Windows
Analysis Report
2751726_2359360_Confirmation_Letter.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 4508 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\2 751726_235 9360_Confi rmation_Le tter.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 4292 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 4320 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 08 --field -trial-han dle=1648,i ,229941042 5946571322 ,146472564 9521033162 9,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.5.13.197 | unknown | United States | 14618 | AMAZON-AESUS | false | |
23.193.120.142 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
104.94.108.142 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432114 |
Start date and time: | 2024-04-26 14:13:36 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 13s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 2751726_2359360_Confirmation_Letter.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@15/50@0/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 162.159.61.3, 172.64.41.3, 23.219.155.148, 23.219.155.137, 23.219.155.165, 23.219.155.144
- Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
52.5.13.197 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
104.94.108.142 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | NetSupport RAT | Browse | |||
Get hash | malicious | NetSupport RAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | ScreenConnect Tool | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
AMAZON-AESUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.186468591019852 |
Encrypted: | false |
SSDEEP: | 6:sddLIq2P92nKuAl9OmbnIFUt858VXZmw+58VFkwO92nKuAl9OmbjLJ:sdKv4HAahFUt85A/+5o5LHAaSJ |
MD5: | 017B2FA478487E6929276FA4CBE863FB |
SHA1: | D503E46D3876C6D3A7E7F33DF442A41F126A9F6E |
SHA-256: | CEC8CC5AFFD3718B1AF279679246E5E6CA0FB7367A799FC9DAF1AC61E49D1DA8 |
SHA-512: | CDACF185145DD18C067467B55326408068427FE885986D2D5CBA87F1866B40B43BF839540A9DD4B39A77447D899D3C6E886DB0F033FAD4A5950A95E833A56BDD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.186468591019852 |
Encrypted: | false |
SSDEEP: | 6:sddLIq2P92nKuAl9OmbnIFUt858VXZmw+58VFkwO92nKuAl9OmbjLJ:sdKv4HAahFUt85A/+5o5LHAaSJ |
MD5: | 017B2FA478487E6929276FA4CBE863FB |
SHA1: | D503E46D3876C6D3A7E7F33DF442A41F126A9F6E |
SHA-256: | CEC8CC5AFFD3718B1AF279679246E5E6CA0FB7367A799FC9DAF1AC61E49D1DA8 |
SHA-512: | CDACF185145DD18C067467B55326408068427FE885986D2D5CBA87F1866B40B43BF839540A9DD4B39A77447D899D3C6E886DB0F033FAD4A5950A95E833A56BDD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.173267360785188 |
Encrypted: | false |
SSDEEP: | 6:scGN9+q2P92nKuAl9Ombzo2jMGIFUt85cAXJZmw+5cAX9VkwO92nKuAl9Ombzo23:scGOv4HAa8uFUt85c0/+5c05LHAa8RJ |
MD5: | 4F9B934F06E19C146BE07658E26FE263 |
SHA1: | 1DDB65C3C98412FD529459B28129C11BBF87C767 |
SHA-256: | F203DA4C0CFA601CBC34643D7D0D7FE665EE1A0BC61986ECB8A33C839F6757AA |
SHA-512: | CD53DAF33CA3D5EC30DB35628A191ACDC9AD14462832E14568AED3BD0E76A789CDB0CEEF8474CB42FA1BE0E4F0ED676FE79751B7AEDAD2C67427ACEEA817A128 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.173267360785188 |
Encrypted: | false |
SSDEEP: | 6:scGN9+q2P92nKuAl9Ombzo2jMGIFUt85cAXJZmw+5cAX9VkwO92nKuAl9Ombzo23:scGOv4HAa8uFUt85c0/+5c05LHAa8RJ |
MD5: | 4F9B934F06E19C146BE07658E26FE263 |
SHA1: | 1DDB65C3C98412FD529459B28129C11BBF87C767 |
SHA-256: | F203DA4C0CFA601CBC34643D7D0D7FE665EE1A0BC61986ECB8A33C839F6757AA |
SHA-512: | CD53DAF33CA3D5EC30DB35628A191ACDC9AD14462832E14568AED3BD0E76A789CDB0CEEF8474CB42FA1BE0E4F0ED676FE79751B7AEDAD2C67427ACEEA817A128 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\161501ca-6174-437f-aa92-2442bd5e8d47.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF650786.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d5e44509-81b5-4b1a-9ae9-e83beeb88fd5.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.052769235235677 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZEHksBdOg2HRcaq3QYiubxnP7E4TfF+:Y2sRdslHJdMHo3QYhbxP7np+ |
MD5: | C13F87092CDCC68B1C86C2155F160D20 |
SHA1: | 0F7AA673E22FC0712E12A31513B43CD001159E46 |
SHA-256: | D4E0085228677133746DDD5AC793A560326242D0DE44E2F2D8495ED6461D9B23 |
SHA-512: | 84FA28745CEA14C2B7E8F08802A724EE7B47721C59B025EC8B6C56F8F6021F02F34274116712EB28F135EA7D38B90ECBF964E2D78659B2008EABC321C9780F0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.229861050042531 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUEbVtoP0Vb5csPZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLL |
MD5: | FF33B5278B1C4D3F2CA5F5372F13B332 |
SHA1: | 9ED0F32DA467EE5D86965167D7CFE2774CA51435 |
SHA-256: | 2C0757747628976F5A3F24806582E8ED1BB8BCB05DC9CBB5B96DA6294A18CFEE |
SHA-512: | ABA0115E010D1BD21D9282F6036F4589EEFDF00F277252C1E004550A08824750F570618E9B876365E69ED1AA0DDA33EB3361041F601F6D1420DE0BBAC72A3BA2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.177174994927778 |
Encrypted: | false |
SSDEEP: | 6:skGrN9+q2P92nKuAl9OmbzNMxIFUt85kOJZmw+5kB9VkwO92nKuAl9OmbzNMFLJ:skaOv4HAa8jFUt85kI/+5kh5LHAa84J |
MD5: | 04703D957408A0F7A59EFEF3E54B2D44 |
SHA1: | D9B811B2039908B9FD508CDDE92422C1E8166D50 |
SHA-256: | 8735158550644E7142AA15ABA29044E7CC94BFC988B761408D93B622572BB97D |
SHA-512: | FA4E2265E250DFB14CCBAE2147066ED4FA3A0F407CEB7F9AD026805DB9DDA32CF048070F0CC5A19138F9F4506D73DBAB331A384C68E595F612F0D330FC0912E9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.177174994927778 |
Encrypted: | false |
SSDEEP: | 6:skGrN9+q2P92nKuAl9OmbzNMxIFUt85kOJZmw+5kB9VkwO92nKuAl9OmbzNMFLJ:skaOv4HAa8jFUt85kI/+5kh5LHAa84J |
MD5: | 04703D957408A0F7A59EFEF3E54B2D44 |
SHA1: | D9B811B2039908B9FD508CDDE92422C1E8166D50 |
SHA-256: | 8735158550644E7142AA15ABA29044E7CC94BFC988B761408D93B622572BB97D |
SHA-512: | FA4E2265E250DFB14CCBAE2147066ED4FA3A0F407CEB7F9AD026805DB9DDA32CF048070F0CC5A19138F9F4506D73DBAB331A384C68E595F612F0D330FC0912E9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.013154474863312006 |
Encrypted: | false |
SSDEEP: | 3:ImtV9lyHPllllnUIghlPtCR/l2/l1u5oll/llAcnylsX+/l/Wwh/fX1:IiV9kvlll5ZgztCR68o/12sX+tuwh/ |
MD5: | B623A727CD94F2BB69F027CEC7746ABE |
SHA1: | 5DFE5B80B1C87F74CE3F16E1C2BCEB5D0F112029 |
SHA-256: | 9ABFE0767F9AF078D11D27635673F1C5B939950AB450E6E73FEDB10782F9F309 |
SHA-512: | 1F9CBBED18898002ABF5CDCAF8F6B35118D0ADEBD2B8A1F095675847F5F08D999F0C3E2FA379A2AE41251DAFC07015CC6F87D0EE003D1CFD1C07E097F4A7DB90 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426121427Z-195.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.2321090557341372 |
Encrypted: | false |
SSDEEP: | 768:buq0qh2sJK3FzXEUkBZxdq36NXzfJMxL2lca:bLd/5NH |
MD5: | 26649B3E8592530BCF3E948D52991652 |
SHA1: | 89AB63A2BD6D36FBEA9DABCD4F18F3073BCA4D00 |
SHA-256: | 9F1304D28FD185B720259CA950820E74B0EBDD8CEFE67B8EBE17507FEBC1C78A |
SHA-512: | BA7C6D37FAA0A1255349596485CE09B0725CAB91F1D5281E815A14FC94AACEF746897446489EB9B102710D882C72CC62E58E8F6F47B516284EB491DC85C08473 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.324957016844078 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJM3g98kUwPeUkwRe9:YvXKX8T4uPNwUYpW70iGMbLUkee9 |
MD5: | A9BE9FFE814BC3E25567922B44A12EBB |
SHA1: | A183B6735C2547ADC608F124D3413833989DAA1C |
SHA-256: | B6AD62653562F8CA2F0F36F2C862E118F8EA7C014A106744A3444DEC5ABC9B80 |
SHA-512: | D6FFC0658CB1CE9725CCAD792DD914330C43621D7E5FD5CC660B4F78FBD8FE374EA5589010CBF0B7EF3B79AAE2525D30E4319755CA5901E382570BDAB61AAC0A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.263569988252129 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfBoTfXpnrPeUkwRe9:YvXKX8T4uPNwUYpW70iGWTfXcUkee9 |
MD5: | 974D18CB4DF41F9B5E8433E5A67034A7 |
SHA1: | E4A0D4006D1BF1333C742276926DCC1F4CE60232 |
SHA-256: | C0A762937E116F29DEC0F8778817ADC64484523502B4822D7AB3D2931922F3E9 |
SHA-512: | 41D0F03161BEDF06C9E32FADD8047B815B71B1AA83FA8955ADA6CD86661359792A0E76FDE410B89D2A7ECFC42464F8EEBB6E050B3CDA0FFA1B979D715667A468 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2406914297947065 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfBD2G6UpnrPeUkwRe9:YvXKX8T4uPNwUYpW70iGR22cUkee9 |
MD5: | 92D80BC5F97C8569F98904E1430A2F9F |
SHA1: | C2474404B1510DBD6D111098BB3E82B6134AD23F |
SHA-256: | 480A17CC54640CF45CE951EF3D6BBCB9785FD87D2B90938DE6DFF8BCDE59A17E |
SHA-512: | E55C63E789457B84FC60E3FCAA685D769B66E6C2AB27B1EE203117A58E2B949BFEA289AA5A41CAC00F5045C2FE17B2D8D930D70D6555375F7A0C9DFDF8EDEFA8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.302502302586676 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfPmwrPeUkwRe9:YvXKX8T4uPNwUYpW70iGH56Ukee9 |
MD5: | F327FC7A962EC35B6D156027A5C1E6C9 |
SHA1: | 9701E003C77064B6814A77CF15E3F3E8B363BF44 |
SHA-256: | 9E4EF92E4757E6548441E2154D6F87EA6BC5B37352D2A5AAB1BE1EB6733CA128 |
SHA-512: | 4275690218B91CDC9233FC3E7A7F5089CC4511DC36B4E2508345DD62BE9B093C64DB6D2F9F3F5E6DA40F9813FD9319BBF8F7B5C018B0C12E93BD23C19590DAA1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.260795050823878 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfJWCtMdPeUkwRe9:YvXKX8T4uPNwUYpW70iGBS8Ukee9 |
MD5: | BFFF422EBA795ACFCAE7699B9302968F |
SHA1: | 2533A4BBBC8F9815BD593904CF99E0F2EB43E097 |
SHA-256: | 7C2FF549AC980322D2B4AD8F705058E548BB1B12FFFDB641F6377A60D8B52007 |
SHA-512: | D96FC941D5B55AA0C1CD2B1F6763C67213CF213F1C243C1FE1F0313FC57A0A2561A487AFB04FDEE20CF9552B02057AE9524DDA616E8879D27B49465E1123CE22 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.244945242442691 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJf8dPeUkwRe9:YvXKX8T4uPNwUYpW70iGU8Ukee9 |
MD5: | 3809AC7274E73D5BA136DFFEDB324176 |
SHA1: | FF8F8C659830EACBDB3D0B189AA4BF93F111CE3C |
SHA-256: | 85E631E18D6AB4318DB7999CEA9BC9602EB89811570D107A2F13B9768503B828 |
SHA-512: | 460EE40597449E1B0A03EEA5CE3E6C37DA75FA17671F4587794348356F02D7C819CCB512F354D754864E3842AB46438397D80DB75CD741DDC76BEFAC5EDB510E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.246775072326782 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfQ1rPeUkwRe9:YvXKX8T4uPNwUYpW70iGY16Ukee9 |
MD5: | B254347E85EC659A2D06B9A024C6816E |
SHA1: | 830D88C264AD227C21290BD455684FB6FC938046 |
SHA-256: | 5968085FCBCD9F5BD8DC9BFB4F6F8F3F95F44E4BD468064C162419B2CA432973 |
SHA-512: | 2A400980837BA25E755ECCD102E5ADCBF885AB45B73502DC2D47FF082E2FEB82546A297710E0B7B94D5E871AB11C3A63D48C6BDC570D0A7B2F936076772EB648 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.265166124125819 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfFldPeUkwRe9:YvXKX8T4uPNwUYpW70iGz8Ukee9 |
MD5: | 72DE126E6CF8C772409F993A7500E235 |
SHA1: | 9553B0DB1303E68AC87ACCBE1B9BE7B4C08F7204 |
SHA-256: | 482173C4F64A4FA20FB4D38DFC1724C227014ABA4AC9D0B0E4C9FD402B34D086 |
SHA-512: | F68175CC327C2228B9463BFAD245B2D3D97304C0956E705D480671E905D180E831DE5DC89A4957012DE2CA1CD6A3EDDCE9F14EB44374EB98F0D45E9DC88ADA2F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.736977421536437 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8siPKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNS:YvdTPEgigrNt0wSJn+ns8cvFJw |
MD5: | E4DDF1B14A10BDA81DFEEAEAC9FEA184 |
SHA1: | 178DBA3A07F5D1F1EAB03577A0A09BE4BC07D3B4 |
SHA-256: | 183947623BC99B034408903EDA007946C66A9C02DEF3A2CADD91DD15DEFCB148 |
SHA-512: | 2801C0F96C65DAF78C349088147D5F2ACD86B7A0243B1F1C0999326FB4A1C2BCD3CC96190429A3FFAABE4348A64B0DB3005CD62BCA89C18669723EA115B066ED |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.254466547713881 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfYdPeUkwRe9:YvXKX8T4uPNwUYpW70iGg8Ukee9 |
MD5: | 196EEC89AD1A97850128C46502DDF1F2 |
SHA1: | 12B8DB7F7CFA4EDA99458C0EC72DB6800FA05017 |
SHA-256: | 0E0359D0D5FB0938FCF0312F69FF5BC6F38DEFA85CF36BF91CFE8911AFA63C62 |
SHA-512: | 58D69CA697C8B9A76334E0EBF5F698F793036C99D28D8F46E929D39EB58791EDE1A7253DC9459B4B58159A06AAECAF579A668B0D96830A9A3E84AD2820F65A5E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.773990988503545 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8siSrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNa:YvdTSHgDv3W2aYQfgB5OUupHrQ9FJs |
MD5: | 2DD71592D1655588AEDF418F080C4263 |
SHA1: | 440E082D83C09E615D315369C2FEF3224DD2F2C2 |
SHA-256: | 348DECE90A2383041E09D4DEFB740842BD1983D7930C06746FAB5E6B6ABB3F0D |
SHA-512: | B88AB86416F90CE73FE02D2984639A109F57AA305DEF1013FAFBA83E5AD1240E97391C8B77EAABEC48B86A5E7933BA916CA4FAC4A27099DA10AB54CC46BF8A10 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.238326590076996 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfbPtdPeUkwRe9:YvXKX8T4uPNwUYpW70iGDV8Ukee9 |
MD5: | CA2A8B404EEA0FD22021DAED71CDCB83 |
SHA1: | 017DD038C650CE01BC09C7A58A497B1A4FDE8AB3 |
SHA-256: | E0B81359282EEB442EA82DB12381C2ECAE82E8FA06022F3DC2C953AF5A2C18A4 |
SHA-512: | 2F40F1D9654910C36203A2A0C2C3FAF5CDA8A4D8C9732ABDA9B2AA2AA69CF107695A5A79FA66E6A5013AFC61CC62C0878C7A6BD736BD8B3D8D69514253E9CF90 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.239369558383394 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJf21rPeUkwRe9:YvXKX8T4uPNwUYpW70iG+16Ukee9 |
MD5: | 3377409601B188DF40D0B7A9210D27FE |
SHA1: | 6FB7B98001AB0FA448CDA29F79F73A15AAAE783A |
SHA-256: | 1428CC9DE164EBC27A4C79167DA7B7364197FD4E8E4C66AB1D3F81ECE4A17BFE |
SHA-512: | 4F6242DED1439EF832443429817E351E71020EE3A57C059A0946799ABE18A2E150C3C6AF235A9F7DEC471AC106B0C6F3781F68DE8DD8C6D8BEBE0021D17761BF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.261007858397807 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfbpatdPeUkwRe9:YvXKX8T4uPNwUYpW70iGVat8Ukee9 |
MD5: | 6E0183AAD6679D5E5D4DD734EC704D01 |
SHA1: | 5212B9AA0FB387E01C2C64F19DF225872D6E4865 |
SHA-256: | 8CC464C006A3915EC518736588484E0442DC3165E9D22118615C6B09FCA7C6D9 |
SHA-512: | D1564D738DCA23B1222322E93745338D89ABC336AF0750D1E4870CE44999F456CBF8CA79EC5AA10070072F9B09BB09561369BF5B2733A9BE354AAB1BBCA8A976 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.211959794271132 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfshHHrPeUkwRe9:YvXKX8T4uPNwUYpW70iGUUUkee9 |
MD5: | D1D570577CA3B55EB9AF8AD6D8328D35 |
SHA1: | C554B683AEEEF584076D4B4AD2A7F847331F26A7 |
SHA-256: | 055E551EC4F960C2943A401E719EE72599F0CF51BA299647122C94BC9FB42F94 |
SHA-512: | 8FAA285078F59D4E465AA01771CED7848D4130205540B3071C49CE1D34F4F9F9024309AAFB10A86F4A8C6411502193AC4ACCCD31D2543837FDB4BF33D59B1A99 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.357550376825387 |
Encrypted: | false |
SSDEEP: | 12:YvXKX8T4uPNwUYpW70iGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWO:Yv6X8si3168CgEXX5kcIfANhT |
MD5: | FBD924F9660BD3F63A741455C17464A0 |
SHA1: | EA4E64A23230CA2AE6C9E1834B4C8BF57F4B4BD1 |
SHA-256: | A4EA6EB65270468BC887421259EC45E4F8572D4B1A87B4982D0D1A3375AA1D4E |
SHA-512: | E76723EBD208E531B70C6F4C6527B62445644C2CC5D1AFB78EACB9EFECCE654E8A037B3BF51435BC657C2245AB53A8EDB4BE43C68CF51339FAA71037FEC3BA53 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.133927205742704 |
Encrypted: | false |
SSDEEP: | 24:YqYEglNChAn4XclRVO7jm+aI1ayT7hEPiajG8j0S+j5GW+2AJg2LSotcd5Nh93sE:YPz0A4XclRAXv1UFBJJgeGdPh9ByY |
MD5: | 540C8D58351296ADC0EA92E726A16E00 |
SHA1: | 244646CDF16DA670BFB14CC0B4C0F6DE186E71BB |
SHA-256: | 3F1B3EB3739FAA034417A192E916D3FD6BC2DE21259C81B3B367966FD578E842 |
SHA-512: | 44A988666E59048E01C59B980B99C37CC44C2CD31D42936B6A7322F30F35431FED1E2A544AF128EC85B6084BCB5469C6DCDA80F71DFDE091535D71CEA40B2284 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9874667463810732 |
Encrypted: | false |
SSDEEP: | 24:TLhx/XYKQvGJF7ursw1RZKHs/Ds/SpTvjLtzJwtNBwtNbRZmDv1i3vjLF:TFl2GL7msIgOVpTv9zutYtpmDv1i3vV |
MD5: | 708C5E962EF20C6467D3F4818F531033 |
SHA1: | 9093DC21B9EBFC1B4DC1A9E14451977502CFA374 |
SHA-256: | 97C3640D3FF1CF0178E2209C57A299395353ADFA37F9AEAA0EECE5B61232D3A1 |
SHA-512: | 6C06B0C134D28C9D849BBAE4586A0C6BB415F719EA67508C32F89BD89C788419F4C2D892BADEBBBC60FCD2F965C1534D425D430DC7D4B4D7F3EA798D8340B70F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.342833057074372 |
Encrypted: | false |
SSDEEP: | 24:7+trmh1RZKHs/Ds/SpTvjL4zJwtNBwtNbRZ6bRZ4pvjLVqLHRx/XYKQvGJF7ursI:7M+gOVpTvIzutYtp6P8vlqVl2GL7msI |
MD5: | E1DE830679793EDC68A757E5D5E94F9D |
SHA1: | 8E2E978430DBD1B1770EF4EC517F1F1DB0E64979 |
SHA-256: | 19320867C552217817A27E738895457A31024C14AB884E6BF08316F7AF0248E0 |
SHA-512: | 1EDB1548218DA0961C6F2AB116F0BF122144A407D2FDDD4075251124ECD3A4DC84170AB10073F90EAED8BECFF6C5C1743F793E63150F761C5DDCABA156813555 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.511206980872271 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8mdWaRzflH:Qw946cPbiOxDlbYnuRKvDflH |
MD5: | 9A8541A1E3898CC781748956D907B1A1 |
SHA1: | 4015AD14B24EA4A7BE24354A78359A3C38A6B26E |
SHA-256: | AE7A7F46A30C9562057154E11CED7DCC28526CCD65539E583919944E8B65AA42 |
SHA-512: | 75C8673B69C82FB0BC6AAD7AF13D4864BA624C4E6D601328970C21CF8FBF782A14EE94973075E7157E3F5E958FA5D277A299A17602BDAC50C983B5906D4E6ECD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.038773363193829 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROObZnUmzZnUmXCCSyAAO:IngVMre9T0HQIDmy9g06JXrZUmdUmXCR |
MD5: | 42F73129F749C43414F891E5D123BF27 |
SHA1: | 5F20C5AF6D30AE1225F7F7BC1397205413CDDDDD |
SHA-256: | AADA07B0153FCFE325BFC09DBC6A36130DDB4CD3CF2B832A4702EDB456AEC8C0 |
SHA-512: | AD224ED7A8AD920866B966101B0C29ACBD63105DAA1442D9B3C176C4B608F5543EB0378F1C65E62E84041379994792F5E8CA80C0413BE648A01F2DBC3126829E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 4.977997989441812 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOW1J1ImCSyAAO:IngVMre9T0HQIDmy9g06JXmDmmlX |
MD5: | 60C1A38A0134C1205C9E977E2FDB205A |
SHA1: | 8CAB4EC43BB1F09FD335BCC93D9C00D32D9AE4DC |
SHA-256: | 93EE334326AACE55F6F393DA7114F308F5B5B53D83192684EECDE8DDD8D173E6 |
SHA-512: | 52A9D9BC38378360CDBAD9DB0924AA631B2787BA1D4F5E40D0174A8ED109F8C71008C7B54A7FE47415676FDCC6E9F578E5B587E25AFAF17D27FEF261A1845943 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 14-14-24-867.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16575 |
Entropy (8bit): | 5.3819190981048335 |
Encrypted: | false |
SSDEEP: | 384:wQONWEHU/tblYiUbqOXDZyX7shThVJ7I7j5fz5clxsMqxK3PcXARKRQMu80Od15f:njx |
MD5: | 6299ADF61BE6AC163ED4D834D9301B53 |
SHA1: | B43563CDE564063CFB4BB1FF8EBF6B9A0A26018C |
SHA-256: | B0AAF4BD246DD793247732486364B96FA3C7706A11DEA34FD4C4B21E650695BF |
SHA-512: | D361515449A4935008DB07070D2AD557BD153FB97320CE61DB0BBEB4F029A4EF5CCEAA40C2522C40DED06CE98E7DFCB18EB4B609B233382B3BD6502D45E06F9F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.392494914451518 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGb8:4 |
MD5: | 168993983CC4652F07B18BC686734969 |
SHA1: | 79B1AFCE105F81FABC759E9949E0A642D6BF8C85 |
SHA-256: | 841CBEF4257AA03C0D0A630D85BF516149D1756ADC10954238C254A5245F7FE6 |
SHA-512: | 74A05DB942C3EC5822C7FE4C6271339E0DB6C3DDC77B409A1F970F368E4D0CA96D71A423EF46258F1F5181ACECD97987B8C5E487C4D8D636C2BEAD9CC2255661 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/x2cGZf/wYIGNPzWl7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:J2cGZHwZG5W+B3mlind9i4ufFXpAXkru |
MD5: | 28445BE71675F3B540A8E21F22E376FC |
SHA1: | BDD3CEAFC77B125C552D323ED0A8D6C61960E949 |
SHA-256: | ABF98267BA151CB28C87623E2B0F833476618181DC4838512C8E6C11B44CA539 |
SHA-512: | E2DF6E08082E21F2264D43D30756B09F2F3EFBC221D0E94A93D8243150959F0A90CDBAC08D984648F99B3D7DE6DCF63CFE6976371F148EC8CA0321E78801F086 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1439367 |
Entropy (8bit): | 7.97609170196247 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJ2dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGK3mlind9i4ufFXpAXkru |
MD5: | 6AF7FC589063937DE2978CF360E97841 |
SHA1: | 37527C18159D15807FEAF40F00A285198FBF37DE |
SHA-256: | A376AFEE5B3CDC4FA6CFA9D7DD79283874B01CE7259E3229E169E5748C15BD28 |
SHA-512: | 4B862943F92A707A0D48CF3C05F1A5C3F2B3DEFA26A31BB87C9F352228E82845343898B944D691422A18E72310784EB5EB3F51D79A8C2875B5D9B11B00795087 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.66829583405449 |
Encrypted: | false |
SSDEEP: | 3:So6FwHn:So6FwHn |
MD5: | DD4A3BD8B9FF61628346391EA9987E1D |
SHA1: | 474076C122CACAAF112469FC62976BB69187AA2B |
SHA-256: | 7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486 |
SHA-512: | FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 36 |
Entropy (8bit): | 4.294653473544341 |
Encrypted: | false |
SSDEEP: | 3:8QvCyKGziFLpn:8QayKGyLpn |
MD5: | 5C6B932A79952B4B27833691305E61DB |
SHA1: | 09804DB0986A989C2C49CDCEA563567FB4C7B1A0 |
SHA-256: | DEE5A5925227B125F4AC6D9B70A277E6EC8494FFC73D1CCE9E08CC7A78D6208A |
SHA-512: | 4FAA9585BB10156D5DEA3B62D3A3A1BFA92430BA6E1E3381FC4C76C3071C85E53D5CBCE0016DBA1D1F9EA1B7AF37B4A4EFBAF4F3106B7D958B6E2E90AA0DF059 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 54 |
Entropy (8bit): | 3.7119196645733785 |
Encrypted: | false |
SSDEEP: | 3:8QvCxXLV1AiLKltVln:8QaRhJ2ltPn |
MD5: | 6A614A7743B0C781AAECA60448E861D6 |
SHA1: | 67B7DF5EBEB4527E4C31F3F9B7E52A0581DC4B6D |
SHA-256: | 9703120DC62C2C3F843BAD5B1E77594682CA7820F0345AE0BBD73021C1427146 |
SHA-512: | 3A45B27ED6F3AAA8C2113FBB21637675CC91D1239754447A7032D1A86CB1E7381575B28F992E5FFC9986354C2B9C173C614F1F703CA4C2BEE63AB3BC6ED909A6 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.904810502196162 |
TrID: |
|
File name: | 2751726_2359360_Confirmation_Letter.pdf |
File size: | 225'016 bytes |
MD5: | 052941218142e98f29f40b8f713df627 |
SHA1: | 897fe6954b612f46dc4277cf77cbcd386f2d5ec3 |
SHA256: | 665d45d4b4ac02dc33b7c98dd1a0b05a145b8bdc96c6e23996a2f19f9f3e58dc |
SHA512: | 498360601ab59b4dbb178968d05534d629e2c049b5e6bb240e704cc1813c934d67509505378bbc0580a678617817bd6b227d01e3d6316df76f88f7de2415e2e8 |
SSDEEP: | 6144:6U/iG5kFlRifOTXminx0KG0pVRLNI7S7kbZU0:6nllRiWBnxG0/YA8+0 |
TLSH: | B124CF13DD0D8D8EE4504678BD272E6C764DBA1EACC234FF09680EC67E616108D6E5B7 |
File Content Preview: | %PDF-1.7.%.....6 0 obj.<</Filter/FlateDecode/Length 1879>>stream.H..Wmo.6..._q..!.EI.d.(..i.!ESD.P....%.fK.-......)....K.."....w..z..*..'..{.;...d1.....k....(..H.^..!...Hx.(M(I.\...W....~......2.....b\.eA.._./....^..$(.;" _..?...E^.Q.r:.f.8>u./.(.....yt.. |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.904811 |
Total Bytes: | 225016 |
Stream Entropy: | 7.932585 |
Stream Bytes: | 204034 |
Entropy outside Streams: | 5.306460 |
Bytes outside Streams: | 20982 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 109 |
endobj | 109 |
stream | 51 |
endstream | 51 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 2 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
28 | 0000000000000000 | aa699269738c346d79722b3ec3b7a9e9 | |
29 | 001440568aaa2409 | 8d26f43730f57833aa61b9ce10acec60 | |
30 | 0000000000000000 | bffc0a0c141c7c4aedd4a73586b6918c | |
31 | 0000000000000000 | 06236fab80f06a27ca95cb93856a025e | |
32 | 0000000000000000 | a3f2a932355e11ad008d8c3f798a8712 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 14:14:28.764532089 CEST | 49711 | 443 | 192.168.2.5 | 23.193.120.142 |
Apr 26, 2024 14:14:28.764565945 CEST | 443 | 49711 | 23.193.120.142 | 192.168.2.5 |
Apr 26, 2024 14:14:28.764651060 CEST | 49711 | 443 | 192.168.2.5 | 23.193.120.142 |
Apr 26, 2024 14:14:28.764902115 CEST | 49711 | 443 | 192.168.2.5 | 23.193.120.142 |
Apr 26, 2024 14:14:28.764911890 CEST | 443 | 49711 | 23.193.120.142 | 192.168.2.5 |
Apr 26, 2024 14:14:29.156534910 CEST | 443 | 49711 | 23.193.120.142 | 192.168.2.5 |
Apr 26, 2024 14:14:29.246332884 CEST | 49711 | 443 | 192.168.2.5 | 23.193.120.142 |
Apr 26, 2024 14:14:30.289803982 CEST | 49711 | 443 | 192.168.2.5 | 23.193.120.142 |
Apr 26, 2024 14:14:30.289824963 CEST | 443 | 49711 | 23.193.120.142 | 192.168.2.5 |
Apr 26, 2024 14:14:30.291064978 CEST | 443 | 49711 | 23.193.120.142 | 192.168.2.5 |
Apr 26, 2024 14:14:30.291076899 CEST | 443 | 49711 | 23.193.120.142 | 192.168.2.5 |
Apr 26, 2024 14:14:30.291151047 CEST | 49711 | 443 | 192.168.2.5 | 23.193.120.142 |
Apr 26, 2024 14:14:30.696588993 CEST | 49711 | 443 | 192.168.2.5 | 23.193.120.142 |
Apr 26, 2024 14:14:30.696752071 CEST | 443 | 49711 | 23.193.120.142 | 192.168.2.5 |
Apr 26, 2024 14:14:30.744762897 CEST | 49711 | 443 | 192.168.2.5 | 23.193.120.142 |
Apr 26, 2024 14:14:30.744775057 CEST | 443 | 49711 | 23.193.120.142 | 192.168.2.5 |
Apr 26, 2024 14:14:30.805548906 CEST | 49711 | 443 | 192.168.2.5 | 23.193.120.142 |
Apr 26, 2024 14:14:30.848145008 CEST | 443 | 49711 | 23.193.120.142 | 192.168.2.5 |
Apr 26, 2024 14:14:30.933490038 CEST | 443 | 49711 | 23.193.120.142 | 192.168.2.5 |
Apr 26, 2024 14:14:30.933873892 CEST | 443 | 49711 | 23.193.120.142 | 192.168.2.5 |
Apr 26, 2024 14:14:30.933934927 CEST | 49711 | 443 | 192.168.2.5 | 23.193.120.142 |
Apr 26, 2024 14:14:31.093837023 CEST | 49711 | 443 | 192.168.2.5 | 23.193.120.142 |
Apr 26, 2024 14:14:31.093856096 CEST | 443 | 49711 | 23.193.120.142 | 192.168.2.5 |
Apr 26, 2024 14:14:31.291939974 CEST | 49713 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:31.292023897 CEST | 443 | 49713 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:31.292124033 CEST | 49713 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:31.292294979 CEST | 49713 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:31.292331934 CEST | 443 | 49713 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:31.608465910 CEST | 443 | 49713 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:31.608839035 CEST | 49713 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:31.608872890 CEST | 443 | 49713 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:31.609874010 CEST | 443 | 49713 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:31.609937906 CEST | 49713 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:31.609957933 CEST | 443 | 49713 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:31.610006094 CEST | 49713 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:31.612332106 CEST | 49713 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:31.612406015 CEST | 443 | 49713 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:31.612970114 CEST | 49713 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:31.612998009 CEST | 443 | 49713 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:31.670062065 CEST | 49713 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:31.909728050 CEST | 443 | 49713 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:31.909799099 CEST | 443 | 49713 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:31.909862041 CEST | 49713 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:31.912947893 CEST | 49713 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:31.912987947 CEST | 443 | 49713 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:31.915563107 CEST | 49714 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:31.915597916 CEST | 443 | 49714 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:31.915673018 CEST | 49714 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:31.915874004 CEST | 49714 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:31.915891886 CEST | 443 | 49714 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:32.236453056 CEST | 443 | 49714 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:32.236943960 CEST | 49714 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:32.236967087 CEST | 443 | 49714 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:32.237994909 CEST | 443 | 49714 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:32.238059044 CEST | 49714 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:32.238070011 CEST | 443 | 49714 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:32.238118887 CEST | 49714 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:32.238712072 CEST | 49714 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:32.238779068 CEST | 443 | 49714 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:32.239006042 CEST | 49714 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:32.239022970 CEST | 443 | 49714 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:32.424900055 CEST | 49714 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:32.609872103 CEST | 443 | 49714 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:32.609893084 CEST | 443 | 49714 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:32.609934092 CEST | 49714 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:32.609952927 CEST | 443 | 49714 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:32.609966993 CEST | 443 | 49714 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:32.610018969 CEST | 49714 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:32.617769003 CEST | 49714 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 14:14:32.617784977 CEST | 443 | 49714 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 14:14:34.070436001 CEST | 49717 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 14:14:34.070472956 CEST | 443 | 49717 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 14:14:34.070547104 CEST | 49717 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 14:14:34.070766926 CEST | 49717 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 14:14:34.070784092 CEST | 443 | 49717 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 14:14:34.470920086 CEST | 443 | 49717 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 14:14:34.471249104 CEST | 49717 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 14:14:34.471283913 CEST | 443 | 49717 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 14:14:34.472776890 CEST | 443 | 49717 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 14:14:34.472893953 CEST | 49717 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 14:14:34.479032993 CEST | 49717 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 14:14:34.479129076 CEST | 443 | 49717 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 14:14:34.479301929 CEST | 49717 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 14:14:34.479310989 CEST | 443 | 49717 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 14:14:34.533966064 CEST | 49717 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 14:14:34.606453896 CEST | 443 | 49717 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 14:14:34.606538057 CEST | 443 | 49717 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 14:14:34.609747887 CEST | 49717 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 14:14:34.609782934 CEST | 443 | 49717 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 14:14:34.609817982 CEST | 49717 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 14:14:34.609884977 CEST | 49717 | 443 | 192.168.2.5 | 104.94.108.142 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49711 | 23.193.120.142 | 443 | 4320 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 12:14:30 UTC | 378 | OUT | |
2024-04-26 12:14:30 UTC | 219 | IN | |
2024-04-26 12:14:30 UTC | 50 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49713 | 52.5.13.197 | 443 | 4320 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 12:14:31 UTC | 1353 | OUT | |
2024-04-26 12:14:31 UTC | 508 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49714 | 52.5.13.197 | 443 | 4320 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 12:14:32 UTC | 1473 | OUT | |
2024-04-26 12:14:32 UTC | 544 | IN | |
2024-04-26 12:14:32 UTC | 3120 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49717 | 104.94.108.142 | 443 | 4320 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 12:14:34 UTC | 475 | OUT | |
2024-04-26 12:14:34 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:14:20 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 14:14:21 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 14:14:21 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |