Windows
Analysis Report
0060599005-A05-047-4.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6404 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\0 060599005- A05-047-4. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 5088 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7148 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 08 --field -trial-han dle=1728,i ,854647060 946812726, 2826178202 337889136, 131072 --d isable-fea tures=Back ForwardCac he,Calcula teNativeWi nOcclusion ,WinUseBro wserSpellC hecker /pr efetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.61.208.184 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431069 |
Start date and time: | 2024-04-24 14:34:29 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 0060599005-A05-047-4.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@14/43@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.85.240.187, 52.5.13.197, 23.22.254.206, 54.227.187.23, 52.202.204.11, 162.159.61.3, 172.64.41.3, 184.28.81.142, 184.28.81.158
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, p13n.adobe.io, geo2.adobe.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
- VT rate limit hit for: 0060599005-A05-047-4.pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 298 |
Entropy (8bit): | 5.1545631281095625 |
Encrypted: | false |
SSDEEP: | 6:vu9+q2PN72nKuAl9OmbnIFUt8Y1JZmw+Y19VkwON72nKuAl9OmbjLJ:1vVaHAahFUt8M/+s5OaHAaSJ |
MD5: | 12CE09112D96BE7EBADA418D2C7A525F |
SHA1: | 1F2D66BB50A3091E93E5AE7CEA4CB37026FC66F8 |
SHA-256: | 95E6ACB43E1E904B79EA6E534C7855D70D26AC2019D6C7ED2BD05439B8657759 |
SHA-512: | EF3B752B5F0E422230004B3EA74538704FFDF112DE1CDB39707595A11EA229C05D3D7EDFBF27DAD23AFF28C1FC834741EAB80B1A1C083793A181F60FD8023A1D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 298 |
Entropy (8bit): | 5.1545631281095625 |
Encrypted: | false |
SSDEEP: | 6:vu9+q2PN72nKuAl9OmbnIFUt8Y1JZmw+Y19VkwON72nKuAl9OmbjLJ:1vVaHAahFUt8M/+s5OaHAaSJ |
MD5: | 12CE09112D96BE7EBADA418D2C7A525F |
SHA1: | 1F2D66BB50A3091E93E5AE7CEA4CB37026FC66F8 |
SHA-256: | 95E6ACB43E1E904B79EA6E534C7855D70D26AC2019D6C7ED2BD05439B8657759 |
SHA-512: | EF3B752B5F0E422230004B3EA74538704FFDF112DE1CDB39707595A11EA229C05D3D7EDFBF27DAD23AFF28C1FC834741EAB80B1A1C083793A181F60FD8023A1D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 339 |
Entropy (8bit): | 5.181965816644403 |
Encrypted: | false |
SSDEEP: | 6:vQv+q2PN72nKuAl9Ombzo2jMGIFUt8YQZZmw+YQNVkwON72nKuAl9Ombzo2jMmLJ:LvVaHAa8uFUt8B/+b5OaHAa8RJ |
MD5: | 020A64F9EE3D9893CD7F326525C6E375 |
SHA1: | 64B46CF06717E27FE82259B3B2FFFA28A4E9C36A |
SHA-256: | 8B8D20971F5C96E2A21C0D16725C1C958F0AEDD402EC038DD14F8E3F4B0D3857 |
SHA-512: | EB22ECDC30D52EB1E4A97E4FC0FDBBD54A0E5F68872FC6DBC7F11B5F7B7D8961A9AD737416540C82E58BE93578C17448E6393E2956059B0A4BDC1DA2F8384A85 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 339 |
Entropy (8bit): | 5.181965816644403 |
Encrypted: | false |
SSDEEP: | 6:vQv+q2PN72nKuAl9Ombzo2jMGIFUt8YQZZmw+YQNVkwON72nKuAl9Ombzo2jMmLJ:LvVaHAa8uFUt8B/+b5OaHAa8RJ |
MD5: | 020A64F9EE3D9893CD7F326525C6E375 |
SHA1: | 64B46CF06717E27FE82259B3B2FFFA28A4E9C36A |
SHA-256: | 8B8D20971F5C96E2A21C0D16725C1C958F0AEDD402EC038DD14F8E3F4B0D3857 |
SHA-512: | EB22ECDC30D52EB1E4A97E4FC0FDBBD54A0E5F68872FC6DBC7F11B5F7B7D8961A9AD737416540C82E58BE93578C17448E6393E2956059B0A4BDC1DA2F8384A85 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9892d6d4-9b2f-44af-863a-058766806d30.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.9659513190737 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZPZsBdOg2HQTXkAcaq3QYiubcP7E4T3y:Y2sRdsJdMHGXkr3QYhbA7nby |
MD5: | DB6E2FCC6D97F45CC5F8F75CF9F79144 |
SHA1: | 96C61C2389BE243143D692DEC90BF4D9EAD8CAE9 |
SHA-256: | 88572E0117F78365D0F84FED0B7F5A233CC5C62A7EDFB43451AB82972C78037E |
SHA-512: | 20C1890EF089415C78C83E1BACCB7570D8AD2DA518A6EFCD82151527FAFAAB60BB04022CA4F399929291D6C1621905BD6C1445878E130029882E373974D19B73 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.9659513190737 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZPZsBdOg2HQTXkAcaq3QYiubcP7E4T3y:Y2sRdsJdMHGXkr3QYhbA7nby |
MD5: | DB6E2FCC6D97F45CC5F8F75CF9F79144 |
SHA1: | 96C61C2389BE243143D692DEC90BF4D9EAD8CAE9 |
SHA-256: | 88572E0117F78365D0F84FED0B7F5A233CC5C62A7EDFB43451AB82972C78037E |
SHA-512: | 20C1890EF089415C78C83E1BACCB7570D8AD2DA518A6EFCD82151527FAFAAB60BB04022CA4F399929291D6C1621905BD6C1445878E130029882E373974D19B73 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5859 |
Entropy (8bit): | 5.251733758523178 |
Encrypted: | false |
SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE78NBup:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhr |
MD5: | 1C5151ED09503961A7BD9F3DF7230C6C |
SHA1: | DCFF9EADBCF1E1E8987C37B4EC1FCD3A95284056 |
SHA-256: | 8C8163115D66F55F8BAFDF757CD249B313930C9A6C651DF288CFA8FB30CF61AE |
SHA-512: | A95944C9FD72EF7128D3D3397E9A363D65641E475B719AAB32F3C1DBDA935C85302E9BF76BC6759185AC100A8600DE193838969D28E04C1BA55296A1443EA914 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 327 |
Entropy (8bit): | 5.14804580567663 |
Encrypted: | false |
SSDEEP: | 6:vv3+q2PN72nKuAl9OmbzNMxIFUt8YaXZmw+Ya3VkwON72nKuAl9OmbzNMFLJ:evVaHAa8jFUt8z/+p5OaHAa84J |
MD5: | FB2A5FA4487AFBF6238C42CA0B7473E7 |
SHA1: | 81A9746E837694BCE9BD00CA2AF9B5703D574944 |
SHA-256: | B757CD16943D0BB202DEE09FE1CFA53454B4D0D3B10CDF364E6360371C67F808 |
SHA-512: | E320DD330E506068069064A95788B9F3972FB2802177C7F8E6CF1AE64939381AFE1D4143E0AA4032BBA04322D93614A22B0B8C12CDD55522EC1FA32C5F08F69F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 327 |
Entropy (8bit): | 5.14804580567663 |
Encrypted: | false |
SSDEEP: | 6:vv3+q2PN72nKuAl9OmbzNMxIFUt8YaXZmw+Ya3VkwON72nKuAl9OmbzNMFLJ:evVaHAa8jFUt8z/+p5OaHAa84J |
MD5: | FB2A5FA4487AFBF6238C42CA0B7473E7 |
SHA1: | 81A9746E837694BCE9BD00CA2AF9B5703D574944 |
SHA-256: | B757CD16943D0BB202DEE09FE1CFA53454B4D0D3B10CDF364E6360371C67F808 |
SHA-512: | E320DD330E506068069064A95788B9F3972FB2802177C7F8E6CF1AE64939381AFE1D4143E0AA4032BBA04322D93614A22B0B8C12CDD55522EC1FA32C5F08F69F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424123545Z-169.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.9893689837114923 |
Encrypted: | false |
SSDEEP: | 192:sT366tGcq+6ZCplhre7t7men01NqzsZDNeFCnf+oorZg0EBrnZMu2BPwUe23Pn:g66AbCpnKt7mWcqRFCni6dildPn |
MD5: | 013319E29382FDA49D76E268D2CFF81C |
SHA1: | FFA211099C439B3CB1642C8E60218D9BF6C115D3 |
SHA-256: | C8A55A797B9A0B77A560D184B99B0EF24CBCD5F7C81A173DE0736530EC845CEF |
SHA-512: | 9F411205A2E171899047414AC49BF5BF856BD85F9AB3C6D3E6F3D8AEC266B6ECAAA6E8539DC232B1314E87EF397D8DB319BB8344D415DA650E317E7660887FCC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445269932222627 |
Encrypted: | false |
SSDEEP: | 384:ye6ci5t6iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mVs3OazzU89UTTgUL |
MD5: | 5BAA4064F490CED81CC2F4272C55578B |
SHA1: | 7671312673C413AB286AB8D1CC2BB473DDAFCFBE |
SHA-256: | EE7E08429F1E9C7FF097DC1AE0008B730219A77D456ECFABA568F36BA64BDEC3 |
SHA-512: | 9E434C8445ABA4E33B751F6D6502BAAF5AD47A0ABBD46F0C8480EDFE2E7CA39152481B0ED01BE032EACE311C0303BD9A499A99D3CB1306A3E51FB1C0707394A8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.769735281274104 |
Encrypted: | false |
SSDEEP: | 48:7MAFJioyVHioyAoy1C7oy16oy19KOioy1noy1AYoy1Wioy1oioykioyBoy1noy1g:7FJuHgUXjBiRb9IVXEBodRBk2 |
MD5: | 4DAC092AF4CB74AA4C7E984225CDE8F8 |
SHA1: | 059B7F89C403C4F30743851497C97FB8C2C303A2 |
SHA-256: | 7305B3E533ECF604EB9B092E3ECDD295E1CA6A62968DC62309143E9F2D354434 |
SHA-512: | FF6968C3E4F54AB1CB78D5583BF5040B448A57B3EF13DBD0ADCF6D9FC0B82123724EF72E94A1AE4397A80778FA56751C09A7A856A7F9A986A1654C8F3F0EF7F1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn |
MD5: | 265E3E1166312A864FB63291EA661C6A |
SHA1: | 80DFF3187FF929596EB22E1DB9021BAD6F97178C |
SHA-256: | C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728 |
SHA-512: | 48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.357419360311377 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHQR+XSbJH0nZiQ0YiFDoAvJM3g98kUwPeUkwRe9:YvXKXkIG0c5CGMbLUkee9 |
MD5: | 471FE202C93BCDD927E24414D5691275 |
SHA1: | B02F670305F0F79D62AC7087CCE6215A8F04125E |
SHA-256: | 78C702F7665FBE50140A5E78C40E221F577C33A8FF356A13B72994682DDEC381 |
SHA-512: | 60255CBCCB884D20B546E30D9D52F7179972C51827F36B1C5E0729B8277AB32C7DAFCACD10857681D7684B001752F6D5C8952387DAA4BC6C44F37F1A09337E20 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.307815936346975 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHQR+XSbJH0nZiQ0YiFDoAvJfBoTfXpnrPeUkwRe9:YvXKXkIG0c5CGWTfXcUkee9 |
MD5: | 33311E629A544824B6744A3F446BA437 |
SHA1: | 9F7D85FE9D96FA976696E0E5F2386281F1FA0B29 |
SHA-256: | C123DB47E0BB0A4D80AB6B0431E2F8A2B767B50C4986F92C4FA596B577E458E3 |
SHA-512: | 6B3BF42A5F33A946D84EA7903E8009C674DFAC01696744D9734384434ED5733B436A84D63F711448FC4A2F0FA99AC148BCDEC38D068A08E4A0993A83BB031AAD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2856660299240446 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHQR+XSbJH0nZiQ0YiFDoAvJfBD2G6UpnrPeUkwRe9:YvXKXkIG0c5CGR22cUkee9 |
MD5: | BAFB70882174EC995D2ED85123A6283E |
SHA1: | 6D4F3A6B3A6A33271E75645269CE2777F12FD48F |
SHA-256: | 4ACD24ECD80E0637C14153620C57A2DEDB2FC7316D7CA5F3327D40A26F4F4466 |
SHA-512: | B2FD1DE989D052A9E5D3D58B2E4362AE63004D64985CB8A3C1C43A0FC34B63E66E5CAA8A3BB55E5F11CEDC7D74F0B8A58E56E9976447B1EF54139BD9BA13E4B6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.33723337365932 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHQR+XSbJH0nZiQ0YiFDoAvJfPmwrPeUkwRe9:YvXKXkIG0c5CGH56Ukee9 |
MD5: | 97799809B6271ED20F81205E759C00DC |
SHA1: | BF0A42AD2BFC10BC78F72F06A115B51D1867B3D1 |
SHA-256: | C1A1F95024C606E85DC828DFFC06784BDFB40E0FFDB59ECAB0FCEC74CF346F14 |
SHA-512: | B7926F0E3A9987CD41438DAF087E2E0C6D81E5DBF1C54AAAC2D617946E6010A6641CB5EBA7F87586A0F2F1E29717790BCA7BC3B86813713C0E4ADF304F7D4A7B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.306165468267007 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHQR+XSbJH0nZiQ0YiFDoAvJfJWCtMdPeUkwRe9:YvXKXkIG0c5CGBS8Ukee9 |
MD5: | FF5D5182C5E72845E47DC6ED32F7C9E3 |
SHA1: | C8F9D37365215F5FDA21841742A74E9CD1CED2ED |
SHA-256: | 9F8EBC6F2802830EC889CE924DE9D9DC907BC04108FF8EC4B1524E2E97231F87 |
SHA-512: | AD9FBE09DE214E162F2B6CB594713C9C9EB8CF118B5D0FBA907D95BCE4A8222C40B1D65909FD4A98BD53A552DE547FF95811CC44DF07570573A7011A17471341 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2898210249718 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHQR+XSbJH0nZiQ0YiFDoAvJf8dPeUkwRe9:YvXKXkIG0c5CGU8Ukee9 |
MD5: | 637154E0D3677359BABAB3BA5B2F0912 |
SHA1: | 53B8119AA580D65AEE0E3CEA22D1779BBD4C038C |
SHA-256: | 6DD73E571B3AA9EC27838C971BB51FBC003B0741943CA291EB8CA51EFC0C387A |
SHA-512: | C919B3C7FB5B84811250FCA14E7C416C9D55AD372DBECB94B4D139B4CEC0F43CF43CE09836C3F29CA934B0E2A0D39FAC5FE9B9CFD2B454D17E07D2B7735F3D77 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.292868655020568 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHQR+XSbJH0nZiQ0YiFDoAvJfQ1rPeUkwRe9:YvXKXkIG0c5CGY16Ukee9 |
MD5: | 887E3781ADEABAD3C4C098375FDC2656 |
SHA1: | 5992FDBAFF1026EF0BE062640EECED0BF3917B94 |
SHA-256: | 33904FA2F50FC0BE272CA2D6DD5317C74519CF61E83953A6740CBB75024E7B35 |
SHA-512: | 12B4B7947CA7D78D33198658F23FCB60E09792257326E5E82144C72C9B5BE35910C87BFE14949AC7F3419E5B04354FD7C14532B2D2787991DDA201D5A714AD23 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.303026523457779 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHQR+XSbJH0nZiQ0YiFDoAvJfFldPeUkwRe9:YvXKXkIG0c5CGz8Ukee9 |
MD5: | B813B277B9024CE412B4A4945FEF912F |
SHA1: | C46CF906741F5BE7B90BE94D6FB73D9880177474 |
SHA-256: | 342C45C4B86273769C5B0E0D7C41C99E162BA9C4FD32C56C25817EFB9DE9A243 |
SHA-512: | 4D634E4ED43FAC2B65746C9697F801B0B3C6378FAEA76D17FD639BB4C5FD202C6B30FAA70768FB25E619EEE5D997874B1F1C88CB0534A9CB7C8B42C5AE088666 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.742573479768499 |
Encrypted: | false |
SSDEEP: | 24:Yv6XkJZ5uKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNeC:YvzuEgigrNt0wSJn+ns8cvFJYC |
MD5: | 7841FB1586E83628E85C780A61526E1B |
SHA1: | 90D1274C7804D4457B34C573D20F6D7AE5CC6F40 |
SHA-256: | 855C423C8E5651F895446B9405D6E6E261579456ECC054E1075EA82606953A00 |
SHA-512: | 780E2CF8E0E26E9DFD22B354000E9D88AD696FE29B09BDE27FA9139C7A334549A69D27245DB24FF9D2DBA9DE76077F16A58C03C604832E4F60FF3CE3A855774D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.298041426126821 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHQR+XSbJH0nZiQ0YiFDoAvJfYdPeUkwRe9:YvXKXkIG0c5CGg8Ukee9 |
MD5: | 999DCACE0B781C7DC06D8CE81DBB49D2 |
SHA1: | 42C55F58B6A67D166FA176603F67B0B604D922DE |
SHA-256: | E67822BB1762068EA002D4A39036B47711002B7306C82700FE60E6FF104E2B37 |
SHA-512: | C59C62E803D399B6407B9E1AFE03B86A3B2554BB4123F3DE8D71059C87BD8A9991A4CD19ECC575D5E92B70A544D2180D5634497C36A816B584E8D9A7E589B530 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.780192610161063 |
Encrypted: | false |
SSDEEP: | 24:Yv6XkJZ5lrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNGC:YvzlHgDv3W2aYQfgB5OUupHrQ9FJUC |
MD5: | BFD9DCF55B82A389639767D98713332E |
SHA1: | EFDE51B42F8033A60F02577769104147039E52A5 |
SHA-256: | 22B973870D23D8C42E2D69C20BA285AB69719625EE9B15F38272681197510BFD |
SHA-512: | 1E012BA1F4461E803C444B1CAF0B6990606FCA848FB2267AED2E82521D53DD48CEA1844BEDBEF4C2F5874BA162812849814B5B389F1FD401B7D23E39C45C8028 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.281601984789504 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHQR+XSbJH0nZiQ0YiFDoAvJfbPtdPeUkwRe9:YvXKXkIG0c5CGDV8Ukee9 |
MD5: | DC22827315C4CDC5E43C68FCC72B398D |
SHA1: | 5589A57785C6BD40FF0EADB31A000FAC76272507 |
SHA-256: | CE1B15FB12EE5C7A8CFB065D6D3890DDB7C5F9EF55D44C5A8CD7A20A1A0A19A8 |
SHA-512: | 0DCF0FD46F375C7AEE1B4C9AB249645E30A3B55DB400437AB64BD33A7899517BB3E93E4F8BAFCE5292B19E124A0B4F47632C6695BCAA3B12E6131B1121521D3C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.284956195515842 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHQR+XSbJH0nZiQ0YiFDoAvJf21rPeUkwRe9:YvXKXkIG0c5CG+16Ukee9 |
MD5: | D48B071FDA062DF5D2F3052A1FA1A55A |
SHA1: | 489E34FA61BD0857BF95F70CA23C246635D696EC |
SHA-256: | AF83873335E1B23110714BA303EACBC439EC3AF6CCB403C672BBA537F371B59A |
SHA-512: | 2257874FB86A9E5EA4793B64272EA6E717DF21AE0E7A29878C2EC91FFDC2C9C95429D2D42ABAE91695244A570E6AADA88BCDA9CAE06D3D37982BCF9F92BA7ADD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.304582736810747 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHQR+XSbJH0nZiQ0YiFDoAvJfbpatdPeUkwRe9:YvXKXkIG0c5CGVat8Ukee9 |
MD5: | 99F72BAEB2F652E9F9C9A647D23E82C4 |
SHA1: | 7976547E705E5B91FA64F7B4D159210C725993B5 |
SHA-256: | 5E0565D1881FE0C8320BAE290096041776A56ADB80902C6E527878D08359B840 |
SHA-512: | A81D048E267B341D1D787B0DF5FC376438820301075CA46678B9A489AF44A161D9C12D7B6668FB365C7480F5803E029F81F6663ACEC36EF6D451CB9B7D04C42C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.263854164679618 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHQR+XSbJH0nZiQ0YiFDoAvJfshHHrPeUkwRe9:YvXKXkIG0c5CGUUUkee9 |
MD5: | E1D6CBB577A10A3505AEE9FCEC10A2DC |
SHA1: | 4FF0C2601D4149CDCD72F1844C4B6361B797A009 |
SHA-256: | F63E265F52C8EF394E5F2EE23A0BB518FCBC99A4FA9703282EA9EE1EE2BA583D |
SHA-512: | CD22AED0D07334C1B909DA51DE834828161851DF4CBBC17F9E4E3D834305A49F00C11886F78D9C64A60101309F47073D69ED0D07FB1FEE53E15BE504FDAC762C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.364381929042921 |
Encrypted: | false |
SSDEEP: | 12:YvXKXkIG0c5CGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWKur:Yv6XkJZ5M168CgEXX5kcIfANhBC |
MD5: | A7713C07219026AFCF433C28EF764C0F |
SHA1: | 82962EB9A29D8B4674FCE3B6097A7D644BA2787B |
SHA-256: | B04CF00362D403F7EEB7FA8F1B824AFF7FC2D792B5047D3FDFBA0ACCFCC423B1 |
SHA-512: | 2334CF2395DBF52F46168F40DC774C15BAA19B50681CB266368759BC81098F5B1D0D94640F4F30184C934238CF311A38C5458C03659E51E67334D411A3F14895 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.144185966349291 |
Encrypted: | false |
SSDEEP: | 48:Y/hTffwOjrx6gG1Bc1pswpM7hj678LtBVPPcCAWT5G9Ovye:ihTfTjrx6gG1m1psAM96gLX1UCAWFMOd |
MD5: | D1C3EAAF3031C4409EAB06B4D964F2E9 |
SHA1: | 279F5C0264523AA2EA29B272FF864987C9B1583D |
SHA-256: | 622D0CC2B105785F12DF69C3259DA0A4C362E1A92099E2B0E13CC6B56EE1ECCF |
SHA-512: | 4C5CFE258F8560A0FC4CD2D335D965157D5FD61250EF6939E60902FDED23F7DB95C3E97A429079A4FF9E5B9C3DD550D233D2669EBF3C763F1B9ECEB578464A2E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.145622915849971 |
Encrypted: | false |
SSDEEP: | 24:TLhx/XYKQvGJF7urs308HRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUub:TFl2GL7msE8DXc+XcGNFlRYIX2v3kv8l |
MD5: | 129138A46A914E38139ACB5CBE6D49A0 |
SHA1: | E180C06C0867C9E103D420BAB6B8747D1DADEF06 |
SHA-256: | 1758AEB10B95BC0C231608B59575F76A0A0798E1491CAEBB2802D4E4C7E2D11A |
SHA-512: | 7FB81A329ED40569E95B8E77824C5BD12E059FEFAC16FC69DA0334DA68E5A65C01C312ECE4F79E8FE93BC595FB5CFBC71E2B8DA9D558C2F4B98CFC3AE23289BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.5521356541269038 |
Encrypted: | false |
SSDEEP: | 24:7+tp08HUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxaqLxx/XY:7M680Xc+XcGNFlRYIX2vLqVl2GL7ms+ |
MD5: | 2B52DE994896F2CC1418344DFCB59B82 |
SHA1: | 2F4093C7C449FF2B4CD52DFB951D10ED496A741E |
SHA-256: | 47480325FB1C00DD2870A5831EC182422A60D5795EB7ACC019234F2AE13B2CFA |
SHA-512: | B0BF114A2B73E5E064747BFEF6DAC26FBDBAD51F04899BF1925240A4AADC131A7A9E5D08A863D16F269EADF9F2D039F91DA0D99600F34A6F140AEDF521E8DB22 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.524398495091119 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+aRdww:Qw946cPbiOxDlbYnuRKHd |
MD5: | 7B57A594D875D6495AF152CEBF3554A7 |
SHA1: | 19EEF20274C6BE8EFDDCA0FDD536901B128FCA3A |
SHA-256: | 348FFD94EF33D245C6B20AE4C28B4AE8A4F22BF98BD99037E392F2598ED20935 |
SHA-512: | 4913F822554D82E533C7A389E9956C3CB652B8B27138DCFCDE621EBA04E7735A7813AEE252C9E244040DC605FA4AF8ED2D7C2F2AEF270DCE71CE02EFBFB55C71 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 14-35-43-382.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.338264912747007 |
Encrypted: | false |
SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
MD5: | 128A51060103D95314048C2F32A15C66 |
SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.344944990856198 |
Encrypted: | false |
SSDEEP: | 384:BxPgXNalSnJCcS/lzd2JqbKWlEPSxhKrcKuQIY7abJguWs8e7sQufujyoS4O3P/a:xHr |
MD5: | 45DE580604AD6D6C37E41B035E8D139A |
SHA1: | 2C7CA7765C815517FD16FDA7B7ADEFBFDB591257 |
SHA-256: | 08507D12F1D2BDD6A011424EF9D2756158634D9170DB048EB90FF560FE299FD1 |
SHA-512: | 0F98857D2377AF3B5B603D2C56B1C24E8B65EA1E0E0100147FE743DD120BADE18C87C702F6E228224F5231F146B9924AF801ADE8FF905CA44ADA77C03C90919F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.390125358641216 |
Encrypted: | false |
SSDEEP: | 192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbCcbMI2McbE:V3fOCIdJDev2W |
MD5: | 3A9E02AEC6424F7C2AB2F98D6A4BAB19 |
SHA1: | F400BB63F5B64644115FFF81D6895B847D4CA107 |
SHA-256: | EF980A07977A515526157465633ED8CA2EA983CF544D852CE87CAD67E16B8148 |
SHA-512: | B8B4A286961058AAE2DA5670516BEB8C41D42094026B55752288F0217418417707457C112DD4D6073E3840EBD0671F900DD1D5D91776A0E928378DDB310C7201 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZkweYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZkx |
MD5: | 07D8068909EE5D4733B5D33A93769B92 |
SHA1: | A37D86FBAAEC3712043C9A8F88A9B81217CF5371 |
SHA-256: | BF9C2491D36569FFEECD0399E87C59D8910E3DAFF3C90DA586273CB4B27F8C6A |
SHA-512: | 2E7AE378E075C0BB07CA23098A726D34C5A5059D02A8594A6AEBFA186305A402F1A76845EA7EFCE1BF87FBD90B46E8B8D01B183371025ECBD6562327A018969A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.990873648963656 |
TrID: |
|
File name: | 0060599005-A05-047-4.pdf |
File size: | 379'584 bytes |
MD5: | c201410d3777170a1b0c5020c4ee6e85 |
SHA1: | 8b70820d1b0479482ca55f4f0d263a7b47703d58 |
SHA256: | 905642e46a7b08b22326579d9b4f476fff230a39364b5f2c40f5099242972f9c |
SHA512: | 1b56666e40aa28dd488a383a9db34b7b964f0cf8c951e6de9f3672e2993a5f78b2f5d8597acda21c4455ef51847c1f9cda77b8caeb7508357ed0ffabec408d6d |
SSDEEP: | 6144:vlzaDmwNuBrtnmRW3RRRRRRhx6Uwd3jzphr5Fl/04yV1QowjCbrszDX/4lm8UrXx:vlzaa0C5n04x6R3jzTl04y3Qo5rcJ1rB |
TLSH: | D78422144B2DC9D8B6269B14308D2E7579C2D1802D562A7EB69C6CCE1305EB4ECCBFF9 |
File Content Preview: | %PDF-1.7.%.....2 0 obj<</AcroForm 4 0 R/Metadata 5 0 R/PageLabels 6 0 R/Pages 7 0 R/StructTreeRoot 8 0 R/Type/Catalog>>.endobj.5 0 obj<</Length 3254/Subtype/XML/Type/Metadata>>.stream.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns: |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.990874 |
Total Bytes: | 379584 |
Stream Entropy: | 7.993057 |
Stream Bytes: | 374087 |
Entropy outside Streams: | 5.147295 |
Bytes outside Streams: | 5497 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 56 |
endobj | 56 |
stream | 55 |
endstream | 55 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 2 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
46 | 0808000021034629 | 05d51d1d4b577ca1876d5133956e8427 | |
47 | 75b7979d8c6363d9 | 0900e8c0280307fe47e5dad1f335f493 | |
158 | 3613934133170b37 | e69cdd54c9d045c69ec6ecd0f0c866a2 | |
191 | 8c8db4cbf23f473d | ddeeeff2e427b89fd02b60635ae7f86d |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 14:35:53.956051111 CEST | 49731 | 443 | 192.168.2.6 | 23.61.208.184 |
Apr 24, 2024 14:35:53.956098080 CEST | 443 | 49731 | 23.61.208.184 | 192.168.2.6 |
Apr 24, 2024 14:35:53.956165075 CEST | 49731 | 443 | 192.168.2.6 | 23.61.208.184 |
Apr 24, 2024 14:35:53.956347942 CEST | 49731 | 443 | 192.168.2.6 | 23.61.208.184 |
Apr 24, 2024 14:35:53.956357002 CEST | 443 | 49731 | 23.61.208.184 | 192.168.2.6 |
Apr 24, 2024 14:35:54.442280054 CEST | 443 | 49731 | 23.61.208.184 | 192.168.2.6 |
Apr 24, 2024 14:35:54.442821026 CEST | 49731 | 443 | 192.168.2.6 | 23.61.208.184 |
Apr 24, 2024 14:35:54.442833900 CEST | 443 | 49731 | 23.61.208.184 | 192.168.2.6 |
Apr 24, 2024 14:35:54.443912983 CEST | 443 | 49731 | 23.61.208.184 | 192.168.2.6 |
Apr 24, 2024 14:35:54.443974018 CEST | 49731 | 443 | 192.168.2.6 | 23.61.208.184 |
Apr 24, 2024 14:35:54.447231054 CEST | 49731 | 443 | 192.168.2.6 | 23.61.208.184 |
Apr 24, 2024 14:35:54.447308064 CEST | 443 | 49731 | 23.61.208.184 | 192.168.2.6 |
Apr 24, 2024 14:35:54.447835922 CEST | 49731 | 443 | 192.168.2.6 | 23.61.208.184 |
Apr 24, 2024 14:35:54.447843075 CEST | 443 | 49731 | 23.61.208.184 | 192.168.2.6 |
Apr 24, 2024 14:35:54.491516113 CEST | 49731 | 443 | 192.168.2.6 | 23.61.208.184 |
Apr 24, 2024 14:35:54.608516932 CEST | 443 | 49731 | 23.61.208.184 | 192.168.2.6 |
Apr 24, 2024 14:35:54.608604908 CEST | 443 | 49731 | 23.61.208.184 | 192.168.2.6 |
Apr 24, 2024 14:35:54.608736992 CEST | 49731 | 443 | 192.168.2.6 | 23.61.208.184 |
Apr 24, 2024 14:35:54.609925032 CEST | 49731 | 443 | 192.168.2.6 | 23.61.208.184 |
Apr 24, 2024 14:35:54.609941006 CEST | 443 | 49731 | 23.61.208.184 | 192.168.2.6 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49731 | 23.61.208.184 | 443 | 7148 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 12:35:54 UTC | 475 | OUT | |
2024-04-24 12:35:54 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:35:39 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff651090000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 14:35:40 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 14:35:41 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |