Windows
Analysis Report
PDF.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7016 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\P DF.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7096 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7204 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 16 --field -trial-han dle=1720,i ,651708497 7861050195 ,152239584 4446797496 4,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.1.100.158 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431117 |
Start date and time: | 2024-04-24 15:53:47 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 58s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | PDF.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@14/44@0/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.202.56.131, 52.202.204.11, 23.22.254.206, 54.227.187.23, 52.5.13.197, 23.1.236.16, 23.1.236.34, 162.159.61.3, 172.64.41.3
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: PDF.pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Djvu, Vidar | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.253462049898292 |
Encrypted: | false |
SSDEEP: | 6:D+RL0qq2Pwkn2nKuAl9OmbnIFUt84+RL0jZmw+4+RLSu5kwOwkn2nKuAl9OmbjLJ:D+tvYfHAahFUt84+I/+4+h55JfHAaSJ |
MD5: | EEC3C6108FB6E7C47EA4AEFF7F2CA8D0 |
SHA1: | B3E119E23149B6B70F2237C972976AD96A60EF85 |
SHA-256: | 26734B8D94D76C1B7640778D9807E03CD37AE7D06519E847315D424B369DA530 |
SHA-512: | DE27B02875507ACA472AD26A00DA2B38EDA4A977820DDF3C8F352112369DE9FA5B79B70FA001E7188E1B3E7921DD1370D2F2A8884BB7B6139D0605A9403763D0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.253462049898292 |
Encrypted: | false |
SSDEEP: | 6:D+RL0qq2Pwkn2nKuAl9OmbnIFUt84+RL0jZmw+4+RLSu5kwOwkn2nKuAl9OmbjLJ:D+tvYfHAahFUt84+I/+4+h55JfHAaSJ |
MD5: | EEC3C6108FB6E7C47EA4AEFF7F2CA8D0 |
SHA1: | B3E119E23149B6B70F2237C972976AD96A60EF85 |
SHA-256: | 26734B8D94D76C1B7640778D9807E03CD37AE7D06519E847315D424B369DA530 |
SHA-512: | DE27B02875507ACA472AD26A00DA2B38EDA4A977820DDF3C8F352112369DE9FA5B79B70FA001E7188E1B3E7921DD1370D2F2A8884BB7B6139D0605A9403763D0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.171368206002661 |
Encrypted: | false |
SSDEEP: | 6:D+RLm34q2Pwkn2nKuAl9Ombzo2jMGIFUt84+RLUUS3JZmw+4+RLiUEDkwOwkn2ng:D+EIvYfHAa8uFUt84+KUm/+4+Va5JfHA |
MD5: | E0970948D0466CD2A51646F54B67C731 |
SHA1: | 4CB961AAB7996A3AB6C267EF3F4519623FA426D1 |
SHA-256: | 17324E0B8BFA7A43908E23A2B56BCFEF5CC5AD035D069F2C9ECC258622608034 |
SHA-512: | 93E4156E858DAE4DAFE37BAED82265505228E2A5AB4A432F23962BDA2F08DE13BC67072838A162A243DD3D1033C75A737C53A9A09AA6B35E85F38013A2C9EAFC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.171368206002661 |
Encrypted: | false |
SSDEEP: | 6:D+RLm34q2Pwkn2nKuAl9Ombzo2jMGIFUt84+RLUUS3JZmw+4+RLiUEDkwOwkn2ng:D+EIvYfHAa8uFUt84+KUm/+4+Va5JfHA |
MD5: | E0970948D0466CD2A51646F54B67C731 |
SHA1: | 4CB961AAB7996A3AB6C267EF3F4519623FA426D1 |
SHA-256: | 17324E0B8BFA7A43908E23A2B56BCFEF5CC5AD035D069F2C9ECC258622608034 |
SHA-512: | 93E4156E858DAE4DAFE37BAED82265505228E2A5AB4A432F23962BDA2F08DE13BC67072838A162A243DD3D1033C75A737C53A9A09AA6B35E85F38013A2C9EAFC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6584ba49-a54d-4b03-a665-23c2e0eca653.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.960572042101188 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZKksBdOg2HOxcaq3QYiubInP7E4T3y:Y2sRds7dMHN3QYhbG7nby |
MD5: | 82279DB65BB90D5A520DDF2512F5F682 |
SHA1: | 1502006AA3568B67D47071DD7F83B9A5B3E71F13 |
SHA-256: | D2B900CA8687D812AF96AE25AFFD592302E5EA7557998768B3E4EA85EF5024AF |
SHA-512: | DD722592930ECBB38E2FE2C5C8C41E73572B4276D142108FB21049B61B1E36E5D51BE0F89526370DBD70519ACF562017196D018BAA3B853DB8E3CC259803E5EC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.960572042101188 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZKksBdOg2HOxcaq3QYiubInP7E4T3y:Y2sRds7dMHN3QYhbG7nby |
MD5: | 82279DB65BB90D5A520DDF2512F5F682 |
SHA1: | 1502006AA3568B67D47071DD7F83B9A5B3E71F13 |
SHA-256: | D2B900CA8687D812AF96AE25AFFD592302E5EA7557998768B3E4EA85EF5024AF |
SHA-512: | DD722592930ECBB38E2FE2C5C8C41E73572B4276D142108FB21049B61B1E36E5D51BE0F89526370DBD70519ACF562017196D018BAA3B853DB8E3CC259803E5EC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.2581678724755605 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7vfZQ0CZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go2 |
MD5: | E488282A3186920237D5139EE78B384E |
SHA1: | D7ADBAB2A78F55AA1E11BDF1F428045531AE9280 |
SHA-256: | E48967FFCC002D8F797E40D4455BDD320F3AFA2BC232EEBB15B9C4947261A0D6 |
SHA-512: | 9A701E5B10EA8764445A4918536769CDCEBD4CD55AC2D3633D4EB34F19287DF32E23DBF2402E0EAD48DB406922D7F0F455BBADE4DB11862A2FE1635630CD9337 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.164028325214326 |
Encrypted: | false |
SSDEEP: | 6:D+DV4q2Pwkn2nKuAl9OmbzNMxIFUt84+I5LJZmw+4+uVDkwOwkn2nKuAl9OmbzNq:D+ivYfHAa8jFUt84+IP/+4+O5JfHAa8E |
MD5: | A92A1424BBC21B92F4890A8516D0A42E |
SHA1: | A0C595D6AA723AA853C2D33F24381CF556FE03D7 |
SHA-256: | 54A72A8F502E21B87F054B1C93C4CAFA38403B210B11CD9F1C1460C1DA0554F2 |
SHA-512: | 53FF102291BC9AE3B7A12431ABE2AAFE5B412665F8A8A8E4074B2117106E6026348995138FC98740BF2F78A5E5A086386DB5D4DA5F276A26E4912430CF443859 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.164028325214326 |
Encrypted: | false |
SSDEEP: | 6:D+DV4q2Pwkn2nKuAl9OmbzNMxIFUt84+I5LJZmw+4+uVDkwOwkn2nKuAl9OmbzNq:D+ivYfHAa8jFUt84+IP/+4+O5JfHAa8E |
MD5: | A92A1424BBC21B92F4890A8516D0A42E |
SHA1: | A0C595D6AA723AA853C2D33F24381CF556FE03D7 |
SHA-256: | 54A72A8F502E21B87F054B1C93C4CAFA38403B210B11CD9F1C1460C1DA0554F2 |
SHA-512: | 53FF102291BC9AE3B7A12431ABE2AAFE5B412665F8A8A8E4074B2117106E6026348995138FC98740BF2F78A5E5A086386DB5D4DA5F276A26E4912430CF443859 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424135439Z-160.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.526751136697956 |
Encrypted: | false |
SSDEEP: | 192:VL+yj0occJmrJ5rV/1+2J8dr3hXibaMcII8aSdL:VLxcrQJ7BIF |
MD5: | B1ED8FD32CE8C877FB50023E7D94D294 |
SHA1: | 64A03FDAC615FD33B76AB09D50D2A2F740BEC105 |
SHA-256: | 5215733D313078E70B62307D7FAE85F00ADCFE232E3ABD6D6E2420A7A3D1308C |
SHA-512: | E1FC42FD34B8F034462B86BAB7485FA1C6537244C4B0975BA0F8BDCA45FFE4DFC49349E4CD0AC4DA544CBD981B698B126CC236182E513AA86898B72D75535A38 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445565457369124 |
Encrypted: | false |
SSDEEP: | 384:yezci5t+iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rRs3OazzU89UTTgUL |
MD5: | 2A39CB9389DE17FEF60B5A5E1DD245CF |
SHA1: | 8DCBEBD78F62C355CA8A99E9EA505FE752723BFD |
SHA-256: | A45B0F1E3351300C2DCC62B8E8E94B5B806BE04EC1A1DD4A8C180DE18F1B8597 |
SHA-512: | 156C80967E53DC92054F91587915C280625E06EFEA4455E3638DB585412B436F3AD381C52371F3775CFD41326E1DB2EA82ABEBEFE062EF0C68675ADD94EADA36 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | modified |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7758170321719935 |
Encrypted: | false |
SSDEEP: | 48:7Mop/E2ioyVfioy9oWoy1Cwoy1rKOioy1noy1AYoy1Wioy1hioybioyfoy1noy1z:7LpjufFGXKQOib9IVXEBodRBkQ |
MD5: | 025353C937B9CDD69340CB282E65B25C |
SHA1: | 47B64732A9E8E4B3813C8563C3B2B831A2F955CF |
SHA-256: | E8844EB191181CE047A7DAC32991A5F022022FC2719108175186002F465CF0E6 |
SHA-512: | A169F2928BC700BB339A76D3038EAC8A32758881094F2B0A9DCAC282778AFE042B4D65728B904CBFCD53349899C7793ECDB4115910A2436D11564D461838C412 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.354218846941187 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDGwQRTHNHVoZcg1vRcR0YFjqoAvJM3g98kUwPeUkwRe9:YvXKXDukZc0vAZGMbLUkee9 |
MD5: | B00AC12E6C39732D056882A670770538 |
SHA1: | 5B8CE6D357E2A13B51A8D5A4DE33E95BE30AEF7D |
SHA-256: | AFDCB26EE040D060936143145A5EC91D8FAE95F0BA4661C5C193BFE3144364E6 |
SHA-512: | 000A867702741FCEC62DDF38ACB2E0D91ECAD70B6842BB4AA4FAE14D20633828D1A3C8433163EEB0EFC6DE8AA4F6372B02B1AEBF7365041952509D5984B7058F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.304326348316404 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDGwQRTHNHVoZcg1vRcR0YFjqoAvJfBoTfXpnrPeUkwRe9:YvXKXDukZc0vAZGWTfXcUkee9 |
MD5: | 5546415EBEBEF0482479CEC813C1450C |
SHA1: | 6A1FD0D63453C33DC55986FBF941253C87BB7D4E |
SHA-256: | 13253628AEFE3B6DD43829E3AF10C3F01DD7CE56EAC4F1B17F5CE7E899916C81 |
SHA-512: | A7D239A4B580257CD18A9A153EC0C9CABD20EB8B80B3581FF9B6859B1ADD434B94F4C26236B9695D6602D8B9B00E8536B79788259E4154182D332D6027E9004C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.283032562543283 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDGwQRTHNHVoZcg1vRcR0YFjqoAvJfBD2G6UpnrPeUkwRe9:YvXKXDukZc0vAZGR22cUkee9 |
MD5: | 75D6C2CD8270E501351D2D7A3530A6BB |
SHA1: | F42D1C3640033C643C2B9DFFFFBF8D877005BB52 |
SHA-256: | 813733AF5666AB0BAB88968B6E42003E7E2473AA361998F157B796008E9E76C7 |
SHA-512: | DF0429FC4C8DC79046FF26D06806DEF7191A9A4031098F5B16740E9C9FEFCBF353FAB7C6663854AC44810B9914DB25D68457FD29C46BE0777787E52BCC277C9E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.340908492105609 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDGwQRTHNHVoZcg1vRcR0YFjqoAvJfPmwrPeUkwRe9:YvXKXDukZc0vAZGH56Ukee9 |
MD5: | B99BAE5DD8A319D1727FC89C29155DD2 |
SHA1: | 1ED8D884A95521B8F9F229F6BD77BC5C9EEC06A0 |
SHA-256: | 3E9AE2FC097FB56F26CA26296AD1309D3124DF7B35F42EF903B0904E9479ECBB |
SHA-512: | 23A356FF72255BFB3FB7286A71DC50E0EC7B9202528F449B29A2735877831AD228049F94A2934F8504C44FAC5CD4FCE4F72EA5DB1E1BB01B1F36A09A0C51AE17 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.300687050524701 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDGwQRTHNHVoZcg1vRcR0YFjqoAvJfJWCtMdPeUkwRe9:YvXKXDukZc0vAZGBS8Ukee9 |
MD5: | 0A496FD71ED079B5B001A818915081CB |
SHA1: | 58D746E7FB8913FC57D325986D543A74F47EF3FA |
SHA-256: | 3BFA9892C6B034E5A9E0E50B87B903E359DF84CB232381027FFA431767FA1DBC |
SHA-512: | 9DA2813B728D61BA8F804A28A33261CACDB9E9066B37D2B341DD7608FAF8432B4F0199E50FBA05C6F44E3334A444C9F38BC90C307B4F658AC59F07ED15D8CA52 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2876830203139935 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDGwQRTHNHVoZcg1vRcR0YFjqoAvJf8dPeUkwRe9:YvXKXDukZc0vAZGU8Ukee9 |
MD5: | 75ACAB1FB49ECA3FD8E3A78DC1DED638 |
SHA1: | 99A6DDE30F1AA5511CE6C25E772506269D182C66 |
SHA-256: | DF7ABF9F46B9DC2FC829AE9154A1519405F99E1927AC67F8CA2DD07B5C2FD84E |
SHA-512: | 0F0DF76FC05318C1EDD26E717EF16EF6292EB6B728CA5B010B131D655C5B0B7941060DB3411748F1D7E3BE3B1EFAF4A7705D20730C2A41AE664A54BC5F979817 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.292291799040925 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDGwQRTHNHVoZcg1vRcR0YFjqoAvJfQ1rPeUkwRe9:YvXKXDukZc0vAZGY16Ukee9 |
MD5: | 5282DF50F73846897DCFE94CC2464AC0 |
SHA1: | F48B34737DCAAC7701361430231B480459B53CDB |
SHA-256: | 75A842DAA40691F5009ADF9D62A04102D4DCB371A731F5E8FFF44138E0A7BA50 |
SHA-512: | 8F8840D35CA47186DDC8C933B3C3C35484525950A0511F67B44F2572F5F24A77EEDE9DA15A38DB49A73AAC26B75F92E2D332E0844381A290953F9DB487585C9B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.296486066585093 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDGwQRTHNHVoZcg1vRcR0YFjqoAvJfFldPeUkwRe9:YvXKXDukZc0vAZGz8Ukee9 |
MD5: | 96546AE68B6DEDB9C75619F8F74BD7B0 |
SHA1: | 528EB47A9A5872C9E3DF1F5CF645981E22DBBB54 |
SHA-256: | E8C706CE050E40A07D08A17F39DCEB628BD9FD4292B7E8B654F28B9F4DF1B743 |
SHA-512: | 1D34BEAF0C9E9AD692CD651FDB32AD4C34500BC58E4E6B5800E6C6DA50BA1B26402D05D5A4D0F300D604F0BFA1EE1E3EE9F325B3494CDF6656357BACCC04ACE3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.741491306771547 |
Encrypted: | false |
SSDEEP: | 24:Yv6XTzv4KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNeR1:YvYAEgigrNt0wSJn+ns8cvFJYR1 |
MD5: | 0D2CB09BDE26624C0028B9AACF175DF5 |
SHA1: | 5D6BEFEAB9847D9D7B723099382CF2E8A3782CD5 |
SHA-256: | C211B972004F304ADDBAB9B16E9872B6F3832BC18C02361939336E08CAFD602C |
SHA-512: | E31B585B76E613A4600D2768BC35463C8025F6A88FABCAA63E4EA6EFD025A068302F2945233BF01A2974741D60C38EB4E2A882796C1DDE5B5AEB9A0B3979CD2F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.293767481475774 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDGwQRTHNHVoZcg1vRcR0YFjqoAvJfYdPeUkwRe9:YvXKXDukZc0vAZGg8Ukee9 |
MD5: | 6D78616DB499454D24CAAFA0517DF25D |
SHA1: | 4B69C248FA9321B74F4F975197268EE1370AB81A |
SHA-256: | 5C6C25B1848D62604DADFECB3C02D49C9EFE9D615F56B2B1DB302E64F4EAB4DA |
SHA-512: | EAF5893184D1011ABEDC650E516CCA14C768787D77AA475D19759038CF7D18F79B45C9FDBCFF43F2787DD844A6A1CBD75E4E6B3475309573973DE480DD2EFB6D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.778654565405989 |
Encrypted: | false |
SSDEEP: | 24:Yv6XTzvXrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNGR1:YvYPHgDv3W2aYQfgB5OUupHrQ9FJUR1 |
MD5: | 080BA61F6A4ABB2F92B9A1FA2B72606E |
SHA1: | 4D51862D5DD48F13981BBC9DA1E894492E15C363 |
SHA-256: | 8598E0061ADE9F6C92813451F2FC5BBC88D5D035F510F6B450E118208BD96B07 |
SHA-512: | 5C591000A9A2768143C20B64C7C8F33C92E23D7412E151D41468E3211CC48B48830397DA2EDAD469CF37C10A4A8F552917D506F7557E971ABFFE42DF007DAEB7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.277357414328498 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDGwQRTHNHVoZcg1vRcR0YFjqoAvJfbPtdPeUkwRe9:YvXKXDukZc0vAZGDV8Ukee9 |
MD5: | E90F5EBE6C1E28F04115FA35750D120F |
SHA1: | 04CD06A50F527DA260EC5307DAEEBFD37D16ED10 |
SHA-256: | 7B7274C7AD0D5001058BB3CA2DBB9F282843054E9E205F1B9AA8805AC68191C7 |
SHA-512: | BD2D64E0BFC3E7456C3FC08786851F627A701A19FF08F8B444D8A0FF3BAEFCDCA0305C919C88BBC7C3271C026E4ABD8988DCB677FA4D3F3769039C6E86646291 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.282218465187958 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDGwQRTHNHVoZcg1vRcR0YFjqoAvJf21rPeUkwRe9:YvXKXDukZc0vAZG+16Ukee9 |
MD5: | 456568B205E1137AA3AC081605DEE445 |
SHA1: | CD5F263A4F88659389731EB3A68116129B862A64 |
SHA-256: | 3952029AF58ED433CE39C569C2577D3A8450E1C35A57EF6306287A4BB1B01BC8 |
SHA-512: | C2ED5247A4D282DADA35F89D509ADF0AC58D77C21A9EB4191D06222BD713B38AC57EDCAE13DB9DD9E932AFFC058B8A509A32BD40701EEE8EB58B88E8B2579086 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3003087921597 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDGwQRTHNHVoZcg1vRcR0YFjqoAvJfbpatdPeUkwRe9:YvXKXDukZc0vAZGVat8Ukee9 |
MD5: | 12466EAE0C82D12C068F5968C1E31B63 |
SHA1: | 1E43E819FD5B23BE3D6A31AC8ECE5B2562E9D181 |
SHA-256: | F630CB930A6AB36ED8E543777F17596AEB03222F0C6DD033E947DF82838B93CB |
SHA-512: | 1B23B86F9B3C812EB5088C25A3F1284ED6F37773902B6B8E0C4566AD92955BC1FD12F8EF88C361EF7AE7432D20A26C05ADE385D1D7B066A8F630E9CC5973AD55 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.2572451016159585 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDGwQRTHNHVoZcg1vRcR0YFjqoAvJfshHHrPeUkwRe9:YvXKXDukZc0vAZGUUUkee9 |
MD5: | 1A1886ED621CDEA0E4ABA9AF422F87ED |
SHA1: | 96CBD2934AFDEE94F80C9E51BDD8149CF9F26679 |
SHA-256: | 8A13DEC6133019DD3F86D05808BC7F6B191BBBF376A950FEEF167023F7C29992 |
SHA-512: | 12B5FB3B770EA20B389CCEB56AA83032AE3339637DC191B0177993EF2BD7482F528DFBF1B7B7E52614DA72979B09C96A5585164740AD878380E09B4FEC64A1B4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.368682683911196 |
Encrypted: | false |
SSDEEP: | 12:YvXKXDukZc0vAZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWKR1:Yv6XTzv2168CgEXX5kcIfANhBR1 |
MD5: | 1338A8E3C8CF0D6E5BFA7E7DE5261A58 |
SHA1: | 100DCC495D580C6509F897304FF5A2411CF6F8A1 |
SHA-256: | A5F151B860C6E11C4EFB59D4FF4A604C232C7EEE890CB6C5B45BF0C34CC9F4AD |
SHA-512: | 966B7A15B75274BDF658DB21E2A498F55F1F19ED4BE0AEC818A81959F5B5A195FB502851A4277C401AADB2410276BC9D3103234E986015D961C46F28AC114687 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.140235653251507 |
Encrypted: | false |
SSDEEP: | 48:YiFRGRXeyORaRD3gRJeRlsR/aRKRC4Rpm+6RKWFcRoycRv4WRuW9OR6RnBF:RFRGRIRaRD3gR8RaRiRKRNRpm+6R/cRC |
MD5: | DA48990B92B120D93B3C1517046931C4 |
SHA1: | 4DABC763342EC695BA0FB0689DE507989A77981D |
SHA-256: | 1F3429A4AD112438B452B54989F693EFB2FD943512050A22F045B156CA82C47D |
SHA-512: | A9CBF748E61924986500DE5BEE9C901C6D89F35F984BF74DE9727658C785FE8929D796033EA5C9627760CDEDF46A5BD0678EEE4C84C6191D0DD1CFA1C17D3595 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1867303410795567 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUXzSvR9H9vxFGiDIAEkGVvpTr:lNVmswUUUUUUUUj+FGSIt7 |
MD5: | 26926CEE7CE303781336BD9B86CFA359 |
SHA1: | 2ADB1D856498A4156E339B929651885238AA57CF |
SHA-256: | 4FF22E7B575B635848F041AAF09387BC486A8B5F1F99B5F162B0FF811746E927 |
SHA-512: | D0CBF7C67AC9FE881F8F6C7F4AF2BCECB8A8841FEC263A15EF6BD5C907D8F2A1B5457737EDAA6374E0C072D6C54873CFD862A36C6FF53A4A61F59A02F5D26C4C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6068806804027993 |
Encrypted: | false |
SSDEEP: | 48:7M2KUUUUUUUUUUX3vR9H9vxFGiDIAEkGVveqFl2GL7msr:7+UUUUUUUUUU/FGSIt4KVmsr |
MD5: | 1CC27E188ABE437961ED495FAB98754B |
SHA1: | 4BB6C2F4586CDEBE6578674EC478A5F7959B8FAC |
SHA-256: | 11ACFA5488AA53609262CA8453CBD12591237F724565D5D699AA49FA9CC8525E |
SHA-512: | B0E098BFF5F38D127F275B7E6709D0F2A45306BB4CBA5C192A350A6E2D820923134FB345633EA29D4AB6F0D06F44D84E25DF31A8D3D5CCF79ABBEC16FD6B16BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.501595078528367 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+aV7mCH:Qw946cPbiOxDlbYnuRKH5vH |
MD5: | 45DF00AC2355D1045DD59F038A6DD7F6 |
SHA1: | 22DD79681BFDB2CDC6B6C6C7E233B7B721267DB0 |
SHA-256: | 92F7EAA39852374DD4147D29588AC0DF11F75EED839B00C14F6E17F6AF70BC4B |
SHA-512: | DC9BD375E9288A419B21C0462406EBFD240001562C4BAD5207C38FBD59945FDC46203104C826BFE663B28300E8541EC8A28DC994338CB3EE8EDA46249B115E1A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 4.99266790937656 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOVTJuXKCTJuXKnCSyAAO:IngVMre9T0HQIDmy9g06JXTmKCdmKnlX |
MD5: | 1CF3CC2751E7B2403B9BCA9D198E5342 |
SHA1: | 1193722198ADEAE89464BD0F09A40C5F99D5AA43 |
SHA-256: | A92A5335F90CE2FDAAD36D5AF8B2FC34D5DD18CE07CAFBB4E65761B276C67E4E |
SHA-512: | 887098C32633A7347F68166D77410B21CB6EE924728F533144AD8825EF6D4F1116A71064CF5974DE5D4058FC1D41C45F48B7BE58FD3ADFCC1CFBF3C7631A7EB8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 15-54-36-990.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.375247552570406 |
Encrypted: | false |
SSDEEP: | 384:RyYACABA6AMAvA8A3AwbAmNyNDN4NfNl60HZHF8v878iJ2JFJUJTe9M909y9+wJ7:gdd |
MD5: | 83BD380D77BACB88AB1C44B8917610F9 |
SHA1: | 403D30E2A750E524C7647271D9B955356176A00F |
SHA-256: | C7BE8D1F5E8EFDA4361CFE4D06CAD3E1CE24AC526083CF71807DF14E982C51D7 |
SHA-512: | 8E4709F719C7C30AC9F6054591B015ECBD714CE50DC14E1812162E592CB77B3B75D41725F79E03C70C974B5916366FB183DDA31538B2E1835F9F284E2B505C88 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.389016266368936 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rO:K |
MD5: | ADE65BD4EDBD8F0D140B4115BD73EBAD |
SHA1: | 7973188EB72488104E04B71045B4F235E3C53246 |
SHA-256: | 7652954CE241B1A8B98B0E516653E7FC1031DFEB665AA27602B5BFFD05DB5133 |
SHA-512: | 71DF61B89C07F2454D7C29617AB3BAB1B46E1BF00B6A90AC1616875F7CBB545FDF46A4573D1B775653F3BEE0BD871873ACA3AF1E33B687512EEBFB71EDA2983D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLcGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLcGZtwZGk3mlind9i4ufFXpAXkru |
MD5: | A46246FAEAB95D87F5B4FE236C2B3D3E |
SHA1: | 7F018DB9238A63FEAD8D11A92297E7366058A75A |
SHA-256: | 7E822FECC47177C5A7F4C250E7D53509D104DE68B0D0CE9445877B508400988E |
SHA-512: | 8AAB79958BF39F014FBA7F69287FE0C357746E63FA3482DE3231BDF4A97B964A0815DAF7BFE9751C55BA6BE618E0A964CEB23FC30B4FA9DFEB284F42EBA897BF |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.992350840789984 |
TrID: |
|
File name: | PDF.pdf |
File size: | 363'948 bytes |
MD5: | fd5b2d2f6c3f4b92b25ef110751cb024 |
SHA1: | 4bcc58c2e98a760f7d91fd106e0ac962381ad06b |
SHA256: | 93d72a5b9d6b70e8fae6e848af34d9ec659ce811637c4970add600bda8e18f69 |
SHA512: | 8ce4da26654e20ce960d567fc3b06031f2c65298c34c82c8460f47e04b28f4e2d8b0df15162db1dc12c00e40708f4cd62a1c26c8d8c280ce42f9faff3e1db5b3 |
SSDEEP: | 6144:x4ppvCQFRsfo5SEgdsxaB+bAVDrvwyXvcZDZ6lUGGUvQQL57e8yf0SZcRczHq8SP:xGXYo5SjsxayGPv1Xvc3+U+QQL54f0CG |
TLSH: | 0F74122BD8955D1DBD038E494E27681143ADF03372C825A51C7E098AA205ED6EFDF3BE |
File Content Preview: | %PDF-1.5.%.....8 0 obj.<<./Type /FontDescriptor./FontName /Times#20New#20Roman./Flags 32./ItalicAngle 0./Ascent 891./Descent -216./CapHeight 693./AvgWidth 401./MaxWidth 2614./FontWeight 400./XHeight 250./Leading 42./StemV 40./FontBBox [-568 -216 2046 693] |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.5 |
Total Entropy: | 7.992351 |
Total Bytes: | 363948 |
Stream Entropy: | 7.994865 |
Stream Bytes: | 355196 |
Entropy outside Streams: | 5.000754 |
Bytes outside Streams: | 8752 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 52 |
endobj | 52 |
stream | 7 |
endstream | 7 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 2 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
27 | 406667416b6d6148 | 4e1bf1960318bb2f370a7df8574c5251 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 15:54:47.487761021 CEST | 49740 | 443 | 192.168.2.4 | 23.1.100.158 |
Apr 24, 2024 15:54:47.487797022 CEST | 443 | 49740 | 23.1.100.158 | 192.168.2.4 |
Apr 24, 2024 15:54:47.487869024 CEST | 49740 | 443 | 192.168.2.4 | 23.1.100.158 |
Apr 24, 2024 15:54:47.488068104 CEST | 49740 | 443 | 192.168.2.4 | 23.1.100.158 |
Apr 24, 2024 15:54:47.488079071 CEST | 443 | 49740 | 23.1.100.158 | 192.168.2.4 |
Apr 24, 2024 15:54:48.005764008 CEST | 443 | 49740 | 23.1.100.158 | 192.168.2.4 |
Apr 24, 2024 15:54:48.006148100 CEST | 49740 | 443 | 192.168.2.4 | 23.1.100.158 |
Apr 24, 2024 15:54:48.006175041 CEST | 443 | 49740 | 23.1.100.158 | 192.168.2.4 |
Apr 24, 2024 15:54:48.007169008 CEST | 443 | 49740 | 23.1.100.158 | 192.168.2.4 |
Apr 24, 2024 15:54:48.007266045 CEST | 49740 | 443 | 192.168.2.4 | 23.1.100.158 |
Apr 24, 2024 15:54:48.009574890 CEST | 49740 | 443 | 192.168.2.4 | 23.1.100.158 |
Apr 24, 2024 15:54:48.009639025 CEST | 443 | 49740 | 23.1.100.158 | 192.168.2.4 |
Apr 24, 2024 15:54:48.009886980 CEST | 49740 | 443 | 192.168.2.4 | 23.1.100.158 |
Apr 24, 2024 15:54:48.009892941 CEST | 443 | 49740 | 23.1.100.158 | 192.168.2.4 |
Apr 24, 2024 15:54:48.054837942 CEST | 49740 | 443 | 192.168.2.4 | 23.1.100.158 |
Apr 24, 2024 15:54:48.182060003 CEST | 443 | 49740 | 23.1.100.158 | 192.168.2.4 |
Apr 24, 2024 15:54:48.182285070 CEST | 443 | 49740 | 23.1.100.158 | 192.168.2.4 |
Apr 24, 2024 15:54:48.182341099 CEST | 49740 | 443 | 192.168.2.4 | 23.1.100.158 |
Apr 24, 2024 15:54:48.182750940 CEST | 49740 | 443 | 192.168.2.4 | 23.1.100.158 |
Apr 24, 2024 15:54:48.182769060 CEST | 443 | 49740 | 23.1.100.158 | 192.168.2.4 |
Apr 24, 2024 15:54:48.182780981 CEST | 49740 | 443 | 192.168.2.4 | 23.1.100.158 |
Apr 24, 2024 15:54:48.182818890 CEST | 49740 | 443 | 192.168.2.4 | 23.1.100.158 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49740 | 23.1.100.158 | 443 | 7204 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 13:54:48 UTC | 475 | OUT | |
2024-04-24 13:54:48 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:54:33 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:54:34 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 15:54:34 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |