Windows
Analysis Report
Purchase Order 150184.PDF
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6860 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\P urchase Or der 150184 .PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7256 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7448 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 12 --field -trial-han dle=1632,i ,143952136 3466384190 5,69414897 0180086882 8,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
184.25.164.138 | unknown | United States | 9498 | BBIL-APBHARTIAirtelLtdIN | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428743 |
Start date and time: | 2024-04-19 14:46:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 56s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Purchase Order 150184.PDF |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/43@0/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.63.204.182, 34.193.227.236, 18.207.85.246, 54.144.73.197, 107.22.247.231, 23.6.117.26, 23.6.117.24, 172.64.41.3, 162.159.61.3, 23.34.82.7, 23.34.82.6
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Purchase Order 150184.PDF
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
184.25.164.138 | Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | RHADAMANTHYS | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Lokibot, PureLog Stealer, zgRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | DarkGate, MailPassView | Browse | |||
Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
BBIL-APBHARTIAirtelLtdIN | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.261343357285377 |
Encrypted: | false |
SSDEEP: | 6:XpzL+q2Pwkn2nKuAl9OmbnIFUt8YhG11Zmw+YhGjLVkwOwkn2nKuAl9OmbjLJ:XhL+vYfHAahFUt8YQX/+YQjLV5JfHAae |
MD5: | 8EB941FD502EB35665B2E3548CC90D06 |
SHA1: | 2A63D5F7D6450DB87C28B875CA6EC23901F87290 |
SHA-256: | 2A6CAD86141BE015B08D47B46A350C1CF47606B1AC317E7EE9C903ABA40496FA |
SHA-512: | 0E12DD41AE712F06E45B0BFC683E6F829AAE685ED0D2ECC5C1BD833ACB7ACB27D9481555EC88D42371169C7413576B219DD9853B530EA7124CD9D13D985F94EB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.261343357285377 |
Encrypted: | false |
SSDEEP: | 6:XpzL+q2Pwkn2nKuAl9OmbnIFUt8YhG11Zmw+YhGjLVkwOwkn2nKuAl9OmbjLJ:XhL+vYfHAahFUt8YQX/+YQjLV5JfHAae |
MD5: | 8EB941FD502EB35665B2E3548CC90D06 |
SHA1: | 2A63D5F7D6450DB87C28B875CA6EC23901F87290 |
SHA-256: | 2A6CAD86141BE015B08D47B46A350C1CF47606B1AC317E7EE9C903ABA40496FA |
SHA-512: | 0E12DD41AE712F06E45B0BFC683E6F829AAE685ED0D2ECC5C1BD833ACB7ACB27D9481555EC88D42371169C7413576B219DD9853B530EA7124CD9D13D985F94EB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.212069950886267 |
Encrypted: | false |
SSDEEP: | 6:XWgM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YWeFZZmw+YWeFMMVkwOwkn2nKuAl9OmT:XNM+vYfHAa8uFUt8Y3Z/+Y3MMV5JfHAv |
MD5: | 4D5F0B290E8EF59DECC36E228DCE6F20 |
SHA1: | 3B3096436C3A189F1D172EC385379A811A42D8F4 |
SHA-256: | EC337B26935B4FFEF78909D8C28FB6A2EAD5712305B7C80F8CE7AC0A7111BCE7 |
SHA-512: | E89CB4A25232952D19FAB8AA395E1CE00C4AA274E8C1C00F0684918694D955B37B74AFA18C001710521391ADAE5B4CEBEDD7DCF41CD8140EF7B14DE05D94AD0A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.212069950886267 |
Encrypted: | false |
SSDEEP: | 6:XWgM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YWeFZZmw+YWeFMMVkwOwkn2nKuAl9OmT:XNM+vYfHAa8uFUt8Y3Z/+Y3MMV5JfHAv |
MD5: | 4D5F0B290E8EF59DECC36E228DCE6F20 |
SHA1: | 3B3096436C3A189F1D172EC385379A811A42D8F4 |
SHA-256: | EC337B26935B4FFEF78909D8C28FB6A2EAD5712305B7C80F8CE7AC0A7111BCE7 |
SHA-512: | E89CB4A25232952D19FAB8AA395E1CE00C4AA274E8C1C00F0684918694D955B37B74AFA18C001710521391ADAE5B4CEBEDD7DCF41CD8140EF7B14DE05D94AD0A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\375b6dbf-7940-4695-b46d-5e6fa50d2229.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.970283995895056 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZYOxsBdOg2Hncaq3QYiubInP7E4T3y:Y2sRdslOidMHG3QYhbG7nby |
MD5: | 220D8AFD2DBDAEAC57F0C936D8D63C59 |
SHA1: | 45EAE4F9719DDE514108BBDCC466CBC06BAD1F16 |
SHA-256: | 8FA0554CC9A6D26DE3A8863542DFCDB370D2E63B5E2EA9A9443BAF0C0D6A878C |
SHA-512: | AE0D97065EF378A6A7F624EADCDD0BE2A1AD5DA97A74297E60187C5CECF6019648FEB50ADCD123426C37A2A8FAA2DA26F6F7C719C7838C2D5949F785E35BBB09 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.970283995895056 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZYOxsBdOg2Hncaq3QYiubInP7E4T3y:Y2sRdslOidMHG3QYhbG7nby |
MD5: | 220D8AFD2DBDAEAC57F0C936D8D63C59 |
SHA1: | 45EAE4F9719DDE514108BBDCC466CBC06BAD1F16 |
SHA-256: | 8FA0554CC9A6D26DE3A8863542DFCDB370D2E63B5E2EA9A9443BAF0C0D6A878C |
SHA-512: | AE0D97065EF378A6A7F624EADCDD0BE2A1AD5DA97A74297E60187C5CECF6019648FEB50ADCD123426C37A2A8FAA2DA26F6F7C719C7838C2D5949F785E35BBB09 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.251853137729964 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7f4A9hG1H9Z:etJCV4FiN/jTN/2r8Mta02fEhgO73go2 |
MD5: | 5C3E562FD445B59E17805B1A5F6F7FF7 |
SHA1: | 33FA2B252AE7289602AB746E5A590B555376FAE2 |
SHA-256: | 13393D8207E8A923D47550931B6B5DE43D6B1E252BC489A20FFB0443CE8AA5E5 |
SHA-512: | 2DBB3298B9C214D0753B106825C5C73526BA847D18B8466EF96F8175B0414753EEF777EFCDFFF50AE559DE96EA915DFAF39A520CF86309D5C44FD76FEFDE0C8E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.23797690478254 |
Encrypted: | false |
SSDEEP: | 6:XxM+q2Pwkn2nKuAl9OmbzNMxIFUt8YDBeZZmw+YrpMVkwOwkn2nKuAl9OmbzNMFd:XxM+vYfHAa8jFUt8YD0Z/+YrpMV5JfHP |
MD5: | AFAC594BAAC8881B88279FCD35E1D6E6 |
SHA1: | FD63D53963EECDBC52A3B5619E5453880DA0B668 |
SHA-256: | 566CBC0D3F654F6861294507064691E5431926D21B97934807EC29EAEE59F0CE |
SHA-512: | D3E961A550F9C292296404A56988AFDBD28BB2D33A24E00BD1D383E46E68C3EB80F8E3355D8064731009B0656C6059BF6A469AD8860B9C6A141A41EF223D5E35 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.23797690478254 |
Encrypted: | false |
SSDEEP: | 6:XxM+q2Pwkn2nKuAl9OmbzNMxIFUt8YDBeZZmw+YrpMVkwOwkn2nKuAl9OmbzNMFd:XxM+vYfHAa8jFUt8YD0Z/+YrpMV5JfHP |
MD5: | AFAC594BAAC8881B88279FCD35E1D6E6 |
SHA1: | FD63D53963EECDBC52A3B5619E5453880DA0B668 |
SHA-256: | 566CBC0D3F654F6861294507064691E5431926D21B97934807EC29EAEE59F0CE |
SHA-512: | D3E961A550F9C292296404A56988AFDBD28BB2D33A24E00BD1D383E46E68C3EB80F8E3355D8064731009B0656C6059BF6A469AD8860B9C6A141A41EF223D5E35 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240419124700Z-158.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.0204070140004342 |
Encrypted: | false |
SSDEEP: | 96:4Mox4aKysSTa5lU6BOEFhbkMfQXsMwNyKxN6iMZMMGAMti4uZIRPMaCB1NNMMMkx:CF+M1RaCNjP |
MD5: | CC3F27BBD2F217A5482C3AB16C0A6D45 |
SHA1: | CAC7C255B394A62494AF6050DF1CFCA7FBCC9213 |
SHA-256: | 5C66D4C170706011BAF382C1CAF8649A85D8738555149174F269C87195B2660E |
SHA-512: | 357BF6F95A1AD99488CCDD372CA2ED38FFB4814CFD19797C675DB2E1B629B9DB5D976237F0600E2A4D1B59EB03E006919E1C30083AB586E59915110A576D3F27 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445262760292521 |
Encrypted: | false |
SSDEEP: | 384:yezci5t0iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rjs3OazzU89UTTgUL |
MD5: | D5F88E760C37EE80D3AFFFB4B0A23FFB |
SHA1: | 14AF068ADD25BE0D05ACE6E01094572FCF6DAF80 |
SHA-256: | A9D84B9D74E617B88938FFE0AD476DEF68BA4341A0D47EF68FB857B5B8D2AF6C |
SHA-512: | A513F68864EA2A5EF1F648E0A86E1F75D223AB87D6065AD9B13AF024264A74EB5686478E0F0C31DB8FA2852CB223646AF5AF5B27C0A08716F162AD100A565672 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7768689740798567 |
Encrypted: | false |
SSDEEP: | 48:7MPp/E2ioyV4ioy9oWoy1Cwoy1AKOioy1noy1AYoy1Wioy1hioybioySoy1noy1r:7Mpju4FLXKQD0b9IVXEBodRBke |
MD5: | E0CCFBCB06B731C7B33BBEC229DC615C |
SHA1: | D7C61080EAFB993BE72AC94DBA45BBA7A71E00D0 |
SHA-256: | A9CFFC36D1042373D88ACC9E951C14144B8AA58CBD7CE3FFC2CF8C795DC92CD6 |
SHA-512: | BB2DCD2B7EA62DA59CD197893DA9558F36B17F85096F3E38997D24F0EBBF53E24D50F99BFEADA0BD0F77A198C5577D33EE756562004E64513D81FDC21C02B2DD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3637017335375035 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJM3g98kUwPeUkwRe9:YvXKXCOgGAVEZc0voQtGMbLUkee9 |
MD5: | 25B46B689418B7B89D707BB28C149316 |
SHA1: | 2E85555A67C951E45B3D19EFB4E5A7E9714C186F |
SHA-256: | AAB9104FB9520BEB85ECD37B242A1C93BA1B87436517D11751240138599ACD31 |
SHA-512: | BF84AD4202681F249558B8B061D27B11B8646F06FCFF149885353D0DC14436AF76110C7CA3A4F6F79DB290F6B329FB17C1745D6EB60913796491DBFA3DF6A98D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.314829564647583 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfBoTfXpnrPeUkwRe9:YvXKXCOgGAVEZc0voQtGWTfXcUkee9 |
MD5: | A4A42B9C267915E085313C6F502653A9 |
SHA1: | 28E7C666C2CCC49E2DFDD2A80A5FA3E2BBE5DCED |
SHA-256: | 6B54E26A5ACF351439F03C5CC459431C0201E45EC96CB55EA10597E6A69E0838 |
SHA-512: | 5875682A34078D734BF17ED5D36E023D24467A3C08C08FD56EE1FFC020E7D705F5A52BC00DC203AB27F4E6663ED3F41847AD2011AF562784E17706A9596DF61F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.293535778874461 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfBD2G6UpnrPeUkwRe9:YvXKXCOgGAVEZc0voQtGR22cUkee9 |
MD5: | D2A3E15B2FF59878FEE91999B7CFCDE8 |
SHA1: | 702F449CCE58F2E5891FA229516A5BBCC8859D54 |
SHA-256: | 07F5BDDEA25A6A8738FC749A1BEF49D7325E40E95215A714BCFC3EA2CD765CCB |
SHA-512: | 57A63A8A089EA0E51324047493A354B478AD7FB279955FB1EDD49054C9E0F7F3B94944A02FAAE9016973DFD297C59C8FE934CE8799A29C407A8D23019EF62A14 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.350724111564954 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfPmwrPeUkwRe9:YvXKXCOgGAVEZc0voQtGH56Ukee9 |
MD5: | 1992239AF6E672EAC51CD514F8371BF3 |
SHA1: | 33A113A9AA3C6B28DE53DD303DDE3BBA01CA096B |
SHA-256: | E87A34D33BA89BCE12A5FFD69BC1E528FF9049A3E70D8A11D7A1CD96221F8B3F |
SHA-512: | CFCD4421AAA693749D7703DF38B0A9A9E7D0F08FEBACEE8779C771E7548BB644AD7C23DB496C76F38D853FF1C17650E97E0CA93C9685FD2D02C010AD4467DBAB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.31319460024452 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfJWCtMdPeUkwRe9:YvXKXCOgGAVEZc0voQtGBS8Ukee9 |
MD5: | E34ED9FB5524AC08F6399902EE44857C |
SHA1: | 1BA116DBDE96D78D7DA5D6F8D90E267C1F8D6E1D |
SHA-256: | E0BC7B66545CCAC0B27727C9587686B69693528C3DB69BCAC358B1647F1502B4 |
SHA-512: | E788D78FD5DD836FDC5B2F02C8C60259C1DAB8C079F869DB4C0E2FE018EF30821632A0E9A2796168C7966D018362F5EEC574F44CBC36BED3F964904375B9D152 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.300320406190072 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJf8dPeUkwRe9:YvXKXCOgGAVEZc0voQtGU8Ukee9 |
MD5: | A50D96417F5ADE7F4C92F628C8E84829 |
SHA1: | 8FB06ABEA03FA11B2CD105298EBBE073D21966CC |
SHA-256: | F1DCAEDD1A18880A82D78FF8EDE48C2F020EC956B437964DB4B970F3D4F9860B |
SHA-512: | 6383D87A5DC5612C00AD6A3DB6353E76A9252EEB35DE7DC4B18B81D5CE09A8A06638C67012252313477C8896B5E66B4EFF4B172BAA4460F4CA36EADB8511A4D3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.304799348760742 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfQ1rPeUkwRe9:YvXKXCOgGAVEZc0voQtGY16Ukee9 |
MD5: | 8FCFFDF8088F86058468D959CFC91C5F |
SHA1: | 5DE189118A4256D4043917A28B857FAC8C042E2A |
SHA-256: | 89217728B66237283E1381BBF5031649B1E0A4E82A6A5C09320F521BE86F5E3E |
SHA-512: | 5C8668BB9B8AD970E01B1CE29BAB9A9E5AB06B304B2DB4C2D159CDE8B814CA2C2578CEB875F6E3D1811DDDF40925A59AA043DC4EE981771548F56C0142CBCB5A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.31138996468281 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfFldPeUkwRe9:YvXKXCOgGAVEZc0voQtGz8Ukee9 |
MD5: | E122D338D864E1289B768FADC773B0D5 |
SHA1: | 139A80A1BD7A9042DBB639D715B949D52FE43099 |
SHA-256: | 75B6431EA3B7444B3F94380082BDBC1A9E43B20CB4162C895029F8F51DB07D1C |
SHA-512: | AFBC943F4001185D5A70974B2018A8936821D2D09FE47ACEEE3FDE92F733D8329DEFB7C7EA28115362D97B63F93D6B14F1AEF60EB09A70DE9229E704AC61B7BC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.7408999927679965 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRgGkEzv3JKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNdXB:Yvyg4BEgigrNt0wSJn+ns8cvFJPx |
MD5: | 3786DCA364C4F4F5E4657371E4EF9D6E |
SHA1: | 939C9F15D27E27D2EFE37768C68A106EB39EC2E3 |
SHA-256: | 597B300F5FCB86798750A494B22667324A3875C853B5AD6A6624EE5824B1F6AB |
SHA-512: | 7E8936755A4A0A7FB840CD2E4C6D04E3D203397B3A67F27DBD0280511E1F99553187CDD3DDAC46AB60D97CE47419D35749005706317F04D88FB3961053F16EB1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.306404867351851 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfYdPeUkwRe9:YvXKXCOgGAVEZc0voQtGg8Ukee9 |
MD5: | 8EF6A049AF5C4892557BB29841213848 |
SHA1: | 316203604F1E12E95D684D3FF94C3EB06A9344D9 |
SHA-256: | DF40DF4D9C76437BA675EF3021AD71F83C408A3AD214051279136F60E0722E21 |
SHA-512: | E497469F5AC049B475FAB038925BBC7EBE1E797E766388BBD79F7AE41263949D7BA655C05F067D3CDE54EA0DED17639B5111EB87C85F75EE1609C7619EF74ABF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.778054076774433 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRgGkEzv3krLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNFXB:Yvyg4MHgDv3W2aYQfgB5OUupHrQ9FJTx |
MD5: | D53CEDE3FA8F1F07DC45ED2BEFB889DB |
SHA1: | AAB37DCC4C6E0589C853BECA4923D1D693E63720 |
SHA-256: | 5E8B311C3426FA1DB3965E838D373C2AA362D3E15FF5CA4BE7333144CB87F26B |
SHA-512: | F36BD6B3278EBBF74408EF595E0073FA24611FB25638EE8B63F5C13BEC36F4F550A9A94EA882882BFB4496D5E215FF873E45B33C779D792BF2351553B3A83143 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.28990794531883 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfbPtdPeUkwRe9:YvXKXCOgGAVEZc0voQtGDV8Ukee9 |
MD5: | 3453F51CBCE071586286BF4598A15404 |
SHA1: | A795AABF7A09650814EC479BDF7EDB2C715A6FC8 |
SHA-256: | A288E834478E970ADBAFC198E172A563D8A220BF36EA5821853A75D335B2816D |
SHA-512: | 73FD8D92D1576341BC6025C76DAD944FF483F9357C2208BBAEF474DDDB366DB9161B423E0091F19F3D7477E4DC1E771D672E9D8D7448C1DEFE65FA5513BAFB12 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.294943916470839 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJf21rPeUkwRe9:YvXKXCOgGAVEZc0voQtG+16Ukee9 |
MD5: | FF6286A4211B630589688AFF83DBFF0E |
SHA1: | 2F5EB9EC165561482BD56FE45CFC5CCF0C115BFA |
SHA-256: | CEEDC2008602781C71590D4F1EBBC678ABD6FE1E654A08D73BAD754E4B92D9D4 |
SHA-512: | 467AE65556DF9236C784B9269ECA39BA6FC1062E3BAAD77CA74E25C961FFB91C41EC548624C5023AB12FBD6339B873A6C8A6159089247D43443320345BD68BA7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.312946178035778 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfbpatdPeUkwRe9:YvXKXCOgGAVEZc0voQtGVat8Ukee9 |
MD5: | F9B13D40D66DCF45F3651148D8EDF066 |
SHA1: | 44BB4BDF98A49C253743D23F2578F4CF43A96181 |
SHA-256: | 6706FA261349DE8E602F4A9A724A065D07DADD351EB143DBA269DD3DC2D83AFB |
SHA-512: | 6C1109D9EA0E59E1EFD237A72BC5695CCF4CF80378FA5A35DE4DB47F30E93D977C6E4610E37A133DE96ED2B7ED9467BB56CFB779CE12B6755EF43D87E6B92F66 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.272305334309106 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfshHHrPeUkwRe9:YvXKXCOgGAVEZc0voQtGUUUkee9 |
MD5: | DFD2260837446CE28DA4FC0CAEDCECE1 |
SHA1: | E082C10A6B74D651D86CE0F1075BEF2603F24E6D |
SHA-256: | 6F7E4B5AAA402D4A1FA153539775192D51A2A00CA2D979FA3317A8506AA44305 |
SHA-512: | B0C28AB93893BCCB696834676D52E95BE7B6DFA177DB2C522C0A097621316EAEA87E30EFBBD191AF8EC81D341908DADF22F4FD9FEFE6AB79C5D46687AEA9BB77 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.372601428233747 |
Encrypted: | false |
SSDEEP: | 12:YvXKXCOgGAVEZc0voQtGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWxx:Yv6XRgGkEzv3Z168CgEXX5kcIfANhEXB |
MD5: | 490C06405A211D0131F1F03F6438EA2B |
SHA1: | C0C324B5359AA3EEF2507655CABBEC18D49CCE94 |
SHA-256: | 0C012FB0AA5A99B413867B67BAB76B1E57626427EB106FA96B39815E18676B0F |
SHA-512: | 1BEB8A6AF612A33B6E1C0AF28E46E431E5A3D939D9208BB1C41558B1199C17FE38128ED7857EC24E33C29A222F82B4D03AA424C03FA5D564E41016E13DECF104 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.137160628630873 |
Encrypted: | false |
SSDEEP: | 24:YY7FYZLTLgCDQw43Z44qTnaOKfayuOcfVA5j/Lcj0SXbQD2Ui2LSx4U+1E5yh9pI:YY7+1o24Jtils/C/uDifmE0h9vG |
MD5: | DF56EE38E4C276FEA8AF6A01670A599E |
SHA1: | AF7EA3CE7D72625025BB675B6A0D03D5FEA6A36C |
SHA-256: | 7CD35987BB403FA9048E55BAD54ABECE0B0363808354DBC354D313416235FAEF |
SHA-512: | 41C866E055701FBAAE2C9E40C3026FBF50EA05224971F1C97F75AF47BEEF01EE722515AEA263CC1E09DB3C0C4489FC71E6D39CBDFB04F3D0B3FA2C58DA250FDF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1885803285701537 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUc2SvR9H9vxFGiDIAEkGVvpIw:lNVmswUUUUUUUUc2+FGSItcw |
MD5: | 4FB217F88A08FC862708AF66AE978554 |
SHA1: | 3A47BF26EA1FDD9784A7B201B0BB47AB1DDE7157 |
SHA-256: | B27B19EBC4F850251C948895D3610592F028F17C96C5C9CA5090A4E8C5ED299E |
SHA-512: | 81A186CA7C1E3884D4037DD677BE9B9B708A6D8E4F6ED734AC7122067E15B05758E48538D946D3DF9FDA3F282EBDC086EA131BD0C30C6C1052D141A1D7E09CE9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.606986736023211 |
Encrypted: | false |
SSDEEP: | 48:7Mt4KUUUUUUUUUUcUvR9H9vxFGiDIAEkGVviqFl2GL7msN:76fUUUUUUUUUUcEFGSItEKVmsN |
MD5: | CA0D2A5D0C79F07857A0C27B15A8C9B7 |
SHA1: | F544A4FA02DC393BC164D8A9D6C7F73742744B83 |
SHA-256: | 10592D022CDEF90C37B57479CF81970CB7F996AFE41673D6D231E9DACB83308C |
SHA-512: | 69D1B6220D088940A3868B744F7C3411F52155C425593AEA0F947A7B8126B7DD2A127747D8BB80B21973CEA6ABAD45703F9A832BB90F052836C40B9DC2139CD8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5197430193686525 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8m+aRMQf9:Qw946cPbiOxDlbYnuRKQO |
MD5: | B87891D20D5437096E35306B1A8DD226 |
SHA1: | 01E07F50057D75908360179963F73D1A185928D2 |
SHA-256: | 7592830EBB46E323F435636FA3AA8E282BFBD89018BCD1B60BEE3E4759C19DEC |
SHA-512: | 554C7D48AE101B87163D1E58DF63268EC4BA5510C5684E89D2F140225A31588A335C4BBBF0EC52EF80B56ADA7FA0DC28E3164446049F76A87D93709B3306404A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 14-46-58-573.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.382733414036173 |
Encrypted: | false |
SSDEEP: | 384:VIsFsspI11QSCcf2Im58WchpqpE4iqw8/BjNFDhsijmYzD2Oh/Fvgv2XFP8oDzbk:unD |
MD5: | 99142807D1A8EDB6E26FB4923CD3133C |
SHA1: | 0F8874E850DC8960AA290EAFA106B5FAC864654D |
SHA-256: | B7998E74E93968A6C7DD5735A61AE93D14BDECE0A711AA962D1C870A65B8F04D |
SHA-512: | DBDF59BEEE3E70595CD291E2AD4A93639D24F33137FBE24BFBA7E77725D18E937A5147BE3EB5898E9C870E7051988A7B9826013F911C12696F382BDF8BA827B7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.3976632560035 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r8:Y |
MD5: | B4D57665A2DDAA5DAD7483C4FF54F422 |
SHA1: | 121FB38B67AF23ED526D8058A6CF7F8303B9CEB9 |
SHA-256: | D3577AC7E069380C8226336078BFC3770CD0B0E803ED009B9DD67610A72581C5 |
SHA-512: | 1FFDEF9A9B2C39A7458A147A2FA31982DB5445D65DEA296A809DD21DB651457EAD456D18113524715EA8FBF52A7060EDB392CF8D0B4D6B785C8B1569BBAE2289 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru |
MD5: | AE1E8A5D3E7B2198980A0CA16DE5F3D3 |
SHA1: | A1DB2C58AFC81E6A114A8EB47BE0243956F79460 |
SHA-256: | 8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F |
SHA-512: | 5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.972611247764149 |
TrID: |
|
File name: | Purchase Order 150184.PDF |
File size: | 11'792 bytes |
MD5: | 2c1a5340c52c01aa8171271222241992 |
SHA1: | 8abcc360efb61fff9c10bb2df3d64fd19cda56da |
SHA256: | 4c6f8c145799f0b4d1a0d0c7d4130f613da3c664f46cb4f7246a0eaab9c553d1 |
SHA512: | 13acdc1962689c07f987267b460f68c842a4ea0ea00d125b3db9a6874537dc27554a90f45e457c16d708399cc39b314993785f39f1e376e2007f787d2eedaabd |
SSDEEP: | 192:eHIwiFQuHdYbKFedPFLLuSikpmljDTGaU3lQFa5Tol0LC3e0:ntFQ+dYbKFeFFvuSikpmZDTGawOcTol9 |
TLSH: | 4532651C2EA6DE9DD90B5FF89B14B241E77D72603B9495C13E2CA322F714F02E95B805 |
File Content Preview: | %PDF-1.3..%......%RSTXPDF3 Parameters: DRSXh..2 0 obj..<<../Type /XObject../Subtype /Image../Filter 3 0 R../Length 4 0 R../Name /00002../Width 752../Height 389../BitsPerComponent 1../ImageMask true..>>..stream..x..Z.........%..A....O..e.!..k...fw....\{... |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.3 |
Total Entropy: | 5.972611 |
Total Bytes: | 11792 |
Stream Entropy: | 6.368871 |
Stream Bytes: | 7060 |
Entropy outside Streams: | 4.701745 |
Bytes outside Streams: | 4732 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 14 |
endobj | 14 |
stream | 2 |
endstream | 2 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 14:47:09.409653902 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 19, 2024 14:47:09.409683943 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 19, 2024 14:47:09.409778118 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 19, 2024 14:47:09.409938097 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 19, 2024 14:47:09.409953117 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 19, 2024 14:47:09.726594925 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 19, 2024 14:47:09.726957083 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 19, 2024 14:47:09.726986885 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 19, 2024 14:47:09.728023052 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 19, 2024 14:47:09.728091002 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 19, 2024 14:47:09.730632067 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 19, 2024 14:47:09.730691910 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 19, 2024 14:47:09.731015921 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 19, 2024 14:47:09.731023073 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 19, 2024 14:47:09.784178019 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 19, 2024 14:47:09.836076975 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 19, 2024 14:47:09.836169004 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 19, 2024 14:47:09.836802006 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 19, 2024 14:47:09.836858034 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 19, 2024 14:47:09.836874962 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 19, 2024 14:47:09.836884022 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 19, 2024 14:47:09.836930037 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49740 | 184.25.164.138 | 443 | 7448 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 12:47:09 UTC | 475 | OUT | |
2024-04-19 12:47:09 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:46:55 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 14:46:56 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 14:46:56 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |