA1: | c4e0a964d16872b36ee0d7f7e3097c0c14541b30 |
SHA256: | 744b12b2d5b62e78fdadae33e9da2a635c96e10b3898af252f3fcc66eab5adf0 |
SHA512: | 3ccf292823bac8e4a22fbad17f7a5c1517267fb346babd84d913cd4da24cdc5fd8f75f9734de15a0dd13fd0b4445d8cd7d4ddbfa2f2124a148c9fa4fb6e1c4fd |
SSDEEP: | 3072:mREIOjUxENHD37THsKCxDWRvEmOJk3JwNklFbLNJt6XtA36nkjijBN56Z0c0Bb:mo/HJCxYvWJk5wOnb5Jt+CKkj6BNTV |
TLSH: | D9040202A644D1CCE2201AE17F2A3467DB4D71B779C494B03C7E9A97C6A0F76DD0BA87 |
File Content Preview: | %PDF-1.7..%......1 0 obj..<</Type/Page/Resources<</XObject<</Image4 2 0 R/Image7 3 0 R/Image9 4 0 R/Image26 5 0 R/Image27 6 0 R/Image30 7 0 R/Image32 8 0 R>>/ExtGState<</GS5 9 0 R/GS13 10 0 R>>/Font<</F1 11 0 R/F2 12 0 R/F3 13 0 R/F4 14 0 R/F5 15 0 R>>/Pr |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.967834 |
Total Bytes: | 177255 |
Stream Entropy: | 7.989411 |
Stream Bytes: | 167232 |
Entropy outside Streams: | 5.155598 |
Bytes outside Streams: | 10023 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 50 |
endobj | 50 |
stream | 17 |
endstream | 17 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
8 | 3ca4c6c5a666ec2c | 087cc04aee95213b718567c0c3729413 | |
38 | 3cb4caca92a2ec04 | ff3648becfd4ea7d24c7e8792f10cd38 | |
7 | 0e9293e39392920e | bb2fddc86c5e83a9cdab0334c4b21103 | |
39 | 0e9292e79392920e | 839fd04f200f54bbed8eddd9fe3a155e | |
6 | 6261616161696901 | 56b10b76ca827e7250439c68b3444c4e |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 18, 2024 10:13:52.005047083 CEST | 49751 | 443 | 192.168.2.4 | 104.123.200.169 |
Apr 18, 2024 10:13:52.005078077 CEST | 443 | 49751 | 104.123.200.169 | 192.168.2.4 |
Apr 18, 2024 10:13:52.005409956 CEST | 49751 | 443 | 192.168.2.4 | 104.123.200.169 |
Apr 18, 2024 10:13:52.005676031 CEST | 49751 | 443 | 192.168.2.4 | 104.123.200.169 |
Apr 18, 2024 10:13:52.005688906 CEST | 443 | 49751 | 104.123.200.169 | 192.168.2.4 |
Apr 18, 2024 10:13:52.327172995 CEST | 443 | 49751 | 104.123.200.169 | 192.168.2.4 |
Apr 18, 2024 10:13:52.328005075 CEST | 49751 | 443 | 192.168.2.4 | 104.123.200.169 |
Apr 18, 2024 10:13:52.328036070 CEST | 443 | 49751 | 104.123.200.169 | 192.168.2.4 |
Apr 18, 2024 10:13:52.331614017 CEST | 443 | 49751 | 104.123.200.169 | 192.168.2.4 |
Apr 18, 2024 10:13:52.332123041 CEST | 49751 | 443 | 192.168.2.4 | 104.123.200.169 |
Apr 18, 2024 10:13:52.333765030 CEST | 49751 | 443 | 192.168.2.4 | 104.123.200.169 |
Apr 18, 2024 10:13:52.333765984 CEST | 49751 | 443 | 192.168.2.4 | 104.123.200.169 |
Apr 18, 2024 10:13:52.333784103 CEST | 443 | 49751 | 104.123.200.169 | 192.168.2.4 |
Apr 18, 2024 10:13:52.333848953 CEST | 443 | 49751 | 104.123.200.169 | 192.168.2.4 |
Apr 18, 2024 10:13:52.381752014 CEST | 49751 | 443 | 192.168.2.4 | 104.123.200.169 |
Apr 18, 2024 10:13:52.381776094 CEST | 443 | 49751 | 104.123.200.169 | 192.168.2.4 |
Apr 18, 2024 10:13:52.428899050 CEST | 49751 | 443 | 192.168.2.4 | 104.123.200.169 |
Apr 18, 2024 10:13:52.440726995 CEST | 443 | 49751 | 104.123.200.169 | 192.168.2.4 |
Apr 18, 2024 10:13:52.440826893 CEST | 443 | 49751 | 104.123.200.169 | 192.168.2.4 |
Apr 18, 2024 10:13:52.441323996 CEST | 49751 | 443 | 192.168.2.4 | 104.123.200.169 |
Apr 18, 2024 10:13:52.441796064 CEST | 49751 | 443 | 192.168.2.4 | 104.123.200.169 |
Apr 18, 2024 10:13:52.441807032 CEST | 443 | 49751 | 104.123.200.169 | 192.168.2.4 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49751 | 104.123.200.169 | 443 | 7372 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-18 08:13:52 UTC | 475 | OUT | |
2024-04-18 08:13:52 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:13:38 |
Start date: | 18/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 10:13:39 |
Start date: | 18/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 10:13:39 |
Start date: | 18/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |