Windows
Analysis Report
66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6856 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\6 6500000797 _MI-07_540 0049, CASC SDE TANK U NIT.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2944 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7348 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 08 --field -trial-han dle=1536,i ,270580676 5158461115 ,757517430 2712746196 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.200.60.110 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430763 |
Start date and time: | 2024-04-24 06:57:30 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/43@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.202.56.131, 54.227.187.23, 52.5.13.197, 52.202.204.11, 23.22.254.206, 23.220.73.15, 23.220.73.10, 162.159.61.3, 172.64.41.3
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.200.60.110 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| |
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.216450848994618 |
Encrypted: | false |
SSDEEP: | 6:2lLZpDM+q2Pwkn2nKuAl9OmbnIFUt8nlL16gZmw+nlL16DMVkwOwkn2nKuAl9Omt:ii+vYfHAahFUt8b//+b/V5JfHAaSJ |
MD5: | 3C8B90FED50BA0132F5F1F72181FD459 |
SHA1: | BEA254585D39486289D9E76D42BDABC25EC7D5A6 |
SHA-256: | C45944757AA6E35E99CE6FBE58D4FA04C36A1B8F0941DEB3421D8077A0434424 |
SHA-512: | 8FC38EABBE807CEEEA21D32D6B9556C2E41C672BBF2DBB474DEDA35C2C82A77ABFA18C1DBD92161411A34054EDD83182F15DB2FBC2476CB94D8F7D0625FB2260 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.216450848994618 |
Encrypted: | false |
SSDEEP: | 6:2lLZpDM+q2Pwkn2nKuAl9OmbnIFUt8nlL16gZmw+nlL16DMVkwOwkn2nKuAl9Omt:ii+vYfHAahFUt8b//+b/V5JfHAaSJ |
MD5: | 3C8B90FED50BA0132F5F1F72181FD459 |
SHA1: | BEA254585D39486289D9E76D42BDABC25EC7D5A6 |
SHA-256: | C45944757AA6E35E99CE6FBE58D4FA04C36A1B8F0941DEB3421D8077A0434424 |
SHA-512: | 8FC38EABBE807CEEEA21D32D6B9556C2E41C672BBF2DBB474DEDA35C2C82A77ABFA18C1DBD92161411A34054EDD83182F15DB2FBC2476CB94D8F7D0625FB2260 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.202063667055114 |
Encrypted: | false |
SSDEEP: | 6:2lLToq2Pwkn2nKuAl9Ombzo2jMGIFUt8nlLTxf0XZmw+nlLTxf0FkwOwkn2nKuAv:govYfHAa8uFUt81xfQ/+1xfY5JfHAa8z |
MD5: | 34976CB3A50D381A6EEC08ACC856EEEF |
SHA1: | 1DDDE7AFD5D426F23F1A057C98E3BC08F602805E |
SHA-256: | B5D3C6D21A387415CACC3F6166C22CF85CC3FCA0426923CA128803B93E5D58CD |
SHA-512: | 156A30689882AFA7947F27590882C17C778814EB4D6896AB2CFDB2376418124F428B9CD34ABC6DA69E079D2D6CE0D5F630C6007A6B58A35D8358CAF04A441637 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.202063667055114 |
Encrypted: | false |
SSDEEP: | 6:2lLToq2Pwkn2nKuAl9Ombzo2jMGIFUt8nlLTxf0XZmw+nlLTxf0FkwOwkn2nKuAv:govYfHAa8uFUt81xfQ/+1xfY5JfHAa8z |
MD5: | 34976CB3A50D381A6EEC08ACC856EEEF |
SHA1: | 1DDDE7AFD5D426F23F1A057C98E3BC08F602805E |
SHA-256: | B5D3C6D21A387415CACC3F6166C22CF85CC3FCA0426923CA128803B93E5D58CD |
SHA-512: | 156A30689882AFA7947F27590882C17C778814EB4D6896AB2CFDB2376418124F428B9CD34ABC6DA69E079D2D6CE0D5F630C6007A6B58A35D8358CAF04A441637 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\03652f16-4d0f-4680-a068-2580a0c037c2.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.968646153603545 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZoJHksBdOg2H05caq3QYiubInP7E4T3y:Y2sRdsbJpdMH0A3QYhbG7nby |
MD5: | 26BD0EB39A79DE93F96192748C747C89 |
SHA1: | CA101C9E867E6EC1E3CEB50998D939B2A016DD9D |
SHA-256: | D3F3A87CBD8C01ED8C24EF8FC300444E0FACCD0CF92A484A636FD6EAE263F01F |
SHA-512: | F4F8E615B263D68BAF5FA95895D60E6701118D111AFED3B868610DB9820086D94D8D57CDA6915E08217E63AEF235201454CA96BFDE664316845EE9629CC0906C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.968646153603545 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZoJHksBdOg2H05caq3QYiubInP7E4T3y:Y2sRdsbJpdMH0A3QYhbG7nby |
MD5: | 26BD0EB39A79DE93F96192748C747C89 |
SHA1: | CA101C9E867E6EC1E3CEB50998D939B2A016DD9D |
SHA-256: | D3F3A87CBD8C01ED8C24EF8FC300444E0FACCD0CF92A484A636FD6EAE263F01F |
SHA-512: | F4F8E615B263D68BAF5FA95895D60E6701118D111AFED3B868610DB9820086D94D8D57CDA6915E08217E63AEF235201454CA96BFDE664316845EE9629CC0906C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.250521422476427 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7cXXU71Z:etJCV4FiN/jTN/2r8Mta02fEhgO73goJ |
MD5: | 06412B22CF0A4CB3520DEE42BECFB9F3 |
SHA1: | 4C5413F10C47275111F38E510E39FE78B2D3E845 |
SHA-256: | B33E6FDBEE3536E31311772FDC078F2E33EBE469E60F6C8566BFE0767A053D52 |
SHA-512: | F496BCD8CD03A810602AB95C59542B924FF2BA8656E3B587AB9D58D3A9B094D65A17877ACE653868B54333A2B1384691221AD20303E8F7CE9D3D8669426779AA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.21459352970058 |
Encrypted: | false |
SSDEEP: | 6:2lLg0G8Iq2Pwkn2nKuAl9OmbzNMxIFUt8nlLCOjZZmw+nlLCOjzkwOwkn2nKuAlG:JFvYfHAa8jFUt8FjZ/+Fjz5JfHAa84J |
MD5: | BD64B08AD45E1410F2E44AB66E4A6B56 |
SHA1: | 1D41CA9967A37171F066716211E275CA0B8430E2 |
SHA-256: | EE8399D37119A6557EFBA7A402E3CA4BB2F75642473ED471F884C2C9CB4E445E |
SHA-512: | EBC9896BA8A1B66B25CF77759DC21E0A53AAC3A0D9A600CA98A1B54EF9D86B0FA420314674853D54CB3EDA8694559DCB4ED9C37EA21524A38718E03258B0B4F3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.21459352970058 |
Encrypted: | false |
SSDEEP: | 6:2lLg0G8Iq2Pwkn2nKuAl9OmbzNMxIFUt8nlLCOjZZmw+nlLCOjzkwOwkn2nKuAlG:JFvYfHAa8jFUt8FjZ/+Fjz5JfHAa84J |
MD5: | BD64B08AD45E1410F2E44AB66E4A6B56 |
SHA1: | 1D41CA9967A37171F066716211E275CA0B8430E2 |
SHA-256: | EE8399D37119A6557EFBA7A402E3CA4BB2F75642473ED471F884C2C9CB4E445E |
SHA-512: | EBC9896BA8A1B66B25CF77759DC21E0A53AAC3A0D9A600CA98A1B54EF9D86B0FA420314674853D54CB3EDA8694559DCB4ED9C37EA21524A38718E03258B0B4F3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424045822Z-162.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.2883019507460785 |
Encrypted: | false |
SSDEEP: | 192:JP0A50Z5v66RUfBfEf9lLTjoN4Lf5FV5UJXUrCM8S55RqVfDlYsv:JP6h7r2VGy |
MD5: | B32E58C67A22BAD29E5294077674DC34 |
SHA1: | 1772EEE0347AC584EA7F13E3BE6D4E2CA28611A1 |
SHA-256: | 1BD591C221DBE785B0CF01323F19C09B789F6E54028A708F19FC815EC24E7CC8 |
SHA-512: | 7F545A6E63EC58B4365F3287C16BA23673248A5757C7602174AED5D65EB7139BA8D76469D9BF5248636985DD2E5889940514E1ACF35748A443257B6FF9B31FC2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445319150787097 |
Encrypted: | false |
SSDEEP: | 384:yezci5tMiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rrs3OazzU89UTTgUL |
MD5: | 548E4C8AE63910131BBABCA7B8EEB5DE |
SHA1: | 944C9751E97B741DB97E3B14B130E5858A701EAA |
SHA-256: | BE05DE9FB79C41F55FBDAE402371DA3289BF8A70ADDD4956EE98E994F6C46F9B |
SHA-512: | 77DEB4BEA842C4AAA175D29F4FA435D30C282BDA9ED4732946676861B1DD27B571EE83C37832437BEC3AC01A0D4A5EF99C088F823C6E4F8EBDA26E0C4C2E19F2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.777068172373167 |
Encrypted: | false |
SSDEEP: | 48:7MPp/E2ioyVYioy9oWoy1Cwoy1wKOioy1noy1AYoy1Wioy1hioybioyKoy1noy1u:7EpjuYFTXKQzjb9IVXEBodRBki |
MD5: | D77B8B18044F6765F9DFE09DE9FEED0A |
SHA1: | 32B0321372202265781B4EAAEE4EF00370ECCF3C |
SHA-256: | 961C0841CAE7B17CFAFC7F72A5F2D83B8F5F4A5777D1C434810ECCE13FCAB5DA |
SHA-512: | 1921DD70B2394EDAFF77890B6561D5AA5964FA39B648B0F1C6604A0739EA5141E07FC9ACCA40ED9BE704A649E1F9368B78EABC7C063F2946A76245E143A66CBD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 244540 |
Entropy (8bit): | 3.3415042960460593 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn |
MD5: | 758B42992DDFC41CB5E57069C621B54A |
SHA1: | D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD |
SHA-256: | 55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D |
SHA-512: | 437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.378064339765047 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJM3g98kUwPeUkwRe9:YvXKXBbBzZc0vMJ2OGMbLUkee9 |
MD5: | DFB28541FE81D1F0019767B2D50BC73F |
SHA1: | 385B2D595A9BB03A57939A8DE7048D29EC4247BB |
SHA-256: | 5CEB3447FF936FCB159FB050750CE3D5F06E64FB80463B79E0102FDA92C032F9 |
SHA-512: | 531C39B1B51AA55D62E571D8FA8A7C38178B63CC67CC31446F1B6E86F642A002064B47CA29CAF3CE906EA7654BB7136ED30694A72EFD73ACB6C5C5B079D203A9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.327908486296604 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfBoTfXpnrPeUkwRe9:YvXKXBbBzZc0vMJ2OGWTfXcUkee9 |
MD5: | BC33C04DD7584A41128F6EBD99E18925 |
SHA1: | 2DE6BCEA6318937CA1B65376D0D483FBF1D4F6CB |
SHA-256: | 0EC0B2DEF56B7F7E3CFF0542C79C13B854569CB367374DAEC727F2CE3DD29E2B |
SHA-512: | A0286D084C76387CF79237AB427D465E5ED2A46027538E7CB0491615F6117FC51FA3581CEC1F6A6B4AFE705AA43D85176C3F1BED9EC299EB0D05DF868F67D7C2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.307106234265808 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfBD2G6UpnrPeUkwRe9:YvXKXBbBzZc0vMJ2OGR22cUkee9 |
MD5: | C687D503778750C013368001C282A3AB |
SHA1: | B5BC6DF9A980E242D1568402CF2CF13DDBB139A4 |
SHA-256: | C27B64E5A8A6CEDA2E7B2BE42CC7D4B1FB86836BFFB03B9E05F7B58D88EB8302 |
SHA-512: | FC0CF8B9265CBC7A05C5BE3FC009AF23247E97715A3F7BE1B33019B418662061559AD8325C2339636002A4892A1CB57449C37BF1F3ABDA00020CB647C863CDC2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.365590668888201 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfPmwrPeUkwRe9:YvXKXBbBzZc0vMJ2OGH56Ukee9 |
MD5: | 1BF4497FAAA56E98D138DAD03714A0DA |
SHA1: | 25EDC467CB410C6877CD51EBC8AEC87A7D623A86 |
SHA-256: | 8595DF6B15DF77B107001AE9FC6C3CFD52A110C8F8B001B6D3D45C5C9AFFD236 |
SHA-512: | 0308EEA42A033F21C5331A5F5BD8D3F3F63265984D763C4694609500E38A63E4770BB09502138A8775BEC3C9934C98249FE3CDFEA107B0208B25C42B5A2AB5D9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.327264335779521 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfJWCtMdPeUkwRe9:YvXKXBbBzZc0vMJ2OGBS8Ukee9 |
MD5: | 8DAF9A474706ED4E11A617DF69094B64 |
SHA1: | 4FF0563106B80A03A0834718770EB5E50F493C29 |
SHA-256: | 768F836D8A5ADCDFCC01922BFC3265FA345135018ABA15BE70E542FCEFCFAC71 |
SHA-512: | BFCEEDED3E852F536A846A3B3E90A9592098FD00EB8D77C01B9B67AD9EB5952FB7F5A77BBD51BE70971F7E3D52D8F176772515EB112936FF434C55744B8324C1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3150920106853405 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJf8dPeUkwRe9:YvXKXBbBzZc0vMJ2OGU8Ukee9 |
MD5: | 4D6E932BB4280C83E8670C693A7522AE |
SHA1: | 8FB6D2938AD53AC55794048FC2B2346F0E599C76 |
SHA-256: | B50BADE27EE9684EFF0389F8AF9E0F009E905466BD343AF16F5D3B510BD26E57 |
SHA-512: | 9510F50705BC8028E69B8E3BD4DD2A020D68B314CE8ECC286BE221CCE2EB42D2A3F408C5A9877FDA2C4572A6C52687DBEA330E8D94903CD3BBF1DF454FCB5ECD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.3188193934193 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfQ1rPeUkwRe9:YvXKXBbBzZc0vMJ2OGY16Ukee9 |
MD5: | 90A2F06433615F54D9DE34EC67ABEE32 |
SHA1: | B87F31ABBE01E18F701858AA4B0B9520014D12F8 |
SHA-256: | EFD614A7BB19C3C52457B790BEC21959447619EE26CC2366918030BDEAEBBF1D |
SHA-512: | B19AC2F50FF1936EA9D72F256F598B4D0CBB18E7D41A03C2610B45A0C9D6D6F09C4247DD1E33FCF293D481F618D56A0474D30C32C3DB6B242E048C6A19C1B4FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.324344410356237 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfFldPeUkwRe9:YvXKXBbBzZc0vMJ2OGz8Ukee9 |
MD5: | B2EAEAC349724BAFC8D2E5E62A904C48 |
SHA1: | 0FEB89A0DC87EE30AB0BC48A3EA52AF315DF8CC5 |
SHA-256: | 72CB13B8B79E9DC4081F4546461753C4FD76CCA5F0C47822C7030A6D0490FBB7 |
SHA-512: | 146BDF97C06747D14D9B3A489632A265B704932150193E6B6BEEB647EBF4D9D44280F621C9F0732F6130B46C050D923FD25353B1658B4453A693DD98D4A46649 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.744339790703844 |
Encrypted: | false |
SSDEEP: | 24:Yv6XxBzzvM/KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNYp:YvOdk/EgigrNt0wSJn+ns8cvFJa |
MD5: | BD22BDFEBA1621ED026DC77DA72972A6 |
SHA1: | E65DC3366C46795AEE118010D725C9181347225A |
SHA-256: | 7C6C7F90BED9D87E328BECA59E17CF5A07C51CFB771DD2DD7D3C4A65D04AE3D2 |
SHA-512: | 2AE1372437F37D8B525540494F3724EFE28C61E91DDA0101BEAD949C1EB12DCB1DB76BA4EDA89D4CA1538800F3C84FCC599007E00FF9E75FE4079EEAEA224219 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3206206555048645 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfYdPeUkwRe9:YvXKXBbBzZc0vMJ2OGg8Ukee9 |
MD5: | 97AB6C229190E53E1A704C87D5489500 |
SHA1: | 04ECC6D624A2EB8C0A209AF66258C767B4C581B7 |
SHA-256: | F79C73B035ED1FEF522FAA47AF60FE2395DAC1ACE08B8C126D04C3AD446DC2B8 |
SHA-512: | 706C107008B934C5B0BD927E776B03F95FEFACB15C40F34F57A0F2EE5F8C575974D90FEC6150B653DA5FB72A21FFAC7934559858B99F2D52B3546175F24F785F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.781855831354098 |
Encrypted: | false |
SSDEEP: | 24:Yv6XxBzzvMCrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNAe1:YvOdkCHgDv3W2aYQfgB5OUupHrQ9FJP |
MD5: | F635BF10DCE43A6D6D4C61B677AB69BE |
SHA1: | AF76E510528F8E73DF25BCB3CC62C17564096C79 |
SHA-256: | 717D0DFF29501BFA9326E2623B69CA7B834661312446457FC02681AE8264BDE4 |
SHA-512: | E55DB55D383F597916750620C3CD2FE00DAECBBE634F3A0ED0EB58BD6A1A6CC6E2A56EC33DD2709AE374885CDFE49B85102076326C7477F2DC3AF1547C554786 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.304026030460481 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfbPtdPeUkwRe9:YvXKXBbBzZc0vMJ2OGDV8Ukee9 |
MD5: | 0AB6E1B2BC63720FD02F7308600738CB |
SHA1: | 33F09CC420093720A9857CF2B7C73B745BDD21E6 |
SHA-256: | A19BFB3FF44556565084437382780ADB4ADBFF98A235C36D5B669E019C9EE3AB |
SHA-512: | 797E9E4D12D6F80F5F612714F9D3B1D637F6321CF9AA8D521938B3A25FAF8E64B4E063F773101DCF8E10609BC2EE02F3FB65503278414C73B6A18FB4F5DC21C1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.308648523151629 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJf21rPeUkwRe9:YvXKXBbBzZc0vMJ2OG+16Ukee9 |
MD5: | 3ED48DFFE0983B07F904547027463E71 |
SHA1: | ECE231755C56DECBF92F5FC259FA3F4482798429 |
SHA-256: | AD9B6906FD89C223CBFDCF056CD21B367C5FFA2895B176CA1A70DBCFE404D946 |
SHA-512: | CD8CDEDF44F07057AD8285E47B8E9D3766AFF67DA04446BE2CE4F86ABDF3B2DA2275396714AA51E8280809021D85896FA741D206CCFBC16E0AF8979A5F9EA231 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.327161966188791 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfbpatdPeUkwRe9:YvXKXBbBzZc0vMJ2OGVat8Ukee9 |
MD5: | FDB4E796A067AF5685F5FFFC254E391A |
SHA1: | 5350AA94C1793DFFE32DA45AD84393FC7B624DAD |
SHA-256: | AD6F9AC1043A7FDDC09074F139B266758BE2339A84B17580F85B3A4C9804D11B |
SHA-512: | 19C5FAEC156B43D7F687F5AAF347E6BC671276B9F1DEE9D542D9A4E2B8DB3393E3914DA7E62AECC248259E80CA7AF8D2C3F1065133109E916FB4BCF542E4E606 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.28539566577631 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfshHHrPeUkwRe9:YvXKXBbBzZc0vMJ2OGUUUkee9 |
MD5: | 30E8B3F2553D61E7B3733B1168E33AE5 |
SHA1: | 2D20AD5B67269BDF737BAA1738B4876D0E303A98 |
SHA-256: | CF7703005FB2AE875B3631E19250F4EDB8D2DC2156904B48D973864D5BDD957E |
SHA-512: | 97CB1D355C7B6BC5055A1252E0A431385BD0C513530991C1725F7D26781D389EE770F4E8ECBAE65A62A29609EE5194E64BFCBE0CFC28D023F4366D438CD61D01 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.375436587182538 |
Encrypted: | false |
SSDEEP: | 12:YvXKXBbBzZc0vMJ2OGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW8p:Yv6XxBzzvMn168CgEXX5kcIfANhfp |
MD5: | 2E7B9ED399855702FB73450684540B42 |
SHA1: | E0F1653D00B535E1DEB1BCC893F5905A3EDB522F |
SHA-256: | 0DF5FE9BCE8D3726CB473E45BEA4E0BFEDB211A83968611109EB9B2A20F5BDDA |
SHA-512: | 05E56F96D3B109F56848348E394F44DCC8E17D043A967C4A3AA24FAC5E7368665C3A1C65215525C6F2B1C0D637DA4817A3C80902D24B09F51148CBA71A08B1C1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.135822106436905 |
Encrypted: | false |
SSDEEP: | 24:YJVoUBbCQEIVQ/abS3vmIVUa6KO1ayVnJ9PVpe0j0ij0So6HhX2ku2LSok/7QJ5Z:Y5ivab2vILzraF/7ak9+L |
MD5: | 79215C06623DAFBB95C8A4BA7F8A3987 |
SHA1: | 17D1C8FD2495365E4BF515AEE8C58DD7F4F1D0D2 |
SHA-256: | ADA3AEF884AE4ABFCB9BF6E193BC62138459B66AC336AFD078E6E46A7EF7FE46 |
SHA-512: | 9096C995651FCA7B288438BA14816FF0F4D4E62C67AA734969156647783E31CDB21615D31E2E0B9B51801E8F97059D8A3142131142A0C4E08EAA8B65A67DD3F4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1880437468890301 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUsSvR9H9vxFGiDIAEkGVvpO:lNVmswUUUUUUUUs+FGSItS |
MD5: | 2263AD8F70973FA6E0A46E2BA8329AD0 |
SHA1: | 7E27E9859DE939F9A1EDF3424D927D03B4856CD4 |
SHA-256: | A29B1576B8E3CA676C4A366D6CFC7EFC965228636A908E27D2FE9E53E42DA00D |
SHA-512: | 03BF1E9A165160A1B0A0F678E986A4C1AE832517DD2BC4F2CDA50A109910106B0398066250A215FA5FDC47832581784090C7BD8530A5B00B377698CDA71ABCF0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6082936612577852 |
Encrypted: | false |
SSDEEP: | 48:7M/KUUUUUUUUUU+vR9H9vxFGiDIAEkGVvoqFl2GL7msT:7RUUUUUUUUUUCFGSIt6KVmsT |
MD5: | 3990B847EBA8C5A3D668F685A05AD6E1 |
SHA1: | 7CAB9F5865F4448F4CB5287AECBFDA60E70DB8CA |
SHA-256: | AAAAE866EE10DFE3F0ABB2556F051BAEC81459BEE7A4AA78398DCD271D1C3A14 |
SHA-512: | 2036BD6E3B60CD1F1DE333B51A91D479D053CE007FAF9C720AC162A7BA90A37FA9A4C2D0A12EAA7EA12DE2EAF1C598F6304D3AC8874F405D765D633E64A1CA34 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.529459928009153 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+Rle:Qw946cPbiOxDlbYnuRKHt |
MD5: | 8F456632025650A3493F1C3FFC0FE4CC |
SHA1: | 138845664F4DD93DCE85FAD96291F49E86AA747A |
SHA-256: | C051A3EC8238852772D768FA54E28E196809CD1AB59EC51F896F80DC2809EE08 |
SHA-512: | 9762BB15BD9D6AE0E8D1B329885F599F200D4A0FBFBF97E6A85F468CE496777D4B5F7789BCF1013EF6848406712BAC147E3918F2E358468C9B93909ED75D897C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 06-58-20-740.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.339024535982815 |
Encrypted: | false |
SSDEEP: | 384:EyML0GhbsxvE8HScS6He483D8Z3BIMXtGf7RNBRAszHv2ZWYxECY1YJsVDM0dVJY:hh1 |
MD5: | B73E9BE8D734A59220898CE67000CED9 |
SHA1: | BFF795C88BD70A4BC28AC7D0A916ECF118341B56 |
SHA-256: | 57DFACCDE705553396AB848FFA9462B0BA4AABF281D53F68DF893D93A0C1CD47 |
SHA-512: | 145E71D8304D8CA368A38800914C83FDF9C9927D4F0A267AEC9162F97B4EF2B3F5FE41767A8A75D8A0E7347A68FA3F7EF09D86F1441C0AE6E85CB4F41C8AE444 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.388907121599038 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rZ:d |
MD5: | 7BFD38114CB8B8A809D9D02E6247262F |
SHA1: | 176C7E0733DCA9FB7D4D0F0A8A00BE8C065A3363 |
SHA-256: | 207EC7433F9EEDD1C519A219AB45306FE6F7653CC155C703B56B481806E77C20 |
SHA-512: | 00B727A8EE4EDB94EA835E6E355005E46D2AC32B842507849252AE20C2D7A1CF878932C5475E7721CBE1861514E88129258E7FA20940838344A3891B818777D4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U8:O3Pjegf121YS8lkipdjMMNB1DofjgJJ4 |
MD5: | FC042E4E13A78A5882E5AD1170517E3C |
SHA1: | 69F0A171DCB6DCDD14128253D7DB5ED418B5CAF4 |
SHA-256: | 6D0915EDF0AACCCEC40D49036362974AC4B678749CC6D2BFC11FFED2B2E618B8 |
SHA-512: | B43B3A4388B7B0D0C705AD70CFBD6DABF593499FC45AC589E2388C47F699EB35E942521BA64E57A0DE0031DC23C4EE17EA83FB0221C00CE0B075A44CD37C6C62 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.644244729885265 |
TrID: |
|
File name: | 66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf |
File size: | 1'282'351 bytes |
MD5: | 59db3e6443136010a55d8af99232d6f2 |
SHA1: | 1af66f2e5dd1e8606b176c983231d5130d46f27f |
SHA256: | a772c6d4e876a81a2470060c20343cf5fee92beb05b262687f04f54dac3ae919 |
SHA512: | 2b195e5675024fe4c6f72eb2eccbed2f155b710029e55cf55fd1ab2fddcbdb6762618c7ab0e93dbd11c58554d641a83113d78c9834422c293780a7c139751851 |
SSDEEP: | 24576:9BwrTt49wTkN0dSpPgzcghhoB/4l4JpboFoIFMK:Tm50r0dSBgrE/9zbQoIGK |
TLSH: | 9955AD4A8D83EA303C6F7982186EA74C841E64C56817DF74753E97ECC690E12E9FBE44 |
File Content Preview: | %PDF-1.6.%......367 0 obj.<</Filter/FlateDecode/First 5/Length 63/N 1/Type/ObjStm>>stream..h.25S0P...w./.+Q0....L).662...)...BiK.m.....T....$.........&B....endstream.endobj.368 0 obj.<</Filter/FlateDecode/First 18/Length 379/N 3/Type/ObjStm>>stream..h.... |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.644245 |
Total Bytes: | 1282351 |
Stream Entropy: | 7.633025 |
Stream Bytes: | 1250819 |
Entropy outside Streams: | 5.384837 |
Bytes outside Streams: | 31532 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 223 |
endobj | 223 |
stream | 118 |
endstream | 118 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 8 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 1 |
/AcroForm | 1 |
/JBIG2Decode | 3 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 06:58:31.490006924 CEST | 49740 | 443 | 192.168.2.4 | 23.200.60.110 |
Apr 24, 2024 06:58:31.490062952 CEST | 443 | 49740 | 23.200.60.110 | 192.168.2.4 |
Apr 24, 2024 06:58:31.490144968 CEST | 49740 | 443 | 192.168.2.4 | 23.200.60.110 |
Apr 24, 2024 06:58:31.490745068 CEST | 49740 | 443 | 192.168.2.4 | 23.200.60.110 |
Apr 24, 2024 06:58:31.490756035 CEST | 443 | 49740 | 23.200.60.110 | 192.168.2.4 |
Apr 24, 2024 06:58:32.000593901 CEST | 443 | 49740 | 23.200.60.110 | 192.168.2.4 |
Apr 24, 2024 06:58:32.001007080 CEST | 49740 | 443 | 192.168.2.4 | 23.200.60.110 |
Apr 24, 2024 06:58:32.001046896 CEST | 443 | 49740 | 23.200.60.110 | 192.168.2.4 |
Apr 24, 2024 06:58:32.002136946 CEST | 443 | 49740 | 23.200.60.110 | 192.168.2.4 |
Apr 24, 2024 06:58:32.002204895 CEST | 49740 | 443 | 192.168.2.4 | 23.200.60.110 |
Apr 24, 2024 06:58:32.004276037 CEST | 49740 | 443 | 192.168.2.4 | 23.200.60.110 |
Apr 24, 2024 06:58:32.004359007 CEST | 443 | 49740 | 23.200.60.110 | 192.168.2.4 |
Apr 24, 2024 06:58:32.004468918 CEST | 49740 | 443 | 192.168.2.4 | 23.200.60.110 |
Apr 24, 2024 06:58:32.048155069 CEST | 443 | 49740 | 23.200.60.110 | 192.168.2.4 |
Apr 24, 2024 06:58:32.060060024 CEST | 49740 | 443 | 192.168.2.4 | 23.200.60.110 |
Apr 24, 2024 06:58:32.060096979 CEST | 443 | 49740 | 23.200.60.110 | 192.168.2.4 |
Apr 24, 2024 06:58:32.106952906 CEST | 49740 | 443 | 192.168.2.4 | 23.200.60.110 |
Apr 24, 2024 06:58:32.176970959 CEST | 443 | 49740 | 23.200.60.110 | 192.168.2.4 |
Apr 24, 2024 06:58:32.177052021 CEST | 443 | 49740 | 23.200.60.110 | 192.168.2.4 |
Apr 24, 2024 06:58:32.177670002 CEST | 49740 | 443 | 192.168.2.4 | 23.200.60.110 |
Apr 24, 2024 06:58:32.177697897 CEST | 443 | 49740 | 23.200.60.110 | 192.168.2.4 |
Apr 24, 2024 06:58:32.177716017 CEST | 49740 | 443 | 192.168.2.4 | 23.200.60.110 |
Apr 24, 2024 06:58:32.177750111 CEST | 49740 | 443 | 192.168.2.4 | 23.200.60.110 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49740 | 23.200.60.110 | 443 | 7348 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 04:58:32 UTC | 475 | OUT | |
2024-04-24 04:58:32 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 06:58:17 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 06:58:18 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 06:58:18 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |