Windows
Analysis Report
Beneficiary Contract Sheet.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- Acrobat.exe (PID: 7056 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\B eneficiary Contract Sheet.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6384 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6300 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 60 --field -trial-han dle=1608,i ,894976299 4089980583 ,153437164 5546720641 1,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
17% | ReversingLabs | Win32.Trojan.Generic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.15.136.202 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430627 |
Start date and time: | 2024-04-24 00:56:18 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Beneficiary Contract Sheet.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@15/44@0/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.1.100.158, 52.5.13.197, 52.202.204.11, 23.22.254.206, 54.227.187.23, 172.64.41.3, 162.159.61.3, 23.220.73.10, 23.220.73.15
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, p13n.adobe.io, geo2.adobe.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- VT rate limit hit for: Beneficiary Contract Sheet.pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.15.136.202 | Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.154358127215489 |
Encrypted: | false |
SSDEEP: | 6:wv++q2PRN2nKuAl9OmbnIFUt8hviZmw+hv+VkwORN2nKuAl9OmbjLJ:wvvvaHAahFUt8hvi/+hvO5JHAaSJ |
MD5: | 24B6F7CCF1FDB6D03637DF4F6C9A8AB0 |
SHA1: | F704A035D52206200D469804D029B016B8D143B0 |
SHA-256: | 1C082AC501394A407A0983249723758CCD1B83F8ED4F8438DF311AAF2D1F51B0 |
SHA-512: | CFBE66701A1748C2D2FE9476A34461572DEC5EC01E1DE6C2F3FA635C1539035ECF65059B91BFC7111E567FCFFD2BB3253593C5BEB868D04B3147CE966DB7450A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.154358127215489 |
Encrypted: | false |
SSDEEP: | 6:wv++q2PRN2nKuAl9OmbnIFUt8hviZmw+hv+VkwORN2nKuAl9OmbjLJ:wvvvaHAahFUt8hvi/+hvO5JHAaSJ |
MD5: | 24B6F7CCF1FDB6D03637DF4F6C9A8AB0 |
SHA1: | F704A035D52206200D469804D029B016B8D143B0 |
SHA-256: | 1C082AC501394A407A0983249723758CCD1B83F8ED4F8438DF311AAF2D1F51B0 |
SHA-512: | CFBE66701A1748C2D2FE9476A34461572DEC5EC01E1DE6C2F3FA635C1539035ECF65059B91BFC7111E567FCFFD2BB3253593C5BEB868D04B3147CE966DB7450A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.1383737109513214 |
Encrypted: | false |
SSDEEP: | 6:wv4jyq2PRN2nKuAl9Ombzo2jMGIFUt8hvV1Zmw+hvIvlRkwORN2nKuAl9Ombzo23:wv0yvaHAa8uFUt8hv3/+hvI9R5JHAa8z |
MD5: | 93D6F503EBA262B8B31BCDCA67785886 |
SHA1: | 1A601B445EBCF3E58A804C948BEBC0C009857954 |
SHA-256: | 16F1323338B10B2C5EFF2330FBDED8382ECC1F98C5857EC5B84EC8E5EDCC8459 |
SHA-512: | B2634A2AFF45FF78207407478CF907E86D5808605CE128092F36F2E4BEB7639889B72C91A7A1D8EDB3E8F6D97389D5FFC7797275C3A008CDFD5AF182B80E0F91 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.1383737109513214 |
Encrypted: | false |
SSDEEP: | 6:wv4jyq2PRN2nKuAl9Ombzo2jMGIFUt8hvV1Zmw+hvIvlRkwORN2nKuAl9Ombzo23:wv0yvaHAa8uFUt8hv3/+hvI9R5JHAa8z |
MD5: | 93D6F503EBA262B8B31BCDCA67785886 |
SHA1: | 1A601B445EBCF3E58A804C948BEBC0C009857954 |
SHA-256: | 16F1323338B10B2C5EFF2330FBDED8382ECC1F98C5857EC5B84EC8E5EDCC8459 |
SHA-512: | B2634A2AFF45FF78207407478CF907E86D5808605CE128092F36F2E4BEB7639889B72C91A7A1D8EDB3E8F6D97389D5FFC7797275C3A008CDFD5AF182B80E0F91 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0e1eac64-599c-4aff-a258-e48683c7e142.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.984291744275657 |
Encrypted: | false |
SSDEEP: | 12:YHO8sqZdKsBdOg2H+caq3QYiubrP7E4T3y:YXsUvdMHB3QYhbz7nby |
MD5: | ECDE38D74CC226C17BA5280E1907E655 |
SHA1: | D296508679014CAB2F2A451519A8A4984979667C |
SHA-256: | 54585E35682F41FF0258C65C7228BAFF70C6DF90BB0123921446346249A7A0DB |
SHA-512: | EBD954C551439F6E5D21A43CD44AF034E3D048A153FB0ABC6EC9DD67ED44BB0C3814EFE5CDC848AF33FE2A886B81ECBA537BB88EA687CAEB38D60B4E0FEE856E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5fb48c.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b91f9ec6-56df-4663-9fc3-dca6243b5ee1.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.234825212758961 |
Encrypted: | false |
SSDEEP: | 96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xeWCuGc:OLT0bTIeYa51Ogu/0OZARBT8kN88WCu9 |
MD5: | F5C351A415D5B42FE20CE5EA174CB982 |
SHA1: | 4208C42BF4C91D77B940E471E4CD80EEE8975286 |
SHA-256: | 175F95276F2816FF9CEE9E00F8BD2790D0561F315FECE02DC558C41FE29FC4D7 |
SHA-512: | 4EFFC9F70654BFC49EB91241CB82E55BCF03B3A34A16A3A827A9C1D35936E104090632181F71B89639F3B438D54F0355DD7133741F3883886D8ABBDA16E57592 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.162643861398066 |
Encrypted: | false |
SSDEEP: | 6:wv12lyq2PRN2nKuAl9OmbzNMxIFUt8hvU1Zmw+hvIa9RkwORN2nKuAl9OmbzNMFd:wv16yvaHAa8jFUt8hvK/+hvIa9R5JHAo |
MD5: | 628204CA63B6B6AFEF392BFEFFEB6A72 |
SHA1: | 1DD5B0768D9916312D1C1CFAB755B6537AB7E664 |
SHA-256: | 0C79EF9B2C11E2F42A588C6313D1A4358B2B4F88B092D3D0051A30FE0855AEF7 |
SHA-512: | B0DA7F3DDB41B9E0006C281575F34883665FA5057DFF5FD36738680D0F92B45E6FCE42DFE30BB700112218F349169434F43D1B101A749EC8520F33B0F3B705ED |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.162643861398066 |
Encrypted: | false |
SSDEEP: | 6:wv12lyq2PRN2nKuAl9OmbzNMxIFUt8hvU1Zmw+hvIa9RkwORN2nKuAl9OmbzNMFd:wv16yvaHAa8jFUt8hvK/+hvIa9R5JHAo |
MD5: | 628204CA63B6B6AFEF392BFEFFEB6A72 |
SHA1: | 1DD5B0768D9916312D1C1CFAB755B6537AB7E664 |
SHA-256: | 0C79EF9B2C11E2F42A588C6313D1A4358B2B4F88B092D3D0051A30FE0855AEF7 |
SHA-512: | B0DA7F3DDB41B9E0006C281575F34883665FA5057DFF5FD36738680D0F92B45E6FCE42DFE30BB700112218F349169434F43D1B101A749EC8520F33B0F3B705ED |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240423225647Z-155.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 2.7445622217496233 |
Encrypted: | false |
SSDEEP: | 384:jxDp+AOY+TDtPNg+KhPJFZHGqqJ2oWilUEvsbWLDQJenRMH2p7xZrgzn52:lVmDVtKnFZH6J2ovUEvsbWdMH2p7ne2 |
MD5: | F7DB2DE5B924E6C61557BD673A23857D |
SHA1: | ACB96CBA9A02ED1211EB133F9422F24423774683 |
SHA-256: | 0DC7CD6C34AEEE03AA0890D7EF51BA6284C4EB885CD8E7543CB3A2FA9C00C735 |
SHA-512: | AEF37869AFA43CC4D829B4A7C61E16BC4002F9232F247E20EF69F970ED908CC7928A25B13343293621E6A2FE920A4BE71CD93CBC1DDF48384B5E81F547B0ECA0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | 192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2145197682647093 |
Encrypted: | false |
SSDEEP: | 24:7+t4fqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+Zv:7MAqLmFTIF3XmHjBoGGR+jMz+Lhi |
MD5: | 9FBCB83555BF4CED8AA1822FB9E8312B |
SHA1: | ACB346C85DC1A2BD9381AD45913068E7EEDCFFF5 |
SHA-256: | 727BAE83A788365EBFEC46568011378445CD0E3BE8B5746165089C7FBB37CC12 |
SHA-512: | D66A3647E317A99E35D5A32EDD0A44C59FCDBD9F7F16E8E919A26A96A75E8AEECCAB555BD24955AD271496E7EDC12FB850C91BAAA7CDBC09F67D447ACF23AA52 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.357739196553209 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJM3g98kUwPeUkwRe9:YvXKX35pWRuUhUZBOGMbLUkee9 |
MD5: | C24176FCE051EFECD033F51EB8137A62 |
SHA1: | 0BFF6A95076A6914D7C2E3E9C8E38DA615AEB0B7 |
SHA-256: | F898B26F4139B2C1F812EA52E559848785E3C6E5722CBAFEAB0A347B5632A2DB |
SHA-512: | 729B59A279C761CCFBD435FE56448F8DE3DF26ABE2CD7A507DA35270783BD40506922C462847B22C4A376E9BC40BB6272DC1D939B63894522DD0AF1CDFD2AD28 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.304848266462903 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfBoTfXpnrPeUkwRe9:YvXKX35pWRuUhUZBOGWTfXcUkee9 |
MD5: | E2851CA9C0ED646F1184E2E9F034DF1A |
SHA1: | 92D58477C5A6FCA2A77A0426C09DCEBCDECF53E6 |
SHA-256: | 19D87EB7B803B030A348E9B888BF6BB92137E228187DDDD696CB14A2EFA5E2B1 |
SHA-512: | C5550110BE39F8D07294E8408D2C5205ED5573B30275741E3E949A2A0D088B79B4D921757E5909043034E904A37F2E60A487C603BDEDF0FD6174537630953357 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.284116060377572 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfBD2G6UpnrPeUkwRe9:YvXKX35pWRuUhUZBOGR22cUkee9 |
MD5: | CF359AF4A639423D3840698EB4247673 |
SHA1: | 8736157D5E1FCFDF765883E3882779F01061A1AD |
SHA-256: | 586A73C566A631FCCB87BB08615364EBB48C1F4839E1263FAFE036BA9056A62D |
SHA-512: | 9AB83C940B52C8EF61E2846A2A52702A159B51E72D3FC5BEE9A934F15FBB1590E88C8A3ABCCA1B796F0F1C2B0B167CA0E775A3F0BDD7671593EF4F36A9F7019E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.345922045302486 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfPmwrPeUkwRe9:YvXKX35pWRuUhUZBOGH56Ukee9 |
MD5: | CAD8F8A55DE3CB617B2CDF677ACC420C |
SHA1: | C8DC0493A3BED7177E79857183DB7A88C85BC6D3 |
SHA-256: | A2642B05AE441C6E5EEC310BEDAA412BED55FFA0C2FA05632ED6A2E5B2F14DA1 |
SHA-512: | 19A43CF2DB2289D073F663A8D268BFD3FBA5B783777DC9B4B79D64B3F7C6BE04D9C619ED59B32FC7C5A68A582A2FFFC1CC13E44654120F4D4827555464EF0EF4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.302781846066372 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfJWCtMdPeUkwRe9:YvXKX35pWRuUhUZBOGBS8Ukee9 |
MD5: | F323B50EC5134DAB1094391878DBA5BD |
SHA1: | 776F129F755AB67C894EDFEDE349ED38E5D8FA86 |
SHA-256: | 925BB5293441456CB8BED6D7B6FA01180D588B12AFB461F8881546378CF14715 |
SHA-512: | 1B21DB6AD40A4629F4E4D35811334676C597AD8B78185BEA0D5AADDD3E1EE7A1BD6EFF05A4446B55F4A50FB072BA7A3690C0E9AAECABCAE5B9D3EF6FF6DF8DE8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2903708567374474 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJf8dPeUkwRe9:YvXKX35pWRuUhUZBOGU8Ukee9 |
MD5: | 549D2C38E49D3EE0F1F95418EC480A8A |
SHA1: | 3BB61C2F65EE87C9A0C4F5BD25ACFC6713BF5190 |
SHA-256: | B7F00E1F4F489F67A0878F2B8B73562B1A5EABDD43D4A601F136A766BF915478 |
SHA-512: | 5A14E433627507A41BD01EA95E94FFC2254307B6BD648D414D3F6932D3DD3F4AE974AC2DAD3395C676073D9AD36BA4E721D5D02282131353B53D4F3A94DAB179 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2934128378297185 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfQ1rPeUkwRe9:YvXKX35pWRuUhUZBOGY16Ukee9 |
MD5: | 13B639D920DE12138554D1EB5140B48C |
SHA1: | 83150E597607B76C0BB3F81AF079FA871881D629 |
SHA-256: | B29CABF6AACD2916AEA967FAAF2BE09E639C99DD29E6A4EF6DDDC5CFA379C086 |
SHA-512: | D6C3172B88523EF1B6606EAB16A853458DB65E5B596ED6C94F72F5D530DA8DD25E5564D5A22EDE9B3944C90D913B40151ACDD345A2F662759D8929DCA760D71E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.29833800363074 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfFldPeUkwRe9:YvXKX35pWRuUhUZBOGz8Ukee9 |
MD5: | 6756AD6C4A526CEA08F01FBB0E4D4CD9 |
SHA1: | FF1610FA6ABBD65E4055B29AB63BCA9CE706C9A8 |
SHA-256: | B4EF9E90DB34ED945DF6855EE3D3F4BDE904811FE04846D85AFEA75376B627A4 |
SHA-512: | 4A7A7DB075439715FCD65480EE05B6CB4E3CC956E7770F56731B6265AB0D483D8A33959A5AD4142C315C2550463E76B2BB1C639C7D651577180BF188BDAD5250 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.7354649773611595 |
Encrypted: | false |
SSDEEP: | 24:Yv6X3yU6KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNGY:YvOyU6EgigrNt0wSJn+ns8cvFJx |
MD5: | 37469AFDA8F3AF24B8847C145A8E15C6 |
SHA1: | E8DB7F3DAD435EC22CE493CB97E0EC59B6831875 |
SHA-256: | 988FC45BD04E35A99B36DA9983A131FBC8C6AA46CE5DE73B3A7FD1F0F2DF1EF9 |
SHA-512: | FB1AA0D695B26485F18920BF2BBBD97B319F3F3EC07F6B7FBE4BAE2C940AB4ADCC83FDA9BE735DB0680FC445CC8F59CF26700473F40D653DF433E3C1F49B11B0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.295884022299882 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfYdPeUkwRe9:YvXKX35pWRuUhUZBOGg8Ukee9 |
MD5: | A97DDA85D76567BECFE81362D21EBBC1 |
SHA1: | 0CFEBCFE8DFC830BF2663355FDDA0BF6BC8683AE |
SHA-256: | F02D91990B7B6ADFC8343DB1EE5FDC9A41FCD62A9B7FF06D088DB2495027B7C3 |
SHA-512: | 14DCB2C2722CA54084169D8668090A4A53DA9F9EE49A79659F944C287B0B29A7AD622AB911C0CE607D46C1A09F5B37619855406BC64870A0521CA8A2010D2534 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.7708396500814425 |
Encrypted: | false |
SSDEEP: | 24:Yv6X3yUprLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNOY:YvOyUpHgDv3W2aYQfgB5OUupHrQ9FJt |
MD5: | 19BBE0EC057237182C51E9D0C29B021B |
SHA1: | D93576C387692551A4700BD9C60C40B542FFB6C9 |
SHA-256: | C8708CA209A45E99E490238697728A0C418CBCD78704D6E7A8DC7BB0E2C6C194 |
SHA-512: | 4E3047DF4632A21AE8A57B11BD9E1F801676F787ED09B047368669B94623CA9A4F1C4D6CCD68E6BFAC7988C0826DA10CEBC814F88CB817FD58B5116304C7D6DF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.2794594084802755 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfbPtdPeUkwRe9:YvXKX35pWRuUhUZBOGDV8Ukee9 |
MD5: | EE086D98C8B1C12F69A13B5B671C5595 |
SHA1: | E262104558886EFF7811CEFAA9B62A2F60A84B20 |
SHA-256: | 9B38D1358D9F0C599999CC518DE392D1E5F815CFF526DB33592D36D56D30862E |
SHA-512: | 4066C53A1A2D75450B364AB54E97C431727685075084DF353C2E20D2FE4899CFFBDFC8F531EC487F8D6462C292EF690CF75F36FE2F2D369FA18DD0F89D4E96E7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.283359034269239 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJf21rPeUkwRe9:YvXKX35pWRuUhUZBOG+16Ukee9 |
MD5: | 5E335880D620A4065DA4FE934A22C2FA |
SHA1: | 59C45AAC3F65BC3B5C63CC5124ED7256D7D279C7 |
SHA-256: | BF45633D927E453C0A2F673E14C6AF1C26276FBF29F3E408BD35B7B3CB775B24 |
SHA-512: | E35F5C67161D00179B1176C04D1A8B0CE41237CF336BEE66AE6790F113D945E6BCFD0421DAEB9F06F5138F0FB388F0AAD4EE705EDD702C3CA5328B602B86DA9D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.302996628583154 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfbpatdPeUkwRe9:YvXKX35pWRuUhUZBOGVat8Ukee9 |
MD5: | 7CED16A4AFC792F49894A2992D2F1DA8 |
SHA1: | FE4238E83BA7722F8C317824F8FCB9BCE2C145AE |
SHA-256: | 69210FF5E00560E29084A9382A14FAF9D12C121FCB89A5F1B48EFCA68CA2E1C4 |
SHA-512: | 706BB83617CC195AE875B0DEDC55B545C0A8E3C41F6D3D6038BB48B75011375128DAC01F94BB1F3C4A8160A249E7FD3F46123363F77584942A92FF463D2D82E7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.257841891229914 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfshHHrPeUkwRe9:YvXKX35pWRuUhUZBOGUUUkee9 |
MD5: | 77A5CC476CA3304E34B576628C771AB2 |
SHA1: | 33C13F9D9B941B9AFAE39F825F9BB88B9452E226 |
SHA-256: | 26DFD3174D3FD57A1CDA67C0F0F4EC4821D89A55C7F07831F6071C7A6ED72D94 |
SHA-512: | 201B03367378157A6D8B2871366354891F1E52F25AB031B980418E23F713AB571AAD528B08B9ABEBE3CD57B4975B9CAB3B7DE9D4C9B3E9C0F972884C94C56937 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.363138767979308 |
Encrypted: | false |
SSDEEP: | 12:YvXKX35pWRuUhUZBOGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWSY:Yv6X3yUI168CgEXX5kcIfANhRY |
MD5: | 2379B81B2CC9F584F5FE8A98074F0DE1 |
SHA1: | 936C1616490DDC41C3DCF10D8AB03869919F3716 |
SHA-256: | AB6E42698E74F16A5AAF1A26AEA200EFA36B98C2B58AD49B80F37E019BD6E667 |
SHA-512: | 4F91AF5DE1129AAEF5D0BD04906C9B1E762508EC8C9C647325C0CD3A445EADB23F9587EC609AFAEFAC2A82D78D642254231DBD0E90EE738CBF74FB4786E4F9C9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.117707457833029 |
Encrypted: | false |
SSDEEP: | 48:YsUgTWi4v7c0eNzeVAmnZ21Ks7cICflPI9/Qzt:N109eNzuAmnZ5s7Yf8/Qzt |
MD5: | 58DEEC6949BA96AC0A212138CFC53B0C |
SHA1: | EAEB821A6556158C3A24611DBDC7153200363C55 |
SHA-256: | 4FCE58CE2DB3905DEEE9E8FA1B7EAA01809772B60B6A8A70017F987D0EB180D3 |
SHA-512: | 9614C83973D39C33FD3DC717426D4B44FABC5EEE1E11ED39E02E3CAC2DC11E26FDD457EC569E1D47C0555BE47ECB4BBFE9D7B493E47FF6D9D3D3079FE3F484CF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9887334220377878 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs67Y9QmQ6QeDCVIcLESiAieLCVF:TVl2GL7ms67YXtrRcI8+ |
MD5: | E3F09DD66EA33C5CA84B9CD184091674 |
SHA1: | 2785120E44F3899D9E257C973A8E12D10BCD241B |
SHA-256: | B66FD7E54F080D485C0E7B292D7B20A309C3DB09FE5D85371018E7A5C5847340 |
SHA-512: | 9475468111A6B7DE1BACFD533153C7A5F033DC05A7704CB1859F5FAF9F136FEE3A55B0C873CBC7F7198693574D237B38B9D47842AFF5C7EEE93E5BCC2EBDD23F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3454479943984397 |
Encrypted: | false |
SSDEEP: | 24:7+tiASY9QmQ6QeDCV7cLESiAi0mY9QVqLBx/XYKQvGJF7ursT:7MilYXtrWcI8KYAqll2GL7msT |
MD5: | 13961A49C0E371E86BB0FD1583C5E0E1 |
SHA1: | 05271C58743555750BC1A5D49AE8118027EAA774 |
SHA-256: | B3CFC055FFBA400B88F6A3257369AD3BC2840B1C8583E54A5589C5302856B6A4 |
SHA-512: | 7E821DE3A43D75B09640C1E130E7DB3547E61218DB5E16C293F7AC085CECF2F8730F27495A48466E9741B03A6E903F25736EFE0E7DDDDC8CAC4A6F042AF47BB5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5162684137903053 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+AYH:Qw946cPbiOxDlbYnuRKHLYH |
MD5: | 6E0E83E24C3924B2E1184CE8B452A40B |
SHA1: | D780FF4CB6677ED80F604B51AE7643084AB444CF |
SHA-256: | 38B92077D8A79C3F6D548B729D31CF64CD7CD77B66B8F7D5453A5DA9B640B149 |
SHA-512: | 623701D877705F6BEFE545CCD540DED0BCEB9117DD0040D0DC8A7AABFE23E37C1A276A3AABA85610656F7DC8CD074525CED2484E4D8A182FA4069D6836665F1C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 00-56-45-035.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | 384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.376147314079481 |
Encrypted: | false |
SSDEEP: | 384:czXWSW3CTAgY4ibjti1Gtot9EUzYeb9v9b9qF+yLB8oCGY1gmBMBsLv3+5+Pmmkk:OsyvllL |
MD5: | 0EB39E68699462588C007889659626EE |
SHA1: | FDAD1F551C275112B6553DCF212022A9465EF9C7 |
SHA-256: | B08441BA196F62FFEB2957175CE869DCBED62CB1D5B6EBC9FC957D7F47102F5A |
SHA-512: | B62B32EFAB580D87AACB893B7A9D31E8B5042101231CE29F6978610DBE6A3CFC8FF01753FC1047FCC0F4E40CEAFB070EE02C9D3FF89A656197376DCC5ABCC656 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.422300279219927 |
Encrypted: | false |
SSDEEP: | 192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcb8cboId3cb1:fhWlA/TVedI |
MD5: | D1E9208655B3411E23C61C4454370CE1 |
SHA1: | CF5AA6731D4BD44976620467F4DAD269768EC42D |
SHA-256: | AAB3812F8AE4B39E806275900CAB9A34B24878B028E5E2965AD4218E620F5D95 |
SHA-512: | BB7975C6A654CF0295F3D705AAEE0A3EFB7EAFA11FA38712B5317C14C845E679170D8928CA5F37EDCB5AFE872430AB25FC09AF39F64012CD7DACB0B6A72DDDC0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/M7oMOWLaGZ4ZwYIGNP8dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RVWLaGZ4ZwZGm3mlind9i4ufFXpAXkru |
MD5: | E787F9888A1628BE8234F19E8EE26D68 |
SHA1: | 44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5 |
SHA-256: | 3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80 |
SHA-512: | EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.9424862188223155 |
TrID: |
|
File name: | Beneficiary Contract Sheet.pdf |
File size: | 384'946 bytes |
MD5: | 014fbc355a22792ee23e460e82dd52ff |
SHA1: | c9b9512496624203adfbc90a4fe46964b5165c56 |
SHA256: | 051591c74050eb80d7ddb316e591bd5fb2edb9a848dae95c5cd1f7a579e4940b |
SHA512: | 09c59ccb8a1292367b54ed704ccdc02640fda9bd858ff9a4bf6fba8da325815a59eae168d6f6eb82b53f38172f8bd2fea957b1058d46acb77a73ab59bf4afdda |
SSDEEP: | 6144:6BJFGicaGnX0ub/z2wqpFGuMv3EU2P8gtL0rCw6uLmlOTMME/l51AqUBA0aRN6A4:6PxV3CunP8g+GAYDl5b0A7RNxpa |
TLSH: | 62848BD8AA454AA60FBF6BF10E879443C1116461BFE3F9AC1D06BCA4F545F5CCBA2306 |
File Content Preview: | %PDF-1.4..%......1 0 obj..<<../Type /Page../MediaBox [ 0 0 595 842 ]../Resources << /XObject << /X0 3 0 R >> >>../Contents 4 0 R../Parent 2 0 R../Rotate 360..>>..endobj..3 0 obj..<<../Type /XObject../Subtype /Image../Width 1597../Height 2075../BitsPerComp |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.942486 |
Total Bytes: | 384946 |
Stream Entropy: | 7.942078 |
Stream Bytes: | 384124 |
Entropy outside Streams: | 5.109360 |
Bytes outside Streams: | 822 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 5 |
endobj | 5 |
stream | 2 |
endstream | 2 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
3 | 7979234f4b0f7371 | 77db544586f3c680758fbfa2168937f7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 00:56:55.516097069 CEST | 49705 | 443 | 192.168.2.16 | 23.15.136.202 |
Apr 24, 2024 00:56:55.516185999 CEST | 443 | 49705 | 23.15.136.202 | 192.168.2.16 |
Apr 24, 2024 00:56:55.516297102 CEST | 49705 | 443 | 192.168.2.16 | 23.15.136.202 |
Apr 24, 2024 00:56:55.516490936 CEST | 49705 | 443 | 192.168.2.16 | 23.15.136.202 |
Apr 24, 2024 00:56:55.516510010 CEST | 443 | 49705 | 23.15.136.202 | 192.168.2.16 |
Apr 24, 2024 00:56:56.002300024 CEST | 443 | 49705 | 23.15.136.202 | 192.168.2.16 |
Apr 24, 2024 00:56:56.002681017 CEST | 49705 | 443 | 192.168.2.16 | 23.15.136.202 |
Apr 24, 2024 00:56:56.002720118 CEST | 443 | 49705 | 23.15.136.202 | 192.168.2.16 |
Apr 24, 2024 00:56:56.003624916 CEST | 443 | 49705 | 23.15.136.202 | 192.168.2.16 |
Apr 24, 2024 00:56:56.003707886 CEST | 49705 | 443 | 192.168.2.16 | 23.15.136.202 |
Apr 24, 2024 00:56:56.032228947 CEST | 49705 | 443 | 192.168.2.16 | 23.15.136.202 |
Apr 24, 2024 00:56:56.032304049 CEST | 49705 | 443 | 192.168.2.16 | 23.15.136.202 |
Apr 24, 2024 00:56:56.032386065 CEST | 443 | 49705 | 23.15.136.202 | 192.168.2.16 |
Apr 24, 2024 00:56:56.074428082 CEST | 49705 | 443 | 192.168.2.16 | 23.15.136.202 |
Apr 24, 2024 00:56:56.074467897 CEST | 443 | 49705 | 23.15.136.202 | 192.168.2.16 |
Apr 24, 2024 00:56:56.123357058 CEST | 49705 | 443 | 192.168.2.16 | 23.15.136.202 |
Apr 24, 2024 00:56:56.193250895 CEST | 443 | 49705 | 23.15.136.202 | 192.168.2.16 |
Apr 24, 2024 00:56:56.193331957 CEST | 443 | 49705 | 23.15.136.202 | 192.168.2.16 |
Apr 24, 2024 00:56:56.193448067 CEST | 49705 | 443 | 192.168.2.16 | 23.15.136.202 |
Apr 24, 2024 00:56:56.195039988 CEST | 49705 | 443 | 192.168.2.16 | 23.15.136.202 |
Apr 24, 2024 00:56:56.195063114 CEST | 443 | 49705 | 23.15.136.202 | 192.168.2.16 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49705 | 23.15.136.202 | 443 | 6300 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 22:56:56 UTC | 390 | OUT | |
2024-04-23 22:56:56 UTC | 247 | IN | |
2024-04-23 22:56:56 UTC | 120 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 00:56:41 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff730a70000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 2 |
Start time: | 00:56:42 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff744e90000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 3 |
Start time: | 00:56:43 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff744e90000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |