Windows
Analysis Report
ITK2024000000345.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6528 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\I TK20240000 00345.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2412 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 3180 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 00 --field -trial-han dle=1532,i ,707845821 0153690288 ,152581290 1682344062 2,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.46.201.17 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428676 |
Start date and time: | 2024-04-19 11:38:17 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 7s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | ITK2024000000345.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/41@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.27.136.185, 34.193.227.236, 107.22.247.231, 54.144.73.197, 18.207.85.246, 172.64.41.3, 162.159.61.3, 104.76.210.69, 104.76.210.84
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.46.201.17 | Get hash | malicious | RHADAMANTHYS | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | Amadey, PureLog Stealer, RedLine, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Dynamer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.157110555750484 |
Encrypted: | false |
SSDEEP: | 6:Xk7bq2P92nKuAl9OmbnIFUt8Yk7+Zmw+YkIQkwO92nKuAl9OmbjLJ:X+bv4HAahFUt8Y++/+YnQ5LHAaSJ |
MD5: | 48B0AE319FCF7FCB3CA41F7BF1846CF1 |
SHA1: | E05EAAFEF42DF77427A56BE7BC8DB02EDD52A13E |
SHA-256: | 7F789504D0CAE18E84C41ABF60FF1314240D4FD34C9AB561032785F9002766E6 |
SHA-512: | 63AD2552BB8EA328EBDE29F7B00ABB2D5DEC09AA4C325165D3622DCE792B8D11A3E7BEA8CD1248603939FF5C058EBE57FFE1A12E17C586F6D1F8EE7EE5203596 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.157110555750484 |
Encrypted: | false |
SSDEEP: | 6:Xk7bq2P92nKuAl9OmbnIFUt8Yk7+Zmw+YkIQkwO92nKuAl9OmbjLJ:X+bv4HAahFUt8Y++/+YnQ5LHAaSJ |
MD5: | 48B0AE319FCF7FCB3CA41F7BF1846CF1 |
SHA1: | E05EAAFEF42DF77427A56BE7BC8DB02EDD52A13E |
SHA-256: | 7F789504D0CAE18E84C41ABF60FF1314240D4FD34C9AB561032785F9002766E6 |
SHA-512: | 63AD2552BB8EA328EBDE29F7B00ABB2D5DEC09AA4C325165D3622DCE792B8D11A3E7BEA8CD1248603939FF5C058EBE57FFE1A12E17C586F6D1F8EE7EE5203596 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.189277227575268 |
Encrypted: | false |
SSDEEP: | 6:XkmoWt+q2P92nKuAl9Ombzo2jMGIFUt8YkcJZmw+YkXVkwO92nKuAl9Ombzo2jM4:XHoWov4HAa8uFUt8YT/+Ym5LHAa8RJ |
MD5: | 46666B893C837C41BA7BE01FF0B5B670 |
SHA1: | C89CEDC9EE0579646379BE3CC6E2BA1168B3F863 |
SHA-256: | C2E704F30E8077CC2F22EB0C9E7BC085E5B6DA319E73259E0CD4BDD3F82EB5AF |
SHA-512: | C11D5D4E53242473529850E2E3397EC27116249F8DA015A98520FAD41F8DD835F206BA4E78141B7A70D98C7CE27F6BA34F2BBFF114E7AA6433F8A3E1C31E26E7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.189277227575268 |
Encrypted: | false |
SSDEEP: | 6:XkmoWt+q2P92nKuAl9Ombzo2jMGIFUt8YkcJZmw+YkXVkwO92nKuAl9Ombzo2jM4:XHoWov4HAa8uFUt8YT/+Ym5LHAa8RJ |
MD5: | 46666B893C837C41BA7BE01FF0B5B670 |
SHA1: | C89CEDC9EE0579646379BE3CC6E2BA1168B3F863 |
SHA-256: | C2E704F30E8077CC2F22EB0C9E7BC085E5B6DA319E73259E0CD4BDD3F82EB5AF |
SHA-512: | C11D5D4E53242473529850E2E3397EC27116249F8DA015A98520FAD41F8DD835F206BA4E78141B7A70D98C7CE27F6BA34F2BBFF114E7AA6433F8A3E1C31E26E7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.061602859316414 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZwsBdOg2H6caq3QYiubxnP7E4T3OF+:Y2sRdsadMH13QYhbxP7nbI+ |
MD5: | 69326FE4E19720577E221374D9117637 |
SHA1: | AEFBCE513088184369ECF579BB18386E572B6A06 |
SHA-256: | 8AD56D6943EA99406842C858B52366E022DD434898A66EDF4451C447A84E6AB6 |
SHA-512: | EF803367A5349F1A0E6B740FD96C1070A20C4359CB5F7790DD344D6B774DB11A5FD522B8ADEFA95162E347430E3FF12F988AA3BE54D80E008D5B9B1E551B9010 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\eee2af71-54a0-47a0-b71a-7721a4132225.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.061602859316414 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZwsBdOg2H6caq3QYiubxnP7E4T3OF+:Y2sRdsadMH13QYhbxP7nbI+ |
MD5: | 69326FE4E19720577E221374D9117637 |
SHA1: | AEFBCE513088184369ECF579BB18386E572B6A06 |
SHA-256: | 8AD56D6943EA99406842C858B52366E022DD434898A66EDF4451C447A84E6AB6 |
SHA-512: | EF803367A5349F1A0E6B740FD96C1070A20C4359CB5F7790DD344D6B774DB11A5FD522B8ADEFA95162E347430E3FF12F988AA3BE54D80E008D5B9B1E551B9010 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.233721987878106 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUqtEKPZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL/ |
MD5: | B86BF6D7C0B4833037A72ABD088E178B |
SHA1: | ECD894C4B7E4C06B10E58DA53487D7F7F1B27537 |
SHA-256: | 27F65D8F34DA351CE4DDBF78DFC4A1E4B3745B6B4D64FCC26C6F5068873ED28D |
SHA-512: | E41DD7AE160CAE099CDB9A6C90BBC2A81B919B16A3F3608AFF5529BB154397CAE7D670FD5BBDB842DF06631A787D539025EBBDAEF547CEF57E2D6BD4435F5849 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.20041450541603 |
Encrypted: | false |
SSDEEP: | 6:XkhN+q2P92nKuAl9OmbzNMxIFUt8YkyZmw+Yk2aF39VkwO92nKuAl9OmbzNMFLJ:XCIv4HAa8jFUt8Yf/+YSF5LHAa84J |
MD5: | 2E4FD0D0085362D5F3A6692952E8841D |
SHA1: | 8A431AD7F61A8A907AA0BD02CDA9EE97204FD967 |
SHA-256: | 883CDD546B97C1139ADBA216F6A8DDB5624BFA05F5744282AE90AAEBF64CF3C1 |
SHA-512: | 4B7A81E227E43F19B1710AD40028078501A8A93254BD1F59D173F83E1AAEC9904D9DC2B70D0EB59FE46454323D5097CEDF5437C4C071FC0F9EC3107BC9614CDE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.20041450541603 |
Encrypted: | false |
SSDEEP: | 6:XkhN+q2P92nKuAl9OmbzNMxIFUt8YkyZmw+Yk2aF39VkwO92nKuAl9OmbzNMFLJ:XCIv4HAa8jFUt8Yf/+YSF5LHAa84J |
MD5: | 2E4FD0D0085362D5F3A6692952E8841D |
SHA1: | 8A431AD7F61A8A907AA0BD02CDA9EE97204FD967 |
SHA-256: | 883CDD546B97C1139ADBA216F6A8DDB5624BFA05F5744282AE90AAEBF64CF3C1 |
SHA-512: | 4B7A81E227E43F19B1710AD40028078501A8A93254BD1F59D173F83E1AAEC9904D9DC2B70D0EB59FE46454323D5097CEDF5437C4C071FC0F9EC3107BC9614CDE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240419093912Z-152.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.7576276412481457 |
Encrypted: | false |
SSDEEP: | 384:PSGnQjJ26DLKpXTNImESlEWhO+/uyBg7mL2+XBqsW7MzunW:uFKFZItsbHJLbxjWYiW |
MD5: | 675CB45FF0483F9C55F0F325F2C589CA |
SHA1: | E69AD331E8F6CC444AC81167C2C9BF05EC565382 |
SHA-256: | 62C515F3CF488FC3F2B1313EBB865D10721F7DEF64D721192BAD38D5AFA69E2D |
SHA-512: | 56704CFC4FCAF9FFA323A8B9FF89531B2804CCF4FA0CC83D7694744674D9AEC10263CB3DE7BD5056DB9DA3FED73DB5C31F8D755034111A499DED606851EDACAA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3393701170143055 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtQhk7+FIbRI6XVW7+0YYqoAvJM3g98kUwPeUkwRe9:YvXKXtQhzYpW7lGMbLUkee9 |
MD5: | D3D5F188DE9240BA716310F9BE981DB3 |
SHA1: | 49217ECBAA082BFE413F7A0ECA13443CA854CB28 |
SHA-256: | 8E4E8199B4C285756E0BAF0C8DF74DE419D1BA092F02FEDB49407EEB1F8359D8 |
SHA-512: | 89CF47B143CE2ED80F42B63D9EE978E41D3CD83A89162929709EC341A94B20B7418434C1329956AB0A38534DFB7095ADACF80E070E5811E5F389E15DED13E611 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.277336984797903 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtQhk7+FIbRI6XVW7+0YYqoAvJfBoTfXpnrPeUkwRe9:YvXKXtQhzYpW7lGWTfXcUkee9 |
MD5: | BB3B5F9F7EA61FBBE4131ABE71D7FAEE |
SHA1: | 51459A2101C1EF37871BFD1F764191E95A4FD12D |
SHA-256: | 9F52448079E916B12EE8F181ED0BBAC734D71102F1C89BEBE7563FC937495E42 |
SHA-512: | 04CC295C498F0A549C4F7E8F8CB49D092A972579E3ABEA75A8FBE310A08FF3AD9B31AB1860914F2CE547C2EB1A1361063134C2D2A6902EF945361EE3AEA81354 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.255187078374973 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtQhk7+FIbRI6XVW7+0YYqoAvJfBD2G6UpnrPeUkwRe9:YvXKXtQhzYpW7lGR22cUkee9 |
MD5: | DF92285146BCB5ADBCEC0C15C5E55B14 |
SHA1: | 9B902E34F6BCBFDB3BD010AEE6530BF26CB7CEE3 |
SHA-256: | D0DAE24AEAC5066C06204893A53E80E1CCD8E85B23C808A265C5EBC79C4638D5 |
SHA-512: | F213D6CDBCD004C43CBA22CEC2E54F850C0B8EA0C9271A1CE5E48F7B53C446BE1F192BEBB048A8D5BEEB13F2B80B2EF614BB067101B17D758DE19FE2E13C6C4E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.317421125569894 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtQhk7+FIbRI6XVW7+0YYqoAvJfPmwrPeUkwRe9:YvXKXtQhzYpW7lGH56Ukee9 |
MD5: | E0F4FFC6F88198023FBE76E38B7EC2C3 |
SHA1: | C083186C6D973F62195DCC960EC5AB06FC32A544 |
SHA-256: | F58AECEBE70118E39A3B9E4AB2200ED050BCC11326D68A66FCC14D05B44CD746 |
SHA-512: | 3C8BD83D4A36AC9673E00B37519886A3A95C460A67FDA37A287FD5374C4F0BBC4194F8202C88D805EE199711E63920218B68009CF6BBF838C142E3CCBB19DFB6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2790653925307005 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtQhk7+FIbRI6XVW7+0YYqoAvJfJWCtMdPeUkwRe9:YvXKXtQhzYpW7lGBS8Ukee9 |
MD5: | 0005A2B027386D55C7C35542205D88B2 |
SHA1: | A13FC6CCF1EFB0FC6DDA734A9C764C7D86144BF9 |
SHA-256: | BD48B381F08A51709DB26E760C3A4EFBFCDD51C79C33C5612A26474587C907D5 |
SHA-512: | 2326464B5F895B9E2CD263F0242248368CC591593FFBC25366BDA8D55FADE42088C2255FA9CBEC7585DFF8CAB850612BD09F693BE52643B2DDB0C20C0821D735 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2642061080057365 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtQhk7+FIbRI6XVW7+0YYqoAvJf8dPeUkwRe9:YvXKXtQhzYpW7lGU8Ukee9 |
MD5: | 49E0DCEA36C7619A00C3794825E85480 |
SHA1: | F9275458B0C4C4008A236F39404A32AC6E5D08DD |
SHA-256: | 51BEEE87408BA31485EC132808B88A03647CE76B0774B7EEAC417B732A40CD6A |
SHA-512: | 36608D18B6DC6F16030FC354323AD2C0F0212CCC446968D6E6FB2C1A7D5C05223959D97EE319DECAAB04E02075CFD45CAE5924008560BF0B62B92A9B7F5E6C67 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.265529054903277 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtQhk7+FIbRI6XVW7+0YYqoAvJfQ1rPeUkwRe9:YvXKXtQhzYpW7lGY16Ukee9 |
MD5: | 25F85C566637654BA45F398D46782865 |
SHA1: | BEF9C6046FDE81E26BC1F5635B121D18B1B93349 |
SHA-256: | D15C07194E09B7BEE5544FC43B94D02F30712FB1EACAB434704AD762758E83E4 |
SHA-512: | 0971875AB386796B812D07497D9D960AB6E4691532D9A22284F7148467589C84C742974D13F1ADEEE72436E8FCC796B7D61550815C44FCA27B1AF4760B1C80FC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.28618278450489 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtQhk7+FIbRI6XVW7+0YYqoAvJfFldPeUkwRe9:YvXKXtQhzYpW7lGz8Ukee9 |
MD5: | 4995C9CB09D44FCD2612B342E2BB943F |
SHA1: | 0A9797799054542458F7CEFFE2F4C8522A550F4A |
SHA-256: | 480B74AF8ED6D8DC97FD80460C76553A29B42265EB0DE16257DFC2C66CFFCBED |
SHA-512: | 66B229D4EBACEBC0B511F1E23A402058BACA23B790854F832272AAB570D0DA8C84B2BC03DBCDCD916CFB7A2CB61C468BCB19B8FF4AE93B5B6B3109CE5B84E118 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.7378416063695745 |
Encrypted: | false |
SSDEEP: | 24:Yv6XtQGiRKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN6:YvhxREgigrNt0wSJn+ns8cvFJw |
MD5: | C0FCDBA9D6483BC7D359F975AC166417 |
SHA1: | F2C9B31A9D6D301DBA6A39053F68EF7B0DAD86C6 |
SHA-256: | 8AF7683B624AB8160DB015338B133235B2D0D7DD969A176371C30C152D134369 |
SHA-512: | 778C17AE9B612305B0C2D209DAFFA6848245341185A251B777C383728A1E209695F8880324ECC47488D69F47ADF54CD4C1915D08CC5E45FB2AD9D12117C0C4AF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.272926546947069 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtQhk7+FIbRI6XVW7+0YYqoAvJfYdPeUkwRe9:YvXKXtQhzYpW7lGg8Ukee9 |
MD5: | D2B124CB50EE1626082C76B045C0CB04 |
SHA1: | CE181D01F6A69C0B5D2E307C976271C65C7FC981 |
SHA-256: | 2AC5E590C61C192423FF6E8D25AF7CE1FC978A312DF50D53B61E21238973F552 |
SHA-512: | 03F3CA66AEDD4FBA11B28363EAF73F2C86584E0591A5BB6A6FAAF86CFD520F58272FE44BF7C3F8933061BD6ECB5117AAA2123C1EB5A4315304F6CF9D9F1E8150 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.770461949350705 |
Encrypted: | false |
SSDEEP: | 24:Yv6XtQGicrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNS:YvhxcHgDv3W2aYQfgB5OUupHrQ9FJU |
MD5: | 2388A653DCD2DB07E8EDF90E61592741 |
SHA1: | FCED9E7E4877CBFB99B7EDD4318274DCA9062C46 |
SHA-256: | A57B5851B9074F39747A3F8C9C4D732C3C1D90FDFC09EAE1C8EDBF7EF6E2907D |
SHA-512: | 9F9562246A6C5E4AEE1FAE037F206CB038BC29F682F0D1C213F12BCD5C26C0CDFB369C34E19F09E27BB6BC5E28A41A23B65BA8D10CF7D0DA0CB7A06DD8DB97D7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.256659716463221 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtQhk7+FIbRI6XVW7+0YYqoAvJfbPtdPeUkwRe9:YvXKXtQhzYpW7lGDV8Ukee9 |
MD5: | C7C5DCF6EE38953817D1FC18DFF42AB7 |
SHA1: | A5B7495A47F04C41F7437778A90AA18D3A772A7F |
SHA-256: | 4E6C80A6B229FCCF01F41544D8CE9774EA0F47192F08C34C1675E02604EE0A5C |
SHA-512: | 91F6FDB27FC9CB5D5487CAEB57BD7905C9EC79B02CC107888DD3D75EFCDAFF5D3B84F544E0F8C68CD10AA475171FE43AFE6ED773178EF567B02E31B7E55743B8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.2576438181151275 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtQhk7+FIbRI6XVW7+0YYqoAvJf21rPeUkwRe9:YvXKXtQhzYpW7lG+16Ukee9 |
MD5: | 8F28AFF82F11B418AF26D2C4C4B7BD44 |
SHA1: | 0B1D93776FBD96831E1E25A4CA364A66350D51FC |
SHA-256: | 0D3F615F377EB28426C74673E573870467477C205953C16DA51AA4362D4D1282 |
SHA-512: | 1A621CA679033B6325E3494FBAEA8231438809B5C1C8FDDC6657695AAC900C4ABBC5D8AD0467EF088EAEFA31E93F9BCBA2744A18C6B2C66D5475D02320925D9F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.279467857630995 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtQhk7+FIbRI6XVW7+0YYqoAvJfbpatdPeUkwRe9:YvXKXtQhzYpW7lGVat8Ukee9 |
MD5: | 107F82D8341E2FBD49B4A30147693C2E |
SHA1: | 32C0DE9717ECCF26A32834AF9F24A96D8C3358CA |
SHA-256: | BC330865EB012A1D83738FA66ECDBD73D58806699BE54013CDEE6D538AA43048 |
SHA-512: | 9663FA89EA8D79C2DA0844FB67B88790374B3C7C496361C5589000F80B9EC3D067B3551721B968F84165102973DC23BA2780C7CA15E21EC1DF367F3F28B2BB2D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.233196909129704 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtQhk7+FIbRI6XVW7+0YYqoAvJfshHHrPeUkwRe9:YvXKXtQhzYpW7lGUUUkee9 |
MD5: | 442AAC2690018CCAE69FE1B3D8F8E601 |
SHA1: | 77365AEAAE38C7E91607748550238916BCD20CE7 |
SHA-256: | 3A78BA17E3823BFCD8E415B2DE25587D3DE0D9C7527E83C70DF5B14C00B91A9B |
SHA-512: | 1F3272AB525F716CF50995E50AD49BE766B786735377FABA05C3D4A29B68D80BA9C493176C145327246BABDD56843D8A6920740A308318231CEEB412E6860194 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.360090584139126 |
Encrypted: | false |
SSDEEP: | 12:YvXKXtQhzYpW7lGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW+:Yv6XtQGiB168CgEXX5kcIfANhD |
MD5: | F2547C935466BC9E345E81D4008BF5B6 |
SHA1: | 74304DB12208936451CB102EC529738172B11432 |
SHA-256: | A168A8C7AFD4329968E27A11F396E3196C26C46F3994C68DA26D60895F940530 |
SHA-512: | 6A39D5BA6BDD25C80BB95A9D7B35F6A60C14785D1D195F2F0BC6E5F72E54786A6A9D7D0D511B2323FF15ECFCEE0F3DDE4BF99ABB927AA20F3AC31AC70008FFC7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.123983908132658 |
Encrypted: | false |
SSDEEP: | 24:Y89EBh+lqzCV7n14DLtYB8waADEay74sTUWQ8sZkjUUsj0ScvCU2Cu2LSGpwn5iq:Y+lsU7n2lSlmYWEwUU+E7oAanAT9/+F |
MD5: | BE773D36DC5CD1CD01BE372CE4D5DA0F |
SHA1: | CF1680DF0F3CE262B05183E38B37656EC7405ED0 |
SHA-256: | F73A9ADDDF22C67AB92FC3722B76B09CCB94735D35B9760CC091F9894510277A |
SHA-512: | F5A787C0FABCA4E7598F57ABC331708867CD634F9784FF2FE7CE415634C78D3528E0272FF438CD33BE4B595CF7947D572167AECFD21C6C8DA4A01C51FC9F2A46 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9850059457383765 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sp9r4zJwtNBwtNbRZ6bRZ4GrF:TVl2GL7ms6ggOVpGzutYtp6PN |
MD5: | AAEC49FBB03FB2A782583CDBA7E91C6A |
SHA1: | 1E011DF74B56A1243631527238E81D63B4C5905C |
SHA-256: | 1BD34C236645CD6417C036013497C2CB4F2B670F7A0BB2504A83AA60B6E81CF5 |
SHA-512: | CF12CC1382779E6205F179A5B82B4E288EA29E3C02C4645EA8C53AD8ED1EC0DD87C9A880288C77A799E099C249713E5BB41EE602CE8BBD6C252F4FC72AFFDE1B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3392791902764378 |
Encrypted: | false |
SSDEEP: | 24:7+t2AD1RZKHs/Ds/Sp9rPzJwtNBwtNbRZ6bRZWf1RZKqRqLBx/XYKQvGJF7urse:7M2GgOVpdzutYtp6PMPqll2GL7mse |
MD5: | 504385526EBE358BC7E4D2915B649ACD |
SHA1: | D3EA9BF620B7C9A97D8BC9508D7EB19DE23E27A6 |
SHA-256: | E80B86208CB0181E804F451F8C187D3D2360298B44083BD51B4C0A6F367E1129 |
SHA-512: | 4E516B14C8E97A00407AEFBAF2489AD76F9B63137F110979F60AF04730C2AE0C8424749A92F02F04FD6F3CBF7531705BE7112874DF2D2DC38A26783438CCEFFF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5248044522866877 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8m+aWp:Qw946cPbiOxDlbYnuRKw |
MD5: | 5026B122957E12E1C0F5697F11FA9D34 |
SHA1: | C07EFC9446D840611D343FBAC68C7E673EB1A7BB |
SHA-256: | 6762443A694EA2B13AA2F46143FC0C53992340C54C9AB6AEF87DA65B3DA58FFD |
SHA-512: | 93A5F67102113836BBDDAB8E0FB797FA132B6AE2159C60F0AEA384143FCBE4541593678003A2213448F10B73CC49600474CD00C326BDE8EDF6AEB849507F96E9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 11-39-10-505.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.370804189014556 |
Encrypted: | false |
SSDEEP: | 384:j0wRIU94E/v2cFDRgda24LaaVzWmbP1o7J1okoGw4JCdSJOIdyd909EVTdjRkMog:Xfl |
MD5: | DCF130D8C24702CBA0171A9BF6BFAD1D |
SHA1: | D09A5E1F9ED8D13755174384BDB6BE552DF9DB46 |
SHA-256: | C66F8465FF53882C0A66AE843E09213F6FAEE90C680FDF73F62DBF2AC78E0992 |
SHA-512: | 02C327850886BDA15A8CAFF5EFF73D074FA3835E947918BF8504B047B6177A41AC1A8FF6E2B7AC1F5EA32C6EE51C61E20EDEF502F633FE3ED670829E43972139 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.400517462933604 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbd:5 |
MD5: | 9F8F72082255348F1B1A1461C9A1BF49 |
SHA1: | A5B66122B32BFF6FD614520D5CB18B5C2297C4FC |
SHA-256: | F848B26EC4D8CD1B9A18F0D6CF2E7DB82A2440BFF428DF410ED41A077E08ED3C |
SHA-512: | 3C6FCB1B4D2047FAEF60997B557BF01340237A09EB1E03354AD42AE522C34E214AC55F0C26C5BBDA31713D353ABF6E6C7A7D0F797F62DD2633A4144FE2A159ED |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.609558882144718 |
TrID: |
|
File name: | ITK2024000000345.pdf |
File size: | 160'729 bytes |
MD5: | 2b3775bce631873ae65f01d6f685e1a4 |
SHA1: | 363b06054658f5f38f86ff5fc4f9144f90e40304 |
SHA256: | d1c29a2edea80f40ef8f2f87beaeba5c39f54a52b2517beefa3b404d06aa0712 |
SHA512: | 9cb6c2628420b853a006f723356a4118f76d500a5457f5d3e3ae87728ba41af88b49172e4a1e610c371704094fb397a9b0d5c06566d6f30fff2b0f6af4b67e02 |
SSDEEP: | 3072:4iMErKrk8mp8nW7Fxta5vYY0OH2KoKpoaFnASW7nVXSsoc7C0rLZiprmrIOC9qJ8:wrk8/nYFa5v3CKoKLFnHW7rocGhPOCgi |
TLSH: | 2DF39D80C6496285CCEB6FBA27A769A89E4D3B583FCD50DEF55C3ACDC46393500A0DE4 |
File Content Preview: | %PDF-1.6..%......1 0 obj.. <<.. /Author()/Title()/Subject()/Producer(Sub Systems, Inc.)/Keywords()/CreationDate(D:20240417134936+00'00')/ModDate(D:20240417134936+00'00')/Creator(Sub Systems, Inc. - pdc9).. >>..endobj..4 0 obj.. <</Length 237>>.. st |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.609559 |
Total Bytes: | 160729 |
Stream Entropy: | 7.608241 |
Stream Bytes: | 159013 |
Entropy outside Streams: | 5.224954 |
Bytes outside Streams: | 1716 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 9 |
endobj | 9 |
stream | 2 |
endstream | 2 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 1 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
6 | e9e9b1e3f1c1c1ae | 8ee7a0990a8de1418cb6623894a47341 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 11:39:21.296642065 CEST | 49715 | 443 | 192.168.2.5 | 23.46.201.17 |
Apr 19, 2024 11:39:21.296686888 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.5 |
Apr 19, 2024 11:39:21.296756029 CEST | 49715 | 443 | 192.168.2.5 | 23.46.201.17 |
Apr 19, 2024 11:39:21.296951056 CEST | 49715 | 443 | 192.168.2.5 | 23.46.201.17 |
Apr 19, 2024 11:39:21.296962976 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.5 |
Apr 19, 2024 11:39:21.613568068 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.5 |
Apr 19, 2024 11:39:21.613912106 CEST | 49715 | 443 | 192.168.2.5 | 23.46.201.17 |
Apr 19, 2024 11:39:21.613943100 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.5 |
Apr 19, 2024 11:39:21.615012884 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.5 |
Apr 19, 2024 11:39:21.615104914 CEST | 49715 | 443 | 192.168.2.5 | 23.46.201.17 |
Apr 19, 2024 11:39:21.617067099 CEST | 49715 | 443 | 192.168.2.5 | 23.46.201.17 |
Apr 19, 2024 11:39:21.617124081 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.5 |
Apr 19, 2024 11:39:21.617386103 CEST | 49715 | 443 | 192.168.2.5 | 23.46.201.17 |
Apr 19, 2024 11:39:21.617393017 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.5 |
Apr 19, 2024 11:39:21.672195911 CEST | 49715 | 443 | 192.168.2.5 | 23.46.201.17 |
Apr 19, 2024 11:39:21.729146004 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.5 |
Apr 19, 2024 11:39:21.729229927 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.5 |
Apr 19, 2024 11:39:21.729295969 CEST | 49715 | 443 | 192.168.2.5 | 23.46.201.17 |
Apr 19, 2024 11:39:21.729868889 CEST | 49715 | 443 | 192.168.2.5 | 23.46.201.17 |
Apr 19, 2024 11:39:21.729885101 CEST | 443 | 49715 | 23.46.201.17 | 192.168.2.5 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49715 | 23.46.201.17 | 443 | 3180 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 09:39:21 UTC | 475 | OUT | |
2024-04-19 09:39:21 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:39:07 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 11:39:07 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 11:39:08 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |