Windows
Analysis Report
630081273.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 344 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\6 30081273.p df" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6972 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7228 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 92 --field -trial-han dle=1564,i ,183563971 6453558476 2,34938875 8770129019 8,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
184.25.164.138 | unknown | United States | 9498 | BBIL-APBHARTIAirtelLtdIN | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431793 |
Start date and time: | 2024-04-25 19:24:36 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 630081273.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/41@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.54.200.159, 54.227.187.23, 23.22.254.206, 52.202.204.11, 52.5.13.197, 172.64.41.3, 162.159.61.3, 104.76.210.69, 104.76.210.84
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
184.25.164.138 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | RHADAMANTHYS | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Lokibot, PureLog Stealer, zgRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | DarkGate, MailPassView | Browse | |||
Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
BBIL-APBHARTIAirtelLtdIN | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.211753032344033 |
Encrypted: | false |
SSDEEP: | 6:iSX+q2P92nKuAl9OmbnIFUt8FSVEZZmw+FSVENVkwO92nKuAl9OmbjLJ:fuv4HAahFUt8EVY/+EVA5LHAaSJ |
MD5: | 8428911A893938F8BAA9674D932293CB |
SHA1: | F313B96D24538A73423BD1241BB0838750C7812E |
SHA-256: | 70C097407238E2A1F496914EBD35AFE3C8C3CE60A93DB1EDCAF2FC83C6BDB185 |
SHA-512: | 57D1A1EDEAC45023AE8B659A66E35A4C0F99606294E0D4BDDB2BAAD9B8D173C297830887B7A0175102A28609FA0DC6E996C055346D6C7E03934A973FD9756DE0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.211753032344033 |
Encrypted: | false |
SSDEEP: | 6:iSX+q2P92nKuAl9OmbnIFUt8FSVEZZmw+FSVENVkwO92nKuAl9OmbjLJ:fuv4HAahFUt8EVY/+EVA5LHAaSJ |
MD5: | 8428911A893938F8BAA9674D932293CB |
SHA1: | F313B96D24538A73423BD1241BB0838750C7812E |
SHA-256: | 70C097407238E2A1F496914EBD35AFE3C8C3CE60A93DB1EDCAF2FC83C6BDB185 |
SHA-512: | 57D1A1EDEAC45023AE8B659A66E35A4C0F99606294E0D4BDDB2BAAD9B8D173C297830887B7A0175102A28609FA0DC6E996C055346D6C7E03934A973FD9756DE0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.145383041941284 |
Encrypted: | false |
SSDEEP: | 6:iZM4q2P92nKuAl9Ombzo2jMGIFUt8FSKv3JZmw+FSKv3DkwO92nKuAl9Ombzo2jz:Iv4HAa8uFUt8oKvZ/+oKvz5LHAa8RJ |
MD5: | 99A3193E0D7E129DB018EAB36A806B9E |
SHA1: | 4683C5EB8FC7DC6F214214B5F97B12DC99956B1E |
SHA-256: | 65B6B3D72FA7E9EC11C7DD6678494D30FC5AC2020F5FD53A9AC2734B9F01C9BB |
SHA-512: | 2656FB24B8F3D1A80751E09B6D8C45EBC8CF81C2B86B8664383017694360206A219498C6DC3602B1CADD0C4AD3BDDAE812CB4A6F12B2802511AA2F4EAD0462A1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.145383041941284 |
Encrypted: | false |
SSDEEP: | 6:iZM4q2P92nKuAl9Ombzo2jMGIFUt8FSKv3JZmw+FSKv3DkwO92nKuAl9Ombzo2jz:Iv4HAa8uFUt8oKvZ/+oKvz5LHAa8RJ |
MD5: | 99A3193E0D7E129DB018EAB36A806B9E |
SHA1: | 4683C5EB8FC7DC6F214214B5F97B12DC99956B1E |
SHA-256: | 65B6B3D72FA7E9EC11C7DD6678494D30FC5AC2020F5FD53A9AC2734B9F01C9BB |
SHA-512: | 2656FB24B8F3D1A80751E09B6D8C45EBC8CF81C2B86B8664383017694360206A219498C6DC3602B1CADD0C4AD3BDDAE812CB4A6F12B2802511AA2F4EAD0462A1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0d9c90c0-51e6-4ffd-8b7e-0058edf53f01.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.05663747558245 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZQssBdOg2HWfcaq3QYiubxnP7E4T3OF+:Y2sRdsfRdMHWu3QYhbxP7nbI+ |
MD5: | F42FBB18F3E8C97A027C6DAE0C99FD18 |
SHA1: | 80B84A9EE0D09D14D3C723C7D066F14B8E3FF239 |
SHA-256: | D6AD3E1EF4388A00210D89C00456985D03B948771B06A66B403F6293ED05CB82 |
SHA-512: | 2B820C86D63119ED511F23B576652860FDD0043F0EEC7ED76CC3C9FEF8429FE21AD31A7324D9E61C42ADA3501807FAFA42C9911AF2AF3CE7F70C8BE8E7EE1E80 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.05663747558245 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZQssBdOg2HWfcaq3QYiubxnP7E4T3OF+:Y2sRdsfRdMHWu3QYhbxP7nbI+ |
MD5: | F42FBB18F3E8C97A027C6DAE0C99FD18 |
SHA1: | 80B84A9EE0D09D14D3C723C7D066F14B8E3FF239 |
SHA-256: | D6AD3E1EF4388A00210D89C00456985D03B948771B06A66B403F6293ED05CB82 |
SHA-512: | 2B820C86D63119ED511F23B576652860FDD0043F0EEC7ED76CC3C9FEF8429FE21AD31A7324D9E61C42ADA3501807FAFA42C9911AF2AF3CE7F70C8BE8E7EE1E80 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.238482648711951 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUiQzVpUxQlzOZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLd |
MD5: | 407C86C54597491CB9AE5EC163733BB6 |
SHA1: | 44A01E03F741C2071DC6F14B1D61A7348F2FBB38 |
SHA-256: | 72ECBBA5543656F1471DD3CE2046D66D9890868A7116D86BC7CF6789E1E3333D |
SHA-512: | 567B4F80E133102A6C68E71426B9CAEB950E06E2036C134D77F8E5897F4FCF5E4F0A6C389B4E3F060BC7D81A1BDE2BEA88E7C44E8C558D40D8CE57DA88C45A76 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.206572933320813 |
Encrypted: | false |
SSDEEP: | 6:iMoON4q2P92nKuAl9OmbzNMxIFUt8FMuF3JZmw+FMJdDkwO92nKuAl9OmbzNMFLJ:YOOv4HAa8jFUt8DZ/+u15LHAa84J |
MD5: | 0574C46D1CE0FA98527BD265BAA4940E |
SHA1: | C8C496185531547DFAA5D279DDE8D5EE62C4914F |
SHA-256: | 5363EC3EB05777C532EB4E28A1E8EB592E3618A1B74AED52948ED6B7DAA0608E |
SHA-512: | 730B3EC446CBBBDEE4986955FA3DA4C21973677D80A0F53201FA3F2B0F205FABA29BA33A094C24B8021F13B18D3A3435952C833C7848E2A3911B552049429470 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.206572933320813 |
Encrypted: | false |
SSDEEP: | 6:iMoON4q2P92nKuAl9OmbzNMxIFUt8FMuF3JZmw+FMJdDkwO92nKuAl9OmbzNMFLJ:YOOv4HAa8jFUt8DZ/+u15LHAa84J |
MD5: | 0574C46D1CE0FA98527BD265BAA4940E |
SHA1: | C8C496185531547DFAA5D279DDE8D5EE62C4914F |
SHA-256: | 5363EC3EB05777C532EB4E28A1E8EB592E3618A1B74AED52948ED6B7DAA0608E |
SHA-512: | 730B3EC446CBBBDEE4986955FA3DA4C21973677D80A0F53201FA3F2B0F205FABA29BA33A094C24B8021F13B18D3A3435952C833C7848E2A3911B552049429470 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425172526Z-157.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 96118 |
Entropy (8bit): | 3.5703917032754116 |
Encrypted: | false |
SSDEEP: | 768:xbbc6wmF6GTfVSzcGHOoUFt0bVnyGhRO9x:xXcFmwgszcGHODFKbByGhRO9x |
MD5: | 352952C062F04FB4E07F377FB61D12F7 |
SHA1: | C6CC7EC9B696C4B9A73FA26C5E68B707F68A8F79 |
SHA-256: | B0AB932186A203A2ADA516F9475B34D6D1CE08F28F22EB57947A658709D27149 |
SHA-512: | 81E3277971F00035825147F62FEF9BF98D06A94D985A393B84AB68F3527F984D8696305D02BD6775811881AA14FEF515FD8B8AA93B61FA6938592D550B3A23F4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 228346 |
Entropy (8bit): | 3.3890581331110528 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:DPCaJ/3AYvYwgXFoL+sn |
MD5: | BAE090D23B1C0D4F6DC247F0080D349E |
SHA1: | 8A7AAD52A54F9A3CCEF3CE323F6BBD5B2B530461 |
SHA-256: | D7D3096317CF32DBEDF75D85390FE89A96170D44C09B2F6D164036064F506AE3 |
SHA-512: | 208136EBA10544EA5EADA1C32EADFD8066047A9D851FF95BADF9938D40AFA1771003C2725DB8C78991E700C73FA2FC3C9F3CC3712B3332E4CF6F8DDE0E539130 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.335341369975515 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJM3g98kUwPeUkwRe9:YvXKXJ5VyYpW70sGMbLUkee9 |
MD5: | 05E875934EFC90537DF4D1E5A9DB99A2 |
SHA1: | FC9F0FEED02C77F83CFAC617F7024BC901609551 |
SHA-256: | 1435EADE54937E2DEE87D2BB53C23CA0EC0FF5D77B0B19F40AA97E4F8F18F3B1 |
SHA-512: | CE104993EABA7E4C4984DF103F2583CD22A0B1AA9D0EC6E99C45B300BDD7B3672CE68040A2A07EA3D9336B6B71D008B44B5944CC705FEE6F7CC5D4310F7CC588 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.274258017090176 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfBoTfXpnrPeUkwRe9:YvXKXJ5VyYpW70sGWTfXcUkee9 |
MD5: | DF47C295708A40F2D726BD0BD73D3B7A |
SHA1: | FC27D0A3579DD0B7CD0A6F983354E4F603B31C82 |
SHA-256: | DE713C40FBB857A260152A8639FBD95712E96F52719543CF321F96B1A4CDF60B |
SHA-512: | 1B7371697E51B9D99F8989961CA5BDC6C8AAABB71C2A8AA214FFD4E606F536AE26EF0EB3CFACCDDCF5F13A4C450C4E0A9B4AB359A99DB99658C092FF5B2BB439 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.252657335958607 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfBD2G6UpnrPeUkwRe9:YvXKXJ5VyYpW70sGR22cUkee9 |
MD5: | 150DB4A55C8DC8ACFE2227A83F64C803 |
SHA1: | D9876FBC3F0EDBACC16246B12CAFF902967B9304 |
SHA-256: | 2BDE03295CF2767613F4896748655B1D9BBCA90BDB7BF37D761D5A2F6CC57C98 |
SHA-512: | 60E23B8174842A0009E197179393D5B5448D3F4B9F5C28E48A2AA578FC1E7D1511EC0D1B109D6AF8F4C5D1D15C751C0254EBD65584DE2E114E1B5BA54AA91E3F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.313251018985884 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfPmwrPeUkwRe9:YvXKXJ5VyYpW70sGH56Ukee9 |
MD5: | F03B1A029CDA44F0A9097D9461F613B8 |
SHA1: | B30E9395C851F275B8EBFFA2C6CE7393E8636587 |
SHA-256: | C2C77096A6D65D66EB2791C127D1B7FAF4C9D1C5416C92AD0812F8252271B693 |
SHA-512: | D9B1FA3D1593474DA740BBD73D663FEA984BC9551A9B8B2D50DF79DFE54852F58B211E68D4B8AA993136EA4DBD396E8F7014FAC7C5A0D572D816D19A418543D8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.273880716798727 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfJWCtMdPeUkwRe9:YvXKXJ5VyYpW70sGBS8Ukee9 |
MD5: | 99A13558FD595A53A2FA77A40C45C84B |
SHA1: | 89C52CC744BB254568EEAE611B2275A6FD433143 |
SHA-256: | FBDC861EB94BDEDB5F4F76F9284E531210AA28870FAA6AD16C8DAEB5A80688BA |
SHA-512: | 52FC6E573888C677A646D3F26448AAC879A24DB4A0006740F833CE97DF2208E98BC0192389CAEBA0EE362AD25741EAD5E01ADD321250EBB061DCDC320A6DC1FB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.25960989249927 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJf8dPeUkwRe9:YvXKXJ5VyYpW70sGU8Ukee9 |
MD5: | A2218730BA87DFAA9E60D7C0D2A84DBD |
SHA1: | FAD895C228CEBF4E08F53F2534171FE810FE0E9F |
SHA-256: | D1E18298C73EF34BDC28009093E6978E2915AC2CD986FA220E4E609C961F6B4B |
SHA-512: | 0DE7035F6B6415E332D92D70E6A580C901B4132900CAFE7C9E8D2B40BA22B67ADABD38F093748E89AFC63E64D8F27BFB5EC330F448770C8136C56AEC4DA417B0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.26188885494728 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfQ1rPeUkwRe9:YvXKXJ5VyYpW70sGY16Ukee9 |
MD5: | A18C44D0BC796971DCEB84F04B4686C3 |
SHA1: | BA0FADF6913367623A3CA1F2C74662DFF9625283 |
SHA-256: | 89D7AA7F177212215D2574BBBD242BA0DFC598B3642E0C8E4AD99787BAC574D4 |
SHA-512: | E96A13C52FEA7FF9D0530DB11355C077825F233FCA98B99A6B5A60610D3DD8C39B1E0DB278B20C1346B14D9E2CDA5BFC0CCFA70EDB158C446239F8D19B055981 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.279626913900831 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfFldPeUkwRe9:YvXKXJ5VyYpW70sGz8Ukee9 |
MD5: | 690A03E4B494F3896E69C7789DC2BA8B |
SHA1: | 44D6B8DA86943E4ABA41296012D873BA1661155B |
SHA-256: | 210D9DB15DFD8CBC356320B523F64EB0907FECDE7632CBDA8162F76A45733C48 |
SHA-512: | CB93F9F17EAF74B5005660170E95D90CC231CC399600BDA1A650E8413BB00E18DCFC11C17B69266BAC79B4F1B2609E6C147B19F7D1B63EE3226CD35618C88F73 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.737914147145943 |
Encrypted: | false |
SSDEEP: | 24:Yv6XNi0UKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN3:Yvn3EgigrNt0wSJn+ns8cvFJl |
MD5: | E82038922866B0CEEAF796FB6E2CA1AE |
SHA1: | 33A2714E545C25050EFB79428695E1AB0FBA785B |
SHA-256: | 318A7961FD6BDA57704816F5BF1AF4471CEFEFB675674B245468CF7C8A8D59FD |
SHA-512: | 5F1843DE6ADD8A577894DE77FF2B17D85763FE47EE8ABAECD9964C3582B89A2712231ACEF13D9112AB3C2DDC90CC576D6A9BFDDD302C4A1D643E61848AB580D1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.267688051051789 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfYdPeUkwRe9:YvXKXJ5VyYpW70sGg8Ukee9 |
MD5: | EA9AC191D5060D7899B3F83F14F5BBB4 |
SHA1: | 2953623AAD5C9F2D811EF5AEBD404BBA8D5FA858 |
SHA-256: | B17D78C4D62F6A11502390E5110023A3B04318B9B367A2D02DC0DB743DFB2C62 |
SHA-512: | 6EF29CE276C66A384D677A80235A6AEC1074DCC581C0DCA58523C6F5E9444EE9525E5B9E5EA956C4E4D8F71E3602F5329348E1882B68945C9AC3FFFEDAD560A7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.775912983926792 |
Encrypted: | false |
SSDEEP: | 24:Yv6XNi07rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNf:YvnKHgDv3W2aYQfgB5OUupHrQ9FJR |
MD5: | 400243EB3A994161CC4D52B52AF7486F |
SHA1: | 4E4B9CFF8A091E125A2FB6988A5B1E77756DCE92 |
SHA-256: | 03E52A2FAD798EB735D5C1195C70A72E01912717A4239D218E1EA72939F4A9B1 |
SHA-512: | B388EA0F39A87984A1C16CEED0791EB950A7CA74F6118D7EEC079DEFEB1D46A0489055F36B2D92B25D6060289DB4AE9A33CCE337E71EE9F88419CF449DBE69B6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.251457223976157 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfbPtdPeUkwRe9:YvXKXJ5VyYpW70sGDV8Ukee9 |
MD5: | 4169802E80C6FDF9105F08B26078CEF6 |
SHA1: | A4765F8EB0B18F24A26847673DD0D3E67A232305 |
SHA-256: | D845CD33E2998E62AD6FDE63E3BF836D365630DC2F5F2BB694DE1E85948A1FE3 |
SHA-512: | FE99D25EC796898195DA31D395AB5A3294C9675ECDF4BD019410003A402B51EB5AE2F572C6F20511FD555B5798BE56DA9031F90945D6B9EBAE6A6A7FD6E7968E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.252979063219998 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJf21rPeUkwRe9:YvXKXJ5VyYpW70sG+16Ukee9 |
MD5: | 6133272EBE88DBFF57FA1721A5312C70 |
SHA1: | BCC5F8904122429471E90AE95DE937E697DF596F |
SHA-256: | B0B7E7F9C705BDBFF0F42229CFAA2DF3B2ADBA96A655FF07F1F51864F6E038A1 |
SHA-512: | 62FE961C0AB8DE2FF070C0EDEA37996AA45B8932252D9D25139705CCDE363B5130B4BEC9775559CB169B4B71E28182496285CA1CCB085F4ABA81BCC39A3714B9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.27391715676899 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfbpatdPeUkwRe9:YvXKXJ5VyYpW70sGVat8Ukee9 |
MD5: | 6C4A86C25B5F06BF2C1953B1A1A9999E |
SHA1: | DF66E4B7C54041FBE2ECB851C9706A7A81672A71 |
SHA-256: | 334D851CC872EC6E8DB971C1F21235F39E0294ADA6622E8C0E3B15EC7084B04B |
SHA-512: | 9179297CE22D7839BA99F023959AE82CDAFF205703D58CE2FB20DFB0B9589E4BBBBADB6F8B72816706004ED598CDA8361C8C8BDAF8406BF82439F0EE98CD7C52 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.226572270652176 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfshHHrPeUkwRe9:YvXKXJ5VyYpW70sGUUUkee9 |
MD5: | 2D35492CD65F3C03F76206035418F3C2 |
SHA1: | A7B0EA2F34358B3FC072E420D8C57380A07D101E |
SHA-256: | 8722691B0E49B746FE6E82C9D5722AEC1AD5059397C5A77591C3F81F85BED35B |
SHA-512: | 4441813F8444E7D42F82CB51C3013CD3D96C639A088CB86688C2BA527E02DA041D237496AD04639F83910CD538FDDFA41038406B09D421A7D75CBBDE51FD648C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.364817329707188 |
Encrypted: | false |
SSDEEP: | 12:YvXKXJ5VyYpW70sGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYlO:Yv6XNi0C168CgEXX5kcIfANhu |
MD5: | A119DD8807642CE156BCC1004B0EC15C |
SHA1: | 0297E129ECF38CC77CABFAC2400B6A97F0772AF5 |
SHA-256: | FFCD0D438C16D7D5760DF3341ABF93DD525638B1FDCB98C2A0CFE72FC20A2CDF |
SHA-512: | F1CB9D80341799727CCCDA6963842E607613D5C82A7B8CE314AE09C3BA1597D62C346EE7FEABC3CE509E6BC64D2B111230804E3DFD270AA3940BD66BBDDF8974 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.137057433976164 |
Encrypted: | false |
SSDEEP: | 48:YYoDVbSSD3T/eh7hhXVGzT2PPjHJg3pb9jr:oSa3T/e9h/GverHJKPjr |
MD5: | BB5E575B1C63A8B0ABF1CC7579BF7634 |
SHA1: | C7A486C98CC3B9ACE7B1D863F410046A85BDCB3F |
SHA-256: | 216CA7CCF8D9804C7BE046495C95382BF388A900B1E6AF81ED4C3B79F40F7C9C |
SHA-512: | 2FD100D6E998BC0EAAE8F0ABA541ADEB7C64FD12C8E256587FBFE371432197ABD10761209322BAE6A53FF4AEE8658F889ED2F295D1530FBB554EBE00B05AC0FD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9844613780377172 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpaaLkn4zJwtNBwtNbRZ6bRZ4VaLknF:TVl2GL7ms6ggOVppzutYtp6PU |
MD5: | 1B5BB763A77D99E7477E038A5DDC12FA |
SHA1: | 39A1A23BDCA3B052841CB64C23F7E50991AAB57B |
SHA-256: | 23363A112EE70F65BABA4489EDBA5B5249A36E88F5C1D051D2E89E771D2BF6B2 |
SHA-512: | 8D0BE6AB4809001ADF671B6A3DDB333434B723919F17ED871EA21FEC4F2366596890387BD4192E963C4B3D324DBAE6AEAC738E4DA78218D77A5EBBCB29701766 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.334687379567044 |
Encrypted: | false |
SSDEEP: | 24:7+t4UAD1RZKHs/Ds/SpaaLknPzJwtNBwtNbRZ6bRZWf1RZK6qLBx/XYKQvGJF7uT:7M4UGgOVpyzutYtp6PMrqll2GL7msa |
MD5: | 6057FA7466D0119BC940323F7C2580B1 |
SHA1: | B9089820EF068F75B3CA58FE1230E7ABA557ECD9 |
SHA-256: | 29CB1A0A2E89A0D21B2B3F5885C3DB0DF0831844E804EDA6990BC0511F01AE9A |
SHA-512: | 837DEDD03F54FB00F0F2679C9B8C2B92CEA007B67F1B3C29DD28839E167F4B37D40794E57BD89C14D0D1DAB4E2C126AD6DAEC365085DD1B2B3671DE90AB2D207 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.529459928009153 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+a7+dwlYH:Qw946cPbiOxDlbYnuRKO+ilYH |
MD5: | 3E0DB1AA4BB664858960C96CA9255C03 |
SHA1: | 01631A0CDB53CCE66640AD2D0453400D8B8D2470 |
SHA-256: | 4686BFD280EB0C73FDF07176D8F01A5AD03A335D663E94CF06D9ED404C167A06 |
SHA-512: | F5F166D49CDB3B1700C7DE109ECEC360A3A7EA88D3B0FB1B3BC92EE091653D5595066ECE2C9D62B7C32DA2FC5C148929C2013FEE3C45986AE9C53C9FB8D8A6DD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 19-25-24-996.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.36207903089982 |
Encrypted: | false |
SSDEEP: | 384:fD9ZSgjYuvB+ed+QOErQEYtZmD/H7vgc7WU6mUCXjVWEvaDzcbklilA9oOkbkcop:KoM |
MD5: | 2C2F6B917066C71FF2FED0065692A7BA |
SHA1: | 2C2F2A0FF5FEF89ED3FBA4060C4A5C21B8AA9668 |
SHA-256: | 7027B653F38D3E52CBBBEF8F6BD0DA88CB4BF2DFD9B9112A662E8D6D9AFF6CD6 |
SHA-512: | 69BF12391E65CD12FA83B6A6EEC0C99C9F10CCFBE8BDDEA030FD71250406C7FDC62FDB92F3C24D30784A82C54BD6617BD1F0D05C10882798A824E10835BB5ACC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.390692000403136 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbb:TA0s+ |
MD5: | CE84EBE9642B62E14842D546D9975ECE |
SHA1: | FA99EA202AB1A1B7423D71E6901E27D065620CA3 |
SHA-256: | 47F6C6D5747F7ED6DC7EC52B8F480B582023E21F9AA209C97E6671071C37B096 |
SHA-512: | 86529652AD0559AEBEFB581593C622DC4876C98B656BCB6C7BAD5236A996D5B66A2579784C53E7F2AB8A8627A979CF113612C9A35F7B5F8D97E65E786C811BA0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.718817884611854 |
TrID: |
|
File name: | 630081273.pdf |
File size: | 99'497 bytes |
MD5: | 76992deaf0d92a2ff008e15c4c1bdbfd |
SHA1: | babfec1e36a55c0444b19a217144df0b01d72bc7 |
SHA256: | f3be6cfd54cc5fa38233115d965f28ed2d85a60011e41d1418c5a4fc3a16cf09 |
SHA512: | bfd589fb6e55080badb4ccef402c44ea3d77001135de81b80802bf323433f94eaaad6c94a05a591890eb4b302105f63393b1ce080ab2ad8105bb61c7714ca846 |
SSDEEP: | 1536:HfMfCCv9TDTBIKZHvdzey+R8O0HuJOIoOCn4UV:/Md9D7hVCUhOJO34C |
TLSH: | 70A3F607DC058A87E05C93FDB8072DBC2A4D2A1CFA827BFB10754ED67E609665D4B139 |
File Content Preview: | %PDF-1.3.%.....3 0 obj.<< /Linearized 1 /L 99497 /H [ 561 122 ] /O 6 /E 99168 /N 1 /T 99319 >>.endobj. .xref.3 6.0000000015 00000 n .0000000512 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.3 |
Total Entropy: | 7.718818 |
Total Bytes: | 99497 |
Stream Entropy: | 7.712055 |
Stream Bytes: | 98160 |
Entropy outside Streams: | 4.851207 |
Bytes outside Streams: | 1337 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 8 |
endobj | 8 |
stream | 3 |
endstream | 3 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
7 | d0c4d4d4c4cccccc | 830543ac2af86e1ab92dbeadf77dad94 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 19:25:35.126375914 CEST | 49715 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 19:25:35.126476049 CEST | 443 | 49715 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 19:25:35.126605988 CEST | 49715 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 19:25:35.126854897 CEST | 49715 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 19:25:35.126892090 CEST | 443 | 49715 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 19:25:35.459707022 CEST | 443 | 49715 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 19:25:35.460055113 CEST | 49715 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 19:25:35.460079908 CEST | 443 | 49715 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 19:25:35.461206913 CEST | 443 | 49715 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 19:25:35.461302996 CEST | 49715 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 19:25:35.463802099 CEST | 49715 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 19:25:35.463922977 CEST | 443 | 49715 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 19:25:35.463992119 CEST | 49715 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 19:25:35.504117966 CEST | 443 | 49715 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 19:25:35.508219957 CEST | 49715 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 19:25:35.508249044 CEST | 443 | 49715 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 19:25:35.555145025 CEST | 49715 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 19:25:35.589359999 CEST | 443 | 49715 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 19:25:35.589494944 CEST | 443 | 49715 | 184.25.164.138 | 192.168.2.5 |
Apr 25, 2024 19:25:35.589629889 CEST | 49715 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 19:25:35.590013981 CEST | 49715 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 25, 2024 19:25:35.590032101 CEST | 443 | 49715 | 184.25.164.138 | 192.168.2.5 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49715 | 184.25.164.138 | 443 | 7228 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 17:25:35 UTC | 475 | OUT | |
2024-04-25 17:25:35 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 19:25:21 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 19:25:22 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 19:25:22 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |