Windows
Analysis Report
0060599005-A05-044-4.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 2456 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\0 060599005- A05-044-4. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 3340 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 3832 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 08 --field -trial-han dle=1612,i ,174851250 5467347395 6,11496295 1424605982 25,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.85.240.187 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431071 |
Start date and time: | 2024-04-24 14:34:33 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 47s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 0060599005-A05-044-4.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@14/41@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.61.208.184, 54.144.73.197, 18.207.85.246, 34.193.227.236, 107.22.247.231, 172.64.41.3, 162.159.61.3, 23.1.236.16, 23.1.236.34, 184.28.81.142, 184.28.81.158
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: 0060599005-A05-044-4.pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.85.240.187 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.24844501868126 |
Encrypted: | false |
SSDEEP: | 6:vvuSQL+q2PCHhJ2nKuAl9OmbnIFUt8YjQG1Zmw+YjQQLVkwOCHhJ2nKuAl9Ombjd:nbvBHAahFUt841/+K56HAaSJ |
MD5: | 4D683639A404E829EE4AF5B39BE170DC |
SHA1: | 28D13422CA477BFDF1C0E2978D0C6A19E8E285CD |
SHA-256: | AF981617CF551625E956202F1C01529B0EC49D4CD2E205AEE4161FD937D27472 |
SHA-512: | CE23C0A4D06C07DBABE697071C624BEE2099634017275C184C879E9D1A13648A24BC00C7AE98370C7BDCAF3A1FFED311F246B88188972C5595AD8C47443B8D46 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.24844501868126 |
Encrypted: | false |
SSDEEP: | 6:vvuSQL+q2PCHhJ2nKuAl9OmbnIFUt8YjQG1Zmw+YjQQLVkwOCHhJ2nKuAl9Ombjd:nbvBHAahFUt841/+K56HAaSJ |
MD5: | 4D683639A404E829EE4AF5B39BE170DC |
SHA1: | 28D13422CA477BFDF1C0E2978D0C6A19E8E285CD |
SHA-256: | AF981617CF551625E956202F1C01529B0EC49D4CD2E205AEE4161FD937D27472 |
SHA-512: | CE23C0A4D06C07DBABE697071C624BEE2099634017275C184C879E9D1A13648A24BC00C7AE98370C7BDCAF3A1FFED311F246B88188972C5595AD8C47443B8D46 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.114204627969045 |
Encrypted: | false |
SSDEEP: | 6:vfq2PCHhJ2nKuAl9Ombzo2jMGIFUt8YPvZZmw+YPvzkwOCHhJ2nKuAl9Ombzo2jz:XvBHAa8uFUt8EvZ/+Evz56HAa8RJ |
MD5: | 05117CEC9D2ECCE4CB4B7E706AE8EE7C |
SHA1: | 1B733D58750F61DAE958C2911D44F584E7F535EE |
SHA-256: | C28A1B6EFDBCF1EAA2EEDE0F306A6F8B5FB28388F6FD02D4B03E3A9D47074925 |
SHA-512: | 739583D4DC137F6003E57D47B81F461309E212311C31D701FF477EBFA5A7D5C5EA3588803C1C738139C2490AC0352BECB4C636F3D8F927CF8C97DDA49D285293 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.114204627969045 |
Encrypted: | false |
SSDEEP: | 6:vfq2PCHhJ2nKuAl9Ombzo2jMGIFUt8YPvZZmw+YPvzkwOCHhJ2nKuAl9Ombzo2jz:XvBHAa8uFUt8EvZ/+Evz56HAa8RJ |
MD5: | 05117CEC9D2ECCE4CB4B7E706AE8EE7C |
SHA1: | 1B733D58750F61DAE958C2911D44F584E7F535EE |
SHA-256: | C28A1B6EFDBCF1EAA2EEDE0F306A6F8B5FB28388F6FD02D4B03E3A9D47074925 |
SHA-512: | 739583D4DC137F6003E57D47B81F461309E212311C31D701FF477EBFA5A7D5C5EA3588803C1C738139C2490AC0352BECB4C636F3D8F927CF8C97DDA49D285293 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\11c001f4-704a-43e0-8db5-47d4c60a20d8.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.941665831593091 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZNNA2sBdOg2HCYcaq3QYiub6P7E4T3y:Y2sRds2NAbdMHCT3QYhbS7nby |
MD5: | 2AFC3ECB86693002AAF9F6949AD626E4 |
SHA1: | D5490CBA4A64ADFEBB860F75108CAF97E76A4A5E |
SHA-256: | 88A8AEA3B82E8A9583123E48EED25C22A4BECA7F6EA7B3984E8C35C2783C9213 |
SHA-512: | 56CE60D449951386E0CE62C4E9BF3C2F04283D1DA8023AEE8A5E480C6557A7A10941409743332F0B3E30108199D7604832D93CDD39C66AB4865EA3F3D68EA65E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.941665831593091 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZNNA2sBdOg2HCYcaq3QYiub6P7E4T3y:Y2sRds2NAbdMHCT3QYhbS7nby |
MD5: | 2AFC3ECB86693002AAF9F6949AD626E4 |
SHA1: | D5490CBA4A64ADFEBB860F75108CAF97E76A4A5E |
SHA-256: | 88A8AEA3B82E8A9583123E48EED25C22A4BECA7F6EA7B3984E8C35C2783C9213 |
SHA-512: | 56CE60D449951386E0CE62C4E9BF3C2F04283D1DA8023AEE8A5E480C6557A7A10941409743332F0B3E30108199D7604832D93CDD39C66AB4865EA3F3D68EA65E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4288 |
Entropy (8bit): | 5.232974323921073 |
Encrypted: | false |
SSDEEP: | 96:S4bz5vsZ4CzSAsfTxiVud4TxY0CIOr3MCWO3VxBaw+bGLq5A6qmdAZ:S43C4mS7fFi0KFYDjr3LWO3V3aw+bGLp |
MD5: | 39A42BD26F43AD5B5A431ADDC7796B7F |
SHA1: | A0E875AF092B586272B1EDAE2CA77B1A30F4F57B |
SHA-256: | 641B58F4AAF670D922177311604BF10613516C07B4FC64E2122CA2A94BF6E842 |
SHA-512: | 12D38C69BDAC039404CBC6A23BFE70AFE34B7168656C98C1CE7647239FE65B7E3498441585FE2DB5D8EF4DC8DB0E893476B426CF73B762D2A30FEE6A783BDAD7 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.175484702459732 |
Encrypted: | false |
SSDEEP: | 6:vaLq2PCHhJ2nKuAl9OmbzNMxIFUt8Y0Zmw+Yi7kwOCHhJ2nKuAl9OmbzNMFLJ:yLvBHAa8jFUt81/+t56HAa84J |
MD5: | 8598383EE0437CC7D76003C7226433B9 |
SHA1: | B22E52538A0C493748A704015D0D5E2A6DAB4D0B |
SHA-256: | 6F8673F34BB74546736110E87E64F389D527DC63E84C1BD1D09DA9833F395B6D |
SHA-512: | 84D425AD7ED7BB927EC1CF71E17B0268490A13292F0108AD0F0B1491D8ADF1B7D9A509FEEC8A4F2FD7E1B5CCE288954B38C32218DE7D9B9687BD8C4C330279AE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.175484702459732 |
Encrypted: | false |
SSDEEP: | 6:vaLq2PCHhJ2nKuAl9OmbzNMxIFUt8Y0Zmw+Yi7kwOCHhJ2nKuAl9OmbzNMFLJ:yLvBHAa8jFUt81/+t56HAa84J |
MD5: | 8598383EE0437CC7D76003C7226433B9 |
SHA1: | B22E52538A0C493748A704015D0D5E2A6DAB4D0B |
SHA-256: | 6F8673F34BB74546736110E87E64F389D527DC63E84C1BD1D09DA9833F395B6D |
SHA-512: | 84D425AD7ED7BB927EC1CF71E17B0268490A13292F0108AD0F0B1491D8ADF1B7D9A509FEEC8A4F2FD7E1B5CCE288954B38C32218DE7D9B9687BD8C4C330279AE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424123555Z-161.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.9821606894720083 |
Encrypted: | false |
SSDEEP: | 192:sT366tGcq+6ZCplhre7t7men01NqzsZDNeFCnfSooLD9BEBrnZMu8eqEuPPn:g66AbCpnKt7mWcqRFCnXdo/Pn |
MD5: | E8C8C2D6E45942F07D246B0C81BADACA |
SHA1: | D8B5E426AB1F62AE509DF8FF496490B8F0ED1FC4 |
SHA-256: | 19FFB0AB7BBB8D49B5D5C71D0DFD3F37E85EF9FF494F799D4DDA30ED50C8A823 |
SHA-512: | CB628BD46F063E577962CD56BEB305C203D03354977EB0DA55695958F8856AEC6034117E2F5196CD06152AE93E5E0FA767DAF189A37CA9E876F8E6311AA1B5E4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:qKPC4iyzDtrh1cK3XEiv07VK/3AYvYwgF/rRoL+sn:XPCaL/3AYvYwglFoL+sn |
MD5: | 27094DF6D14B4D6728D59FFC4E31294B |
SHA1: | CC768A8693F9C122496C2BE949E13F0C36AE7888 |
SHA-256: | B26846BECCDB3792F05A996D2863C7A1D286BD9F997DBC2112604EBDD206FEAC |
SHA-512: | 681F8D3F21AF1B1898F6572DB44AE92CF2AF56B3E8C9421C679DF0962A6CABE44753A5327368DAB97BC9AF997EFD86B803847285BB64F427196C65C8B0348BE8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.369679538766154 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHSwJSRX+vB3/dVlPIHAR0Y7oAvJM3g98kUwPeUkwRe9:YvXKXywC+vR/ZwHAAGMbLUkee9 |
MD5: | 60A88B2190A028FDFBD1D2D875340248 |
SHA1: | FE907F6AAE5DAE8AB33B18B5E5CF2CCED008ED18 |
SHA-256: | AC627AFCAEA4CB733FB37BA8C9302D8C8F5680383936540AC0B7FD1B54F3DA2D |
SHA-512: | 8CB97C2F6652978B9E9A0C89D973188C0CE011B7127C725C4078565B2E206CD873F20DA415EFAE3ED5986B4B11E5F8578B319257261671F55AA7906D64A7EA3D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.3084977312561685 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHSwJSRX+vB3/dVlPIHAR0Y7oAvJfBoTfXpnrPeUkwRe9:YvXKXywC+vR/ZwHAAGWTfXcUkee9 |
MD5: | 009409CFDB50D5C71290B47BEDC8DEC4 |
SHA1: | 7253C013650F1499530A3C76B260A1B315E08566 |
SHA-256: | EBD1E71EA6EBCDB058224E00768EED92194F937ECBC82CFE21A850AC0866BF00 |
SHA-512: | 0A3EDBF9FC15392359A03F8191ED633F79CBFFB659BE6A6C1141D4190C02D9BC71AF2CB2407598B99D943F8EA23D5EA9E7EB76F51AD065705D960E59F8D10C36 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2876954792253725 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHSwJSRX+vB3/dVlPIHAR0Y7oAvJfBD2G6UpnrPeUkwRe9:YvXKXywC+vR/ZwHAAGR22cUkee9 |
MD5: | 892F8F6BA9B82EE3E07361E1B1DDE9EB |
SHA1: | 0F1517257F71DE28E4580478CBACAE7EB7D116D7 |
SHA-256: | 1C4F90FF7280DC2EA213E69B083750690838D9BAD33E1F479A70589C89402074 |
SHA-512: | D80D17FB503EECE038248F0FFA05779FFB8DE89F76BAF93871D024EF7398246474ADBB3D91BAAD4ECE3A7F17B83E8CF05842CDCCEBDE9011A5FA7382D6809993 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.346849704695623 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHSwJSRX+vB3/dVlPIHAR0Y7oAvJfPmwrPeUkwRe9:YvXKXywC+vR/ZwHAAGH56Ukee9 |
MD5: | FD987529A731597322DCFEC85C42CFA6 |
SHA1: | C325C8EB6BD3A8460D292652C9F4780BAC76509B |
SHA-256: | A6A497308F86C55D52370C27FA5D694F8FFD4D3155DDB9C88318360F86A4A9A6 |
SHA-512: | 42CBA13FF23673A657C033E585193978E806376668649DFB2C1C4B4E1CC8F5564907579DCE7982C02906F589144F2A34910CB33B69CC3A28F801B8EC6950D431 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.31430157175323 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHSwJSRX+vB3/dVlPIHAR0Y7oAvJfJWCtMdPeUkwRe9:YvXKXywC+vR/ZwHAAGBS8Ukee9 |
MD5: | BCF4767A72C0D3E56830CC332208BA22 |
SHA1: | 952F882D59C2251F5E7A56B66DDCD41693364BB9 |
SHA-256: | 0B11C14EF63FF7BCA8B079AF6D377D5C6860C65D2DC377E1BEB8CCD0251CE119 |
SHA-512: | DD69124913E5F9B6AC80E2F7D2D80530E1BD739E3213BCE5FDD0FC98784676E8D1CE5F7536FAB96C2E783A2F9B1532FA52E098538A909BB014558F40F4C28335 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.300447429987044 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHSwJSRX+vB3/dVlPIHAR0Y7oAvJf8dPeUkwRe9:YvXKXywC+vR/ZwHAAGU8Ukee9 |
MD5: | E934A95A05788008635EB426310FF89D |
SHA1: | E11613A3BAB9D8D3176B8235479C32328DB2D07E |
SHA-256: | 156A94D9F7EEDFD5B3F8A33A7035EB0DFCA9C49E7586F03E92797538E0BB4C22 |
SHA-512: | 93E39DF237FC4A9E665C27191F84C4DD1195D8E87FAA685BC0827428672F0DE9834E8456902748110A08CC6EDF81C478D46FA05452AD89D592BCC929586B6A74 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.298483176512468 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHSwJSRX+vB3/dVlPIHAR0Y7oAvJfQ1rPeUkwRe9:YvXKXywC+vR/ZwHAAGY16Ukee9 |
MD5: | 451272F683B8FDD056356AA0A9062C68 |
SHA1: | BDEAA7FAAEB01B24FD2031809E43F8C731D49F18 |
SHA-256: | DD2F07A8A53208D62112A3E5A12FA47F0C319FEA0BD29BA26F672736E52EC55B |
SHA-512: | A93EDDEFF01EA5B6C57AB427DE987A7B6B6EFB8F80E085F46D538BB9806F76CBF3D8F9167AB3BD2C06BA4F5C75CA377EFEF6AA72398FBF38968F3E9C2253FA59 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3161256644688315 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHSwJSRX+vB3/dVlPIHAR0Y7oAvJfFldPeUkwRe9:YvXKXywC+vR/ZwHAAGz8Ukee9 |
MD5: | 02A3E83A5866ACB0C37534B053E4B75F |
SHA1: | 4B56C661B0C1EB996197B3F7733A9BF8F38A667E |
SHA-256: | FF0F9542B18849AF985376A200EF482042EAB55361346B7961C2B3CC0D225716 |
SHA-512: | B46000A5B4981D05DB858D7657C40E7811E89DE23721CECA8FD5401C42A4668AE15CCA27D7DA0C4502D6CA231638BA0D3BD69CA3D997B8379132E60AA285661F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.745090528583363 |
Encrypted: | false |
SSDEEP: | 24:Yv6X/C+Jh8KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNe4B:YvCC+Jh8EgigrNt0wSJn+ns8cvFJY4B |
MD5: | 97767069E2D2ACFDC0F713BC478C33F7 |
SHA1: | 5E808AD48C51A3477251B05B5F1620BC3CED59AA |
SHA-256: | AFD8F8019EF6080C0570ED99E54855431C618E19B907B56BC72632240DC28EA6 |
SHA-512: | B26A085E0902D17D1007CD831E20B931F2FD231A8643601FD95D45E9A09A34FA5C1BFA4249150C721CFE3A4833A2A94FF5C4CF2DD16D60F3ACF5C1926C0B7702 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.308528499656338 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHSwJSRX+vB3/dVlPIHAR0Y7oAvJfYdPeUkwRe9:YvXKXywC+vR/ZwHAAGg8Ukee9 |
MD5: | E661A8904FE498C990A615DE93EFA08C |
SHA1: | 3AA45084B7B03B7931450CD04F6DB0B449F5A9B4 |
SHA-256: | C8B190499782FB48098B0333F22361E3F99F119CED09D132990F7D5D50151C98 |
SHA-512: | F931F6ED1A22B9C3F7E13F058B22D038F0ED0A03A1D4AC9DFB3A4D4AFA78ED279E6CF9EDC8B9D5688E0F9482B4A688A93283EEA53EA472DE2BB2D579375CE3B7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.779689503664865 |
Encrypted: | false |
SSDEEP: | 24:Yv6X/C+JhzrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNG4B:YvCC+JhzHgDv3W2aYQfgB5OUupHrQ9FL |
MD5: | 6EC962D96B3AF3FBA2C906D11F9D1430 |
SHA1: | 12C55682AA34FAFD447DE494E39A121F143918C4 |
SHA-256: | 1969442D5A16D35387C15B294335B716AD327286D3DAD5641DCCF47032814857 |
SHA-512: | F2566C782B941617D26DFB430B4C80C9E73D84D8EC81BF67048E26EB33E56F1C875414B9CEC9C17A54FA61AC410B96504DB1E764E339AD4FEB26D0D1C9CAE995 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.292016982212289 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHSwJSRX+vB3/dVlPIHAR0Y7oAvJfbPtdPeUkwRe9:YvXKXywC+vR/ZwHAAGDV8Ukee9 |
MD5: | B6D8FE6D1BC31F61AB3A831B97DDCB13 |
SHA1: | 38F121D65AA90B7D1D0E2A86A6EAF5B680E09BA8 |
SHA-256: | 1F6C9CE7B8EBB2DE0890D979A4CE93706F5BFDED07439D9AE88204EC3DD06B09 |
SHA-512: | 2EB6B457EEEF773BFED274A4C0C954C37A7BEFDB6AE71B1C695B72C72DA37F73DD30EF74DC750ACFB172D2F629B70F3F553C86EB21EAFE34703D700E367B5D18 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.290528228534168 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHSwJSRX+vB3/dVlPIHAR0Y7oAvJf21rPeUkwRe9:YvXKXywC+vR/ZwHAAG+16Ukee9 |
MD5: | 7881B653911C18B0E6BB0BA998E82932 |
SHA1: | F24A974FAA97B87A41DA0D4F27DDE0C6EE706A81 |
SHA-256: | CAE0250DF6F9B5C90FCAD62C6B9F46F5EA8F9C4DB1DCE1E1C127D2986653219D |
SHA-512: | 3798E5B86FDD0F1447C2549CF3A6BA90B3EA952354853CD54EBFA47DC783D3943258DBE7AD73A39D7C02EB61AC60438ED525735A182C962EF8B240F9F8B3D73D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3150698103402645 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHSwJSRX+vB3/dVlPIHAR0Y7oAvJfbpatdPeUkwRe9:YvXKXywC+vR/ZwHAAGVat8Ukee9 |
MD5: | 07174F85ADC6476E884F2234A2035FE0 |
SHA1: | B4FC27926332A3F4CAFFC7E6F4EC23EF3C1EC1B9 |
SHA-256: | E23C61A8584E0D78B8171EB1560E4EA731A789D1DB42026C5DD5002842AA81EA |
SHA-512: | BF73FA0995596B3510945D686A7524FDF5CB6A7712CDAD6BD80984185E11A0643C3A82D152480BE6603F05061122BA886ECF0ECC179D435BB23C99F2B57FCC2C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.267807415449338 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHSwJSRX+vB3/dVlPIHAR0Y7oAvJfshHHrPeUkwRe9:YvXKXywC+vR/ZwHAAGUUUkee9 |
MD5: | 01954A9F63AF789F22B7B611614CC7C5 |
SHA1: | BC3371F44F78C3D702CAB118BDFEDFCCF606F600 |
SHA-256: | 126DF6567158D936FFC6F551C31CA22CFC71B25E5F72856B06AA8CAC4E283713 |
SHA-512: | C71E73326791751B779EB515E01DB6D61A6B277547106ADF5475DB2A658C0AE5EE0FA3F3021A98DEAF9C7A7755F6AE3B00751DF622D2B51E1FAEF0FD589EE045 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.379516185075275 |
Encrypted: | false |
SSDEEP: | 12:YvXKXywC+vR/ZwHAAGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWK4UY:Yv6X/C+JhK168CgEXX5kcIfANhB4B |
MD5: | 31057AF10585C6B2D7CE8346564B3FC9 |
SHA1: | 18FFE35D89048BF5FA372B56000E65408567B529 |
SHA-256: | BCD99D87F91E368020FC7B4434DE68A6C2FBB23F248A778A77EEBE41DE2FE591 |
SHA-512: | 0BC9C5E9A0DE336035D891DB6819E7B105754494084A1F84A4DE3E3FB096CB01FDF742B793A959F02EC23E22BF87C62FD82DAAA186FD04D14F9F4D755D950607 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.139388684020474 |
Encrypted: | false |
SSDEEP: | 48:Yxk45SqcOL5Rv4gbOkLfBcSSYgjs6ec67KxchZWsP9OYsANq:ek40qvVRQgi6pXSYgjs6ec4hZWuOQNq |
MD5: | 12F8CEF30639BE283CCEA7CA61ECA459 |
SHA1: | 13B1BD73B46A4BFE798F538B88BCB3B18F64288A |
SHA-256: | D9EFA59479AF66D110995C4DA33CE6403990637C94AC2CDB966AD46DB3E9596A |
SHA-512: | 9298EBCEC05A06FB413246A1BBADF0E41477054E278FA2BDF0CD04ADAB75C925215EB3BBEDDF224F197D82454FEF44FA3967800F22AA05E747E775D06F4F3320 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.3187901082086506 |
Encrypted: | false |
SSDEEP: | 24:TLKufx/XYKQvGJF7urs9Ohn07oz7oF0Hl0FopUEiP66UEiPbnPnNknNMeIy00tq3:TGufl2GL7ms9WR1CPmPbPahF3ypilIfr |
MD5: | 6F3164338F1350E19E2ED3CD1BAB2657 |
SHA1: | AEE6CFDB3CFC6ED42C69D03708A6859B460109B1 |
SHA-256: | 3E0012AF7073BD0D4831038F51323C4BE3AE33A4B431125D4845AF5DDBBB1C06 |
SHA-512: | 88103C1241131351EE3DF9C28DC1ED1E2E1A445353EBB31391BD1C2FF93A3B0FEE6AE62EC2728771C1F84F01918E379FC3CE86A6B4AF5B20E2D1A9F87818BECD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.7816429979405202 |
Encrypted: | false |
SSDEEP: | 48:7MVWR1CPmPbPahFOypilI5wqFl2GL7msk:7sWfMwbPahFO/KVmsk |
MD5: | 47964A7A5ADB2B2065F8193DA7A159BF |
SHA1: | FEBC4C8F1FA0A1A57D01C34055FD1F6AE838BE24 |
SHA-256: | DE480F5D09FAEB1DE5571B62A380F986F2900C697F594C3050DABC77E81C06B3 |
SHA-512: | E63544CD719AEC9933A1E8EE735771BFD7A6BA8A1C6A604466DD29B31E4315CABDD74E7FB40EB6EDE354A636EE8957E7D95399F286F862FD935D8F5A39C475CF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5309417490522437 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+aROqw:Qw946cPbiOxDlbYnuRKHkqw |
MD5: | CE4625199321772547DF94491513E01A |
SHA1: | B2CE4D8582E32CF69EBE5DE09F0A094CFB8F1CA9 |
SHA-256: | ADB7AD2844A5C642382384C7CD147FC8C3ABBBC04F8F830E29BDEABF9AF46352 |
SHA-512: | 49FAF1462C8924DDA41AC16617BDC42F2EBB552E015D14131C5C39F7450D90AA8AFD3D9DD33B70A280A728947AC4D600DA6767E4F986CFB3949D70D0EA01B043 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 14-35-53-200.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.33860678500249 |
Encrypted: | false |
SSDEEP: | 384:IC2heaVGJMUPhP80d0Wc+9eG/CCihFomva7RVRkfKhZmWWyC7rjgNgXo6ge5iaW0:X8B |
MD5: | C3FEDB046D1699616E22C50131AAF109 |
SHA1: | C9EEA5A1A16BD2CD8154E8C308C8A336E990CA8D |
SHA-256: | EA948BAC75D609B74084113392C9F0615D447B7F4AACA78D818205503EACC3FD |
SHA-512: | 845CDB5166B35B39215A051144452BEF9161FFD735B3F8BD232FB9A7588BA016F7939D91B62E27D6728686DFA181EFC3F3CC9954B2EDAB7FC73FCCE850915185 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.352482905940578 |
Encrypted: | false |
SSDEEP: | 384:yqUbcqpax0/0CHKq92XjQkxtqMdJo8b9eEYui+bSEGPdrEG2ZTZUrU1sLx4N44EM:MDI |
MD5: | 02C7657FAB3F112D4A6E5414DCC85A45 |
SHA1: | 7A6862D21438748879E438889D194E44EAD3E9FF |
SHA-256: | F146FE1BDBC1D400BBD7D8B3581C25FFF26B08220EBA48538D9C397286655918 |
SHA-512: | A130CDD019CDAF6EC99EE9E04AD086AAEBD660ED1182184C348749885F86A5C7CABA1833D202AF44E2E0264AAA5F7F34759573BB94911F2EB672129E9A606CC5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.4062826340655254 |
Encrypted: | false |
SSDEEP: | 192:TcbeIewcbVcbqI4ucbrcbQIrJcb6cbCIC4cbDcbWIewcba:ceo4+rsC6ek |
MD5: | 30B90559B807BF034539F5522A6C5F35 |
SHA1: | 2EC3DD992B9D4A114153D46CCD5B6688EB22F930 |
SHA-256: | C85C0448FCFC668D7414E65B2923C1CFF5E8B3F1850830D50FC3FA0AC44EFEDC |
SHA-512: | 7EFF004F510EC63E11B9680BBD816E6ACCC13D0198A09895D96F01A1E2727754DD32C97ED20DA89C1C3C10B822852E85C0E03FD175468644665916964119F915 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:bWNh3P6+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:C3PDegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 59EE5E2FB56A099CAA8EDFD7AF821ED6 |
SHA1: | F5DC4F876768D57B69EC894ADE0A66E813BFED92 |
SHA-256: | E100AAAA4FB2B3D78E3B6475C3B48BE189C5A39F73CFC2D22423F2CE928D3E75 |
SHA-512: | 77A45C89F6019F92576D88AE67B59F9D6D36BA6FDC020419DAB55DBD8492BA97B3DAC18278EB0210F90758B3D643EA8DCF8EC2BD1481930A59B8BB515E7440FE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.989168899955713 |
TrID: |
|
File name: | 0060599005-A05-044-4.pdf |
File size: | 347'595 bytes |
MD5: | 14b75f6bde243c56d4722b98d6f00dc7 |
SHA1: | 96af93817b8b854f0971b0413c26c54b3814376a |
SHA256: | 28483ec36620ebb5598948951422c000cf109d3b2b2f82644cf3ec933273df80 |
SHA512: | bb7c0615395ee509bf4a5a7d348256476ea429ca8757ba0492ed28e997021c6183bff658c3fc8b5d9cd4dbef6ae4fb60081a29769bc9a9cd1687d3e464185d7d |
SSDEEP: | 6144:NFaDmwtwBrtnmRO3RRRRRRhxvprX5T0CJj01yVhQowjCbr4zDX/slc8LZf2To:NFaa6s5n0wxxrJT0C901yPQo5r4jufX |
TLSH: | 787413199A3CC0D9B6265B2932995EA525C742C13C06BABE366C4C4F0741DA4FCCDFFA |
File Content Preview: | %PDF-1.7.%.....2 0 obj<</AcroForm 4 0 R/Metadata 5 0 R/PageLabels 6 0 R/Pages 7 0 R/StructTreeRoot 8 0 R/Type/Catalog>>.endobj.5 0 obj<</Length 3254/Subtype/XML/Type/Metadata>>.stream.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns: |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.989169 |
Total Bytes: | 347595 |
Stream Entropy: | 7.991821 |
Stream Bytes: | 342082 |
Entropy outside Streams: | 5.141986 |
Bytes outside Streams: | 5513 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 56 |
endobj | 56 |
stream | 55 |
endstream | 55 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 2 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
44 | 0808000021034629 | 05d51d1d4b577ca1876d5133956e8427 | |
45 | 75b7979d8c6363d9 | 0900e8c0280307fe47e5dad1f335f493 | |
152 | 3613934133170b37 | e69cdd54c9d045c69ec6ecd0f0c866a2 | |
186 | 8c8db4cbf23f473d | ddeeeff2e427b89fd02b60635ae7f86d |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 14:36:03.344078064 CEST | 49720 | 443 | 192.168.2.8 | 104.85.240.187 |
Apr 24, 2024 14:36:03.344110966 CEST | 443 | 49720 | 104.85.240.187 | 192.168.2.8 |
Apr 24, 2024 14:36:03.344234943 CEST | 49720 | 443 | 192.168.2.8 | 104.85.240.187 |
Apr 24, 2024 14:36:03.344383001 CEST | 49720 | 443 | 192.168.2.8 | 104.85.240.187 |
Apr 24, 2024 14:36:03.344396114 CEST | 443 | 49720 | 104.85.240.187 | 192.168.2.8 |
Apr 24, 2024 14:36:03.845974922 CEST | 443 | 49720 | 104.85.240.187 | 192.168.2.8 |
Apr 24, 2024 14:36:03.849783897 CEST | 49720 | 443 | 192.168.2.8 | 104.85.240.187 |
Apr 24, 2024 14:36:03.849797964 CEST | 443 | 49720 | 104.85.240.187 | 192.168.2.8 |
Apr 24, 2024 14:36:03.850878954 CEST | 443 | 49720 | 104.85.240.187 | 192.168.2.8 |
Apr 24, 2024 14:36:03.850944996 CEST | 49720 | 443 | 192.168.2.8 | 104.85.240.187 |
Apr 24, 2024 14:36:03.852956057 CEST | 49720 | 443 | 192.168.2.8 | 104.85.240.187 |
Apr 24, 2024 14:36:03.853041887 CEST | 443 | 49720 | 104.85.240.187 | 192.168.2.8 |
Apr 24, 2024 14:36:03.853879929 CEST | 49720 | 443 | 192.168.2.8 | 104.85.240.187 |
Apr 24, 2024 14:36:03.853888988 CEST | 443 | 49720 | 104.85.240.187 | 192.168.2.8 |
Apr 24, 2024 14:36:03.903101921 CEST | 49720 | 443 | 192.168.2.8 | 104.85.240.187 |
Apr 24, 2024 14:36:04.018559933 CEST | 443 | 49720 | 104.85.240.187 | 192.168.2.8 |
Apr 24, 2024 14:36:04.018646002 CEST | 443 | 49720 | 104.85.240.187 | 192.168.2.8 |
Apr 24, 2024 14:36:04.018718958 CEST | 49720 | 443 | 192.168.2.8 | 104.85.240.187 |
Apr 24, 2024 14:36:04.019361019 CEST | 49720 | 443 | 192.168.2.8 | 104.85.240.187 |
Apr 24, 2024 14:36:04.019378901 CEST | 443 | 49720 | 104.85.240.187 | 192.168.2.8 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.8 | 49720 | 104.85.240.187 | 443 | 3832 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 12:36:03 UTC | 475 | OUT | |
2024-04-24 12:36:04 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:35:49 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6e8200000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 14:35:50 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79c940000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 14:35:51 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79c940000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |