Windows
Analysis Report
LT1 (3)_page-0001_compressed.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 3132 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\L T1 (3)_pag e-0001_com pressed.pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 1336 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 2532 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 92 --field -trial-han dle=1720,i ,540845541 6841799603 ,144465273 9647155395 2,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.77.220.172 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430167 |
Start date and time: | 2024-04-23 08:37:25 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | LT1 (3)_page-0001_compressed.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/43@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.51.56.185, 52.5.13.197, 52.202.204.11, 23.22.254.206, 54.227.187.23, 162.159.61.3, 172.64.41.3, 104.117.182.145, 104.117.182.155
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.77.220.172 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | NetSupport RAT | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.130575217998601 |
Encrypted: | false |
SSDEEP: | 6:uNEN+q2PN72nKuAl9OmbnIFUt8jKXWZmw+jKiVkwON72nKuAl9OmbjLJ:tN+vVaHAahFUt8+m/++iV5OaHAaSJ |
MD5: | 3486B035D7D66D4EE019B2B76B9D60C2 |
SHA1: | 198D818FF3744B50BBAD9B1C7CA7D1700B23860F |
SHA-256: | D5606AFCC90AB9909478F05559A773390AF27ECD9995843A131A680C38ED509A |
SHA-512: | 07D915201BB86E6DD514B0FC29B51A98D9DE35E6F1E97EC309DC74B08614121B80E3D141717BF8EF650AD0B534C958504BA8C78FDA30C140E0279BCB45CA54EE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.130575217998601 |
Encrypted: | false |
SSDEEP: | 6:uNEN+q2PN72nKuAl9OmbnIFUt8jKXWZmw+jKiVkwON72nKuAl9OmbjLJ:tN+vVaHAahFUt8+m/++iV5OaHAaSJ |
MD5: | 3486B035D7D66D4EE019B2B76B9D60C2 |
SHA1: | 198D818FF3744B50BBAD9B1C7CA7D1700B23860F |
SHA-256: | D5606AFCC90AB9909478F05559A773390AF27ECD9995843A131A680C38ED509A |
SHA-512: | 07D915201BB86E6DD514B0FC29B51A98D9DE35E6F1E97EC309DC74B08614121B80E3D141717BF8EF650AD0B534C958504BA8C78FDA30C140E0279BCB45CA54EE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 342 |
Entropy (8bit): | 5.171078676241128 |
Encrypted: | false |
SSDEEP: | 6:OB/FIq2PN72nKuAl9Ombzo2jMGIFUt81dZZmw+1SFDkwON72nKuAl9Ombzo2jMmd:lvVaHAa8uFUt8d/+YR5OaHAa8RJ |
MD5: | ABF79B9FCBEB96AF5A5D57F4FF7AEC08 |
SHA1: | A5ACD57311D4718544AB037063B798C598659C22 |
SHA-256: | A097898382303B80A888A65B081195398092976E06254711CCDAD0FFD4A1BBF2 |
SHA-512: | A7C8D79150D736CD329061FEFD60CB450574BF46F4D22F08E1B143ACAA4078658306840860B1921E5F79F5CDF14911CDD29693635B15D989EDAB2750444B1E6D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 342 |
Entropy (8bit): | 5.171078676241128 |
Encrypted: | false |
SSDEEP: | 6:OB/FIq2PN72nKuAl9Ombzo2jMGIFUt81dZZmw+1SFDkwON72nKuAl9Ombzo2jMmd:lvVaHAa8uFUt8d/+YR5OaHAa8RJ |
MD5: | ABF79B9FCBEB96AF5A5D57F4FF7AEC08 |
SHA1: | A5ACD57311D4718544AB037063B798C598659C22 |
SHA-256: | A097898382303B80A888A65B081195398092976E06254711CCDAD0FFD4A1BBF2 |
SHA-512: | A7C8D79150D736CD329061FEFD60CB450574BF46F4D22F08E1B143ACAA4078658306840860B1921E5F79F5CDF14911CDD29693635B15D989EDAB2750444B1E6D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6e63828c-037d-48e4-855a-ea684ca76e13.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 474 |
Entropy (8bit): | 4.966429420996877 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZaDsBdOg2HlYicaq3QYiubcP7E4T3y:Y2sRdsodMHlYt3QYhbA7nby |
MD5: | 68CA0FB737F78A1B6AB649F6C128E5CF |
SHA1: | FB224E7948EA9B277547A17B5660E6887741E5E6 |
SHA-256: | 6E63975C892F69D520AA2FBFCF967706441E9B26C9856B1A9416563439C71BBA |
SHA-512: | F67F13E1641E2ADEA6335547C16F669848DED35CA409047CE3F013F8E5AB5B413FA40F6B62DA6FB275EE0896812990B77BBDCEBA0A46AF2EDC89E779E57A0744 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 474 |
Entropy (8bit): | 4.966429420996877 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZaDsBdOg2HlYicaq3QYiubcP7E4T3y:Y2sRdsodMHlYt3QYhbA7nby |
MD5: | 68CA0FB737F78A1B6AB649F6C128E5CF |
SHA1: | FB224E7948EA9B277547A17B5660E6887741E5E6 |
SHA-256: | 6E63975C892F69D520AA2FBFCF967706441E9B26C9856B1A9416563439C71BBA |
SHA-512: | F67F13E1641E2ADEA6335547C16F669848DED35CA409047CE3F013F8E5AB5B413FA40F6B62DA6FB275EE0896812990B77BBDCEBA0A46AF2EDC89E779E57A0744 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5859 |
Entropy (8bit): | 5.252836757204705 |
Encrypted: | false |
SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7EevQO:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhp |
MD5: | 26D0B1678C548A78531F97E503374F6E |
SHA1: | AB1448C569F16373716B41F5ACA2FBB5CCE002B6 |
SHA-256: | CBEEAEDFFF5A776E7CEA0E1667D9D2C76372285B92C5DC779BE1ED5521D814ED |
SHA-512: | 0B44563BE80462142ECF47A9BF60C2E25ED9D443C627C5CB40E4703BBD04C5A3E3EA34C79B9B1D1345D8C8A61D4D5B36A73E3DC950DC8813B15571743001BF83 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 5.170930421471773 |
Encrypted: | false |
SSDEEP: | 6:glTmq2PN72nKuAl9OmbzNMxIFUt8tgZZmw+tjRkwON72nKuAl9OmbzNMFLJ:gNmvVaHAa8jFUt8tM/+tjR5OaHAa84J |
MD5: | 05D6CE7529C6BDD859AC46005F7AC7A6 |
SHA1: | E00127504A2F0FAEC58DC10A6F0D622E14D764ED |
SHA-256: | F03BE493FDEB9F34237403CBC9E0889D17CEA3E6E456255871D243ED4C711518 |
SHA-512: | 8D571B401FA6D4C5E48F8520828955C773ADA1D6DA6FD21560C0D332A0D6D294B2D9FE7081F881E75BDCDE82CBC54A44427ED109DCF73F222B6C1D54BB92DDF8 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 5.170930421471773 |
Encrypted: | false |
SSDEEP: | 6:glTmq2PN72nKuAl9OmbzNMxIFUt8tgZZmw+tjRkwON72nKuAl9OmbzNMFLJ:gNmvVaHAa8jFUt8tM/+tjR5OaHAa84J |
MD5: | 05D6CE7529C6BDD859AC46005F7AC7A6 |
SHA1: | E00127504A2F0FAEC58DC10A6F0D622E14D764ED |
SHA-256: | F03BE493FDEB9F34237403CBC9E0889D17CEA3E6E456255871D243ED4C711518 |
SHA-512: | 8D571B401FA6D4C5E48F8520828955C773ADA1D6DA6FD21560C0D332A0D6D294B2D9FE7081F881E75BDCDE82CBC54A44427ED109DCF73F222B6C1D54BB92DDF8 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240423063817Z-159.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 3.5519429115436467 |
Encrypted: | false |
SSDEEP: | 768:KM/725DOB6Ct946yh0FHEQ3Myx3DZ9jIaK9GZbM9t/UA:KSYD+Tt94bh0FHEQ3MW3DTkaEWM9NUA |
MD5: | F7547D36CC2B98FD55557771D5356162 |
SHA1: | B93B628B36ADA61334F03DAF051526A351D3E5CB |
SHA-256: | 13228E29364C9DC2725E97256FACF700E003235812F5776158BE09830E6F1E64 |
SHA-512: | F7E9ED66393EFE617165B456EEA004B5D56EBF95DCFB6A6DC32AA389DE7C0F06FA2CC909EE62806FEF81B8230271480FEE8EB851299DB8D30679A0304280C667 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445198798673261 |
Encrypted: | false |
SSDEEP: | 384:ye6ci5tBiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mSs3OazzU89UTTgUL |
MD5: | 634FE2DE2533B26D29E4680265A6E343 |
SHA1: | 7FC084189D5EBCBA2B0B616019C72ABB174C9BF5 |
SHA-256: | 9477FBAD2722907837AC7777AEEE7E722F0169DF62D8401B5BF9F6FC3D7228D4 |
SHA-512: | 0F27048C95E3006D23869E64242EE1215557AC215D584B8E15C1E02AF702A76B85DD210845BE6B9E57037AEA273DE814BD47F8BEA7D59F3B3289CC7935D288E0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7693039620231183 |
Encrypted: | false |
SSDEEP: | 48:7MkJioyVxioydoy1C7oy16oy1vKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1OD:7rJuxX6XjBiRRb9IVXEBodRBkM |
MD5: | 80C8207B7CC30D7A26A08483ED7BDF10 |
SHA1: | A7378A7A14405FA7DAF0DEF904750C359B9BE403 |
SHA-256: | C1413D22DD6BA760FEBC24759DD5394883EA913230F36247C5035E5427810951 |
SHA-512: | 781337ED07BA97AE8B51895D9384CDCB7DD284E25FD979D7A7EE2CBD0F13ADCF16D1D6A70ADE9362468ADB5F24EC894334BEE59BC30DEB2668ECA0EA307ACA78 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn |
MD5: | 265E3E1166312A864FB63291EA661C6A |
SHA1: | 80DFF3187FF929596EB22E1DB9021BAD6F97178C |
SHA-256: | C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728 |
SHA-512: | 48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.361435181172357 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJM3g98kUwPeUkwRe9:YvXKX4Q46icCRn1ZGMbLUkee9 |
MD5: | FEAF07A31560C0C4A38219FC68F1E70A |
SHA1: | 81C3BF957CBE816526D48C6D4CCC17B0F4760D69 |
SHA-256: | 4141713F553738030067DFD9297A201A100B484812A529897001707E7874436F |
SHA-512: | 86E6592120EFD786240797928FD581090B891EC7A2665EE2D65829DAEF71D7CDAA4B1A9E22495982EFC515683F103667F5D33042F2BF66EB8CB3D4B051491925 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.316424193857392 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfBoTfXpnrPeUkwRe9:YvXKX4Q46icCRn1ZGWTfXcUkee9 |
MD5: | 46A26AC9B30B0D49FE0581A28C1306BF |
SHA1: | D5098468AC1987EE3BCEE8E17AC677A983610712 |
SHA-256: | 756C412055AF7FAA04EEA65CCBDA6780D7088FE04D0E8D25C4DDFE60C83742AC |
SHA-512: | 65072F9F00DC3E88B572F35B9DDFF8E738F4C7D83B39E17795B0D8492A71FCEFC0A4721547BD283839228717648660EB1C13302A575F382979978216878FD893 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.295910762994794 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfBD2G6UpnrPeUkwRe9:YvXKX4Q46icCRn1ZGR22cUkee9 |
MD5: | 9920906709065761C0B2ACDC6CBBC1D0 |
SHA1: | 18EF259C86B42F9A52128607D0FFAB4FFAA3800D |
SHA-256: | CE7750E9A03F545A7F453EF9DF2078146317A634F22801416412C9E3F71D4417 |
SHA-512: | 3E1F8D5099E54E2A0B4AA6669463063502FF8493A71F924967DDF8528D2B9886F7BF25E216C5D17E6AE6F66AE04AB889940273843EA5E1D64BD3C607E40F4475 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.341390100515422 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfPmwrPeUkwRe9:YvXKX4Q46icCRn1ZGH56Ukee9 |
MD5: | 4265B937F3104E6F227816E57D0BE082 |
SHA1: | E5153521039E62E00EB1CDF8F7A5440C0DD3BC3C |
SHA-256: | CB7CFCDA9B72EDC8E70EB588C8AE4919D4BAC23647CC63521034FFB0F6E3261C |
SHA-512: | 65E99F371F5CF817700628A45B093531C9220F98D2CC15E1EEDD4B718F6A848B63495094227A7BF07F664C470184FF9F40AA4118A07857A956BEA6BE2255BB0B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.305017834618134 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfJWCtMdPeUkwRe9:YvXKX4Q46icCRn1ZGBS8Ukee9 |
MD5: | 3217E8A42A3384DB4AA9B2DD89C3B057 |
SHA1: | 4B100FC482B49DB888DB62A261557AD91CA45D8F |
SHA-256: | C95CA670B93DF99257C0871DE1E271007CFBEE5C07C17D6F95D5A45DCD19051A |
SHA-512: | A7696493B3FD52597BEC319739BE65E074754418E7D01430E0FE1767CD5C419851B5BE02DD9C90639CA460247FEF54509088B9E5542362C5CDE468FF2FE0178F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2904655979428785 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJf8dPeUkwRe9:YvXKX4Q46icCRn1ZGU8Ukee9 |
MD5: | 65E95AC231C5332B3095843A22875D6F |
SHA1: | 7D54132A64C7A700FCEDEB2B2D8AA44F1C058E1B |
SHA-256: | 77EBBBE1D063173B4537AFEFC65D4D9DEBFE1AE4F5B513E5E4A449D4A698B8EE |
SHA-512: | 2DB090D9F3905DF86A961898AB4AF2128F9C8DCC20FA90343D7259668C5E850E565758FDC4E061CE7E016C4B1F3EF5B5F72300C72A8940ED09A292B0E03FADE4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.293215806271226 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfQ1rPeUkwRe9:YvXKX4Q46icCRn1ZGY16Ukee9 |
MD5: | 23BF521B4AD7C0AF77C44AAE6B55FAEF |
SHA1: | 5E9AF5CF0B2D4B00CD9291ACDA41D029751273AD |
SHA-256: | E70850E3B8A611D1989D9AA3547477AC41A04C2D4DDE2A56C0ADCA8818B07642 |
SHA-512: | 014C7FBDAB1CA20FEC21475BCD96A9A9520017009E2981FE9046071F7DDCED60B691C1F1F4A730A45AB0BE1972CD33634F5FCDA173F006934BE691351CA53680 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2990583831316185 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfFldPeUkwRe9:YvXKX4Q46icCRn1ZGz8Ukee9 |
MD5: | A403827EA73DF48130D56B46973A0164 |
SHA1: | 1BC56A3D9F22701695B9BA275CF9402BDE8B32F0 |
SHA-256: | 28647D09C948BCAE407F376DCAB77B4395D2B2B22603CBE4C01A9E6B83969086 |
SHA-512: | 4E129AADCD703FED2CE51B26F673E68927D0CD3E95C1A53871A69511284E2CA3AE530FB3F96828A8235821E6649D92F13D8243DFF91F65C12885397CDCB99D59 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.735727124286212 |
Encrypted: | false |
SSDEEP: | 24:Yv6X4IX8n1FKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNf:Yv1IMn1FEgigrNt0wSJn+ns8cvFJZ |
MD5: | 30837B3DCA6AB68314151D7656F73FD9 |
SHA1: | 61458E4D5EF61C62FA7CEE0F4BB43F80927042E5 |
SHA-256: | AFFDF9DA5C37258AFB8CCC78DCFFE9114772C80544B39B3E87E49E212FF7F826 |
SHA-512: | 6F718398B18E1B645D01592FA40C136A967135FC2806E2579448FE513292331D9D073FA6B0CD048D694BF750AFA00E7CA78710746CD14B00121E14494502515B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.296881879325884 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfYdPeUkwRe9:YvXKX4Q46icCRn1ZGg8Ukee9 |
MD5: | E37B826547DCF2E5CB5CE11322B0CFE1 |
SHA1: | 50AC449173D01F7D1BFE9A4FAAE57C5DAF44F74B |
SHA-256: | ECE819F528CD20D2BEB990F62011117B651E30634F5FE625C5E3B28DBD32F5BB |
SHA-512: | 82F910B835F95CD701FC000FB01536875687914B07D007E7033ED60FC7AFC8998D13345B283EE72196B0F8ABE21C68D93BC2DB02D1FB34550F92DF3C046F40BB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.772753398316456 |
Encrypted: | false |
SSDEEP: | 24:Yv6X4IX8n14rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNG:Yv1IMn14HgDv3W2aYQfgB5OUupHrQ9Fu |
MD5: | 6349E2F639119CA3A6122143B130BDB0 |
SHA1: | 984ACF50DA54F10C2E43805E6BE466FF42B1E638 |
SHA-256: | D6AFB7BB451EDD7651D707509F1FF6BF4572B0B442D5189EC57D0A45452EDFB4 |
SHA-512: | D0460C043E9CEA6C45D98DEC1A1F18391EF5D55215913DA0A9AFAEDFD6AFA732E647BD8C5A729886538CD3A22282E9527C054A957A0917BBF2E9AAE6FDC36A63 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.280450407382387 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfbPtdPeUkwRe9:YvXKX4Q46icCRn1ZGDV8Ukee9 |
MD5: | 2FD558715AACCF96F1A6AF07A6F63647 |
SHA1: | A5924BD7196146B51EFD29723FA7CF22F1A6BE77 |
SHA-256: | F93BEFE25309EC7B489CAA41E4CD7ACB1588E089EFCED2DFECEDA04EEABF63A2 |
SHA-512: | 9CB8FFD3072F12DE2DE8711D917435AB2CACC65E002109658E95661E49F35B4E1263B16DEAF9B2EAFE8A07BE66C4FF01EE09E8A6FE1F6A6C96F689D07DC4B162 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.283788568249392 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJf21rPeUkwRe9:YvXKX4Q46icCRn1ZG+16Ukee9 |
MD5: | B86004ED2AEC2A72E429CBE73329F266 |
SHA1: | DFE6DAD700A3BF4FDB98D79B9191DE19EB9BF12C |
SHA-256: | 71CE0A53441918EF349F20E22F90E804E9458C9AB7890CFD8932858DD03E2CD0 |
SHA-512: | DB7A19F80C0A952A79A33E4ECFF0B4E1AB6CC6E614891CCC300C72F9245391AF6C8BE847F077BF71F32A7CECF7EE59F2F878D1C848E8C63ACC48FB7A32D52933 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.303717008084032 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfbpatdPeUkwRe9:YvXKX4Q46icCRn1ZGVat8Ukee9 |
MD5: | 72746BFCC9185CECE74456340B004EF3 |
SHA1: | 6288DD8EFFD2B74F9C05FB9C1F7FB5673EE757BC |
SHA-256: | 54766C2A056A31F82CE0311D32A9C780148C3B28C2E70129AF359D0088F65763 |
SHA-512: | 07B41152EA2D930C70AA9FEBCA20DB49D2E514C7B49ED3BA95DD3BD021271627D1F0EFE92880E4F4F3F732ECDB3F98470A99FE84EB4917720327DF3F07A606BD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.259844400503881 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfshHHrPeUkwRe9:YvXKX4Q46icCRn1ZGUUUkee9 |
MD5: | B01B79FEAE1EB9CF47AB62B02FC652F3 |
SHA1: | FCB56806A3A9E482EBBCC1BB4BF0DAF0B67C1881 |
SHA-256: | 9DD473E65576969AE0E5DB38AC5028BF78886B6CCEC5037A955A73102EB91537 |
SHA-512: | C1C4F2E994D8810EE3A9C005D364B6BEB3444267AF2577811113A0087C1ECF9AA48AB2602677D83418D4F7AFF041160C030A47041DEF321B8E7C3D856C6A8114 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.368768874388277 |
Encrypted: | false |
SSDEEP: | 12:YvXKX4Q46icCRn1ZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWlY:Yv6X4IX8n11168CgEXX5kcIfANh/ |
MD5: | 11EACB71075F2E86DC3EC9DD729645CC |
SHA1: | 64D4AE17326E59CE0780AF9F2E39925979DE77AD |
SHA-256: | CD359414DCC337BC65BEA530EA8E8CFA34198BCDED1616C780F1FC0C56026EE3 |
SHA-512: | B8DFCA05183FB83A66718CC5279EB16894447579B93E2051799E21A26FCDBA3CD84BA52D89ADDB1E8454B0E14570C6A5C796C1A54B7FB86E63FA69A31D3FEAB3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.139435720010529 |
Encrypted: | false |
SSDEEP: | 24:Y7l2x2LSbCDeTR3EVpsPRauayTFsKXjQj0S5wlmepNq5V9EE6OuU3OG:YR8lHpSpGi6Lq79EEz |
MD5: | 9D8A17BAD294DF2BDCA5FC9EB498544B |
SHA1: | 4A4FC76211611182A0281A08FA798983FCB07C5E |
SHA-256: | 61A5F5E52B9C706B03A676AC4EA9446A87F2B6B4F91B5D6A15371D65B379FE39 |
SHA-512: | BC2004933B47753FF610C92CFEF59B52CB3911B51587DF09F5F9FFBE1570CD0CFBAFB7468F0503AB0D359935533A25EF8DC070F20BB099B017C6369894FBA923 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.145822627273595 |
Encrypted: | false |
SSDEEP: | 24:TLhx/XYKQvGJF7urs/A5rLRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUx:TFl2GL7msYLXc+XcGNFlRYIX2v3kvN |
MD5: | 0ADEFDF9B46E64A27B728CD340D8CD92 |
SHA1: | 27C29DA080CED412AD0C7B845BDF6BC0DB673959 |
SHA-256: | 1CB5FB27095E93F395A40EE4DA0D2685B3C168D769A58F29522F59DAB393EDFB |
SHA-512: | 15AED27737C8E493CA3CA28B8B2F830F72AB55CD88439DC565708BF1D88B2776F4718204CE76B74582EFB28B9EBBABA8FB8596BADD24925C9FD04C2AFE9C5F92 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.5518049912538316 |
Encrypted: | false |
SSDEEP: | 24:7+tWA5rLUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxxqLxx/J:7MfcXc+XcGNFlRYIX2vAqVl2GL7msqQ |
MD5: | C2A1A507B402E0CB069EBBA279140C28 |
SHA1: | 31EDADA870CDCD8DAEED884C331F5E0310208388 |
SHA-256: | 59A1BAF48A4E03695A7B348746141EC80C33270C3E658DEBCE4F80D2652AEE23 |
SHA-512: | B475EC9C7932AD2CE95415BDA66777567EBEF1DFF1F1A33460F1567E9ED7408DC1B4843BA5B57AA74EA52936B6CD2CB2EA422FAF7B419D1F3358A3C53C6EBB06 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5213298467083405 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rkylnNeNlH:Qw946cPbiOxDlbYnuRKslNq9 |
MD5: | 40544DAE0C5D23338C908D7D02E119BE |
SHA1: | B238B444E8AB1870516CD399DA9C1695CA4EA9D3 |
SHA-256: | BEBAB82FAD1D2788F02F4232DBCCBA89540F6396DF31BC0F745B3DD064AD3598 |
SHA-512: | CD0126FA99232D2EA80FC749453C3FA0F8BB6AD6E9F6F4CB2881AADF6C605C8133D09AFB05CE3847502D6382B26F1BE081CC97893A60805A56038184BFA03812 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-23 08-38-15-859.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.338264912747007 |
Encrypted: | false |
SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
MD5: | 128A51060103D95314048C2F32A15C66 |
SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.339097939066559 |
Encrypted: | false |
SSDEEP: | 384:g6uLGC/uDkvHfH1yItm0uzGeNiaaCWE+Fd/5Nf2uCmqtqvvq/TChRzIbIp01fcgz:+agqpZ |
MD5: | 3E775A9ACA2587EA37546C5035075DA5 |
SHA1: | B7AB84762857D9190D444BA23839DC5BE4931475 |
SHA-256: | C71A6866FCD574DAA83CFF201F645F96377E35B8A78C1BCC91BA96DBE88F5D89 |
SHA-512: | CC46CDC6FCFD9F4FE84A70146B75A3181C95D0ABCD66EFF8E6DD541C6723B4FF6E3550F89EC0A249692EBBE31102818CC3885698486FDB2BBF422B5231F6784C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.396989458570783 |
Encrypted: | false |
SSDEEP: | 192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbJcbaIV5cbq:V3fOCIdJDekVz |
MD5: | 6C8333947F81BAB960E11A62A340E1AB |
SHA1: | 80C8CE21673202F18982732646187EE08AD19750 |
SHA-256: | 86DABFB66221A0B7524566F80EEA2E9C8F9CB42FFE856E752CAB4753C0EB4DD5 |
SHA-512: | 0BAFDFF50232BD8F1047837D7A8EDF85E8FF8B0E6EA0CA2195ACA9146A7342F72078EA767D0A5F524423F19C215E308E2A8E379F603B340564BB68471A3EF3C0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/x0WCwYIGNPB07oYGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:J0WCwZGbxYGZn3mlind9i4ufFXpAXkru |
MD5: | 88B2722B96247B17B543D57C5854653B |
SHA1: | 8CD8A5117443E66B68808DB275330FE0715B36C9 |
SHA-256: | 98E89D91676C400D8C9765D758C445E9446FFAF1757B5B67DD518BB76BB514E7 |
SHA-512: | 7471ABF2EE6E0413E95E9CE5EC2E567A097FD370AD73A4583DE1DCFED11E0A9B371B65943E9DBB68BB097475930D59F29CA237D0DE8A90365DAECCC034B2B6AB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.9975533868702495 |
TrID: |
|
File name: | LT1 (3)_page-0001_compressed.pdf |
File size: | 260'288 bytes |
MD5: | c580eb3f77967275e11de3960c9ab081 |
SHA1: | 5b07ebd2783cc82538a5a0074e96aaff6136cb70 |
SHA256: | 0541bda1fa931996498e21f8026e0fd373f6f1a0378bdec63c2e8c18e61fb28a |
SHA512: | e919609b14c019e052bd8ed18bb20c07f06db9fc0a7cb5236e1a62063bb46f65644c5a670d1b7bfe9d1606ff24a150d001a77f983151c758f07a231e8dc0189a |
SSDEEP: | 6144:xvrpwgxq7albSeHP2ZCfHYsc0lt5K5q0pawmoTfHTPSDIf:xv9bx/lbFHP2OH5SqEmoTJ |
TLSH: | 214423996B2D06CC0C23B4E3FBF4C4ABC150B55A5FC4A4656234BD96A7B4F32701AE27 |
File Content Preview: | %PDF-1.7.%.....7 0 obj.<<./Type /XObject./Subtype /Image./Width 1239./Height 1754./BitsPerComponent 8./ColorSpace /DeviceRGB./Filter [/FlateDecode /DCTDecode]./DecodeParms [null <<./Quality 60.>>]./Length 259345.>>.stream.x....T]....N.{.....=.B........Np. |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.997553 |
Total Bytes: | 260288 |
Stream Entropy: | 7.997498 |
Stream Bytes: | 259442 |
Entropy outside Streams: | 5.357582 |
Bytes outside Streams: | 846 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 7 |
endobj | 7 |
stream | 3 |
endstream | 3 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2024 08:38:26.137015104 CEST | 49722 | 443 | 192.168.2.6 | 104.77.220.172 |
Apr 23, 2024 08:38:26.137068033 CEST | 443 | 49722 | 104.77.220.172 | 192.168.2.6 |
Apr 23, 2024 08:38:26.137136936 CEST | 49722 | 443 | 192.168.2.6 | 104.77.220.172 |
Apr 23, 2024 08:38:26.137413979 CEST | 49722 | 443 | 192.168.2.6 | 104.77.220.172 |
Apr 23, 2024 08:38:26.137445927 CEST | 443 | 49722 | 104.77.220.172 | 192.168.2.6 |
Apr 23, 2024 08:38:26.413619041 CEST | 443 | 49722 | 104.77.220.172 | 192.168.2.6 |
Apr 23, 2024 08:38:26.413965940 CEST | 49722 | 443 | 192.168.2.6 | 104.77.220.172 |
Apr 23, 2024 08:38:26.413985014 CEST | 443 | 49722 | 104.77.220.172 | 192.168.2.6 |
Apr 23, 2024 08:38:26.415014029 CEST | 443 | 49722 | 104.77.220.172 | 192.168.2.6 |
Apr 23, 2024 08:38:26.415087938 CEST | 49722 | 443 | 192.168.2.6 | 104.77.220.172 |
Apr 23, 2024 08:38:26.417160988 CEST | 49722 | 443 | 192.168.2.6 | 104.77.220.172 |
Apr 23, 2024 08:38:26.417222023 CEST | 443 | 49722 | 104.77.220.172 | 192.168.2.6 |
Apr 23, 2024 08:38:26.417443037 CEST | 49722 | 443 | 192.168.2.6 | 104.77.220.172 |
Apr 23, 2024 08:38:26.417449951 CEST | 443 | 49722 | 104.77.220.172 | 192.168.2.6 |
Apr 23, 2024 08:38:26.468290091 CEST | 49722 | 443 | 192.168.2.6 | 104.77.220.172 |
Apr 23, 2024 08:38:26.507472038 CEST | 443 | 49722 | 104.77.220.172 | 192.168.2.6 |
Apr 23, 2024 08:38:26.507556915 CEST | 443 | 49722 | 104.77.220.172 | 192.168.2.6 |
Apr 23, 2024 08:38:26.507785082 CEST | 49722 | 443 | 192.168.2.6 | 104.77.220.172 |
Apr 23, 2024 08:38:26.508671045 CEST | 49722 | 443 | 192.168.2.6 | 104.77.220.172 |
Apr 23, 2024 08:38:26.508687019 CEST | 443 | 49722 | 104.77.220.172 | 192.168.2.6 |
Apr 23, 2024 08:38:26.508709908 CEST | 49722 | 443 | 192.168.2.6 | 104.77.220.172 |
Apr 23, 2024 08:38:26.508754969 CEST | 49722 | 443 | 192.168.2.6 | 104.77.220.172 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49722 | 104.77.220.172 | 443 | 2532 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 06:38:26 UTC | 475 | OUT | |
2024-04-23 06:38:26 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:38:12 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff651090000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 08:38:13 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 08:38:13 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |