Windows
Analysis Report
B0CVFJGTZY.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7332 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\B 0CVFJGTZY. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7528 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7760 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 04 --field -trial-han dle=1524,i ,110718114 9286108236 4,15687375 1645940262 52,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
184.25.164.138 | unknown | United States | 9498 | BBIL-APBHARTIAirtelLtdIN | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431854 |
Start date and time: | 2024-04-25 21:45:30 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | B0CVFJGTZY.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/41@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 96.7.224.35, 96.7.224.81, 96.7.224.58, 96.7.224.59, 184.31.60.185, 23.22.254.206, 52.202.204.11, 54.227.187.23, 52.5.13.197, 172.64.41.3, 162.159.61.3, 96.7.224.9, 96.7.224.49, 96.7.224.48, 96.7.224.67, 96.7.224.64, 23.34.82.70, 23.34.82.78, 23.47.204.33, 23.47.204.4, 23.47.204.8, 173.223.239.135, 173.223.239.171
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
184.25.164.138 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | RHADAMANTHYS | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Lokibot, PureLog Stealer, zgRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | DarkGate, MailPassView | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
BBIL-APBHARTIAirtelLtdIN | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2528392225323595 |
Encrypted: | false |
SSDEEP: | 6:3U5++h+q2Pwkn2nKuAl9OmbnIFUt8MU5+0c5Zmw+MU5+0ctVkwOwkn2nKuAl9Omt:kE+svYfHAahFUt8VE0c5/+VE0cT5JfHi |
MD5: | 4D7840D44511615CAA6B6830C9DE1ECE |
SHA1: | 268948D699718FC3099324510D690BCF560B37E2 |
SHA-256: | A812659CA752F8F6637048CC0B4B10C28FA7E78755DA69E41762AA0D44299CF5 |
SHA-512: | DFCABC218069C7C0AE1A4FFCAB80BEAB760D827C2FBB1DC7463F1A357C1BCAD7A98BF37B5E413E4D507B6B55392B81F66ECAB2D6D0377D4FB74FE61D07225605 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2528392225323595 |
Encrypted: | false |
SSDEEP: | 6:3U5++h+q2Pwkn2nKuAl9OmbnIFUt8MU5+0c5Zmw+MU5+0ctVkwOwkn2nKuAl9Omt:kE+svYfHAahFUt8VE0c5/+VE0cT5JfHi |
MD5: | 4D7840D44511615CAA6B6830C9DE1ECE |
SHA1: | 268948D699718FC3099324510D690BCF560B37E2 |
SHA-256: | A812659CA752F8F6637048CC0B4B10C28FA7E78755DA69E41762AA0D44299CF5 |
SHA-512: | DFCABC218069C7C0AE1A4FFCAB80BEAB760D827C2FBB1DC7463F1A357C1BCAD7A98BF37B5E413E4D507B6B55392B81F66ECAB2D6D0377D4FB74FE61D07225605 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.164717695371136 |
Encrypted: | false |
SSDEEP: | 6:3U5/AdpM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8MU58SZmw+MU58oMVkwOwkn2nKuAv:kx4pM+vYfHAa8uFUt8ViS/+VioMV5Jfg |
MD5: | E4B6F3299EF2EF165A01406C84F86C84 |
SHA1: | 51B625D9F0873EA2B7650B6EB7C4CFEBF3BFC88F |
SHA-256: | 94601A0A0EB89E41891542547A86D8C94B83FA4E84390D26AED551C83459F7A1 |
SHA-512: | F16C0884503A1E0242FA5367B3C21DB9C4DE30BC6F993B453B7D8F8E2BB1B225F4BFBA99BCC3A8F534610160C25E213DA650EE2BB8492D65319EF0814DDE3254 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.164717695371136 |
Encrypted: | false |
SSDEEP: | 6:3U5/AdpM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8MU58SZmw+MU58oMVkwOwkn2nKuAv:kx4pM+vYfHAa8uFUt8ViS/+VioMV5Jfg |
MD5: | E4B6F3299EF2EF165A01406C84F86C84 |
SHA1: | 51B625D9F0873EA2B7650B6EB7C4CFEBF3BFC88F |
SHA-256: | 94601A0A0EB89E41891542547A86D8C94B83FA4E84390D26AED551C83459F7A1 |
SHA-512: | F16C0884503A1E0242FA5367B3C21DB9C4DE30BC6F993B453B7D8F8E2BB1B225F4BFBA99BCC3A8F534610160C25E213DA650EE2BB8492D65319EF0814DDE3254 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\78bcf6d5-b2bc-43fd-86c9-b90edf718c56.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.957862660042655 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZhhsBdOg2H8Acaq3QYiubInP7E4T3y:Y2sRdsTdMH8r3QYhbG7nby |
MD5: | 633C4677AB384D0D0DA548B0F5398E1A |
SHA1: | 0526B5C216DF08DD183AB81BCA75E594253F56E2 |
SHA-256: | 8A2E2DB8ECA8A44023F26A492B23B5F385C40E92237A06A9EB38307A6ED1B168 |
SHA-512: | 263F29D36192F59CD631735C75D9E3512E0C3FFCFA848AF3280978DD2C5A7C8B65C4E27AD389A1AC6837625C7E3213164D97E1C1467D8A4D8176EB6B394E9F9F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.957862660042655 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZhhsBdOg2H8Acaq3QYiubInP7E4T3y:Y2sRdsTdMH8r3QYhbG7nby |
MD5: | 633C4677AB384D0D0DA548B0F5398E1A |
SHA1: | 0526B5C216DF08DD183AB81BCA75E594253F56E2 |
SHA-256: | 8A2E2DB8ECA8A44023F26A492B23B5F385C40E92237A06A9EB38307A6ED1B168 |
SHA-512: | 263F29D36192F59CD631735C75D9E3512E0C3FFCFA848AF3280978DD2C5A7C8B65C4E27AD389A1AC6837625C7E3213164D97E1C1467D8A4D8176EB6B394E9F9F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4320 |
Entropy (8bit): | 5.253826749261448 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo78duyezs1:etJCV4FiN/jTN/2r8Mta02fEhgO73goO |
MD5: | B446CEF020159AE1124B72D652F9618D |
SHA1: | 7286268C2E1B309D13409878FAA188A6F9800127 |
SHA-256: | B4BDB26DADB51AF11E0C6DE0E7DF47C9AAD3B073F503C7228D9AEDEA340F2F94 |
SHA-512: | DDEA0BFAE800086245D372408CFDA33C5D781F7514027FABF9BB9EA78F7FC62445ABBC6F9CB7B6856AD12D336341C879FAFAFBBFD0AC7643314BDA745979386A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.1425558259729565 |
Encrypted: | false |
SSDEEP: | 6:3U5U/jpM+q2Pwkn2nKuAl9OmbzNMxIFUt8MU5U/jmZmw+MU5UGGqMVkwOwkn2nKA:kK/VM+vYfHAa8jFUt8VK/K/+VK4MV5JH |
MD5: | FEDC3FAC76CE2EBD684959137B31D271 |
SHA1: | F7522A1B18841DEACCDB7821D3C7F08519EA2B8F |
SHA-256: | CB2268082BBFF262614434A7EB322DCA0DF80E80E4393A3EE7B331A79F8B750A |
SHA-512: | 1F51C8032BD4DCE7D99E97A4B98482C9A0A2274A2B883A30D3DBF201554F0E24BBF39C7FE430A80E6FBECBA574ABBC2922CFDAE91FD3BE87F389958CB1424E22 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.1425558259729565 |
Encrypted: | false |
SSDEEP: | 6:3U5U/jpM+q2Pwkn2nKuAl9OmbzNMxIFUt8MU5U/jmZmw+MU5UGGqMVkwOwkn2nKA:kK/VM+vYfHAa8jFUt8VK/K/+VK4MV5JH |
MD5: | FEDC3FAC76CE2EBD684959137B31D271 |
SHA1: | F7522A1B18841DEACCDB7821D3C7F08519EA2B8F |
SHA-256: | CB2268082BBFF262614434A7EB322DCA0DF80E80E4393A3EE7B331A79F8B750A |
SHA-512: | 1F51C8032BD4DCE7D99E97A4B98482C9A0A2274A2B883A30D3DBF201554F0E24BBF39C7FE430A80E6FBECBA574ABBC2922CFDAE91FD3BE87F389958CB1424E22 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.4449986289457915 |
Encrypted: | false |
SSDEEP: | 384:yezci5tPiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rEs3OazzU89UTTgUL |
MD5: | 59BF5BFE0673AF1A76B5C08A8A43ED6C |
SHA1: | 42D8F05A8E630DB6659EBF1DCA25AC4D80F13705 |
SHA-256: | 2B79DA1CC0E15F12913A80A90907D74B3E648DFF000DD143504E7CC295DE0958 |
SHA-512: | 7BCC39A736A8199EA625EC0A6E988FA2AA51A80959309AC552136A23B47987F64F91124141108BAB16D47DED34C6EDE40CD2933A1B58BCDEB6BDC0E49F29426F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7735897410475796 |
Encrypted: | false |
SSDEEP: | 48:7M6pA2ioyVYioywoWoy1Cwoy14KOioy1noy1AYoy1Wioy11ioyeioyBoy1noy1O/:7ppfuYCfX2jipb9IVXEBodRBkW |
MD5: | 0012B2EB6B943945B19E15DCA853D491 |
SHA1: | 181496AFC84FCCD38FD1892469CB9E98B52C296B |
SHA-256: | 1C33C65A6F1CF3C2154057B9EA3430814D43E775EBBAA57DCF0BE73C2AE36E64 |
SHA-512: | 8C0537A2069AB1144889CE787AA53B6B1D7F94B5ED49BF01DB1E571FDBAD417C16AD63028735CC9A0C44B5C821801BB526EA231DEB1AF70BB44C875EE7B1FEB4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.361615678842941 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJM3g98kUwPeUkwRe9:YvXKXFeUEz3EZc0vAYsGMbLUkee9 |
MD5: | 6A3B0444FD4DD0E894955E3F80390609 |
SHA1: | CFACC7D80BA406A1F607981A6954688DEE8DD388 |
SHA-256: | 23F91D5FAD78B0B4EF727819D7861F94DADC762E927847787A921D03B6BBA6BE |
SHA-512: | 4E79370A40D00C582C8C484EAE5B0FA7135623FB18B4556269E204BEFCAB209E00C6384EBD2FE6C7ABBF6A29227B7A0FB6058B20C20EA6BF91A4AEF9F85DB55D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.313687484437564 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfBoTfXpnrPeUkwRe9:YvXKXFeUEz3EZc0vAYsGWTfXcUkee9 |
MD5: | E9C332CEC5121E72B4770DF13DE9BF88 |
SHA1: | C66EDCB6D6AC55B4F26914E9F7C5D2A5A8C0F05E |
SHA-256: | 1480EFDD126282C550ED061A7C68F70E76592BF171FCC58BC3135409D7E58A54 |
SHA-512: | BF4014CF6702A0635BE1DB63885E28CC2596383977E40B29BF43D626104A6F2371529C163061A77907D37D8D9B0B09E4AA9D41186D62B83F04062982534DCA71 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.292393698664442 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfBD2G6UpnrPeUkwRe9:YvXKXFeUEz3EZc0vAYsGR22cUkee9 |
MD5: | C1EFCDC5FC4C3B9BD79F5EEFBF263BF0 |
SHA1: | 19527F3F125651CCAFDD1974924635ED5F4B9689 |
SHA-256: | 2B4514866853CD01EB2D6F60FE2D9A6AD57A421350EE9645B9C665C8841EBEF1 |
SHA-512: | 366F4AEA1B7328AE7AAC5BB5944E7E4E7150F62D9B6EF61C74EBE9DB6A55B0570B2A5A5A51FC26501DB5E9EB5EBDF05B6B0B63C00B733D0EFC66014CADBF5DA2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.348564861968828 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfPmwrPeUkwRe9:YvXKXFeUEz3EZc0vAYsGH56Ukee9 |
MD5: | 92C7A1C51B5A9F489B621E8281A3FF5C |
SHA1: | 6EB1F2DCCD621266B50D92060C1B076C4003E0AF |
SHA-256: | E8B1FBD090B9EDB4CEFFA3236238805E45ABC01CFFD8DB2622AB82584E479ADB |
SHA-512: | A30494023C3D75EDCBFD1AD418E4BE50A11BD216C816E653BF4CD9831909E11291B96E0E1A4BB1927A955555FCA6273B4261F8F550DD8B2AD8C3A494713443C5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.3088428346322605 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfJWCtMdPeUkwRe9:YvXKXFeUEz3EZc0vAYsGBS8Ukee9 |
MD5: | B18431976734640659642E0DA8082DF2 |
SHA1: | 4D343EEDF5D516574721DB926E273D9D27E4DA41 |
SHA-256: | 01491450CFB8DD43BAC35FDD2441CC41FBCDBFC6C299948A28B10CFA4BF6DD11 |
SHA-512: | BF93E7B694AF945D5A2CF715FA8B6CA35CE816490A381DF08DE728959C123A09261795B02EA42B53D2238BA620AAC45F99916F8D4A464643EBB0FBB32AE7A578 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.295923466540315 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJf8dPeUkwRe9:YvXKXFeUEz3EZc0vAYsGU8Ukee9 |
MD5: | 4617A5DDDDCD580BD524DC3923B2B31C |
SHA1: | 27BA0A8764EE97DC026CB0094FC6E950E94E994E |
SHA-256: | 4D370CEF7739CC7EC617C1A285D1483FBDEC45979E48FFB192EF81333C9480E2 |
SHA-512: | 1AA017BCD0772E4217DF9E2B2B033EEC2503C1D842BDDA88C6E32458745F37B870AF14C0034D79817FC6CB4E58793AE3FC64E038D3B031AED32498B25FE922B6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.300722209877115 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfQ1rPeUkwRe9:YvXKXFeUEz3EZc0vAYsGY16Ukee9 |
MD5: | 32A1E4897ADD64FE0BD056F3541920ED |
SHA1: | 2A27B46489C86EE3B52FC670239BB942CDBE260D |
SHA-256: | B58DF9E90E01C5B5C6F63088E4FAB681D7DB35A56FD03F6AE7E920822C813596 |
SHA-512: | C5AB2A2232BB9D6AD98E29B62E51C4A405B10990F42859338168345DF8B42972B927C9D83DE3CD0AC2A68828AEE8EA41A987C06FAB0F65203788A70326A9B5D8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.305731682553468 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfFldPeUkwRe9:YvXKXFeUEz3EZc0vAYsGz8Ukee9 |
MD5: | BE1C327B8EA2DEB2407990AB80E07B08 |
SHA1: | A38F0C1D6EC1EF1F484D6397B963711AF762E52F |
SHA-256: | E7F4DD4AB2A8AF56E54B0B32F23EE945254E254860144F8833F72BE90557C99A |
SHA-512: | 8595B13E16EDC8F512CADF1C8138C6B7DF39E85715F7D5DFB732CEFA4CAE6DCAA2B9235C6004535C45444201BA20B84F04546785460ECC9196EE4BEAAE5C5B6B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.7385275023099265 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRw0zvAYUKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNm:Yvj8Y7EgigrNt0wSJn+ns8cvFJg |
MD5: | 8AEF7617817EC71F2C3312A01D6A6C67 |
SHA1: | 81D603D86185CDC8AD65643D903AF5D65B07606C |
SHA-256: | 42F8425DC84EBCEE96AABA68C19FCDA495F7AEA219EB7D8D00FB0DCE9CD397B4 |
SHA-512: | 711BD9BB656B9D3446DFA531267437A56D0E86A2AB7E2752D6807D744540F72D9C3966212F703CF740A106E65926C0FCFC9D1AAC7881831B85A8CC4928BF49E6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.302007927702095 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfYdPeUkwRe9:YvXKXFeUEz3EZc0vAYsGg8Ukee9 |
MD5: | 4D02B4A9A174B0017CC11F8320B64643 |
SHA1: | 34068F4B73E5E479BD88865C747372B888B3E752 |
SHA-256: | DDBABF2447A3371CBC305B703FDE45DE62B12A39E1A94A2395A6C572C5A20D5E |
SHA-512: | 7B652DE8059F9934416155C8CF15A961DDA6C1600551D5DCAA21D637A58A20388615EB311CE8E289F66EE3EB78E07DF260EDCDF3C6A386F01E39805A68233AB0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.777844019767542 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRw0zvAY7rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNO:Yvj8YmHgDv3W2aYQfgB5OUupHrQ9FJ0 |
MD5: | 20F702BF8D739A0B0D175423750AA0EF |
SHA1: | ACAA87A72E058BABC2FAC1048B44C0AC5E2C7BC3 |
SHA-256: | 13BE3B7D710306F2FC2A65F2D395733CF4AD87AD9083C74C2D2D61D75FBF9D2D |
SHA-512: | 6E8AC0BD43CFAE35397E9DD2E29AA0B5525C8FE58F84E0E39455F81AAB10BAD6E7C448355092496772426243A13E46FA65E2B80C17C87526A2F6158889108003 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.285541225185567 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfbPtdPeUkwRe9:YvXKXFeUEz3EZc0vAYsGDV8Ukee9 |
MD5: | C8DE651105BE85099BFCD2BF3D758842 |
SHA1: | BF4D85BD5FFBA6FAF54DB82F176BD62277D1C2B9 |
SHA-256: | DAAE25585822A593D7FB2E5E39795AC037B98E2BC47F3E850C5B581459B643BA |
SHA-512: | 29303496E6B9ACCBB04E35814C1EDAC1AC200B44316E9D6FB6555DEA4E9CBF099ECE2A9353C6194928304B49C5D8125F44E90D4E6F17CBC9724794AF0A2AF6FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.290795747293072 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJf21rPeUkwRe9:YvXKXFeUEz3EZc0vAYsG+16Ukee9 |
MD5: | 4DB1D86D4D6E317B29527202DD506671 |
SHA1: | 4A4F91CB00916CC30CDAFB63A45AC4722E9551AC |
SHA-256: | 5D7BE85B27F57BFADEC17C40192414CBE2823D1439945ED1EF8563F9AAB8F307 |
SHA-512: | A837D452FDAE657EDB3DFC072CFE21F401CB8004AB9ED08ED3992AC6B4CBE3CFCEB74A16F398A8307BFF98C98709D0209B1EC802DC2888B91A146DA56E231F77 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.308549238386021 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfbpatdPeUkwRe9:YvXKXFeUEz3EZc0vAYsGVat8Ukee9 |
MD5: | A14FE1695DE89A8D8F2972E408C544A7 |
SHA1: | 0900B5AEACE1ED40135130332DAB5DFC49590BDE |
SHA-256: | B25BE637A4CE47CA2BD8CBCA4172B5E17F44D7684F7240B343F8237A2CEC583A |
SHA-512: | 58242C717294B91906F70656518663B793C163CD783A60784F8C90C475F67DA72585433FA9907BE0786AA1737D128F3B4F46D8532BC7A1D43F04153DECFC121B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.266587699570015 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfshHHrPeUkwRe9:YvXKXFeUEz3EZc0vAYsGUUUkee9 |
MD5: | C37BC1B4C578EE19E2A77865A415B6A0 |
SHA1: | E33A598E67719C05FE4AFAB213933A761D9EB443 |
SHA-256: | BD2814AC6B5216B3F5C4BA87247E15952B18A19C1925E417D2BD0F9779CFAC79 |
SHA-512: | 489D662DA3DEB354FCBA53D3FB1486B5E0466446DFDA495B46195D0A9CE2704F41A7CEF38B52EE1E6F050C4F944404139F94F4F1813F008B3BB80AB81E3AA146 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.366838024114456 |
Encrypted: | false |
SSDEEP: | 12:YvXKXFeUEz3EZc0vAYsGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYZ:Yv6XRw0zvAYC168CgEXX5kcIfANhf |
MD5: | 22D08A0DEA4EBBE8EA0C93C7B626AEF1 |
SHA1: | 6492F1B4403B52DD06BBAF6BF0BF29412785522F |
SHA-256: | 6A7E6BAB941717E82ECAEF0FEB0D00CA1086E744E9B71F8645176A6BF384C0C0 |
SHA-512: | CE19226CC2FEC53A9EFB3E76F33A91598C40B808B8D8CE6118601E170BB4AD11D85AB5BCB45F2957FBFF3C8821558A839B237D4E3E978ACA1EC72E1919C1193A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.135163337914118 |
Encrypted: | false |
SSDEEP: | 48:YjJShQuGuZPwzMrpgMeqEAdIM/ryDyAMSIrMJDlG+ENNh9Gxx1:qGP4MFBxECFDyD7AYDsnQ7 |
MD5: | 80A35B8F0B270EAD01B43873103D0541 |
SHA1: | 15824246C8376E0818F7139FC75A3BD9E68F77A7 |
SHA-256: | BB6CD97EE909BD45DA4AFC53E17F67BE3F4F8814F6FF82D31A73E90265439E4E |
SHA-512: | E706CC7EAEB01A523A9433EFD55941ABE1269318968EAB301B64CCC7B24A1A6A44678F3E83D9ED8CBEE1EB6037DF8D46FD2D2D8345D50088AA30A0404878319F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1889630154038788 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUVSSvR9H9vxFGiDIAEkGVvpJU:lNVmswUUUUUUUUVS+FGSItVU |
MD5: | 81DC5A883B6793B5CC72407956196AB0 |
SHA1: | 45314BBD75F213F40D26F9D0D1E4FA132E400A28 |
SHA-256: | 9F22301C2E86F14DC78DD6CAF5D2AE6711404E7194821A01336DF10DE8A2E1EF |
SHA-512: | 6DE91702E72173300C4A6B8B64EDACE323846DDD9D21F9884F6FBFE97DCC934AB4BDF24319F4D92ECB6E617D0A2349A92E314A8FC3156AC64BE0F2A8F3B2F4B2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6087959304880828 |
Encrypted: | false |
SSDEEP: | 48:7M+CKUUUUUUUUUUVAvR9H9vxFGiDIAEkGVvfqFl2GL7mseZ:7hUUUUUUUUUUV4FGSIt9KVmseZ |
MD5: | 7F9B64C2BFC29EBF859C705EC3855915 |
SHA1: | 23DA9732FBF8A1EF5D1CC78D4ADD545E2568AE4E |
SHA-256: | 7669E4D4B93901B0B21478E4D8504704495FA5A8F5B1164A53596A35CF245F81 |
SHA-512: | 4D7772F490C3C9FFEE2DD682D73BA422C3ED0D6A839CF9BCFEA186001718B197810C81D509DD7F31BC36BDF8656666C58A138DF7C6414B46DC05C1C2EDCE2011 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5136057226030957 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8++0le:Qw946cPbiOxDlbYnuRK8 |
MD5: | 8EA50D0C5217C726905B78C8239CCC8E |
SHA1: | E37976C8619BA5F4FE0B01E1412BE5479E24E6ED |
SHA-256: | 8F5F14383E7E8D9782F31F1D3124B99F8CBBC71AB899C6E88F38F7CB6AB1C6E4 |
SHA-512: | 95587A3E359F94CACE6CC7B446700D93FF87B3F645DE2D5B09E2C12E57E84316754EBB7264BE0C6A5754E0142E9AB8A0B72C7EFBD93A75E5C4B68F62B1728E6B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 21-46-21-685.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.334706249108577 |
Encrypted: | false |
SSDEEP: | 384:1ftMddQcZIc9OOXJkHyAyHmO5ucPvjVBK7RnLBcV1RkI6H+e5Bjk7kBoc2Z1a6O7:1j |
MD5: | 067DA26709DDA29AD533E1380CB74A49 |
SHA1: | 42715CEEA927CEE286D438FAF15A8FA0B46A8D56 |
SHA-256: | 5C93E42574759A5EE945B33F7DE4627CDE99D6B0F390D3F67CFE3ED80150FB2C |
SHA-512: | 8DD3FDAE82024D032944E83F00AC3D16CA0453841464E9D57AED0501E0EC490F5DB1A523431F60C7DF294D6452AFEFBC616E6C34C4ACD30BBD74BAC0B051A956 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.39367352436077 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rq:m |
MD5: | 586E879A26D46B7CC35656A65CD55997 |
SHA1: | AA8402213FBA94D0D699D2EF00BB859B742A82DC |
SHA-256: | B84A2200F92CD09954FA19A068DD2CF28C646B6B84D2B8AD057CFFE0A542912E |
SHA-512: | AC51E1E206E6165DED2196DA647459689D7CD1B85A51FDEA581AF5B9737902B94618725B36244AECEF7A11423037888B6ED3793C3D1259146816690A5B97B292 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLcGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLcGZtwZGk3mlind9i4ufFXpAXkru |
MD5: | A46246FAEAB95D87F5B4FE236C2B3D3E |
SHA1: | 7F018DB9238A63FEAD8D11A92297E7366058A75A |
SHA-256: | 7E822FECC47177C5A7F4C250E7D53509D104DE68B0D0CE9445877B508400988E |
SHA-512: | 8AAB79958BF39F014FBA7F69287FE0C357746E63FA3482DE3231BDF4A97B964A0815DAF7BFE9751C55BA6BE618E0A964CEB23FC30B4FA9DFEB284F42EBA897BF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 2.7417284292325386 |
TrID: |
|
File name: | B0CVFJGTZY.pdf |
File size: | 3'342'153 bytes |
MD5: | ac5b74f11fd6e27983a5883b7b6ff3b5 |
SHA1: | 87749916e71702d0678fcf722eb73c24ea701b52 |
SHA256: | 4fc3f5c6068ed6bc23f00d8d5171ff22c23dc38209d677839b681ad11500af5b |
SHA512: | f6f4ca635ddea9c221ff8ec21981839e8465e7d21269625bd6b0a873070334b3db17a688aae53a532c03ae3aa36c5b583705da5b1804f1bef51e1a64c76236a8 |
SSDEEP: | 12288:L1HUe+Pud3K2CjJzWpSCZJj8ejm9UoPAJ77zEXk8V+KboVudiavqMkFTKG8T6Kbz:p1xdaFCpSm98AYkgXkzKVdix3pKUdifN |
TLSH: | 97F51236EC18E49DCC8AEBB2EB9D35D58A86B3224BC5741A40184D43B1D0A25FF777C6 |
File Content Preview: | %PDF-1.7.%.....1 0 obj.<<./Type /Pages./Count 107./Kids [ 4 0 R 33 0 R 56 0 R 93 0 R 121 0 R 147 0 R 163 0 R 175 0 R 188 0 R 201 0 R 204 0 R 207 0 R 209 0 R 220 0 R 222 0 R 224 0 R 226 0 R 228 0 R 230 0 R 232 0 R 234 0 R 284 0 R 295 0 R 298 0 R 302 0 R 31 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 2.741728 |
Total Bytes: | 3342153 |
Stream Entropy: | 2.660027 |
Stream Bytes: | 3304017 |
Entropy outside Streams: | 5.256242 |
Bytes outside Streams: | 38136 |
Number of EOF found: | 0 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 209 |
endobj | 208 |
stream | 56 |
endstream | 54 |
xref | 0 |
trailer | 0 |
startxref | 0 |
/Page | 19 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 80 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
426 | cc86b23333710707 | c525045fe444505149cd40d1c517a1d7 | |
446 | 0221696102068382 | e63210b0d4fb6ab444dcf316d53cb9fb | |
480 | 4a52393525292327 | 106f6f3ae1be9726e473c729b37a165b |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 21:46:32.058677912 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.058715105 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.058787107 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.059412003 CEST | 49741 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.059452057 CEST | 443 | 49741 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.059525013 CEST | 49741 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.059838057 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.059849977 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.060214043 CEST | 49741 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.060228109 CEST | 443 | 49741 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.393526077 CEST | 443 | 49741 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.394644976 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.399861097 CEST | 49741 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.399924040 CEST | 443 | 49741 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.399975061 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.400005102 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.400857925 CEST | 443 | 49741 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.400968075 CEST | 49741 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.403559923 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.403657913 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.404514074 CEST | 49741 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.404594898 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.404623985 CEST | 443 | 49741 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.404764891 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.404783010 CEST | 49741 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.448163033 CEST | 443 | 49741 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.455957890 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.456008911 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.456069946 CEST | 49741 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.456130981 CEST | 443 | 49741 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.502849102 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.502854109 CEST | 49741 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.515414953 CEST | 443 | 49741 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.515527964 CEST | 443 | 49741 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:32.515660048 CEST | 49741 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.516161919 CEST | 49741 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:46:32.516201019 CEST | 443 | 49741 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:51.392390966 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:51.392577887 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:46:51.392702103 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:47:36.393677950 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:47:36.393712997 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
Apr 25, 2024 21:48:21.393639088 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
Apr 25, 2024 21:48:21.393687010 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49741 | 184.25.164.138 | 443 | 7760 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 19:46:32 UTC | 475 | OUT | |
2024-04-25 19:46:32 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 21:46:18 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 1 |
Start time: | 21:46:21 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 3 |
Start time: | 21:46:21 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |