Windows
Analysis Report
April202421 - Copie.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 1856 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\A pril202421 - Copie.p df" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 1288 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 4284 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 04 --field -trial-han dle=1556,i ,470045180 3031286846 ,166576729 5409713829 9,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.0.216.25 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430475 |
Start date and time: | 2024-04-23 17:34:20 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 4s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | April202421 - Copie.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@14/41@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.204.76.141, 54.144.73.197, 34.193.227.236, 107.22.247.231, 18.207.85.246, 172.64.41.3, 162.159.61.3, 23.221.212.204, 23.221.212.200, 23.221.212.216, 23.221.212.219
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- VT rate limit hit for: April202421 - Copie.pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.1530557478310275 |
Encrypted: | false |
SSDEEP: | 6:k5/Aq2P92nKuAl9OmbnIFUt8F5fZmw+F5NkwO92nKuAl9OmbjLJ:M/Av4HAahFUt8bf/+bN5LHAaSJ |
MD5: | 3471A900B5415C6C2C13D6AFBE70FEAF |
SHA1: | 2B2204D838913000736A7CDC26F671AF74A5AD2C |
SHA-256: | 7634588B0D82556EE9A1A7D432A4C458AB85DB1245710085AD7A4D59A3E92C3D |
SHA-512: | B157181EF9CB0B5CB97EFD40F58DB61374E32DFE5F89FE2943C7822ACC3717F1B4E34266F758031F408DC42494879940721B8DD1DAC04D82FCF47BEDC2A21C1A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.1530557478310275 |
Encrypted: | false |
SSDEEP: | 6:k5/Aq2P92nKuAl9OmbnIFUt8F5fZmw+F5NkwO92nKuAl9OmbjLJ:M/Av4HAahFUt8bf/+bN5LHAaSJ |
MD5: | 3471A900B5415C6C2C13D6AFBE70FEAF |
SHA1: | 2B2204D838913000736A7CDC26F671AF74A5AD2C |
SHA-256: | 7634588B0D82556EE9A1A7D432A4C458AB85DB1245710085AD7A4D59A3E92C3D |
SHA-512: | B157181EF9CB0B5CB97EFD40F58DB61374E32DFE5F89FE2943C7822ACC3717F1B4E34266F758031F408DC42494879940721B8DD1DAC04D82FCF47BEDC2A21C1A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.180629896751112 |
Encrypted: | false |
SSDEEP: | 6:k5KBSQ+q2P92nKuAl9Ombzo2jMGIFUt8F5KRBgZmw+F5KB0QVkwO92nKuAl9OmbX:MI3+v4HAa8uFUt8bR/+bSBV5LHAa8RJ |
MD5: | 115CF57ECDA2C863799A3D7B871DEFDD |
SHA1: | 5F4D9E0EA9F4D58061883A12137813D8840AC21D |
SHA-256: | A3B0A74D5BBEB5117901685BF1A1922C846EB5F3EFBC03211BB56C855B302202 |
SHA-512: | ED4D1B97252D2161A78F4A0AA7125DF91A32DAC3F722506CD33421456D1004AF697520C3C2DD5306B9D5EE48517F5377E04CE2349FA4C7692150CCA63B238508 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.180629896751112 |
Encrypted: | false |
SSDEEP: | 6:k5KBSQ+q2P92nKuAl9Ombzo2jMGIFUt8F5KRBgZmw+F5KB0QVkwO92nKuAl9OmbX:MI3+v4HAa8uFUt8bR/+bSBV5LHAa8RJ |
MD5: | 115CF57ECDA2C863799A3D7B871DEFDD |
SHA1: | 5F4D9E0EA9F4D58061883A12137813D8840AC21D |
SHA-256: | A3B0A74D5BBEB5117901685BF1A1922C846EB5F3EFBC03211BB56C855B302202 |
SHA-512: | ED4D1B97252D2161A78F4A0AA7125DF91A32DAC3F722506CD33421456D1004AF697520C3C2DD5306B9D5EE48517F5377E04CE2349FA4C7692150CCA63B238508 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\67250a65-c0a1-4a71-ab99-418ad6c402a9.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.061488643784635 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZkSsBdOg2HIAcaq3QYiubxnP7E4T3OF+:Y2sRdsRXdMHs3QYhbxP7nbI+ |
MD5: | B412081EFF300167A39081A133C7BE60 |
SHA1: | B69630FCB10C3D24F4AC53053805236A6DCE4138 |
SHA-256: | B98CD489B732FD45DDCEE3804B9929082C7E9366C5033DB6BD6C8CBC2399ADCA |
SHA-512: | B9CA324009B0174143AEF2456EE8D25EF64E1EC76111C8FB3BC2515C2227FCCBB69E7E1ADBE93123CBD35094B550D2F761F5F6CEA9C4471B4C72A4227BA36F90 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.061488643784635 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZkSsBdOg2HIAcaq3QYiubxnP7E4T3OF+:Y2sRdsRXdMHs3QYhbxP7nbI+ |
MD5: | B412081EFF300167A39081A133C7BE60 |
SHA1: | B69630FCB10C3D24F4AC53053805236A6DCE4138 |
SHA-256: | B98CD489B732FD45DDCEE3804B9929082C7E9366C5033DB6BD6C8CBC2399ADCA |
SHA-512: | B9CA324009B0174143AEF2456EE8D25EF64E1EC76111C8FB3BC2515C2227FCCBB69E7E1ADBE93123CBD35094B550D2F761F5F6CEA9C4471B4C72A4227BA36F90 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.24267524756001 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUZmTLhqb+DhZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLD |
MD5: | 03D52CD6765E598EC923A1696E923AF8 |
SHA1: | 213B673E9BB1243BF50AF4D2BB54C1E6C5F2BD11 |
SHA-256: | 197B0502937F904BB7820BAA98ACBDA69C4EF662E8FB7F62FD65B2E12645C86B |
SHA-512: | 347B2B0A2773545DC10F68E264671AAEDC1CB56DB005EC2BC12A4B8FFEF8FAD22BA7BC24219E644BEB6986743231FDAA2AB0BDC52B382DA8121D0EE0643CB3B1 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.169144299462042 |
Encrypted: | false |
SSDEEP: | 6:k5SjPDQ+q2P92nKuAl9OmbzNMxIFUt8F5fgZmw+F5QkQVkwO92nKuAl9OmbzNMFd:Mqc+v4HAa8jFUt8bY/+bQRV5LHAa84J |
MD5: | 9972D419F75383BEFB692D54F9E63C45 |
SHA1: | 239950F34F33825ED94622E568B44748AFB7A5E1 |
SHA-256: | 7098A5B9B4A3233B6E8BCE248128DCCB6A36D40ABF1E8D99569AE15DDE2CCD94 |
SHA-512: | 76D71C8BA6CA444F652EDEBF2D587F67BE7A6B1BD6845BC0B496C8D508DBDD39DDD58B3F24A0B3B5152F65D979A9393DBB72E1E80F1164DFD5FFA0E93CD2C2F4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.169144299462042 |
Encrypted: | false |
SSDEEP: | 6:k5SjPDQ+q2P92nKuAl9OmbzNMxIFUt8F5fgZmw+F5QkQVkwO92nKuAl9OmbzNMFd:Mqc+v4HAa8jFUt8bY/+bQRV5LHAa84J |
MD5: | 9972D419F75383BEFB692D54F9E63C45 |
SHA1: | 239950F34F33825ED94622E568B44748AFB7A5E1 |
SHA-256: | 7098A5B9B4A3233B6E8BCE248128DCCB6A36D40ABF1E8D99569AE15DDE2CCD94 |
SHA-512: | 76D71C8BA6CA444F652EDEBF2D587F67BE7A6B1BD6845BC0B496C8D508DBDD39DDD58B3F24A0B3B5152F65D979A9393DBB72E1E80F1164DFD5FFA0E93CD2C2F4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240423153514Z-161.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 2.8848628398258533 |
Encrypted: | false |
SSDEEP: | 768:MbPKM0aW/EJdQnMPa/JPvuzA655K/mWWltHh1HcbZ:kih5Z |
MD5: | 9C12932536235D402736E55FB7337E46 |
SHA1: | 759EF7000D7661E9E30D9C74855DF6B6123126CC |
SHA-256: | C92390C7839FA350592B9EE7CB20CE3DCFAD7D055CD9D2775E3F7ABADF35E5A4 |
SHA-512: | BAC5A929FB27244EDE59A7EA547ADC29147C7C968087FF3B6842A68A1BECAF957E95102A959F6A479AED32321591B1B45210A14E6EB6E656E24BB2AE64868CD1 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.353812113018907 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuKWWmDG48R+FIbRI6XVW7+0Y9GeoAvJM3g98kUwPeUkwRe9:YvXKX8DGoYpW74KGMbLUkee9 |
MD5: | 8C1128247714C48E010C7F6B92C7D2A6 |
SHA1: | 90296AA5D912F2AF482BEA692144AEEE4A261211 |
SHA-256: | D5FF8BD823FF9618723F4F02ADD301472D044CB900C515E0906D3C9B10FA5887 |
SHA-512: | F96F4B80856E565E1B501927F2D5D8FF49EB74027B1551282E30DA5DD8DA008158283CDB0FEE7C6E58D385C07AD6EA6FA9D43DE097AAB041D207BD13CAAF3614 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.292766355849291 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuKWWmDG48R+FIbRI6XVW7+0Y9GeoAvJfBoTfXpnrPeUkwRe9:YvXKX8DGoYpW74KGWTfXcUkee9 |
MD5: | CCE8C49217934471747FE91BFB92DD03 |
SHA1: | 6F503B0547C76AE5BB24C8C8CEC86F5BC2A522EF |
SHA-256: | CA1A5CA29F534BB91AD16EB87358CF091197B57067DF372589E249C17A4FBA2A |
SHA-512: | C853E53713E9553256E46B66266F6FAD71D0AA3415C87B805B0D2E1D3805EA732E737313A2A505CEA8A642B6407D252A4E5CA508997A7B8F15C27C55359FA926 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2714725700761695 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuKWWmDG48R+FIbRI6XVW7+0Y9GeoAvJfBD2G6UpnrPeUkwRe9:YvXKX8DGoYpW74KGR22cUkee9 |
MD5: | 4C672215D0E8800F2490E9395DCDCA13 |
SHA1: | 541077921BCAE1992AADDC8C1EB1CED193DB76CC |
SHA-256: | 9356A509F369C2AF932090863025B802A5EDA20032C7CFD933BC204BD72EB625 |
SHA-512: | BF54A5060F8D5997EE671A8F68EABD0E0F6189233896F816285F55FF9296BB2A1F4977A66DEF82B704B3C1135C8207D182F0D76E23DC58E323C9AD03C282F79B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.332369858276411 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuKWWmDG48R+FIbRI6XVW7+0Y9GeoAvJfPmwrPeUkwRe9:YvXKX8DGoYpW74KGH56Ukee9 |
MD5: | EC1C2A0AF2CB78687DFDD55545B36219 |
SHA1: | 34C1B1565F1CB356C80152730CF499DD55DF8DF6 |
SHA-256: | E7E0A65E0D16E555464B3E62A39CA4FC518DAAD3BA5C5DECD8DCE6E2221ECDA0 |
SHA-512: | F9C3D1B5B9FF293CB8CA6585B1339A23C7B22994751F1D1633927F027C8FBC293D6272B27CB5B9F3080010FE02207108290D9236B3B22A84F86AF7F48EC5DC26 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.292407381725074 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuKWWmDG48R+FIbRI6XVW7+0Y9GeoAvJfJWCtMdPeUkwRe9:YvXKX8DGoYpW74KGBS8Ukee9 |
MD5: | 78AAB4FCF2F10F6B6A00A36471A9EAB3 |
SHA1: | 09B4E0651B8120B396CBF61DBC942E5BAE80B76E |
SHA-256: | 60839CFB1007B123B839B7A190028EDC895FC7EDA50743D49146513AD9881A03 |
SHA-512: | F088EF29F37DCE1B6D8F8B1E973DD031BF1C598ACF18836857D3AE98E91384431F6736958EB201A0B1E1946BEC87B42A789AA7F11CE52E867747FA8F3AF19986 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.278641080713376 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuKWWmDG48R+FIbRI6XVW7+0Y9GeoAvJf8dPeUkwRe9:YvXKX8DGoYpW74KGU8Ukee9 |
MD5: | 0F6666B1CFD92C4EEBFDF5EAB34EE078 |
SHA1: | ED803E7D8B5DBE48B5AB4ED55C1C4ACF257BE3FE |
SHA-256: | 3F31FD711887360A303682BC5F1C1EC5F7F187069F2B353B3D04C22F64AFE60B |
SHA-512: | B362896AA2440A3C87AEF558F2401231C686CC87EAFE6564126DC7F2FDB352285B071491F8C9941EA2023701267051A8F2BC723B3CCD252BE8A983D2C01A92C9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.279815723096798 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuKWWmDG48R+FIbRI6XVW7+0Y9GeoAvJfQ1rPeUkwRe9:YvXKX8DGoYpW74KGY16Ukee9 |
MD5: | 9DD843ED9C48F4DD195402A10DBA51F8 |
SHA1: | 44DFA093688C617E0B6698DFBF53E027A0FD8FEA |
SHA-256: | 18B60C79EAC2341B6A71A756857669369E334E28B298F6F5A53A3DEEEEBEBAE1 |
SHA-512: | E415265A60F853FA0EA2F9B5E93448B8F312728DB05A14EF6F5A7D4B09085EA7C3BDED9DF4185A3E4D48F84ACDDE1CDAD412155F799E4A3A014BC98E64577106 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2986581021149375 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuKWWmDG48R+FIbRI6XVW7+0Y9GeoAvJfFldPeUkwRe9:YvXKX8DGoYpW74KGz8Ukee9 |
MD5: | 2E308C786201DB44DA9C03957795ED34 |
SHA1: | 9B1DBED14BA462089B270740911B2E41AD82D2C6 |
SHA-256: | B02EF2F223E5791C66FF425F2009C680A000CB6703A773EC4B48FECFBA39565E |
SHA-512: | 9733DA43DEEFC9DCB54C9ACE4914A2CB33C6AEFC3A12DF1B535FD6DBC9AD82C1F7AFADF7ABC2E79A80B653ABB4FA649314883D790D6E4139AAAFB6308CEBF3A9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.743904673587441 |
Encrypted: | false |
SSDEEP: | 24:Yv6X1RitKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNA:YvqItEgigrNt0wSJn+ns8cvFJ+ |
MD5: | B85F81AAE029292F670A57ABDD7C905E |
SHA1: | 890EF61A4AD26BC3637283B0F35228ADF8E9731C |
SHA-256: | E6CC1CB673EE730ED36869286740FC3D330792512C7E9703C4A60E19D3A59149 |
SHA-512: | 9383A9240C2DEDA436032EB36E9870A830948C8940FEC24A2B312C8D7C59CF3988717BAA582233CAB80DB5E5320A113B5FD218C7707DA62EDCB3F8A4B9246D09 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.28640703429917 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuKWWmDG48R+FIbRI6XVW7+0Y9GeoAvJfYdPeUkwRe9:YvXKX8DGoYpW74KGg8Ukee9 |
MD5: | 7451EEE9B747D6CE8B3175D0D4777604 |
SHA1: | B3E9B4A298007709A38CFA43608E13A84EBA74C3 |
SHA-256: | 68B85F123A7C1AB6B1E3A839096F062BDB843917B2C19B94741C0284967F3DCF |
SHA-512: | 615BAB57D6AD33F1B93906FF3AE2C5A9888DCAB1F72DA7BAD677B8C47E4A5F818DBF0DDB4910A1DE8928ADC415805CDEF9CB5857B435DEF90C86468D23CC42B8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.778070996796113 |
Encrypted: | false |
SSDEEP: | 24:Yv6X1RiwrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN4:YvqIwHgDv3W2aYQfgB5OUupHrQ9FJi |
MD5: | 6C40DED1DFBA2CE28DB3A267EDA9822B |
SHA1: | DAEC1563BF19B3CFDE511578ED09978E4FD0FAB0 |
SHA-256: | 5A0B728E3E430A39FECEC9C50D363458BF8419D6C3CDC110CD08163D03CC8D0F |
SHA-512: | 8E0F4F3B20E58F9F950580CD02CF6C4E1642181853B51C65E01B32CE2CCA9AC0467D1B387EC9DAAAF8B11613B5BB8F7CD005D0635CD17A88CD519057F7F51816 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.2700475544177126 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuKWWmDG48R+FIbRI6XVW7+0Y9GeoAvJfbPtdPeUkwRe9:YvXKX8DGoYpW74KGDV8Ukee9 |
MD5: | 56DD01182847D202561D71C668718F0B |
SHA1: | 2711F5368DAD1679ED99DA667412D2FF19A2B08F |
SHA-256: | CADF78686D4107511C605F69965DDCD9BE5061D754EDED3CCB16F145B240DEAF |
SHA-512: | E626CFBD01D516D3F8D69D16AB6C1EA33C4E6757DBE68154450B73E5B1BBFF69ED5E1C24EAD0533B8545A04649BAEE3E0E8AD96853EA56280EFDBF82DF0D6127 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.27121824614564 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuKWWmDG48R+FIbRI6XVW7+0Y9GeoAvJf21rPeUkwRe9:YvXKX8DGoYpW74KG+16Ukee9 |
MD5: | 2831E5E2E003CD92EE193E9DEED37D93 |
SHA1: | C6CEDE71EF09336A88545A05DF39A60B28B4DA62 |
SHA-256: | BC8277EF7EA8397373FE7206BE8C569337B01FDCB2E194F82F43798E683E960D |
SHA-512: | 5CB79DD8962A17892DFAE09517D96EB107E1B06DD0A3D9B1BB1514FF181E58F464050DD2764EC062EA5E1CB11EF1E1B3126BFA8B292763AE484D253609FE1957 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.292948344983096 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuKWWmDG48R+FIbRI6XVW7+0Y9GeoAvJfbpatdPeUkwRe9:YvXKX8DGoYpW74KGVat8Ukee9 |
MD5: | EAC7C34BA5CCC56C6D7073A7CED4E0EA |
SHA1: | 4C2E31BFEE000689B3978E14BE61D644DB383AB3 |
SHA-256: | AD38A9B25AB118E4BCADE33B049F42488044BD6E96452C7A2B63D5AEC06E220C |
SHA-512: | 26B84C52B8AE4C11C5C5D3F1B58F383564AA298D391BC83E4DB9CC643192569854BAC6BCC2C27F30A27149E8A071B341CB56ADA01D17ACAD38129809452A98BA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.245803086714683 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuKWWmDG48R+FIbRI6XVW7+0Y9GeoAvJfshHHrPeUkwRe9:YvXKX8DGoYpW74KGUUUkee9 |
MD5: | 6BFE19E6DDFA1C7672A77EC8D23046E1 |
SHA1: | E2627CACECC0F41552FBB6B0849507A7AA8288A1 |
SHA-256: | CC1A2778D8753897174784C8925F4DBD5ED466FFEB865AD2CA5D19E41208AD11 |
SHA-512: | 5AE2E130FAA109233C56E27AE361ECADF9A4B8D35C1FCF16DCFA4B7884E9578F10B0E8EF4F9809FB04CCB3DFFC689DDEB6823D63CE80CDF5F633EE3272587C68 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.367567757092166 |
Encrypted: | false |
SSDEEP: | 12:YvXKX8DGoYpW74KGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW1O:Yv6X1Rid168CgEXX5kcIfANhR |
MD5: | D4DB760328E379A2DAE04DDB5D0CCDCE |
SHA1: | 6DF87E72397CD85BBF4939F37D41494557446D55 |
SHA-256: | 2D89B0ABCE18B4D950AC1C643E0A7D06896DD385B691DE2A259E370213D46F42 |
SHA-512: | CA6D5DD5CA5026A83B93FD96A3DD1570B4046EFC0D55EB37A37F15D910B76C9227AB24F95D1F274173311E8C70D6ACCFBF89BFE99A99AABA9BC6D9CF12AC9050 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.145164752549799 |
Encrypted: | false |
SSDEEP: | 24:YOHd1T8E4OCJRgDNzA4DBaBVayPQOUykBh4jjFh1sj0S1BgCJ202LSHt5u5QGw9c:YOHdN8+IcJAHfNsM/1+XgyNpt5ulw9Kd |
MD5: | 900B708860BE414B7E567D1F4ABCDE55 |
SHA1: | 6760BCC49BE4DDE3E2E4D6F59DC5F45155B72AD5 |
SHA-256: | 6F34E73D248D00BA9F03899E67490CF0BD6F95F185B5647045AA1FE2DBB78566 |
SHA-512: | 3F9F7CFCA83EECF4C519C6D51853FB66049C25D2F9D961E506A9D85F9B2E5EC8759BBF07082ECC00A447D6D6354AE170D8EF934033BD245FFDA22A39B6F283C9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9836150565787567 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpsROL4zJwtNBwtNbRZ6bRZ4FROLF:TVl2GL7ms6ggOVpsckzutYtp6P+ch |
MD5: | E163D23130DE9F311C69681F93826D5F |
SHA1: | 0E47824D1AA1ECBEB1FDA4EF4BA2DBEEBBC39527 |
SHA-256: | 689301F556337768FB2966F75ECD6BB1864ED22D11A1294E4484C2E7B8C69A0C |
SHA-512: | EFF7C82B541DF19966AD24839ACB71DE791456AA6F66D29C934F1827E13D4C53395E64E82252369F55282143ADE45CE96AE685B4BF93FE82030510CDA67A83BF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3368784198905586 |
Encrypted: | false |
SSDEEP: | 48:7MRpGgOVpscbzutYtp6PMSmqll2GL7mse:78fOVp6awmqVmse |
MD5: | EE1F7B80C9868212BD8DC3FA3FE7363B |
SHA1: | 9C7040A7DDC4D902C63655F6FDC269174000F604 |
SHA-256: | 672822DE4C1BEBAF7DB6248872495296501457E209666013682534A1940154B0 |
SHA-512: | 9E80CB14F6D9F4D4E229D05F576F37B31AC06B579A1ED3D66C26CEAA6C15BFE591F249A930360498C7C56A1D899224BC0E1DEFF2B16FB29697B96E6A0825969C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.534010397435022 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rkaXGKw:Qw946cPbiOxDlbYnuRKU7w |
MD5: | 503CF31F5CB1641BE52B2E0E09054037 |
SHA1: | ACB85A76248A28AF442C6FC3D2378144BF204C2D |
SHA-256: | 4F0BA6514A98EC645EB58585E073B4F8335F8B063DAC90D700F9895B93286C1B |
SHA-512: | 699D73BF153DAC6C56C4439C83D6DAA1ACE2446AB98C56BE4B1E598A6E0A0873D8AF0CE61D9FA6A558B96722038552A6E687E77DD544BE21659B6AF7111E18E2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-23 17-35-12-244.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.3646530054902515 |
Encrypted: | false |
SSDEEP: | 384:5q/bqBvqBmqBfqBfqBaqBLqBmqBNqBHLqBrqBNqBAqBUqBWq0Hqbsqb2qusqu2qt:EiB |
MD5: | A1B0A915701B4392B76DDA5051594281 |
SHA1: | 4F04477D340EB1ABB16EB2B6D2FEE34E43A08D8C |
SHA-256: | 55796CB1DCAF1BB1B12A68B290A583EAD539FF8BC9CF4BB5100301BE8E3CF9AD |
SHA-512: | 3C146D2A2012C2936F92DF502250B060AC8A42859B62C2791851D61E67DA3BDF15FC30A2E1C59D0EEBAEDEBCA543EE79642DC89441DFB0E02B3DF5AA63DB66C6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.392058766760043 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGb9:B |
MD5: | 50CDE832E6CC552B14390A24530C7AD8 |
SHA1: | 76E39F4520F0F9EE6102B644FC115C923BAF939A |
SHA-256: | 5B9ADC22CAA12C195BFA3B7CED733E3C32514D86A751BE5DC46DDA0679E29D33 |
SHA-512: | FB1EE3EFB58693E55FCFD43EBF4D3BE64FE09F80D1B9F25E286E28EEEB5BD036F37BA9638923A68064C0DD6D764CAA253C839B3914280F1E17F4733721624B3E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | E9F3D4433B4B63EFAE5ADDCD8F0255E0 |
SHA1: | EC45AC7278A71F4D60DAF06CB4B54843D3ECDD2F |
SHA-256: | 6ACF72D2F51156B8050B4E4B3A7F9FAF56347EB28003BC74C51F37B21FFD5F53 |
SHA-512: | 9801D931CD8A428CA0BAD20DA116AFC729BD018C87B740C239032ACB1125896F8E7C39F566401E8E1BC5E839C0276FEBCF41E1A5AC689F0E17F506CA27236CFC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.950612825263779 |
TrID: |
|
File name: | April202421 - Copie.pdf |
File size: | 193'604 bytes |
MD5: | c1b57adbead6ac743354c4eb65173d13 |
SHA1: | 0f747636b62405d93793f25b4523566e6ecf382c |
SHA256: | 97759f61086dcfd86ff0e4be20e14d7a2f2a80ab553e49d04510a2c121143231 |
SHA512: | 14563d5e3067b0bc15683fa90f8827e08e791b2fe6a8b8ddd0ef84722f37dc7a77db0a3b0d4bc907bd9a45f1f476435485a0ba878c269144d6911373e8221af9 |
SSDEEP: | 3072:Emc4d2eqsMYXcXyB8lKDdzBi5CA7kHvD6HB/RH6kz8001xo4hh9nsuBOr9l9wNGj:EmjwBYMC+lethQ4vDqDHho00AEh9nsu0 |
TLSH: | 04140276EA99B01DCA28D533260C75938B8ED2337A407C523C6C4DC75498E12EFA79ED |
File Content Preview: | %PDF-1.7.%.....6 0 obj.<<./BM /Normal./CA 1./Type /ExtGState./ca 1.>>.endobj.9 0 obj.<<./Length1 30984./Filter /FlateDecode./Length 13730.>>.stream.x..}.X\...9...0.......dX. ...I.$d.@.IH dU.'f1Q.-..k.{k.5..d.=m...Qk.v.6v.j.[..*...=.....}.=........g....... |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.950613 |
Total Bytes: | 193604 |
Stream Entropy: | 7.997365 |
Stream Bytes: | 175753 |
Entropy outside Streams: | 5.084342 |
Bytes outside Streams: | 17851 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 97 |
endobj | 97 |
stream | 30 |
endstream | 30 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
87 | 4646464646464646 | d7aa82fdca0070bac7392cb297aa11cb | |
90 | 0000000000000000 | 3b8f63bb73ab5e0eecffd7736c784702 | |
92 | 0000000000000000 | be33870dfcb38b901f74025616c405c1 | |
95 | 0000000000000000 | 0422e7932759c125f0b79ea139696274 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2024 17:35:22.600315094 CEST | 49715 | 443 | 192.168.2.5 | 23.0.216.25 |
Apr 23, 2024 17:35:22.600373983 CEST | 443 | 49715 | 23.0.216.25 | 192.168.2.5 |
Apr 23, 2024 17:35:22.600462914 CEST | 49715 | 443 | 192.168.2.5 | 23.0.216.25 |
Apr 23, 2024 17:35:22.600653887 CEST | 49715 | 443 | 192.168.2.5 | 23.0.216.25 |
Apr 23, 2024 17:35:22.600671053 CEST | 443 | 49715 | 23.0.216.25 | 192.168.2.5 |
Apr 23, 2024 17:35:22.969002008 CEST | 443 | 49715 | 23.0.216.25 | 192.168.2.5 |
Apr 23, 2024 17:35:22.969307899 CEST | 49715 | 443 | 192.168.2.5 | 23.0.216.25 |
Apr 23, 2024 17:35:22.969326973 CEST | 443 | 49715 | 23.0.216.25 | 192.168.2.5 |
Apr 23, 2024 17:35:22.970323086 CEST | 443 | 49715 | 23.0.216.25 | 192.168.2.5 |
Apr 23, 2024 17:35:22.970380068 CEST | 49715 | 443 | 192.168.2.5 | 23.0.216.25 |
Apr 23, 2024 17:35:22.972671986 CEST | 49715 | 443 | 192.168.2.5 | 23.0.216.25 |
Apr 23, 2024 17:35:22.972731113 CEST | 443 | 49715 | 23.0.216.25 | 192.168.2.5 |
Apr 23, 2024 17:35:22.972879887 CEST | 49715 | 443 | 192.168.2.5 | 23.0.216.25 |
Apr 23, 2024 17:35:23.016139984 CEST | 443 | 49715 | 23.0.216.25 | 192.168.2.5 |
Apr 23, 2024 17:35:23.018347979 CEST | 49715 | 443 | 192.168.2.5 | 23.0.216.25 |
Apr 23, 2024 17:35:23.018409014 CEST | 443 | 49715 | 23.0.216.25 | 192.168.2.5 |
Apr 23, 2024 17:35:23.065042973 CEST | 49715 | 443 | 192.168.2.5 | 23.0.216.25 |
Apr 23, 2024 17:35:23.095325947 CEST | 443 | 49715 | 23.0.216.25 | 192.168.2.5 |
Apr 23, 2024 17:35:23.095529079 CEST | 443 | 49715 | 23.0.216.25 | 192.168.2.5 |
Apr 23, 2024 17:35:23.095582962 CEST | 49715 | 443 | 192.168.2.5 | 23.0.216.25 |
Apr 23, 2024 17:35:23.095890999 CEST | 49715 | 443 | 192.168.2.5 | 23.0.216.25 |
Apr 23, 2024 17:35:23.095906973 CEST | 443 | 49715 | 23.0.216.25 | 192.168.2.5 |
Apr 23, 2024 17:35:23.095917940 CEST | 49715 | 443 | 192.168.2.5 | 23.0.216.25 |
Apr 23, 2024 17:35:23.095954895 CEST | 49715 | 443 | 192.168.2.5 | 23.0.216.25 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49715 | 23.0.216.25 | 443 | 4284 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 15:35:22 UTC | 475 | OUT | |
2024-04-23 15:35:23 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:35:08 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 17:35:09 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 17:35:10 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |