Windows
Analysis Report
lsoft_001.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6300 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\l soft_001.p df" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 4100 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5832 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 88 --field -trial-han dle=1640,i ,342527252 1665081889 ,141075385 5941871113 8,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.46.224.162 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430154 |
Start date and time: | 2024-04-23 08:13:05 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 7s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | lsoft_001.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/44@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.51.56.185, 52.5.13.197, 54.227.187.23, 52.202.204.11, 23.22.254.206, 162.159.61.3, 172.64.41.3, 23.204.152.213, 23.204.152.210, 104.117.182.155, 104.117.182.145
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, time.windows.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.46.224.162 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Vidar | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | NetSupport RAT | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, Vidar | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 297 |
Entropy (8bit): | 5.207039762971945 |
Encrypted: | false |
SSDEEP: | 6:JfK3+q2PcNwi2nKuAl9OmbnIFUt8afiUZZmw+afiUNVkwOcNwi2nKuAl9OmbjLJ:Jy3+vLZHAahFUt8aKUZ/+aKUNV54ZHAR |
MD5: | 941A0E0762464A9CEB3738854BE9A8CB |
SHA1: | E99F043BF263B76A39E0C5FC783A5317149373EC |
SHA-256: | 293DEDC33D9F0CEBB8962264D53E7F9A31397CE4687806FAAAACF028CD153B1B |
SHA-512: | 72380B1F0748C3CEECDA9994392056D4DD1C4E43E8CED4206953A845D290BF0F9AA0F69EDA56159D23E7594406A674FF1811D438D47B411C11C6C00A1BDD5B1F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 297 |
Entropy (8bit): | 5.207039762971945 |
Encrypted: | false |
SSDEEP: | 6:JfK3+q2PcNwi2nKuAl9OmbnIFUt8afiUZZmw+afiUNVkwOcNwi2nKuAl9OmbjLJ:Jy3+vLZHAahFUt8aKUZ/+aKUNV54ZHAR |
MD5: | 941A0E0762464A9CEB3738854BE9A8CB |
SHA1: | E99F043BF263B76A39E0C5FC783A5317149373EC |
SHA-256: | 293DEDC33D9F0CEBB8962264D53E7F9A31397CE4687806FAAAACF028CD153B1B |
SHA-512: | 72380B1F0748C3CEECDA9994392056D4DD1C4E43E8CED4206953A845D290BF0F9AA0F69EDA56159D23E7594406A674FF1811D438D47B411C11C6C00A1BDD5B1F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 344 |
Entropy (8bit): | 5.224611000349551 |
Encrypted: | false |
SSDEEP: | 6:JfL834q2PcNwi2nKuAl9Ombzo2jMGIFUt8afL9NJZmw+afLYDkwOcNwi2nKuAl97:Ja4vLZHAa8uFUt8ajJ/+akD54ZHAa8RJ |
MD5: | AC28935714322BB5A401D9821996C58F |
SHA1: | 41D85BD818A3669542AA4109A29D03AE262F14BC |
SHA-256: | 9FAF333BBBF07BA8D391DB02799F9DD1358BCFB3C422FD32ED47D960F42487E7 |
SHA-512: | F6B46DFFA9793F9353DB27E93DA02AC2F4897D43EE6AFDC8F06F820C01C9B00BC878CE21AB521175E88478BBD9BCD32C402F7516402E7BE0493B3219EBDD0F5E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 344 |
Entropy (8bit): | 5.224611000349551 |
Encrypted: | false |
SSDEEP: | 6:JfL834q2PcNwi2nKuAl9Ombzo2jMGIFUt8afL9NJZmw+afLYDkwOcNwi2nKuAl97:Ja4vLZHAa8uFUt8ajJ/+akD54ZHAa8RJ |
MD5: | AC28935714322BB5A401D9821996C58F |
SHA1: | 41D85BD818A3669542AA4109A29D03AE262F14BC |
SHA-256: | 9FAF333BBBF07BA8D391DB02799F9DD1358BCFB3C422FD32ED47D960F42487E7 |
SHA-512: | F6B46DFFA9793F9353DB27E93DA02AC2F4897D43EE6AFDC8F06F820C01C9B00BC878CE21AB521175E88478BBD9BCD32C402F7516402E7BE0493B3219EBDD0F5E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\79b7f369-c4d0-4969-9374-3638e2f23396.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 474 |
Entropy (8bit): | 4.970334938707053 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZ2/sBdOg2H/caq3QYiubSpDyP7E4TX:Y2sRdstAdMHO3QYhbSpDa7n7 |
MD5: | 1979F631597A32FAC65F8D4C679B13F6 |
SHA1: | B0E0B9D3EDC74ADF208BE96AC4A0EDBF3148292B |
SHA-256: | 04F3D5778DC97AE4D7EF96F5A8A6A379F547B893A69DBE635BC0038A2E0A2243 |
SHA-512: | 77A2D9E2F2BA640D33B752853721D43A64DD57BBA2F19FFD21BB4F79ABCD8355646DAD8F1396E783A7F72594E32D9B2D9EBF791D2903379ED57C741D4B36AA4C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 474 |
Entropy (8bit): | 4.970334938707053 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZ2/sBdOg2H/caq3QYiubSpDyP7E4TX:Y2sRdstAdMHO3QYhbSpDa7n7 |
MD5: | 1979F631597A32FAC65F8D4C679B13F6 |
SHA1: | B0E0B9D3EDC74ADF208BE96AC4A0EDBF3148292B |
SHA-256: | 04F3D5778DC97AE4D7EF96F5A8A6A379F547B893A69DBE635BC0038A2E0A2243 |
SHA-512: | 77A2D9E2F2BA640D33B752853721D43A64DD57BBA2F19FFD21BB4F79ABCD8355646DAD8F1396E783A7F72594E32D9B2D9EBF791D2903379ED57C741D4B36AA4C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.2410423984700145 |
Encrypted: | false |
SSDEEP: | 96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPY7DaxS3inr7DZ:CwNw1GHqPySfkcigoO3h28ytPY3axSSF |
MD5: | 6278F3FAEEF00F3507889DA90A634711 |
SHA1: | BF6CE25DAA4F22D48F7B8E218233661BFC6E1FDA |
SHA-256: | 5010354C54236A3AA7C17A8D955844E21343A9288513E77FEA5BB67EA023BC39 |
SHA-512: | 60EC804347E764F46FF5D05329269A5D5C52ABF133D816CDFF13D8C1E1C29702B8D00566CEEA8CE80994BA92CDB5D12E73B06BD27272AA4819481214A9BBB389 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 332 |
Entropy (8bit): | 5.213388857761068 |
Encrypted: | false |
SSDEEP: | 6:JfTA4q2PcNwi2nKuAl9OmbzNMxIFUt8afTBw3JZmw+afTfVNDkwOcNwi2nKuAl9c:Jk4vLZHAa8jFUt8a1CJ/+a7D54ZHAa8E |
MD5: | 27A49D76186110AEAEBB7276FD21E980 |
SHA1: | B020A24751C4FA76A9B3EE3E3C94030DACB5C390 |
SHA-256: | 405613294A89F1BF21D0C3D5FE165CF71890EBAE6B7FC510E985498171635DDD |
SHA-512: | 5EB321B3903A6C3A50AB8C2AFAE21C8AAF081199486BD65150204A75265DBD9FB03F00B494948C6D1C58F6768408A53C5A7109DB594CBD16DF7A1D17B645D230 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 332 |
Entropy (8bit): | 5.213388857761068 |
Encrypted: | false |
SSDEEP: | 6:JfTA4q2PcNwi2nKuAl9OmbzNMxIFUt8afTBw3JZmw+afTfVNDkwOcNwi2nKuAl9c:Jk4vLZHAa8jFUt8a1CJ/+a7D54ZHAa8E |
MD5: | 27A49D76186110AEAEBB7276FD21E980 |
SHA1: | B020A24751C4FA76A9B3EE3E3C94030DACB5C390 |
SHA-256: | 405613294A89F1BF21D0C3D5FE165CF71890EBAE6B7FC510E985498171635DDD |
SHA-512: | 5EB321B3903A6C3A50AB8C2AFAE21C8AAF081199486BD65150204A75265DBD9FB03F00B494948C6D1C58F6768408A53C5A7109DB594CBD16DF7A1D17B645D230 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240423061400Z-153.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.3613777715314024 |
Encrypted: | false |
SSDEEP: | 96:Vp860qLEO7fyc4Tiy/TiaMkHQiQ3UXMLMFMM2dMichMtfXxLMHMy8bL567I71MRc:vR7Kcs3BQDeiHZERujQrjffUo2 |
MD5: | 380100D270870C25EF2F967CE4592250 |
SHA1: | E0923ACDBB332D0077BC66E087B1C89221396D76 |
SHA-256: | CDA7260F619E2907B4A64AAA17F68856D8459CA415CE2853EB44FB90E4FDD5C8 |
SHA-512: | E24D16408AB51734EF6A935A81E8D098B4458F6ECBA11AB597DC76730D508B9C5DC501936BB656FD4354307D034C8DD833897CD7978D6C619857976DE7124FC1 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.439008956267946 |
Encrypted: | false |
SSDEEP: | 384:yeaci5GQiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:18urVgazUpUTTGt |
MD5: | 5A7BEE6CE25D65EEEEABC40CD980341F |
SHA1: | B03C3ABFD2AFCD621092BA9F18944672F6777736 |
SHA-256: | C8B0D9339F62689806A7D528BBA730665D72511739D9CD152D8107AE3AF9D518 |
SHA-512: | 9FC53D331F795CC26E721B0B7E0BE89637403D0486EE5DD6AB45161ED19083549602CF13DECE502721036CFE747277980CB095BA62847190D98B5A3E39069CD3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.77585354495777 |
Encrypted: | false |
SSDEEP: | 48:7MNp/E2ioyVhioy3DoWoy1CABoy1JKOioy1noy1AYoy1Wioy1hioybioyhoy1noi:7Wpjuh0iAfXKQYEb9IVXEBodRBks |
MD5: | FC7C7BB25C305E9F440FE376CCDC688F |
SHA1: | 458DC381347081455DA0DE90EEB8EAEAB70D2861 |
SHA-256: | 95B1B8456B3D0978C0C6CF238E192DC594BB5ADF38F61DE00C5A6E6942323E18 |
SHA-512: | F28ED7A364A5EB70741E01E5781587C7DA6D018B2A8BA622AEEAEF53BAADA947742AED316A52921FC065F920AABB461C759E79B1D8D0CD1DEE478D4A7379EE42 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 232026 |
Entropy (8bit): | 3.377763938203011 |
Encrypted: | false |
SSDEEP: | 1536:NMKP+iyzDtrh1cK3XEivK7VK/3AYvYwgF/r0oL+sn:iKPoJ/3AYvYwglwoL+sn |
MD5: | 8550BD38B93F6B12D5FD5960F36F3BE4 |
SHA1: | A91BA0B88C4FEE5226A9631561D7F7A7B6699371 |
SHA-256: | ACB87772F18DE81709A4E4311A7DF6CD8B2EDA7FCB57489CE82C09429750CE57 |
SHA-512: | DC796DC8B3C59672208170FE556E45EBCF2BBC5B1EBFF34E7FF461E155F9C780AD555AF7FA442652AA4E6D4E86A78787C7831D7B77CE7CEF50423163C08696BE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.352236725191392 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+lcSnmU4WsGiIPEeOF0Y9TUoAvJM3g98kUwPeUkwRe9:YvXKX+GSnzsdTeOdjGMbLUkee9 |
MD5: | 9AB378B0C18DBB8A88EE7656E6BB8146 |
SHA1: | 99C46E62C61521AE12D836EDC7D0368C99FD731C |
SHA-256: | 26DC34AF58E77AEFA240D2A05A37E049834564C5E17B8FAD10B3677371DB8FF7 |
SHA-512: | D8EE15A168A8FFCEFCA5865AEB76C4D76973E967F4629B17190774FF1A10BD404B6E7D38DDAC1403CF3F9690DE9E06D2D6A38258E0BADDE2004346CA5F66D694 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.286531064134856 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+lcSnmU4WsGiIPEeOF0Y9TUoAvJfBoTfXpnrPeUkwRe9:YvXKX+GSnzsdTeOdjGWTfXcUkee9 |
MD5: | 3FDBAE83605E9F16B3522A4FA5BC1B4E |
SHA1: | A33F793FB5DA06FADDAACF5B817FA9BFAC4F1B12 |
SHA-256: | A1DAFFD71CF9B2A060FE4A1D2C40BB7AEBBE7DCDCD7D1456F60349962C370155 |
SHA-512: | 7E508E774AC86A92751BCF7D014C739CAA32641A8AE7E5636AD0761EE85C679318F23958BD8860B24E9F200A5632F786466934AF3B496429BD47FBA988D43CD7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2643811577119255 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+lcSnmU4WsGiIPEeOF0Y9TUoAvJfBD2G6UpnrPeUkwRe9:YvXKX+GSnzsdTeOdjGR22cUkee9 |
MD5: | 12ACAE4BF613BD8E06CBAE29AEC05734 |
SHA1: | E05A387EC51A1B36CCF844F3301D84B5D89DE66A |
SHA-256: | 4847609C660583B5A882EFC478ED8F0F4A51AC1F8D83ED02AA4487864B134351 |
SHA-512: | A7CAAB083D53B032CC3033D5344C7D810C1E8EFF9410017CEA3176C335952E1ED43B121729F0F4FE021BFB6FCBDB920CFAFC30CF00BDD456A78F78430068FFEC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.338724619183899 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+lcSnmU4WsGiIPEeOF0Y9TUoAvJfPmwrPeUkwRe9:YvXKX+GSnzsdTeOdjGH56Ukee9 |
MD5: | 79EDB34BE76F5696DF776AB2CCBCB15C |
SHA1: | D4580388D1241F660AD0E6D943123FF885CA2B08 |
SHA-256: | DFC1477F7CDAD0D83D8C8EA0629AC3360480DA3AFDEECB108CDDBCFD3DC3C4FA |
SHA-512: | 781F78A21220D458281CC0697D9ACD4AC3286D072789FD991BC8F5CD3FAA30892E38C1D1B98A8817C5BB86B1208D847031FFDFEF15A5A55E4A753A4AC96CE0A1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.288531328372775 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+lcSnmU4WsGiIPEeOF0Y9TUoAvJfJWCtMdPeUkwRe9:YvXKX+GSnzsdTeOdjGBS8Ukee9 |
MD5: | 8D6BAE295ACEC7965560FD7E0A2E7FF8 |
SHA1: | A94AA91B302A81EAA728EC6A25B1EAD6FE252F41 |
SHA-256: | EDB97E57057FB6203FA75D2B3323536D2A03BE9EAD7EC61C251620BA2371FFA7 |
SHA-512: | 92040A00864F4C76F2D132FC3DD654FD5560F5DDF41387D931894DE772A261AEF3060430FA5D8C1A4A6C9BAF9F4ED15221B3524127C474CEFD8D875157C5EBBD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.273820990544105 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+lcSnmU4WsGiIPEeOF0Y9TUoAvJf8dPeUkwRe9:YvXKX+GSnzsdTeOdjGU8Ukee9 |
MD5: | EFA6A3D4CCD8A14D76E46F8B8B548BE5 |
SHA1: | E3BE90F62CDE8AED3EE7BCFE2D237C928CD2857B |
SHA-256: | 425F3DAC0E1BF1C606B21CD1EC6533055B9BD86A040D9EF090EAF5EED1E2303A |
SHA-512: | 5C73C720F9D4FBD6EB636E98D64A150A4864C08732D64FC230F2652F8A76C9BA6B496C003DCCB054407A4DA0BA90B744031B398BFEA4C4C8272185205D84B91A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.278846814113743 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+lcSnmU4WsGiIPEeOF0Y9TUoAvJfQ1rPeUkwRe9:YvXKX+GSnzsdTeOdjGY16Ukee9 |
MD5: | 1DE6B2224E9DB4C99AFB52D376960779 |
SHA1: | C5D66A670170B70CC2F42A3762161CC9C64D0156 |
SHA-256: | B324FC99B6D2E694C0F906DF1E0418D6C4FBA35E35BA1C5D4525732AE36FE481 |
SHA-512: | 5381F6DC4B5C0F7B8AF83921848F84B912A220B1A2EE630E40EA72F58F36081A3AD4EA09E3FBFFF4A7BA74AFCF5E8F61177E7C0AF3BED5087B40EDA3C00BA729 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.293736643172639 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+lcSnmU4WsGiIPEeOF0Y9TUoAvJfFldPeUkwRe9:YvXKX+GSnzsdTeOdjGz8Ukee9 |
MD5: | F4D6B5CFC06834483DEE15309F9EE2D8 |
SHA1: | B3C8ABCFDDF0624DFB9380FA2B2C596279511C87 |
SHA-256: | 54E48BE7AEA8DEA25EC6FAD494D9F9A7DFE2CD4ACCBE0AB2D56AF0EF9306781F |
SHA-512: | 817260646941D17F40C902FE8ABC56093AE8BB91E25F1488A5837D74AAA1349A94932BCECD800DCB06D81A7420C168EB41E858D37039AA7E5346DC11342A2CB2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.735913375624403 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZUzmeO1KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN4k:YvWe0EgigrNt0wSJn+ns8cvFJuk |
MD5: | EC03EDE610957F185144BC903DA86DEC |
SHA1: | 14C96286E707C7A68D59AA80586A626EE5C6452A |
SHA-256: | 0D692674F261F74EC8BE757CE4ACC9F9DDFAD2DD3DDCCC4C711B0708DAB5F7F0 |
SHA-512: | E8D7CD81841C78D22F3125A5A03E56BCB3F1E213E872EAB990CB357A26F513CA4D2559CA44A1F77F36122EABBBD39DD15CFA0B0452F99640B28409DFE190C35B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2814855753568715 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+lcSnmU4WsGiIPEeOF0Y9TUoAvJfYdPeUkwRe9:YvXKX+GSnzsdTeOdjGg8Ukee9 |
MD5: | 7365C9C24C9F977E1F0046ABB20DB3D6 |
SHA1: | 71F0802882A97122C0FCFE86B9579F7F425AE036 |
SHA-256: | 15B7391B906506B8423C4797C7C1F0ADFAF47DD1D1C6967BA594666587C7CDC0 |
SHA-512: | 8942396144BA9B9AAAB4C3242A3BD3C770FEB6636623A72306D027DD84269C801741B091A04F95787BDD30DA3FF720F2D901600E43FF9F1BE029DCD1653645E0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.771701994335353 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZUzmeOorLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNwk:YvWebHgDv3W2aYQfgB5OUupHrQ9FJyk |
MD5: | 542FB59953DC77405F5F965DCF924690 |
SHA1: | BC654758CD4658DFDD89B8F3EB13CBBC4CFE84CF |
SHA-256: | 54BDC02880D18AC03676CD2AD4C520E2D46F02B55EB04E98AAAA948938B01A33 |
SHA-512: | EB74555514975CA3BA85DD77DFC56E050B5C154C0EA3F058F41A9DC18127E9324743A4DF3ECD741CEBA6D36E42EB89FF45575842084247B2C26E9E7E8518AEAF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.2651599199355 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+lcSnmU4WsGiIPEeOF0Y9TUoAvJfbPtdPeUkwRe9:YvXKX+GSnzsdTeOdjGDV8Ukee9 |
MD5: | 1AD5B462EA61E40E04FE020BB2A7DF0D |
SHA1: | 520355E157FABB9A57A02026B531D071E35DCD4C |
SHA-256: | D36F2B0542BF662C44315B0A27BF78A97D919F04549748FB3AD2B31A0FAA7F12 |
SHA-512: | 84A362F32883D1790876B27B8EB89C3D29B16E1775FC7E89BDC84784C253A6B022E1B0A3B4FE9CC7099B8C684840BFF5003A2DAA5001C0C4561B07730884B47B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.27013038203952 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+lcSnmU4WsGiIPEeOF0Y9TUoAvJf21rPeUkwRe9:YvXKX+GSnzsdTeOdjG+16Ukee9 |
MD5: | 79E7A228C0E3174407C96AF65377B6DA |
SHA1: | 1E051C95B76810D1BD9FCEB2E18CF5A490BC4D0F |
SHA-256: | 375FA0644EF949489CBFFD0F277DB4931227B40A2CEE4AD639796156367B4888 |
SHA-512: | 478675DCDFD6D449FDA29C8C338F80771EB997BCFEFED1A578A9A40722B40EFEC629C6C9A915B090D05158E0EA1DC0E400694DBCAEE88A6AFBFA8CDC906F1821 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2880268860407975 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+lcSnmU4WsGiIPEeOF0Y9TUoAvJfbpatdPeUkwRe9:YvXKX+GSnzsdTeOdjGVat8Ukee9 |
MD5: | A104DA60DC791A8B165186D53DED9EC9 |
SHA1: | 873874E5EFC1CF416F0C579ACAE0B3377FDDFC1F |
SHA-256: | 39A90E038A26C316481534B17A9D50606FDCF05222E956DB890AEA93EA251F44 |
SHA-512: | F0B011EC605A960D4960B25D53A3A154C8956FE54328A71364CE3A1A1EB40F09CFFBDDE94800E2EC7F7EEE1FFBE3DE404FE6D3E709F57709ED22810B081D4CBC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.244834364313991 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+lcSnmU4WsGiIPEeOF0Y9TUoAvJfshHHrPeUkwRe9:YvXKX+GSnzsdTeOdjGUUUkee9 |
MD5: | 2066A9A329F20AF9F82A29327C64A478 |
SHA1: | 0599DE6ACA093BD16F53EE0953527D530DA2C757 |
SHA-256: | 32F99075B5614A3EDBBB90E7236B26C33441A2DCF3D4CF1DE673B485583FCA2F |
SHA-512: | FF497AADFCE3070D4ED94C36857389655C80CE68A34AF65123962BC63B441DD67CB17CEEA978EA513135CB56CFE83C2D7FB6BE29D3F9148171203EEB070ED670 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.369810705403024 |
Encrypted: | false |
SSDEEP: | 12:YvXKX+GSnzsdTeOdjGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW8tS:Yv6XZUzmeOl168CgEXX5kcIfANhxk |
MD5: | 7605CD1DE7284F20DD8AD5D5511DEB54 |
SHA1: | D6913897075625E10CA2D1B00B44BCB88AE5FE2E |
SHA-256: | 51965EBFA45F71C941E0D24451B640E2068EE3909937F4A055DFDD2A9720B753 |
SHA-512: | B722B811549FA751C626589E074D8B5E98A269058C6056CC84B13A62D2663D7CF1E06125468F10006206AB81AAA1D9F034745622366A2533444ADCDDE823777E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.133473062723015 |
Encrypted: | false |
SSDEEP: | 48:Ylb/WgxQjoOW4mk/5G9RP2BKH3sSjZ1q4sA1+Sh9oeJN:eLZ4roZXhsw/l |
MD5: | 1FC2FF042DCFF1D626C3BDF698E71CA8 |
SHA1: | C788BB842162AEDE25BD867666AF17D6B6837213 |
SHA-256: | 90255977BCB76FB5B56D7F641DAE11A31F197E411F2C1BEDE5565DD370F19259 |
SHA-512: | 23F762468FB7E375EA59061734D1BE20BEA522CDE805EC4EA8635A5DA7261060E2831FF2A05514CCE1C134BDA2ABD9C9ECC658ADA84F985C945ECAD813B0E48F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.4535545212076733 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsAlE:lNVmsw3SHtbDbPe0K3+fDZdY |
MD5: | D300D5EB84F2490C76E9BD643DBC3FB5 |
SHA1: | 3C93E620180016B285C0A76C7787931CDF88B6C9 |
SHA-256: | 81DD01A55B7CF8927B6DCB07E1BFE4962A8CF20E4A894370B195319E1FFBA406 |
SHA-512: | FB009B48C7D1EADC3A736D527F41F058BEE4BA29B6900E536B9DEA50F7B23DAE406AAC24D6CCC7180B298529BA2784CBFDA69E58BB6F14FD29EE99C348D089B6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.9589259806392851 |
Encrypted: | false |
SSDEEP: | 48:7MmrvrBd6dHtbGIbPe0K3+fDy2ds1DqFl2GL7mso:7P3SHtbDbPe0K3+fDZdQKVmso |
MD5: | 535FA5DDA93D70B609DCDA5A1784C668 |
SHA1: | F010580594AE918AF94F8980C3E2D176ABF3C815 |
SHA-256: | 5C8273DF612496DFDC25D38A8472D02AB9AE44C644759D7E8A2A80F56D0B8510 |
SHA-512: | 02CD5BB2D468D641E7B1913B88121498C119BFCBC965CB52740A2D8F813F80CBF7183ADE2190AC1E0843329094C039AD858ACF829AF2F1A9C5A00AFC80911BA5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5278731006694652 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rkwlCf9:Qw946cPbiOxDlbYnuRKN |
MD5: | 59E2B4C2E99BC6A359E91D4E3564E270 |
SHA1: | 79D5FC27AC757331E9A0224E30899BB88C57B581 |
SHA-256: | FDEE57AE8E1A4F34AEFEC23D2221F37176EF04293892F68DAFF301B91BC690F1 |
SHA-512: | 234EA516858C526E2954F4599B2A7D3A429462A498D385163C19A85C70BFDD6033E30A101D5A6AB847083D934E3DA413932828076D62DA58375EBFE6A9DC9E38 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 872832 |
Entropy (8bit): | 2.1012208151597824 |
Encrypted: | false |
SSDEEP: | 3072:DoVEWBraUrZ6A1C42c6wOUyoNqvhNTZ/lbRH9jJPQQ084xuETdm0U4Rfa3GawG6w:uEUrJnPC+G |
MD5: | 4200F9FB449DA4799021361849352D37 |
SHA1: | B0E9DBC19CF18F05E179DD2BCCAA296E21F5DAFA |
SHA-256: | FA6CDA135FC90EAAC122EBBE15F05455654D43B4632092F0300A55C1638E01ED |
SHA-512: | DF3FC23A504D4F9CF0FA134E62D36F49DE3E7CED72ABBDE2704D92080E017FBB17DF95C49B8D165851C5B46A092B8BE68C6C6C4C7F767F4112588EF4C400AB4E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-23 08-13-58-254.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.386483451061953 |
Encrypted: | false |
SSDEEP: | 384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID |
MD5: | F49CA270724D610D1589E217EA78D6D1 |
SHA1: | 22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3 |
SHA-256: | D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D |
SHA-512: | 181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.367163857137781 |
Encrypted: | false |
SSDEEP: | 384:Zlx8JFo583yrgnrfh/Nrtw55GNWahZEm9qugoY1OzU7qKNh/43418dPCK8Rr+umR:z4H |
MD5: | F4E8861E922DE598B821CB44453A2CA1 |
SHA1: | D913EEF2BADBFED27E89E5B626B4B38F834B57B6 |
SHA-256: | F77D859C1FF38B26B9FF61705D02660239BCBEFE7931ACC4C984D0E0ADF6A17F |
SHA-512: | 222ED40BAF6719063AEE6E348107C8614004315642A90F436096241B11181223D34DCD64495143EAA792DD5C950BF4207A72D7B5C33046B2B50652FFA125CC57 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35814 |
Entropy (8bit): | 5.410136339260857 |
Encrypted: | false |
SSDEEP: | 768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRk:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRK |
MD5: | B9DCA726FFC82C33CCC3A789480AF40E |
SHA1: | BF4607A70D53B1B3D3CCF3392D74AFD87245D906 |
SHA-256: | 5E59102062B03C71ECF2993981318573C30FB89D042C001C3CA2B6A6238A948E |
SHA-512: | F261E3B6380A8C991DD7CD5D7DC701B7B8877F9667B3455496BE2FE45B393CDA411C0B5B0C4D0DCB05E78BC33C7876F9ADBA025C355A52FCAA88AF650CCBF83F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/gWL07oXGZIZwYIGNPJwdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:4WLxXGZIZwZGM3mlind9i4ufFXpAXkru |
MD5: | AAAAB43627E96B02BC54A78F0EE8E32C |
SHA1: | 03808205C51BA031BF69F0DF07C9C80835098104 |
SHA-256: | B9ED5860C1528CAE5717E553381762D9C4ED093E546F7500F55B6B18B5C20CEA |
SHA-512: | A476038C2BC9573AFA12D831678C0D2A6EFF0C1E065F7D214A0D5684E79AA7F02710DF30524DE0E6EC90CB660E581531DFA57F038EE1BC285B9BC3DAE17D133D |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.909989422543639 |
TrID: |
|
File name: | lsoft_001.pdf |
File size: | 42'791 bytes |
MD5: | ea04d7a553c078d6e6a3f1dc9581ec4e |
SHA1: | 51f2c26186caacd405aa65ec540c4331df55d6d2 |
SHA256: | cef8167bc521563bfb33cd5023c15dda10f938682d103e8d327676e9bacd75bb |
SHA512: | abd5ce36c34e739211c38c22c7a1cb07c462f1255e1b29eccdff82b4d01bc95060ff926a5aeae89a20583b9a66c268cde577eee6eccfc93f6de13575f69ecb82 |
SSDEEP: | 768:ry9U7gBUhuXv9eEtJnool5jQVDiqurdEV8OCJGSPDn7hY58DsJ9AK8e9pMfj:VgBrlXJoolVQVD4reenlfbK82pMfj |
TLSH: | D713D0A0C9A56C3CE64B15406386313BA05AB799C1CF75A13C9D834A85C4EF9F9E33E3 |
File Content Preview: | %PDF-1.4.%......xref.18 7.0000000346 00000 n..0000000437 00000 n..0000000691 00000 n..0000001182 00000 n..0000001418 00000 n..0000027780 00000 n..0000028894 00000 n..trailer.<</Size 25/Root 18 0 R/Info 16 0 R/Prev 42308/ID[<A0F892D2D1D30FFD673F1A9A1529DE8 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.909989 |
Total Bytes: | 42791 |
Stream Entropy: | 7.986181 |
Stream Bytes: | 37850 |
Entropy outside Streams: | 5.306977 |
Bytes outside Streams: | 4941 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 24 |
endobj | 24 |
stream | 11 |
endstream | 11 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 8 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2024 08:14:08.848229885 CEST | 49712 | 443 | 192.168.2.7 | 23.46.224.162 |
Apr 23, 2024 08:14:08.848278046 CEST | 443 | 49712 | 23.46.224.162 | 192.168.2.7 |
Apr 23, 2024 08:14:08.848438025 CEST | 49712 | 443 | 192.168.2.7 | 23.46.224.162 |
Apr 23, 2024 08:14:08.848766088 CEST | 49712 | 443 | 192.168.2.7 | 23.46.224.162 |
Apr 23, 2024 08:14:08.848778963 CEST | 443 | 49712 | 23.46.224.162 | 192.168.2.7 |
Apr 23, 2024 08:14:09.118485928 CEST | 443 | 49712 | 23.46.224.162 | 192.168.2.7 |
Apr 23, 2024 08:14:09.119498014 CEST | 49712 | 443 | 192.168.2.7 | 23.46.224.162 |
Apr 23, 2024 08:14:09.119520903 CEST | 443 | 49712 | 23.46.224.162 | 192.168.2.7 |
Apr 23, 2024 08:14:09.120722055 CEST | 443 | 49712 | 23.46.224.162 | 192.168.2.7 |
Apr 23, 2024 08:14:09.120840073 CEST | 49712 | 443 | 192.168.2.7 | 23.46.224.162 |
Apr 23, 2024 08:14:09.122807980 CEST | 49712 | 443 | 192.168.2.7 | 23.46.224.162 |
Apr 23, 2024 08:14:09.122886896 CEST | 443 | 49712 | 23.46.224.162 | 192.168.2.7 |
Apr 23, 2024 08:14:09.123104095 CEST | 49712 | 443 | 192.168.2.7 | 23.46.224.162 |
Apr 23, 2024 08:14:09.123112917 CEST | 443 | 49712 | 23.46.224.162 | 192.168.2.7 |
Apr 23, 2024 08:14:09.164279938 CEST | 49712 | 443 | 192.168.2.7 | 23.46.224.162 |
Apr 23, 2024 08:14:09.211957932 CEST | 443 | 49712 | 23.46.224.162 | 192.168.2.7 |
Apr 23, 2024 08:14:09.212055922 CEST | 443 | 49712 | 23.46.224.162 | 192.168.2.7 |
Apr 23, 2024 08:14:09.216001987 CEST | 49712 | 443 | 192.168.2.7 | 23.46.224.162 |
Apr 23, 2024 08:14:09.216027021 CEST | 443 | 49712 | 23.46.224.162 | 192.168.2.7 |
Apr 23, 2024 08:14:09.216115952 CEST | 49712 | 443 | 192.168.2.7 | 23.46.224.162 |
Apr 23, 2024 08:14:09.216115952 CEST | 49712 | 443 | 192.168.2.7 | 23.46.224.162 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49712 | 23.46.224.162 | 443 | 5832 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 06:14:09 UTC | 475 | OUT | |
2024-04-23 06:14:09 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:13:54 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff702560000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 08:13:55 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c3ff0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 08:13:55 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c3ff0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |