Windows
Analysis Report
Unbenannte Anlage 00015.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 576 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\U nbenannte Anlage 000 15.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6520 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5700 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 76 --field -trial-han dle=1520,i ,806396290 7802656780 ,122862991 7746312341 8,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.3.84.164 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431110 |
Start date and time: | 2024-04-24 15:39:24 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Unbenannte Anlage 00015.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@14/41@0/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.1.100.158, 18.207.85.246, 107.22.247.231, 54.144.73.197, 34.193.227.236, 162.159.61.3, 172.64.41.3, 23.219.38.26, 23.219.38.58
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.3.84.164 | Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Djvu, Vidar | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.226995311978256 |
Encrypted: | false |
SSDEEP: | 6:hWtQL+q2P92nKuAl9OmbnIFUt8WISG1Zmw+WISQLVkwO92nKuAl9OmbjLJ:hiv4HAahFUt8WS1/+WE5LHAaSJ |
MD5: | 1EA820526A41BE0389D5315C04F7F33B |
SHA1: | A4C27A4B66FF069D9BBEC25D19DC7799DB43B6A4 |
SHA-256: | AEB5CEF25A2009C39E8384A78738197F3B41C817F097BCC9FD8780278861E282 |
SHA-512: | C52E625608538373E99ABD7C4E93EB7A595173686268328FD2CB80B67104E5FBB30AA825B2098FB2A1DEF607FCE9923D87EA6F90426843A88D3B5CF34E7C9249 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.226995311978256 |
Encrypted: | false |
SSDEEP: | 6:hWtQL+q2P92nKuAl9OmbnIFUt8WISG1Zmw+WISQLVkwO92nKuAl9OmbjLJ:hiv4HAahFUt8WS1/+WE5LHAaSJ |
MD5: | 1EA820526A41BE0389D5315C04F7F33B |
SHA1: | A4C27A4B66FF069D9BBEC25D19DC7799DB43B6A4 |
SHA-256: | AEB5CEF25A2009C39E8384A78738197F3B41C817F097BCC9FD8780278861E282 |
SHA-512: | C52E625608538373E99ABD7C4E93EB7A595173686268328FD2CB80B67104E5FBB30AA825B2098FB2A1DEF607FCE9923D87EA6F90426843A88D3B5CF34E7C9249 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.195137531876985 |
Encrypted: | false |
SSDEEP: | 6:ry+q2P92nKuAl9Ombzo2jMGIFUt8+LXZmw+xtVkwO92nKuAl9Ombzo2jMmLJ:3v4HAa8uFUt8+b/+B5LHAa8RJ |
MD5: | 9A16942472EB0A9200FB2D838C72AD4C |
SHA1: | B02B73C58DFC330B96BD766E3D117C93263E7E0C |
SHA-256: | AD1D2F1BBAA31B0B57C9648A84419CE35977120381C80E16EBCA973D245F8378 |
SHA-512: | 2B4AECA335C8B854EDB2226C269EB319ACA144FEEE9A85BFF2D8E9222E5D29AC1507FA551CC36F964D53A65A8A6AD6732681282FC97E7AC5FE3D42BDD24E94E1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.195137531876985 |
Encrypted: | false |
SSDEEP: | 6:ry+q2P92nKuAl9Ombzo2jMGIFUt8+LXZmw+xtVkwO92nKuAl9Ombzo2jMmLJ:3v4HAa8uFUt8+b/+B5LHAa8RJ |
MD5: | 9A16942472EB0A9200FB2D838C72AD4C |
SHA1: | B02B73C58DFC330B96BD766E3D117C93263E7E0C |
SHA-256: | AD1D2F1BBAA31B0B57C9648A84419CE35977120381C80E16EBCA973D245F8378 |
SHA-512: | 2B4AECA335C8B854EDB2226C269EB319ACA144FEEE9A85BFF2D8E9222E5D29AC1507FA551CC36F964D53A65A8A6AD6732681282FC97E7AC5FE3D42BDD24E94E1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\084be99d-81e5-4395-837b-bb5a11b8e1e4.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.060916805092798 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZoVksBdOg2HUXAcaq3QYiubxnP7E4T3OF+:Y2sRdsJdMHUXr3QYhbxP7nbI+ |
MD5: | 5E925D8A39CF5E003AC239D8D449F409 |
SHA1: | 67D84A89C6630D69C582D064462D763378D6E56B |
SHA-256: | 4F18491BE91A07E1A201A9DE071F283E796CADF7372F631F904AB85893B809D1 |
SHA-512: | 66D1058FE17EE20D30300538451F1A57B04CB2B4879C33281D42C14E9F88A9BBC360CD294FCBF37AC9AA61A7E8858A696790CDFA65AF7814582C206A571E6B54 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.060916805092798 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZoVksBdOg2HUXAcaq3QYiubxnP7E4T3OF+:Y2sRdsJdMHUXr3QYhbxP7nbI+ |
MD5: | 5E925D8A39CF5E003AC239D8D449F409 |
SHA1: | 67D84A89C6630D69C582D064462D763378D6E56B |
SHA-256: | 4F18491BE91A07E1A201A9DE071F283E796CADF7372F631F904AB85893B809D1 |
SHA-512: | 66D1058FE17EE20D30300538451F1A57B04CB2B4879C33281D42C14E9F88A9BBC360CD294FCBF37AC9AA61A7E8858A696790CDFA65AF7814582C206A571E6B54 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.238940203774214 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUeXCm7IrVmVIIXs:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLq |
MD5: | 9D47D5319158813C78A4F877DD31E468 |
SHA1: | 303CAECD2533A41DBB107AF0A7BCD753961E1C5A |
SHA-256: | 314BC9D52EA0BD4A1B6AFE481C994E6D7DC443F5A29452204262D257B21DD23A |
SHA-512: | 30AC1404AA79100E65BF3063C15B93899965A41961A35BD2451AC093F00D445161B2CAE442228EE11F06DF16E86323B66752CD7879CBCBF1AF878FA290E62DB3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.194322560907786 |
Encrypted: | false |
SSDEEP: | 6:/+q2P92nKuAl9OmbzNMxIFUt8BbZmw+1IVkwO92nKuAl9OmbzNMFLJ:Gv4HAa8jFUt8Bb/+1g5LHAa84J |
MD5: | 7E1936BCA07FC2F7A43EE308E305ED9D |
SHA1: | BFF16672D22342AB331F46A19227163B7990E739 |
SHA-256: | 2B2CD3E52AAE2FA4871840AB05328A02ACBCCFE6E13D4AF93E7E0089E0A29B89 |
SHA-512: | 91D7F0B798189669DF2D73227E5E1F44CAF003654E911AF9C69402C10BB2F7FFF306B2339E71E05CD2EBCF92F5DA1558F2E133B012743C09370D52F0DED3B3DF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.194322560907786 |
Encrypted: | false |
SSDEEP: | 6:/+q2P92nKuAl9OmbzNMxIFUt8BbZmw+1IVkwO92nKuAl9OmbzNMFLJ:Gv4HAa8jFUt8Bb/+1g5LHAa84J |
MD5: | 7E1936BCA07FC2F7A43EE308E305ED9D |
SHA1: | BFF16672D22342AB331F46A19227163B7990E739 |
SHA-256: | 2B2CD3E52AAE2FA4871840AB05328A02ACBCCFE6E13D4AF93E7E0089E0A29B89 |
SHA-512: | 91D7F0B798189669DF2D73227E5E1F44CAF003654E911AF9C69402C10BB2F7FFF306B2339E71E05CD2EBCF92F5DA1558F2E133B012743C09370D52F0DED3B3DF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424134012Z-157.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 75494 |
Entropy (8bit): | 1.2893035433313043 |
Encrypted: | false |
SSDEEP: | 96:1Gs64t0BkjnY7jMM4uMvby2iMMnMiMMBMM4MMfxEMRMnJ238gw/MR3MgMNLw8KVL:1RvuMohUDCY+YPB |
MD5: | 7E032A1DBF7F381F8DB8788AA8E11B91 |
SHA1: | C543B36DE654AD41CAA560CADC7E28D283487483 |
SHA-256: | 798A48E877548C62FEF49413EE9A6A62C96A646BEB8966C4955E73B245E30F72 |
SHA-512: | 966226EB9BE4080D4975A490D69FC72F9B8451B1ED1804F6E2F6C82658C8CD53631D94F4F9B95EDCDB1C9C03C5B26624312DE283073FBCBBFC61B85BEBF624D9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 228346 |
Entropy (8bit): | 3.3890581331110528 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:DPCaJ/3AYvYwgXFoL+sn |
MD5: | BAE090D23B1C0D4F6DC247F0080D349E |
SHA1: | 8A7AAD52A54F9A3CCEF3CE323F6BBD5B2B530461 |
SHA-256: | D7D3096317CF32DBEDF75D85390FE89A96170D44C09B2F6D164036064F506AE3 |
SHA-512: | 208136EBA10544EA5EADA1C32EADFD8066047A9D851FF95BADF9938D40AFA1771003C2725DB8C78991E700C73FA2FC3C9F3CC3712B3332E4CF6F8DDE0E539130 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.310879287265236 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJM3g98kUwPeUkwRe9:YvXKXNSYpW7PXq55GMbLUkee9 |
MD5: | BEAB647D3B1E1CEED7D9C2CD0008CE17 |
SHA1: | 0D4A2DA9E50B565506F8A04BF4765586B7A8E629 |
SHA-256: | C36B4672A54732BB0DED78C1C491E0155693D4272208DB85218B0519AB88B0C0 |
SHA-512: | 0D277976DA7C1B2A98E1D5C570833D1FB60B9AB47C22D5D0011992DD4D4FE43ABDE70CF3A649A8C505ECFF198DA00CA50E19557DEF5527B7BB0DFC1EA2DC4EA5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.248535956536991 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfBoTfXpnrPeUkwRe9:YvXKXNSYpW7PXq55GWTfXcUkee9 |
MD5: | A682A49E132309E4A1DABBCF8F1B383C |
SHA1: | 527001EFC7612636C66BB1022220198A1648596D |
SHA-256: | 5BC2FF77D4F389E7E98D451F77CB5D88EE0929F0270FCB01EB4BE352CD1D0A4D |
SHA-512: | BF0C01AE6EBE5744E8C51B77458D0D12C62F8B190D947DFE3676C3EDF38BDC7EFFE2E1AF89A5485BD312288AAF066165DAB79881D00198D8B60773CEB4ED83AB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.227084273062996 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfBD2G6UpnrPeUkwRe9:YvXKXNSYpW7PXq55GR22cUkee9 |
MD5: | E071B0A3FF169ABD83BB95BDCE0421E6 |
SHA1: | 53A675FBD6C2F2C35C56815B7EE80F7DC53F2191 |
SHA-256: | 05515B5B0E904F3A60247CECB9A44A1C8DBF4D3FDBEB4D50A6BC3F4C311B482B |
SHA-512: | 4EC525C431A482263B1FD2FC8FDB9843B9B9B2B6A41DF072B30214366E01CEA8E3BBB636CC4428848BED5263DCF0D38967CE7389C0261CBBE6E150922E9E332D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.287930617584015 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfPmwrPeUkwRe9:YvXKXNSYpW7PXq55GH56Ukee9 |
MD5: | AC7339C41AF76F34923E55061AF8550E |
SHA1: | F1683DE7577844F5CCE0A7BB3FEFC8959B64BA80 |
SHA-256: | 4F66DE05DA5E6B87052604E477E47CFCDF1A7550CA868616E7075466AD96C637 |
SHA-512: | 579978391E52EEB5EEEB97E997669F27DFEE711BF92D758E5CAC1805D24F73141F1FC7EDF823576BBD3D98344387C86478D846926509C77C8374850EC45D6B98 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.242881804325009 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfJWCtMdPeUkwRe9:YvXKXNSYpW7PXq55GBS8Ukee9 |
MD5: | 919228112E740D7BCDF39BEE37182A53 |
SHA1: | 919D149B9C2022F25B5EC4C41473B1688099506A |
SHA-256: | 98DA7A1414420CDC20F46113159A73B8D35B89053DDE69C535837A36BDD737E7 |
SHA-512: | DB71A9DAE1092505D83B59ACCBBD3870E065A5994CCC5A16B6428C4AC55FB5BC1764F937B0FB5D588C5B989A473DB6B87BC8AA86DF9BF77093F6BCD725C3514C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.228395177261431 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJf8dPeUkwRe9:YvXKXNSYpW7PXq55GU8Ukee9 |
MD5: | CF3EF9CB9F3B393355F8C1B0F2CA6D8C |
SHA1: | 1EC451170EDB60C1CDC348F7C365F21E808022CD |
SHA-256: | FEF92E169F14CC0A9E551BB4F56F16092A23BE57330F712394915D6D89F8CEB3 |
SHA-512: | 8CB5C982D3A7A8CA7FCBBC4D869540DB30CCED4EF7DFE2547351E87ACDF36F25BB3D0BD6E9AB975E9D3AF62DA5F1302DC967168B3833EE1DD10C74462971B3FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2309298277385246 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfQ1rPeUkwRe9:YvXKXNSYpW7PXq55GY16Ukee9 |
MD5: | D7ABBBA43D5BE0D2C8F92ED1245132F1 |
SHA1: | D1678297B87C30E6EF8B52F0781932CA834E2209 |
SHA-256: | 2026099287D6CE7229B0230532B43A061AEBB77F0BD8D25E180ECCFD042A648A |
SHA-512: | 7ACE55BC218A900576713BC5A155635B5F2B78265FB51FDE47CA7942C938F3A0D457807030CD616D11D73E5D02FAE6C88192AE173A7DD4ABDBF8FDD2DD13F1EF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.246735106750028 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfFldPeUkwRe9:YvXKXNSYpW7PXq55Gz8Ukee9 |
MD5: | 7A4DE753BCF912D0DF0374136C259C9F |
SHA1: | B1C1C30B8B4F50B6901E5325A4732B0B221D3063 |
SHA-256: | 99C689A5E077D94D6E10D446C656DAD55562EDAA0A0609FCD2D52390B422560C |
SHA-512: | 82401FE6887185CB8E266DFF7BAE514C8FEAD7904FDD3B856A13756828E6E39FEB57767018EC5B6FE243D888D73685FBAEA40F6520CFA4EDD78B81F8C34EF688 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.72943648424955 |
Encrypted: | false |
SSDEEP: | 24:Yv6XN3ii5lKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNeJq:YviSivEgigrNt0wSJn+ns8cvFJYJq |
MD5: | 9FC0B0578A68B793C12B85E0DC390D7F |
SHA1: | 9532FF14EC6DF86A2F774EF4681AA24CEB5CBAEA |
SHA-256: | 9C2A31F5E6858CFA42475BC28D019B38D862EDE4DE2C8E979039EFCDC0C9AD71 |
SHA-512: | 35887728021D30D4350894A4584B913C32A078CCDA588409E86DCBF09DC5C590EA02416031F2ACB25398F61061F328A34A5F78017D841520A274BB5A1AE591AC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2363673505593145 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfYdPeUkwRe9:YvXKXNSYpW7PXq55Gg8Ukee9 |
MD5: | D0D51B64F0EC4AC42607A51C818DE9D5 |
SHA1: | 37E81985CA51C9FC28DE31E200B6D1CA64D63E61 |
SHA-256: | B7CD29BA6F23CBBE9F239E6122D848F83E5647DBD450CAD8240FF082680FB532 |
SHA-512: | AFB9CF8B852FEFAED6C2121432545DE56CC9AFDB3BF34C925E172089815586B17CA36D8D58BD360E8F0B5946453635C5006D097FC425EA499C42761C261B013E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.764070453926904 |
Encrypted: | false |
SSDEEP: | 24:Yv6XN3ii5YrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNGJq:YviSiyHgDv3W2aYQfgB5OUupHrQ9FJUM |
MD5: | 152CA81EE236A8A5BF0163AE33E3A17B |
SHA1: | 72D7F5E6EE930A3DF1B7127BDBADEB2F21D706B4 |
SHA-256: | 4FB07F880559FBC15521BFECDDE033F083881A91E826E90733F364EDBBD3047E |
SHA-512: | 87D3C5E7CA36A3B527A05E75477718E6DB8CE72E78B6C4BE06F143E6BF29721D31C123735DBB0D12C16D1A06F29398820C9ACCFFD72EF1F03BE8D35EAC252F39 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.220351786030021 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfbPtdPeUkwRe9:YvXKXNSYpW7PXq55GDV8Ukee9 |
MD5: | 603FE05D6BC102D531DF6DF29F3C94F8 |
SHA1: | 7A5BC9DA8629B337258BEE3EA43810FB07F97524 |
SHA-256: | FF253342D378C077A69BA3C362A7553F5D4DE7411AC4C8769E162ECA8027CB7E |
SHA-512: | 9BEF07C2D06B7CA20386EA6A614BE317BDF0632111684EEE1E80C70E1A6311D9D438634DF20363EA165FFEFEF2336E347FCC88470451902F1610F1E3A5CC658A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.2219842025067145 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJf21rPeUkwRe9:YvXKXNSYpW7PXq55G+16Ukee9 |
MD5: | 0AFD78AD44618AAF5563A6220BDC9D83 |
SHA1: | 4E0C5D1495BEFF0E8E51F9C7F6D6DCE139B32485 |
SHA-256: | C99B3AD2161A5FDFEF4E518645168CB9E62908911D607037EEE433E6A3D28558 |
SHA-512: | DAA5F4FDD1B26363704EB2741957999F41E9D750BF33AFAA19DB2D52C3C3A766F94F5EFEC2EC5C10FE34D33B8142EFFA9890E1311F5B5E665C980A8428B1B7BE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.243202479317462 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfbpatdPeUkwRe9:YvXKXNSYpW7PXq55GVat8Ukee9 |
MD5: | 433EE2173EC5C4A3082A940B203385FF |
SHA1: | 0A17BB1238118E1AFBA6897E44BB3FE5E3F2186E |
SHA-256: | 842E907DC5C1B3DF16EB3109629398E23E36846AB15189A8A9ADA9F5B92BBC70 |
SHA-512: | 68F51F5628637C1027413C9603CD7E9C9065E0B79724788732123619446DA4382C93A0AFE1B9E5E64D2CD3287CFFABB4502D050972B0CA17BE2E2C28842E0371 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.1933354445452435 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfshHHrPeUkwRe9:YvXKXNSYpW7PXq55GUUUkee9 |
MD5: | 41D78A765773CD9BB8013BCDE5B79726 |
SHA1: | 6E8E072B97E722BEBE8A67C7B788BF4C84F91889 |
SHA-256: | E46C4632E3D8421B1F84DFA4BF4893444CD35B5B7EC51BBFEEB6BBF1BC3EFB40 |
SHA-512: | 2DA71297C31129C7AA0D40D9D1CA002D1B7A5814107DAD341612F29CB21ECF3720B410CB362E04D0824C3695A75B9C5A5F77A178642EFBD26C22FC4DF8209E06 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.345573550165266 |
Encrypted: | false |
SSDEEP: | 12:YvXKXNSYpW7PXq55GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWKrFfS:Yv6XN3ii5V168CgEXX5kcIfANhBJq |
MD5: | 937B4F211E6E7C82CDCA58856375A085 |
SHA1: | 958870E226B5D1B6DA0903D97D2C47CBBFB29C7B |
SHA-256: | 42751FFF17EF8341278AEE0896EC9AC10C079B1C2A85822BC4C71C0A4C6DE111 |
SHA-512: | F90EEAB227E76DBF83CA526FAB681C0ABC803C54E8A75949F87720D17E6B73EBE68EE93E5AC5D631E48EBA12E1FBE231540A33E4B5F1C770DF7D7CFE11F5568B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.140119878001567 |
Encrypted: | false |
SSDEEP: | 48:YewfuKHdcOS9avg0C6gs4iofyiKO7wvw6/rgJ9rPcG6Wff9OoBOT:3Y19vkgg0C6gs4iofyiKO7w46/rg3rUD |
MD5: | 1D1D8FC45793E331F3363E2BCAC61515 |
SHA1: | 801EDF8D4B1D10936C751AD5AD8E2906FAACB0C7 |
SHA-256: | 9843C3CDF546A1D7A22FA5F21C38BFF2A6631378A49BDDD937123183046DF42D |
SHA-512: | 22B97CAB5846998D2D5077123F015D2F2A1267D4E9280ED1A8BBB4395FD8536C7F2FC3ED4935DB7AF002920D12ACF20AF797E50CED389DE87B29B18A8210E370 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9848297705722995 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spc0j4zJwtNBwtNbRZ6bRZ4z0jF:TVl2GL7ms6ggOVpcpzutYtp6PaG |
MD5: | 3C1D2B0FD1473C686AC84B3DD82B22ED |
SHA1: | 34FF6F6720DFA4F424FCB7F75683F484C4ACF270 |
SHA-256: | 16FFEB5CFEDC96B04130B13BFAEFF5F0F06B437D6D889741040ACE508212323E |
SHA-512: | 1EA8EE85AF07BA3B3DC22B86FE5FC9C129AA6F300725D2291B7616D6E31510B36EFF9476032706D16BD187D99020CC3E58ACEA39B0C72CEC410CB0DADC1C16DD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.337113438267653 |
Encrypted: | false |
SSDEEP: | 24:7+t3AD1RZKHs/Ds/Spc0jPzJwtNBwtNbRZ6bRZWf1RZKNqLBx/XYKQvGJF7ursEn:7M3GgOVpcyzutYtp6PM0qll2GL7msEn |
MD5: | 4D475FEC8C1752249EDA7DD43737B02D |
SHA1: | 7092395533B2398A978E408B725C52652569F15E |
SHA-256: | 372008CAD11D95A9B0A5025E6E3E91F2667772D88E65EB46361B9D910DD3EDE7 |
SHA-512: | D1E9C5D8D63B7A93B7CED2E2ACE48E675A62BAB2E1C15CBD6343765E7EB60147B5FFAA17EB7BC57DDCFBBD9DC9BAA74E676ADB2C7A118A716CA0A078CC22379C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5065515051498046 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+a8j:Qw946cPbiOxDlbYnuRKH8 |
MD5: | 39F454B81C579D3B97115A02AC2FF8AE |
SHA1: | 0B3AC33534B8AAAC233E66D724D3ACA0C42FDF9E |
SHA-256: | C1C19C2A8B0B4BCA5C154B62785C34AC7B130984A788750C19EAE4A44F06FF89 |
SHA-512: | 771257AA444E213559146EA27D3A8C5B29190A14BB88BA49C09110F589203CCD2B211E53A90CA24DF94ADD6097B6F8CD35A41D967A3CF272A5493BA1EF8D0503 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 15-40-10-752.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.367343356532586 |
Encrypted: | false |
SSDEEP: | 384:dUwVgaurCNrtNG7OA38a8niad6ctNJcwHThXjR5tGt59WIq8wKfueCbCLKIiTjEm:3x4+/ |
MD5: | BDCD4CD120ACDC43B0C8A459B0E5F2C9 |
SHA1: | 99748B4FA344F7C3A45C0E23176B11A10725391C |
SHA-256: | 02E8F94819885000FDC88891C6F68248A9F0571B7D5708A9A62029B534C3455D |
SHA-512: | 130DD201874BF758324A11C1E4603B7A8A8021D172FC900E6B96FA55E326E1CE6DD7ACE53A92CD7D0F3268B9095EA76C17BDF0A2D9F793464FD935C91E9CA089 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.3837413751797785 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbh:l |
MD5: | DD306F19AA0E68EA4B110C73C1BB5665 |
SHA1: | EE458E2DD52E93EE7773A6D5DA0C6106A3DFE825 |
SHA-256: | 47BF303FF30A5ED8929821AE9D67626F2563664F31E6B6D95CE701F62F270D6E |
SHA-512: | 6E7225F15D29A2E0E5DDA8ED53A8118647DCEBC097246CF4EB15A1DF6F2E4BF5391B2CAE1E9807598D06AC7CFBFD1B5FE021CC1E5311E1E3F4AB87F8E68CA0D3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121D1ybxrr/IxkB1mabFhOXZ/fEa+bSWBlkipdjuGTJJJJv+9U0:O3Pjegf121DMNB1Dofj0S8lkipdj/JJg |
MD5: | 410BB1A54ECCE470696636D4C2000E33 |
SHA1: | 53A6AC06832DAA17D7C006C0A9B8B30597701926 |
SHA-256: | 8B6D42D70862D6623F66B09F6819A35E1AF4ACC409461E140DA020F386877F92 |
SHA-512: | 1A46EDB52F5785C7B9D1FF702CC62764BFDD3EDA5848740B00751E7F4C3AE7C691E88A26B1AE7F5213242887846BEC92C02C744B43046E7414F4D6B85E0E5913 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.842134747965441 |
TrID: |
|
File name: | Unbenannte Anlage 00015.pdf |
File size: | 94'059 bytes |
MD5: | 91184d58a2f2a336ac755a52be7a32d6 |
SHA1: | 06efc92b74bd749bfbdd02bfdf15e0dbd45fc6b9 |
SHA256: | d206fbe1ec3cf0fd39b9c5e5b93818b2a275badff047f32618612f98a1b08f07 |
SHA512: | 0d7cb60ee919fb621bd751fac3bb447b819411f247bbb37b99340bf4f5cc7a461f0e734778a21c351954d3551ec14e4974ad8f188a8a422eb436a489b14a77a2 |
SSDEEP: | 1536:q696P9/x991s5l0zQCzNa8WpVIWGTBF5rKR7R+gZFeQPe/oNGpPR0lHL1E79d5f3:OPZfs5KMpVGTpKR7NZdm/oNGRRAHZg93 |
TLSH: | D293CF54814938CDD2A153C22B5B3D2D331DB271B1C946903EACC79707A2ABBD92FE4B |
File Content Preview: | %PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(de-DE) /StructTreeRoot 19 0 R/MarkInfo<</Marked true>>/Metadata 165 0 R/ViewerPreferences 166 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 4 0 R] >>..endobj..3 0 obj..<</Title(Titel) /Autho |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.842135 |
Total Bytes: | 94059 |
Stream Entropy: | 7.948248 |
Stream Bytes: | 84328 |
Entropy outside Streams: | 4.623500 |
Bytes outside Streams: | 9731 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 30 |
endobj | 30 |
stream | 8 |
endstream | 8 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 15:40:21.823941946 CEST | 49714 | 443 | 192.168.2.5 | 23.3.84.164 |
Apr 24, 2024 15:40:21.823986053 CEST | 443 | 49714 | 23.3.84.164 | 192.168.2.5 |
Apr 24, 2024 15:40:21.824067116 CEST | 49714 | 443 | 192.168.2.5 | 23.3.84.164 |
Apr 24, 2024 15:40:21.824238062 CEST | 49714 | 443 | 192.168.2.5 | 23.3.84.164 |
Apr 24, 2024 15:40:21.824250937 CEST | 443 | 49714 | 23.3.84.164 | 192.168.2.5 |
Apr 24, 2024 15:40:22.317254066 CEST | 443 | 49714 | 23.3.84.164 | 192.168.2.5 |
Apr 24, 2024 15:40:22.317811012 CEST | 49714 | 443 | 192.168.2.5 | 23.3.84.164 |
Apr 24, 2024 15:40:22.317830086 CEST | 443 | 49714 | 23.3.84.164 | 192.168.2.5 |
Apr 24, 2024 15:40:22.318852901 CEST | 443 | 49714 | 23.3.84.164 | 192.168.2.5 |
Apr 24, 2024 15:40:22.318927050 CEST | 49714 | 443 | 192.168.2.5 | 23.3.84.164 |
Apr 24, 2024 15:40:22.320915937 CEST | 49714 | 443 | 192.168.2.5 | 23.3.84.164 |
Apr 24, 2024 15:40:22.320980072 CEST | 443 | 49714 | 23.3.84.164 | 192.168.2.5 |
Apr 24, 2024 15:40:22.321083069 CEST | 49714 | 443 | 192.168.2.5 | 23.3.84.164 |
Apr 24, 2024 15:40:22.321089983 CEST | 443 | 49714 | 23.3.84.164 | 192.168.2.5 |
Apr 24, 2024 15:40:22.375680923 CEST | 49714 | 443 | 192.168.2.5 | 23.3.84.164 |
Apr 24, 2024 15:40:22.492088079 CEST | 443 | 49714 | 23.3.84.164 | 192.168.2.5 |
Apr 24, 2024 15:40:22.492172003 CEST | 443 | 49714 | 23.3.84.164 | 192.168.2.5 |
Apr 24, 2024 15:40:22.492331982 CEST | 49714 | 443 | 192.168.2.5 | 23.3.84.164 |
Apr 24, 2024 15:40:22.492757082 CEST | 49714 | 443 | 192.168.2.5 | 23.3.84.164 |
Apr 24, 2024 15:40:22.492778063 CEST | 443 | 49714 | 23.3.84.164 | 192.168.2.5 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49714 | 23.3.84.164 | 443 | 5700 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 13:40:22 UTC | 475 | OUT | |
2024-04-24 13:40:22 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:40:07 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:40:08 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 15:40:08 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |