Windows
Analysis Report
121351.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 3872 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\1 21351.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7116 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 2556 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 12 --field -trial-han dle=1576,i ,153052352 4658662492 3,55734125 0054485846 2,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
184.25.164.138 | unknown | United States | 9498 | BBIL-APBHARTIAirtelLtdIN | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431493 |
Start date and time: | 2024-04-25 10:21:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 121351.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/41@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.55.252.138, 34.193.227.236, 18.207.85.246, 54.144.73.197, 107.22.247.231, 162.159.61.3, 172.64.41.3, 23.34.82.7, 23.34.82.6
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
184.25.164.138 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | RHADAMANTHYS | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Lokibot, PureLog Stealer, zgRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | DarkGate, MailPassView | Browse | |||
Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
BBIL-APBHARTIAirtelLtdIN | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.177074031402224 |
Encrypted: | false |
SSDEEP: | 6:B+q2P92nKuAl9OmbnIFUt8SXZmw+S3VkwO92nKuAl9OmbjLJ:Mv4HAahFUt8SX/+SF5LHAaSJ |
MD5: | 685D87AAF460B4EF7332D141C441EC3C |
SHA1: | 15DDB15169C9EE06E6B20DFB707B3A2128685615 |
SHA-256: | C350C155D0C73CE7776C60715A3BC9F6BBB8E1E314E7F566A5398E77B9999136 |
SHA-512: | 87CDEE68E544D51148E599C093CA5AA9BD9AD9CABB469EDF712F5BD74F71A3E22D2A13A5258D6DE579A3889077425A9883A59CE816A742F0E3AA323AEDB3F287 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.177074031402224 |
Encrypted: | false |
SSDEEP: | 6:B+q2P92nKuAl9OmbnIFUt8SXZmw+S3VkwO92nKuAl9OmbjLJ:Mv4HAahFUt8SX/+SF5LHAaSJ |
MD5: | 685D87AAF460B4EF7332D141C441EC3C |
SHA1: | 15DDB15169C9EE06E6B20DFB707B3A2128685615 |
SHA-256: | C350C155D0C73CE7776C60715A3BC9F6BBB8E1E314E7F566A5398E77B9999136 |
SHA-512: | 87CDEE68E544D51148E599C093CA5AA9BD9AD9CABB469EDF712F5BD74F71A3E22D2A13A5258D6DE579A3889077425A9883A59CE816A742F0E3AA323AEDB3F287 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.164011381730232 |
Encrypted: | false |
SSDEEP: | 6:XiL+q2P92nKuAl9Ombzo2jMGIFUt8311Zmw+3jLVkwO92nKuAl9Ombzo2jMmLJ:Syv4HAa8uFUt8H/+zR5LHAa8RJ |
MD5: | 6C2CBC3C2E526D699507BEC53AA2EE40 |
SHA1: | 4803A69BA8E5B831553F45BA3CAB033CCBA65960 |
SHA-256: | B1EF8196D40500A6EA6EB4E20E7CB21E7F2E64FB1EF187028B61B7AE0C174C83 |
SHA-512: | 84E51319037046B450DEF1E6032EF1AE52A7B75501EEBEED62C2A8468FF6D57517607419A9D58D0D09BC753759AEC75356861518E9E984624A4F406B805676DE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.164011381730232 |
Encrypted: | false |
SSDEEP: | 6:XiL+q2P92nKuAl9Ombzo2jMGIFUt8311Zmw+3jLVkwO92nKuAl9Ombzo2jMmLJ:Syv4HAa8uFUt8H/+zR5LHAa8RJ |
MD5: | 6C2CBC3C2E526D699507BEC53AA2EE40 |
SHA1: | 4803A69BA8E5B831553F45BA3CAB033CCBA65960 |
SHA-256: | B1EF8196D40500A6EA6EB4E20E7CB21E7F2E64FB1EF187028B61B7AE0C174C83 |
SHA-512: | 84E51319037046B450DEF1E6032EF1AE52A7B75501EEBEED62C2A8468FF6D57517607419A9D58D0D09BC753759AEC75356861518E9E984624A4F406B805676DE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\03e9b3a1-e39d-4708-b0ad-84a026ae5b5c.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.055018257017307 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZeVtsBdOg2H0caq3QYiubxnP7E4T3OF+:Y2sRds38dMHn3QYhbxP7nbI+ |
MD5: | 3A44BAC05DFBE1FD4D03EEFDBCA3992F |
SHA1: | 073AB05527BB5104E2D5AB7A7BBB6915DA3D9DCE |
SHA-256: | 9507F966EDF97EA72C30F32B293F2779914B5D9FAA4E87F480E692B48331CB22 |
SHA-512: | 3544ACDB5658C1588378354A1B526322522F7BD81B1CF024A15C35B09194E832905B517A66D98E160A60DC67E0382FCE91F28E713F11AEBE80E77C76645D8683 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.055018257017307 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZeVtsBdOg2H0caq3QYiubxnP7E4T3OF+:Y2sRds38dMHn3QYhbxP7nbI+ |
MD5: | 3A44BAC05DFBE1FD4D03EEFDBCA3992F |
SHA1: | 073AB05527BB5104E2D5AB7A7BBB6915DA3D9DCE |
SHA-256: | 9507F966EDF97EA72C30F32B293F2779914B5D9FAA4E87F480E692B48331CB22 |
SHA-512: | 3544ACDB5658C1588378354A1B526322522F7BD81B1CF024A15C35B09194E832905B517A66D98E160A60DC67E0382FCE91F28E713F11AEBE80E77C76645D8683 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.237197370094994 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUg6/f2mZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLu |
MD5: | B848D9363088B8166ACA5DA8A4FCDF7B |
SHA1: | C3B857A267C28ED98C77A59DD564C68163AF9339 |
SHA-256: | 2127F97AE197DD93C91D64F624C65E3AFABBB4943D2F1D01502C268FB8EC4C86 |
SHA-512: | F394CF847BC49BCDD4F4B8357F614D13218C623F06720394042CBA28D581758C67835B85DB5965C8239C9B282E5B50A6C162FCF71E7D4ACF1EFB7AC6F2062DBD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.172179912510298 |
Encrypted: | false |
SSDEEP: | 6:UwlL+q2P92nKuAl9OmbzNMxIFUt8sUGa11Zmw+VFLVkwO92nKuAl9OmbzNMFLJ:Fyv4HAa8jFUt8MaX/+zR5LHAa84J |
MD5: | 15D6017A52773D6C78F8CAB7CE6096D0 |
SHA1: | 2BF45634D9AEC8249708D8910D0B10D1FAE3472B |
SHA-256: | B349B8DAFEBA23ABC9934E797C75C782FEE586D2C93EC5D7D9A9131F3C358677 |
SHA-512: | 5637355FC5619831E047A286B25B58B13D73CC7C2B3947E36B2813C513B09DFFDD2C86441759287B5586D8357144AD738C237CBD1D1F65D95E8BBF4D25609787 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.172179912510298 |
Encrypted: | false |
SSDEEP: | 6:UwlL+q2P92nKuAl9OmbzNMxIFUt8sUGa11Zmw+VFLVkwO92nKuAl9OmbzNMFLJ:Fyv4HAa8jFUt8MaX/+zR5LHAa84J |
MD5: | 15D6017A52773D6C78F8CAB7CE6096D0 |
SHA1: | 2BF45634D9AEC8249708D8910D0B10D1FAE3472B |
SHA-256: | B349B8DAFEBA23ABC9934E797C75C782FEE586D2C93EC5D7D9A9131F3C358677 |
SHA-512: | 5637355FC5619831E047A286B25B58B13D73CC7C2B3947E36B2813C513B09DFFDD2C86441759287B5586D8357144AD738C237CBD1D1F65D95E8BBF4D25609787 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425082158Z-162.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 3.2921985584380726 |
Encrypted: | false |
SSDEEP: | 768:VzvWD+3XxZwKpJmo2xJ+vl4g1YjnwWkubtKK9K98Y7:VzvWD+nAimo2WfnWkubtKK+8s |
MD5: | 38BE09E448F68B24B9ECB59FAEBD9C47 |
SHA1: | A868845755B2BDAC4C580EEEECADB079AAB6E8AC |
SHA-256: | 3A068F4ABEC3123B1360D16D7187A46D46F281704E000449FBC7892AFA61ED19 |
SHA-512: | 87545FD8890D46E91A3524AAE4D4D01657A1C7C6EF87F801FDE0B8B31F5FD08299C0C2761DEFCE1574EFF29BACF011923A9C576AC177F961FB9E16D40677467B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.339586073884455 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJM3g98kUwPeUkwRe9:YvXKX2Ne5YpW7dZGMbLUkee9 |
MD5: | 262052EA1A928ACF7F7F38180F6EC799 |
SHA1: | 550AE4963A2325656346DC9CD7C374D210BA19F2 |
SHA-256: | 7351EBEF5B8DC48ADD076097B76E6624FF71D5D70E154E10A61BA2EB559C80C1 |
SHA-512: | 610369CCE67B46F17F995D9A548A9BF69CDD7BD8F7AD1A99510196DDB5E40CF0F25F45D1A351EB5E7782992C45B7E7651299330C9FA130632D4194A08B634BA2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.273629659300684 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfBoTfXpnrPeUkwRe9:YvXKX2Ne5YpW7dZGWTfXcUkee9 |
MD5: | A85121EBDE5881736AD6E856C465B61F |
SHA1: | 34964469987C6CE3DBFC6BFFE8904096761FACE0 |
SHA-256: | 9ECE9F4162AB5CF747135FC6F9532838536BDDCE30CA4A26B90F698B4685EBA2 |
SHA-512: | 29525E5CED328BEF93F827B1EBEF60831103C73CD0A30B3846D015E17C04AA850338C21F76DC145BC8472EC6FC5DA9C68DFE5B792DBC8F91DFA1FB2A3255D9A7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.252299721724908 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfBD2G6UpnrPeUkwRe9:YvXKX2Ne5YpW7dZGR22cUkee9 |
MD5: | D21B43F96EFB0360E67D3816FF821669 |
SHA1: | FB3BE6AE17A1587BC7481FEC06DB15A77F8AAD5E |
SHA-256: | 3EA700772468461F152FB5B9C846B6935CE51044C912E6DACDE40E93E1402542 |
SHA-512: | 3A303C4CC8E57253C4C588850920A0F371C1AC31FF7E8F4CB7F796E91C8B1C35098B0F1E65AF979DBDE98DD78F73D2CEDC297CE7D1137923494C422223451BF4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.317644659874085 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfPmwrPeUkwRe9:YvXKX2Ne5YpW7dZGH56Ukee9 |
MD5: | 7D7111179A4BD577A67CE680F0C5157F |
SHA1: | 11E62866E65DAD2B97178B7B1AAEAB632F6616EB |
SHA-256: | 43945D92044992B27EA0C218B4838A340BE9DAF5437F96679821089B8E342D79 |
SHA-512: | 6CD283DEAE87EC1A61D82DD411EF195F841C83DE2792544A87332768DF0C439042B8590463C4F1EEBF9975A5C9A25BA334DC3C73AAAABCD19F8394D735D3AB4E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2737752935301305 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfJWCtMdPeUkwRe9:YvXKX2Ne5YpW7dZGBS8Ukee9 |
MD5: | D8E7FB08B0C3F6CE499C07D489B48052 |
SHA1: | D89860E7DDF3A801500AC7C1A762A8E712EE6978 |
SHA-256: | CF110A823B3DC79095BB8D28AFB6AC28D525933B3E2FF3A2CAD1671D2D1B6EB2 |
SHA-512: | 1C5023852DC5196FE96EA5AC1461EE20F9EAA626934C823067D60E3A0C451A3510224ABFB6F30C5175C8DCCC777A7A96EE8DE3F3EE801CFCA10E7F48B2C2FF14 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.259695249642059 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJf8dPeUkwRe9:YvXKX2Ne5YpW7dZGU8Ukee9 |
MD5: | 5198ABBE6AAC08F26189CEC34CABFF00 |
SHA1: | 358D5C2D51B14E927C1087C13D902867CF4EF8FA |
SHA-256: | B2089AEFC8AD4D72F0F14031F72CF368B984E2DE5C2BFF6C8F3636661E9CEB58 |
SHA-512: | 66F8911CFFAC01BCDA423B4539CE04C6ADC9CAC8241B365BAEDC491B72C61089EE4B05CE8630D6BC16E7B5008A1B5BC03E66443C1B3A435793E930857E068D53 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.260547953284158 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfQ1rPeUkwRe9:YvXKX2Ne5YpW7dZGY16Ukee9 |
MD5: | 27409E3761C48807D8203203E907C2B4 |
SHA1: | 70E8728790B4F708CEB74C112179FBF5B0F24010 |
SHA-256: | D80CF6CABED96488B3B5F059E45E28B02DDCD0A0025F9D4B4F21FC1B19F69D73 |
SHA-512: | 4A24259824CF4343D0D3A1FA56B33F28CD6F2C7F97D7B09444E2446FB6924756E0238D4C382D93B5738BFD5486A7534E6EBF5EA581226A923D2C9D8288D8E760 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.280666756399159 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfFldPeUkwRe9:YvXKX2Ne5YpW7dZGz8Ukee9 |
MD5: | FAD2D52192AE221FF9C22AA582F9936B |
SHA1: | 0FB37D24C241AAC125837510700D6ED03D6656B8 |
SHA-256: | 87AF046D9E34F0520258F35BA42376905B8423D6409CEB65CE30066320119468 |
SHA-512: | 9B669F3DD892FF768DDCFFBAF38ED74BC4D65045F8BB3F8961AE41C7DD2E6F2D59BF078B2C1055F623761BC06EE0B99EE72B33B861BDB29B48CF35E6F00271D8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.7366155455802 |
Encrypted: | false |
SSDEEP: | 24:Yv6X2Ne6iTKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN+A:Yv7NETEgigrNt0wSJn+ns8cvFJsA |
MD5: | FD289B0EC9C6E6AB35E88402855076D6 |
SHA1: | 09F79786F8FB5327971E34AAB2EDF0517BA6432F |
SHA-256: | 2DA29F838748DFFCD2A66B880DD86E30BF8A1EC3AB60AFEF3FD02F77221F4152 |
SHA-512: | D297F95AD556ABCFEF6EE9D4A9F974157E86C6A2CB0580BC0028774C42EED1B340035F119E042A2CDE808C48E22B1BE11E376A8A7C1BC357AF69ACA276D604E7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2675815334240035 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfYdPeUkwRe9:YvXKX2Ne5YpW7dZGg8Ukee9 |
MD5: | CE121C375A01F5C6AD60AD398486B52B |
SHA1: | 4435DB731CE56CF09C652B96C5E05334B8DEAE53 |
SHA-256: | CF18527DED82AADCBF7307BB55D03089940AAF835FF1D05701149D93E1189C6B |
SHA-512: | 7628F345FDCB1DB9C848EC728BE6BFDBFBC5014E8BC116E7A36CE71F6EF11F7862B057DC20AF58801F85AC96C8A0EC5F7CC0E471014E8C256C68C9F83ABDABF6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.773698007903073 |
Encrypted: | false |
SSDEEP: | 24:Yv6X2Ne6iurLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNGA:Yv7NEuHgDv3W2aYQfgB5OUupHrQ9FJgA |
MD5: | B87A8CCD7AA2C9E2C932892F76F1A9E4 |
SHA1: | 05B2338329F431C5FAFA20C2EEB4D26651098A47 |
SHA-256: | 6640D5E2F3D54DA85AF18118CC009E9AC420474F79AD46AFF8B2816BBC474198 |
SHA-512: | F8D9E22EC70BD66540805B01E6E901BAE165DF2DDD3D9DE22A5B2F1B52387181A005E8C8B7F0FD182C27FA8B5CE09908228D9464138C5A8C7B802A7772311E40 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.251351438428286 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfbPtdPeUkwRe9:YvXKX2Ne5YpW7dZGDV8Ukee9 |
MD5: | 48FDFC60839F840F6AC75FAE2E4C3CB3 |
SHA1: | 6FC382A44FDB5914083C93B94BCEA054FC7FCF0E |
SHA-256: | 2BEB74B4084B972A49769E93E13967A0DA7F4AED16978B21B2FFF561E0DD9884 |
SHA-512: | 1659A4D8D1D104B8FCDA78BDB60A9017BB66F3BAA0C394FAAB7DB74872FE55FDEF0304337DA90BCE32A839C73307534C0D1FEF80C5DC547C0949D62044C760B5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.252575937722157 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJf21rPeUkwRe9:YvXKX2Ne5YpW7dZG+16Ukee9 |
MD5: | 984F90AD15C555A48DFAD860D56046C4 |
SHA1: | DED2C0D51A64DA7C8129540957EDF718D223B0EE |
SHA-256: | 2A4F039AEF61FC61E77DA76EC6FA725753DD293F9BBA7E788733D85296FDB8C2 |
SHA-512: | C265C51CC0AC98E87F41E610BD98997830DF4D593F92C5BF2DF885123561108AAB3717A210203F50738A576653A64882C393DE22653B6738C09DABE773A3808A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.274956999267318 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfbpatdPeUkwRe9:YvXKX2Ne5YpW7dZGVat8Ukee9 |
MD5: | 0577A309E696452B829F583E60FE3DD3 |
SHA1: | 52BEE9458C84D181A299997FD260EB40E355B048 |
SHA-256: | B5C0DF4DF3D2E3F966D938F732EA1EEBBF7BD9920F4C6552DA948BF35B96684C |
SHA-512: | 2A28BCEA639C6E1900DAA45BF3A663F17499206298229C7B79D371E353C1F2BE1ED0525535CD12CE4A62426BA9DD8405D1104457976A5A8864DFFAAEF8497788 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.227623020589298 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfshHHrPeUkwRe9:YvXKX2Ne5YpW7dZGUUUkee9 |
MD5: | 3520911221DDD79200B68D06E34D73AB |
SHA1: | 54CB470EAC9FFADD489D42C235E97B5AAA744C05 |
SHA-256: | AD1C9A9E51A6DAB264812586642F531060866244D983F275F6D22B2D4900B355 |
SHA-512: | B44799E77DF319CAD9FC4AF7FE7F0D8C49CB28611A6BE2D795A8268C36073D352662417F4E54A28BC59931BC9F5CE46268B53D319AF1E3FAB29F3C1B0C41F134 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.361282949638159 |
Encrypted: | false |
SSDEEP: | 12:YvXKX2Ne5YpW7dZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYRA:Yv6X2Ne6ir168CgEXX5kcIfANhjA |
MD5: | ADE8F1274A8382ECC376BFD14D5E43B5 |
SHA1: | 33D922FBF8A561AE844E5EF6F04642E469BF71B9 |
SHA-256: | BB6CA19ABF88ECADE6393B1BF6B3EE3531A14F3B8C6AF60BB4FEF5D6327F5916 |
SHA-512: | 36B75563C0C063F402CD6C9A0EE9D5B03CB3DAB980B10799EA036F7D0EC901B4B5AFB0E3B1B2DE1B8E14C1921547C212B2B015FB92682965CD3FBCF64FC42037 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.133709429319345 |
Encrypted: | false |
SSDEEP: | 48:Yu6Nhquk9r5409Wk6UcNNBL5/pCse8VoNpWAW9uDzc:t6jPk9u09Wk6UcN3L5/pCsJ+NpWPuDzc |
MD5: | 77980200F84743232961DF4BCFA9ABEE |
SHA1: | 89ED3E4AF55540E248AE44BDB1D2D68E550FA894 |
SHA-256: | A116B0BAA70637BA9C6971C9CAC9C20B32057041E5FE89430E4934B541855832 |
SHA-512: | 581824BCC0A422D4648DA90C55B1B65B450A04D8CE0B3380AF06280AEAE43FB334335CF537F3B9285F9ED32C04AE3BD531DB88C3DC78D3B5944EE3909AF61429 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9855979887652101 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpAlkt4zJwtNBwtNbRZ6bRZ4DlktF:TVl2GL7ms6ggOVpGnzutYtp6P4Q |
MD5: | 8BD2D491513F6A71D21E371E44FD4228 |
SHA1: | D22504252AC18F7B2AD95A01B12F87524ABE4D5D |
SHA-256: | 9BD47D8AEE982342AD82F34E1D70AA9A76DD2816BC07E199B7EC04F9D88EABD9 |
SHA-512: | 3FEC07701D1CF009327EBD3532642F39C324CAAC75EA1F0787F400C6AC040F07F3761C5C2CDEAB62EB257B6C28FF1B35445F83517EADD6199743963DC5EC125E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3390892751833003 |
Encrypted: | false |
SSDEEP: | 24:7+tVAD1RZKHs/Ds/SpAlktPzJwtNBwtNbRZ6bRZWf1RZKrqLBx/XYKQvGJF7ursa:7MVGgOVpGAzutYtp6PMmqll2GL7msa |
MD5: | 35B9FEC82499137D591ADA5F98ACA12F |
SHA1: | 2587E55C377C2352656E5501F0D3E00A4DC48B94 |
SHA-256: | 2F4DF84C1196DCD3EA0A745584DE12DF7B9B8A741251A38696142AC26FC9A4E7 |
SHA-512: | B5AA50E9EACEF2893760E7CCC8615CF83EC2EF1EDD55B9DBAF5E842EA96DE2528CF5B20E4233967A26FDE8153A30C183F5214DAA91526C28E0A9EEBA5DB84FC0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.4953527754662135 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+adNulNH:Qw946cPbiOxDlbYnuRKr |
MD5: | 9A97D88503386BDCA68CA26A29BBBFE6 |
SHA1: | DC427DC6A6353501F961922B08668701F6228CE1 |
SHA-256: | 05DA8700C7CBF6FB2031BEFF40A607C61D2C90D6BE0BCA6A0B6C46A118CA0A89 |
SHA-512: | EEE959ED3D6C38FF62D7CA75C5221A7D6C972B106AD6AC1BEAE0146CBA6F785BE6915DA1F10D1A80E5CFBB2ECECB78C7E67F9203886578A20EADD4C458920012 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 10-21-56-318.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.379009836036224 |
Encrypted: | false |
SSDEEP: | 384:LFxuDTaHWF9omDc8DxPB3qHXovQ+BJbi1oUGOxz+8vOgwniY102YhYNkG0CcRBJo:+DB |
MD5: | F6C7A3354152D3D832ED39B74D953D31 |
SHA1: | 8DA6B5EDE59D1B72E264ADC16E1CA6434F91B948 |
SHA-256: | F318AD515E0CD5DAF09419EF8AF7E4BBBFFD1511CC485EC767F7EB1690984149 |
SHA-512: | B90C7FC5F619E9508BD74E505E6395CB529ACD456DEDC11438491CB4F4F9AE10146B409AAA9664839C85ECF58250A8A7D780564EFDB4C2AF734AD2B724059810 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.396085327651308 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbm:S |
MD5: | 9BEDB3BD61009A08256F15709174E6E6 |
SHA1: | 98597FF5ACC57DDB7639342C61A570862B7C4838 |
SHA-256: | 59A95F0CC3533D9978E075B92F10996F14E0499433CB473295DB7C52D567C1ED |
SHA-512: | 7DC985D4A0AAE2F36F70A44461DEB04D1B92C09D4F16DCECAAD4DF685AC32EC2F8BBC937E9CB0CE773F19A4F67F6740F9AAA09A1C859AD677F5A9E13D996DD27 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru |
MD5: | AE1E8A5D3E7B2198980A0CA16DE5F3D3 |
SHA1: | A1DB2C58AFC81E6A114A8EB47BE0243956F79460 |
SHA-256: | 8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F |
SHA-512: | 5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLaGZ4ZwYIGNPS:RB3mlind9i4ufFXpAXkrfUs0kWLaGZ48 |
MD5: | 1D64D25345DD73F100517644279994E6 |
SHA1: | DE807F82098D469302955DCBE1A963CD6E887737 |
SHA-256: | 0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC |
SHA-512: | C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.654318356143638 |
TrID: |
|
File name: | 121351.pdf |
File size: | 559'392 bytes |
MD5: | 37de073e62c300444004213c88ecf89b |
SHA1: | 86b5ac12c1f42c7eba2455591318c7b86a6f0cb1 |
SHA256: | f6045d8109c061c20b187702fe774e1733f68fefc75c5c96a1bead1dbc51818b |
SHA512: | 979f0f399cdf671b9a2f6c60f403846482523e067913d3aed57223511ad0bda0624e6783f0f819888913bc2af7adb059745012f83306b386aee7384927cab518 |
SSDEEP: | 12288:vp+6FsVAwhZl4tsEKX1BVthuCdCLtZXPd5A8fDltGUZ/Jz:E6vwcOVthpYLb9loUZ/9 |
TLSH: | 0AC4B8438C189B93A46D83E4BE174E9C2F452B1CE9963DFF04661EDB3E602635D8D42E |
File Content Preview: | %PDF-1.4.%......5 0 obj.<<./Type /XObject./Subtype /Image./Name /Im0./Width 3507./Height 2480./BitsPerComponent 8./ColorSpace /DeviceRGB./Filter /DCTDecode./Length 4 0 R.>>.stream.......JFIF.....,.,......................................C...............(B+ |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.654318 |
Total Bytes: | 559392 |
Stream Entropy: | 7.653109 |
Stream Bytes: | 558369 |
Entropy outside Streams: | 5.052249 |
Bytes outside Streams: | 1023 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 8 |
endobj | 8 |
stream | 2 |
endstream | 2 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
5 | 11181a59595a5154 | 423071ecfbb674ed35dabcd74950fccc |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 10:22:06.781028032 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 10:22:06.781107903 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 10:22:06.781196117 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 10:22:06.781377077 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 10:22:06.781410933 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 10:22:07.113042116 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 10:22:07.113343954 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 10:22:07.113375902 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 10:22:07.114367008 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 10:22:07.114465952 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 10:22:07.116441965 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 10:22:07.116522074 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 10:22:07.116677046 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 10:22:07.116693020 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 10:22:07.164207935 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 10:22:07.226865053 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 10:22:07.227015972 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 10:22:07.227087975 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 10:22:07.227421999 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 10:22:07.227454901 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 10:22:07.227479935 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 10:22:07.227535009 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49714 | 184.25.164.138 | 443 | 2556 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 08:22:07 UTC | 475 | OUT | |
2024-04-25 08:22:07 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:21:52 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 10:21:53 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 10:21:54 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |