Windows
Analysis Report
68000000326_DP216G BRIDGE TEAM.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 5784 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\6 8000000326 _DP216G BR IDGE TEAM. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 3204 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 3940 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 12 --field -trial-han dle=1736,i ,130844969 6819640441 4,16290530 5478308467 55,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.200.60.110 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430758 |
Start date and time: | 2024-04-24 06:53:18 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 68000000326_DP216G BRIDGE TEAM.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@14/43@0/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.202.56.131, 54.227.187.23, 52.202.204.11, 23.22.254.206, 52.5.13.197, 172.64.41.3, 162.159.61.3, 23.220.73.15, 23.220.73.10
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.200.60.110 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| |
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 298 |
Entropy (8bit): | 5.221700093056531 |
Encrypted: | false |
SSDEEP: | 6:2Xayq2PN72nKuAl9OmbnIFUt8nX911Zmw+nX9jRkwON72nKuAl9OmbjLJ:iayvVaHAahFUt8X9X/+X9jR5OaHAaSJ |
MD5: | A608514B01496265C865776F65F3D7F6 |
SHA1: | 9622D7B46EA4CC0D72238E27E0789B5912611CAA |
SHA-256: | 69147CE5773661203112CE4A7F7DE7DE9536620A3BFEA46C949534E54A46185A |
SHA-512: | 120F70C0D2468BFB635290414952E2D7267D4D5D2E3E24650D69CD1F1B34ECD22D228B00D8415E3D5750C076AC5F7BEB5989868277BA62A3231BF62D44F04B81 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 298 |
Entropy (8bit): | 5.221700093056531 |
Encrypted: | false |
SSDEEP: | 6:2Xayq2PN72nKuAl9OmbnIFUt8nX911Zmw+nX9jRkwON72nKuAl9OmbjLJ:iayvVaHAahFUt8X9X/+X9jR5OaHAaSJ |
MD5: | A608514B01496265C865776F65F3D7F6 |
SHA1: | 9622D7B46EA4CC0D72238E27E0789B5912611CAA |
SHA-256: | 69147CE5773661203112CE4A7F7DE7DE9536620A3BFEA46C949534E54A46185A |
SHA-512: | 120F70C0D2468BFB635290414952E2D7267D4D5D2E3E24650D69CD1F1B34ECD22D228B00D8415E3D5750C076AC5F7BEB5989868277BA62A3231BF62D44F04B81 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 339 |
Entropy (8bit): | 5.130514365411693 |
Encrypted: | false |
SSDEEP: | 6:2XkRSVq2PN72nKuAl9Ombzo2jMGIFUt8nXk1gZmw+nXkVj3AIkwON72nKuAl9OmT:ikRSVvVaHAa8uFUt8Xk1g/+XkVLAI5Ox |
MD5: | 71EA2FA08676795E5760084558168B83 |
SHA1: | D64C2AA138EFDEF1307A9D55ED3B4992EB9F0ED4 |
SHA-256: | 3C4D7BE546AD0CD9EB057128BF523611523B5F81312FA83F884840B1CD7B1A06 |
SHA-512: | 011872C0BAC58EB96442245F6C68D10D5DD2AA7EA22A2C327C1EF6EECB813DB811E85E00FD4DE41E5F32088056E909B90DA519C66C8929BF8B7F39B7AC722CCD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 339 |
Entropy (8bit): | 5.130514365411693 |
Encrypted: | false |
SSDEEP: | 6:2XkRSVq2PN72nKuAl9Ombzo2jMGIFUt8nXk1gZmw+nXkVj3AIkwON72nKuAl9OmT:ikRSVvVaHAa8uFUt8Xk1g/+XkVLAI5Ox |
MD5: | 71EA2FA08676795E5760084558168B83 |
SHA1: | D64C2AA138EFDEF1307A9D55ED3B4992EB9F0ED4 |
SHA-256: | 3C4D7BE546AD0CD9EB057128BF523611523B5F81312FA83F884840B1CD7B1A06 |
SHA-512: | 011872C0BAC58EB96442245F6C68D10D5DD2AA7EA22A2C327C1EF6EECB813DB811E85E00FD4DE41E5F32088056E909B90DA519C66C8929BF8B7F39B7AC722CCD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\47c0f2ff-e4a5-4847-b15f-ebbf73dd0524.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.963960758889477 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZWhsBdOg2H8caq3QYiubcP7E4T3y:Y2sRdsGdMH/3QYhbA7nby |
MD5: | 356C8B3A53FE34081EBCA873785505A0 |
SHA1: | A2E39CF6E6F3AC3CE4680AADA5C54588A76DB66B |
SHA-256: | 30E84F3C7F16B56B1A7A684F0C26E0455D9BE0A0292EAC8E20436AF5AF56226B |
SHA-512: | 530C78B31E140300AA5070B3DDA59BDC25C6BA865F593384D9F2DD7C83E820C4C276F1345A457DD7D037B4A40563EB1D45A68A8841E15483CBE46CC7A448D25F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.963960758889477 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZWhsBdOg2H8caq3QYiubcP7E4T3y:Y2sRdsGdMH/3QYhbA7nby |
MD5: | 356C8B3A53FE34081EBCA873785505A0 |
SHA1: | A2E39CF6E6F3AC3CE4680AADA5C54588A76DB66B |
SHA-256: | 30E84F3C7F16B56B1A7A684F0C26E0455D9BE0A0292EAC8E20436AF5AF56226B |
SHA-512: | 530C78B31E140300AA5070B3DDA59BDC25C6BA865F593384D9F2DD7C83E820C4C276F1345A457DD7D037B4A40563EB1D45A68A8841E15483CBE46CC7A448D25F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5859 |
Entropy (8bit): | 5.251219648439658 |
Encrypted: | false |
SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7hEnSl:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzh5 |
MD5: | C604CBE15F72FA7801AA2418F1E20134 |
SHA1: | 3E53752AB7734A20821BA4B78147E8D651BFD4FD |
SHA-256: | FF2AD0C8F99884347C720D5F077767436AD41B4FB4BBF68B2B83D17CF45CB647 |
SHA-512: | 4F219D2597B1FC051E07EF0D5343E10EF3CBF073BBA751D7AA403BFE4C82D5B95A1DC21F25CF4DF0DAEEB11486D2E35C3FFF797F5FAC5556205564B0FFB5F7CC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 327 |
Entropy (8bit): | 5.158247368371337 |
Encrypted: | false |
SSDEEP: | 6:2XNgLAVq2PN72nKuAl9OmbzNMxIFUt8nXo3SgZmw+nXoZcwIkwON72nKuAl9Ombg:itVvVaHAa8jFUt8Xoig/+XoZXI5OaHAo |
MD5: | F77FE90C454292326FF839C4093EA5DE |
SHA1: | 21A91C1203ACD7D429F383C696434BCFE30D184D |
SHA-256: | 6653343170BA3AC1B97F82DA5E5797612F54AC199D4E2DB8733ACEA9345B7F4C |
SHA-512: | 6AA2826952F5DC7CC3139B2B32A49F82F73955EB26BBCEE85E7D6363DB0649922E2911CEBBDC43FF5D548A9E7D4F052DC7A23837FD7D7078A67D46564BE13FB4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 327 |
Entropy (8bit): | 5.158247368371337 |
Encrypted: | false |
SSDEEP: | 6:2XNgLAVq2PN72nKuAl9OmbzNMxIFUt8nXo3SgZmw+nXoZcwIkwON72nKuAl9Ombg:itVvVaHAa8jFUt8Xoig/+XoZXI5OaHAo |
MD5: | F77FE90C454292326FF839C4093EA5DE |
SHA1: | 21A91C1203ACD7D429F383C696434BCFE30D184D |
SHA-256: | 6653343170BA3AC1B97F82DA5E5797612F54AC199D4E2DB8733ACEA9345B7F4C |
SHA-512: | 6AA2826952F5DC7CC3139B2B32A49F82F73955EB26BBCEE85E7D6363DB0649922E2911CEBBDC43FF5D548A9E7D4F052DC7A23837FD7D7078A67D46564BE13FB4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424045413Z-151.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 2.5251663785894505 |
Encrypted: | false |
SSDEEP: | 384:+IkSbcfwOolndFUH5hyyJl6fN/xp1cThNPtNwSzGAki/qKRLa2Nuxs:+M6D0s4yJl6kTHzSxsxNui |
MD5: | 20EA507F031DD4B42360419ABC0B9186 |
SHA1: | 716C594287A7CED6309C6B0C263AE7048DA82789 |
SHA-256: | 9D5644F32F7DF7376F7518123E44A231E4CC9A4F10C0C35DC18278C9FB4E2BC1 |
SHA-512: | CB0EAD126BE6AF5AAF6D7F938724A25937DEB0B95E60DD7D3AEC9AD95DF85E906621BDB21614F0D13289F7C0A271D2133F5A30EB833D5C66D80559CD36545CCE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.4450676682262005 |
Encrypted: | false |
SSDEEP: | 384:ye6ci5tJiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mqs3OazzU89UTTgUL |
MD5: | 3ED0A829DF8CB812E6E8FFE92FC4C845 |
SHA1: | A817FF02768666FEFFD1486CA1B74DBEAFCC77C0 |
SHA-256: | 962B8EA056894F2AFC066EA3C55024B0B3BD72E90CB8F06CFD602436D6F3CC10 |
SHA-512: | FE2F2D70B6A1938448B8B782DC65FFF5165B5AC2519AAAAC789EA839658CCF3950479FE2AB7C544D323BA5365DAFA0E8443AAAB9F80A787AECE463BE02525867 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7679759396819295 |
Encrypted: | false |
SSDEEP: | 48:7MyJioyV4ioyqoy1C7oy16oy1qKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1O3:7JJu4u9XjBi9b9IVXEBodRBkS |
MD5: | AE99C5CB8C0F52F9408A199EDF7EB2F0 |
SHA1: | 9D53C6F90BD0A3789AB6C8B26F40F9AD322778F2 |
SHA-256: | 78F8937627573CD253152337179F5B4EA4F2E35A0904ABCF496636304BAF5573 |
SHA-512: | 61F32FD97C1F3A00262B7007849982CDAD05283C17B3041940E95AE3A58E6E18C1555C10186CFE3D13D44A106D170B50F23A184C852AD743902FA753CC9B508D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn |
MD5: | 265E3E1166312A864FB63291EA661C6A |
SHA1: | 80DFF3187FF929596EB22E1DB9021BAD6F97178C |
SHA-256: | C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728 |
SHA-512: | 48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.338702590682052 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJM3g98kUwPeUkwRe9:YvXKXzIVtI0c0GMbLUkee9 |
MD5: | C6819FE4AD5B0ADCB27B67E426947AA0 |
SHA1: | C7A338406CA46DD56DC79558AA51EFE5F798BE83 |
SHA-256: | 430F3819760B8C9AACF6CB844B760A39179E4F045798679264F3F78832347DE4 |
SHA-512: | 161D4A8E061565834A1939EDBDD95F80E35077A9B524B611D4852CF25E61895CDC943ABAD6AB9D84BB68F363C0FA303133814DEA4E6C282EE2A36664B30BADF6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.29153336000907 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfBoTfXpnrPeUkwRe9:YvXKXzIVtI0c0GWTfXcUkee9 |
MD5: | F1C92B805E1EADEA1461D5A19DA397B8 |
SHA1: | 8EC08B7A60804FFC3301A047CA41BA80FCA45D7E |
SHA-256: | 73DCF72E250E82D1B2CA018FDED42DA00E69DFF83D5B32C090C6970AFFA6C6C1 |
SHA-512: | 94EE4DC4568437ED7B2FBBB0708BC1E9F501D0D5B62DEE2A3AE48B130107D69467961D0EDB7E5913F7D640D187801B79121E66D4EF9839A612B4B4E47054F38F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.270731107978275 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfBD2G6UpnrPeUkwRe9:YvXKXzIVtI0c0GR22cUkee9 |
MD5: | 76B5F3214F842D2CF6D91BEA366D79E6 |
SHA1: | 89C7675FD8B46D16F027D071CE042F6874BAA630 |
SHA-256: | 836400984B930E60569D64D64DD40B429CE5F12B38CF8269508BA2F9D34CF161 |
SHA-512: | A6FFA88A34829A8C57A523679E7DD7DE6AB89A1731DCD1C712B973F966E850EFCAB3447F21DAE8CEAFAF0CA2A4B2F8939E02DF55F4CE817E31097F7F4AECFB90 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.317859875271072 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfPmwrPeUkwRe9:YvXKXzIVtI0c0GH56Ukee9 |
MD5: | 0B7CA564346FEFE28BBE2D6C2410B29A |
SHA1: | 2FC9B16D5DB18594A78BD31BE56CC76095B2514B |
SHA-256: | DC13EE34CCD3D84D784387E9AA495DDA81F73BCFB28958E29C45CB575799BAE5 |
SHA-512: | 043A0BAEB3B5EA4B5E300084DD7314FEFA43AEB4C94FE987BD61D053DBC43484B4E5AA4BA070A19531CF69EC3F98C3C2D7D66E1ADB6E13590FCEB12B6F332D07 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2833702429515235 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfJWCtMdPeUkwRe9:YvXKXzIVtI0c0GBS8Ukee9 |
MD5: | 20AE871EF1E48FB6ED855B8F6A5E3D7C |
SHA1: | F3C8E15DC40525B64DD22DFF1284151999A09196 |
SHA-256: | 18024CD3A55BD7A33ACDE971962204B7A95D5D352979DA02A9721D3669EC41E4 |
SHA-512: | DF6ABE36AA8E6F23041F10EBC20C4BABC2711F3F6C2DE9508274EBB4942A60260E159026C8435B3BCA2CE7B4B2ACE10DA1207248EC5B2A0A1E75E620437D1FFF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.268299472717617 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJf8dPeUkwRe9:YvXKXzIVtI0c0GU8Ukee9 |
MD5: | 84DEDD1A8D76D5EFB7581CD9DE5E9D5D |
SHA1: | A820607DD2CBED556E64318590EEF413AFAC9D6F |
SHA-256: | FE556EBDBE577C9C79010144EDF9D4CE2B42407621755A7250400AAF0C243165 |
SHA-512: | 5D717108363682A1906E385D92C0F835A8C2D863F870968854E7DBA39C30F8C50C2BEE38E06A7A42C12389CAAD7A1C562832E7AFF223F5C0A70E354A749F11B5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.272640939533897 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfQ1rPeUkwRe9:YvXKXzIVtI0c0GY16Ukee9 |
MD5: | DD30599970BE003B5D0D054ED5618D39 |
SHA1: | 7DF35947D23B397B45BAF986BB717D63B2150122 |
SHA-256: | DA944FD509CD683E231D3CEC9634AAFF446B1FE1647DFB6B247B66D770FB528E |
SHA-512: | DAA5B5A2C5EE7DA084F036C7C700B9416E5BFF74AF65150F3F81B1F19FF8A16E549DDE9707899E68E5BC46CD3D1D3116DEF80A32AE1404C5804DC28536CEF0A2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.278733327026216 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfFldPeUkwRe9:YvXKXzIVtI0c0Gz8Ukee9 |
MD5: | 07710C463C2765387E130683B04EE931 |
SHA1: | F98962893F63C0D4A6BA172434F68BD1F28AE2D9 |
SHA-256: | 4E30BC52FB5E3E9494BBACFA5336BFF3A7959646EC97DDDE7EA670B972D623A0 |
SHA-512: | 672BDAF1CB0F06998C0898DBD5699558B7FB5D13FE23709E0464D6ACC644648DB348AF2A7CA138C390439B504C8870214E09B09F0FC4E2ED814709D9600E46E8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.736840229474668 |
Encrypted: | false |
SSDEEP: | 24:Yv6XMqMKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNO:YvHEgigrNt0wSJn+ns8cvFJ0 |
MD5: | B35962C355D4F66022FF77B8BE2A9141 |
SHA1: | 4B8DB8E6DFB6E294BC456117B81560617949F52E |
SHA-256: | 88D13D04D92F6ABA4D611952C7A999F056DDBE1AB9E51AC0D8DE67D251C54388 |
SHA-512: | 6C2163D974443DE2B3FF687BC933A9E15B8A3E5E5AB9D21A9DC478DAA53D6F1E85882EAA2C543CCFAF285F669340B5EA481CCBA5726ABDA4889472AFA2396A59 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.275009572174844 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfYdPeUkwRe9:YvXKXzIVtI0c0Gg8Ukee9 |
MD5: | 60DE1320D28373E157975D88CA521D1A |
SHA1: | 7326D12D22007E6B663E06A3D9F8228E9D6D545F |
SHA-256: | BD4C4204FA6285C15EE5FE5AD944935438A52C2953E899B1A932B5B05AB0F3CC |
SHA-512: | EBC6DAADDFE2469C2F9E39AAE7AEF1A3844C7815D9E1DC7116F59857F7BE4017BB87EE1BB1AAC3C0F2EE342B97AAF775EF18B088C27439ED3CBE2994A6A15B7A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.7735750895141615 |
Encrypted: | false |
SSDEEP: | 24:Yv6XMqDrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNG:YvaHgDv3W2aYQfgB5OUupHrQ9FJY |
MD5: | 4DC2E1EAF2FCDFE4F7408665F57764D6 |
SHA1: | 54896DD371424F8FEFF43492C6298B2DF64C53CF |
SHA-256: | 560B3620CA3E0F2DC44F49F0063F3B2E2C76A77E64DAD4D5BCC896D22093EFDB |
SHA-512: | 370559BEFD67F08FA912C2936CAAEC0949B05FCD003F1452ED84E2D437B3CDFD8426BA71D4E2FE24182CE148AA23D3F475334371428476A85661ACB83C371FD5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.258728425366406 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfbPtdPeUkwRe9:YvXKXzIVtI0c0GDV8Ukee9 |
MD5: | 19FAE8A8DD8A87AF341FF4F78F2ECA54 |
SHA1: | CDD3087941AA86C65188A8F91DE72DE727FED91A |
SHA-256: | 5C2141939258FB0C37D8F0763AAF6725F8719882E731A45DF19BC47EE5B50553 |
SHA-512: | 9DB737D6052719010934F81D5F56F431AB161374F60C901C2A303F1BD91A97290469E2F48EA435E3EDBE20F71DB36CC166F62B52786D388BD5CF3E80A52489FE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.262855254356364 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJf21rPeUkwRe9:YvXKXzIVtI0c0G+16Ukee9 |
MD5: | D332AF13669175779CE1E3AEA0C2F19B |
SHA1: | 22700BCCB88AB5C8E21778C66B53329A73869DFB |
SHA-256: | 0101F3AD08C537B4C6255A5A16884C6A0B708167595C496E5217C2A6CA38885B |
SHA-512: | 493320750A6417D658E90D8B06016859AEDB272F066509C802778D6BC9833893D83DF6574E052B9E928DCDA1861A4A1FED9C90690BF168337E7773BB58CB3EFA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.28155088285877 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfbpatdPeUkwRe9:YvXKXzIVtI0c0GVat8Ukee9 |
MD5: | FCE43AA76E5305BF73D008A6007F82CB |
SHA1: | 39C03E37027D11FBF2325CFECAD242503A15C171 |
SHA-256: | B5E5791FAF990522B0F969D1CB4A7B25E153433F7DC2F3E27459C441E13299E0 |
SHA-512: | 0E9CFDF1CC2BC080E5CBF4FCFAA94383C181D6DE825836F1A68AB8D0D9B1B41320B5B720247BA8D407D9B7AE02E08771CF4A712B6CCE117B3FFCB9FDA29D4E59 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.2393061445092615 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfshHHrPeUkwRe9:YvXKXzIVtI0c0GUUUkee9 |
MD5: | 9B11A032C290CD7A10E1D7677B818A0B |
SHA1: | 62E66CC21487BFB39D1808BB41D876E07368D7F8 |
SHA-256: | 1590106D1BB3847355F8B4E35E889A36FC769170AB038B20FF11349F9488F468 |
SHA-512: | 3E6B0CB605490934C86A4D7345AA915974DDE71846E9E0E905FB1E5F26635BB8E0B0D873FCA3DDE8EFF6B4D632F3E54ABD6093DA0CF1AFECA820DBD7DC249C8B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.358185340129882 |
Encrypted: | false |
SSDEEP: | 12:YvXKXzIVtI0c0GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWlY:Yv6XMqa168CgEXX5kcIfANhX |
MD5: | 42577E88006B7B57E3D78201703D01EA |
SHA1: | 8B74AF09966727126EC6B7BD90F321840CEDCD11 |
SHA-256: | C1F87462AB0BD8EBFD4104DFFCA02C3CEA73AECE0D801BCB77BCFA1897AF4189 |
SHA-512: | 2493240B05F424BA6C063BB47367263C6AA39B9EF0AA812474701AB12D88F82C6134964B53EB12623C30ABFAFB09877675D3110B9FD1E8E66F2E4D70FFBDBDD6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.137638731950118 |
Encrypted: | false |
SSDEEP: | 24:YN0GZ6UCsc7jNLJqxbaj0ayvVNRE5XpjTj0S72CX2uG2LSFFUCp6Q57a699sjubz:Ytpxc75LJXEeTfWwTGnFUvQx19ss |
MD5: | BBE96D9D95AC07897E9109C40E94041B |
SHA1: | C961DA16ED44FF1D5D29D512BDCADEA5AB548598 |
SHA-256: | 3FDD5A222419DF05BB23EBC83C0BF0A96E1662AC2ADD5D7DE4371C72D7AA563A |
SHA-512: | 828122BA2692AF0B2620AD31597D202E7AF6B933F969FD91B7E045BEAD77D3E39474E9440B6F861552442A4DB2BCC91BD9C2CD3B2288E636A9990100B46BA81D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.144985146569767 |
Encrypted: | false |
SSDEEP: | 24:TLhx/XYKQvGJF7urs36tRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudi:TFl2GL7msKxXc+XcGNFlRYIX2v3kBH |
MD5: | 3DCE9133CED325BF5BC5380B22F5D7BA |
SHA1: | 03333FC0046FD0EF255642F43CE321FF5339D035 |
SHA-256: | 7159942131F2EB53E335E0070585D2E7893DBBD5F9525D264406DACEE344FD8C |
SHA-512: | 0C9B86BD04F7D406DD4632B5C3CEC7DF794B8E6684245FAAFA3D826297BA0D5DF1D180D56D9CBDF1BC55A4430E2D488ADAA7DF6589C4D1740D362802D063D87F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.5527709532736393 |
Encrypted: | false |
SSDEEP: | 24:7+thGp6tUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxrqWqLxe:7MhTOXc+XcGNFlRYIX2v2xqVl2GL7msi |
MD5: | E87DDC72FA3A1DC3C052BC1D2C731734 |
SHA1: | 80C87435EB30CDC657F3DD471CAA8177685A7C15 |
SHA-256: | BD42EE098FB34EEE8AEBAD2A70DC4A1034E1F1F591CEAE317F97DCA5BA035D5A |
SHA-512: | F206A95EE35876FCCFA6D9ACE843C2FB671DD883EC9DA4A45B1542C56198016819555E829DC2DE26B5C1D987326ABF462638E54EA5AD94AC096BAB5A05EC80B8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5197430193686525 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+cUDYle:Qw946cPbiOxDlbYnuRKHUEw |
MD5: | C6661E0DBD30FDA24785D55F14887C18 |
SHA1: | 350A440C94DF45275C210882A33F517ECBC835E0 |
SHA-256: | 1AD371D2094F4B7723CDEDA42E3671B6B0229ADB2FC4B80D8BBAE261CF653003 |
SHA-512: | 8565ECA2D56EA52E331DDBB8E1FEF826FE5CDA239D46F552E81C30F4E34D8CFAFD8FCA6A1B4CC02698FC87DE1AA9FEC57349A58EDFF64FC5FD3B3E74AD9B196D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 06-54-11-494.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.338264912747007 |
Encrypted: | false |
SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
MD5: | 128A51060103D95314048C2F32A15C66 |
SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.373040001625475 |
Encrypted: | false |
SSDEEP: | 384:Q2ED8KlCt44B5Ybwqi4UKQx0jInT8k/AHUgOWm2757y4u6cFDi05DODKv8ysG/v8:UHf3 |
MD5: | 1616C3681E410F15613139A81A285057 |
SHA1: | 6864C6B4A3DF16688C851E5A6B46888EDE5C3AF7 |
SHA-256: | D7A24EC322C3107EFD8654D15D2FE2A95FF124B407CC36CEAB8D773337334800 |
SHA-512: | 9452945D2AAB3797ECA3B9781DB4151E7463D7C316F50E7CABCCC26C6C3F5E42DA4B1922A4FBA8EF915A3858DC2B76FAFD0468BDB59C221792AD6FF9D87D604F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.394641972185116 |
Encrypted: | false |
SSDEEP: | 192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbmcb0IW0cbS:V3fOCIdJDe7Wg |
MD5: | 1232AD5AD23A2410953CF295DE69530A |
SHA1: | 471E27CFCFDC13948A41988C8038EA2E1DB0EDDA |
SHA-256: | 78C0216E18D4C8CF223ABB43AF9D169F71C7047C7DF10D177A3C48CDDFA8CB29 |
SHA-512: | 16DC2C95A3B1D104B7EFA116120634FE9B1F6D0831E5D2F196B3071EB1835072D11B4C14586ED2877D8F9A84F4DBF778D78765542FA57774030DE57DE04A2317 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLcGZtwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLcGZa |
MD5: | 22B260CB8C51C0D68C6550E4B061E25A |
SHA1: | DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E |
SHA-256: | DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0 |
SHA-512: | 503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.573918414089429 |
TrID: |
|
File name: | 68000000326_DP216G BRIDGE TEAM.pdf |
File size: | 299'571 bytes |
MD5: | dcee8d79d72f4387ba6fd706085b99db |
SHA1: | 80e46020b630424d75ccd13f4c6a0bb329c1c91b |
SHA256: | e0aeee30c87c458ba4d1c267f96c7b5911f8f2a3ccb61a113c45ee3a136ac057 |
SHA512: | 317b488d2939d312cbe8824533fe14fda2f8cebf83204390c88317743ce73ef71c67d75b1def6ce1e59dcd15f10d42ab7d725c47afcc992e5710286e1acd8e9c |
SSDEEP: | 6144:Km3crQv7d678GwUVLhwTIG8CRh9F071zAzn7jkW+3V5p:5Mys8GwUVNvG8CD9qY7jkXp |
TLSH: | 985436079C589B93946953E8BE030E6C6F5A2B4DE9C17AFF00634ECB7E613254C9E01E |
File Content Preview: | %PDF-1.4.%.....3 0 obj.<</Parent 4 0 R/MediaBox[0 0 595 841]/Contents 5 0 R/Resources 6 0 R/Type/Page>>.endobj.5 0 obj.<</Length 7 0 R/Filter/FlateDecode>>.stream.x.+.2.4.32P0.3...&.z.....\.......\.\..w...endstream.endobj.7 0 obj.41.endobj.9 0 obj.<</Type |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.573918 |
Total Bytes: | 299571 |
Stream Entropy: | 7.570547 |
Stream Bytes: | 298299 |
Entropy outside Streams: | 5.055074 |
Bytes outside Streams: | 1272 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 13 |
endobj | 13 |
stream | 3 |
endstream | 3 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
9 | 1737252945396061 | 3b1fb8778635d3ab43bf60fefb7083f7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 06:54:22.555206060 CEST | 49721 | 443 | 192.168.2.6 | 23.200.60.110 |
Apr 24, 2024 06:54:22.555253029 CEST | 443 | 49721 | 23.200.60.110 | 192.168.2.6 |
Apr 24, 2024 06:54:22.555500031 CEST | 49721 | 443 | 192.168.2.6 | 23.200.60.110 |
Apr 24, 2024 06:54:22.555713892 CEST | 49721 | 443 | 192.168.2.6 | 23.200.60.110 |
Apr 24, 2024 06:54:22.555727005 CEST | 443 | 49721 | 23.200.60.110 | 192.168.2.6 |
Apr 24, 2024 06:54:23.072912931 CEST | 443 | 49721 | 23.200.60.110 | 192.168.2.6 |
Apr 24, 2024 06:54:23.073297977 CEST | 49721 | 443 | 192.168.2.6 | 23.200.60.110 |
Apr 24, 2024 06:54:23.073327065 CEST | 443 | 49721 | 23.200.60.110 | 192.168.2.6 |
Apr 24, 2024 06:54:23.074362040 CEST | 443 | 49721 | 23.200.60.110 | 192.168.2.6 |
Apr 24, 2024 06:54:23.074491024 CEST | 49721 | 443 | 192.168.2.6 | 23.200.60.110 |
Apr 24, 2024 06:54:23.076849937 CEST | 49721 | 443 | 192.168.2.6 | 23.200.60.110 |
Apr 24, 2024 06:54:23.076915026 CEST | 443 | 49721 | 23.200.60.110 | 192.168.2.6 |
Apr 24, 2024 06:54:23.077022076 CEST | 49721 | 443 | 192.168.2.6 | 23.200.60.110 |
Apr 24, 2024 06:54:23.120129108 CEST | 443 | 49721 | 23.200.60.110 | 192.168.2.6 |
Apr 24, 2024 06:54:23.121611118 CEST | 49721 | 443 | 192.168.2.6 | 23.200.60.110 |
Apr 24, 2024 06:54:23.121632099 CEST | 443 | 49721 | 23.200.60.110 | 192.168.2.6 |
Apr 24, 2024 06:54:23.168451071 CEST | 49721 | 443 | 192.168.2.6 | 23.200.60.110 |
Apr 24, 2024 06:54:23.248332024 CEST | 443 | 49721 | 23.200.60.110 | 192.168.2.6 |
Apr 24, 2024 06:54:23.248394966 CEST | 443 | 49721 | 23.200.60.110 | 192.168.2.6 |
Apr 24, 2024 06:54:23.248476982 CEST | 49721 | 443 | 192.168.2.6 | 23.200.60.110 |
Apr 24, 2024 06:54:23.249825954 CEST | 49721 | 443 | 192.168.2.6 | 23.200.60.110 |
Apr 24, 2024 06:54:23.249845982 CEST | 443 | 49721 | 23.200.60.110 | 192.168.2.6 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49721 | 23.200.60.110 | 443 | 3940 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 04:54:23 UTC | 475 | OUT | |
2024-04-24 04:54:23 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 06:54:08 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff651090000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 06:54:08 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 06:54:09 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |