Windows
Analysis Report
986645_FACTURE NO. 77B10.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6292 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\9 86645_FACT URE NO. 77 B10.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 3068 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7284 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 04 --field -trial-han dle=1676,i ,112458217 0120475213 9,17423095 5744646201 25,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.94.108.142 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432181 |
Start date and time: | 2024-04-26 16:36:54 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 58s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 986645_FACTURE NO. 77B10.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/44@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.204.76.141, 23.221.212.204, 23.221.212.219, 162.159.61.3, 172.64.41.3, 54.227.187.23, 23.22.254.206, 52.5.13.197, 52.202.204.11
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.94.108.142 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | NetSupport RAT | Browse | |||
Get hash | malicious | NetSupport RAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | ScreenConnect Tool | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.256380995807553 |
Encrypted: | false |
SSDEEP: | 6:RpDM+q2Pwkn2nKuAl9OmbnIFUt8kpgZmw+kpDMVkwOwkn2nKuAl9OmbjLJ:s+vYfHAahFUt8P/+PV5JfHAaSJ |
MD5: | 5A94980AC2F4401CBF18B12847EAA967 |
SHA1: | CE316120B37375E366E9A8B5016DA2081A8255B7 |
SHA-256: | 5D75CBEBF266A3DF8C17778938D1C26242F567E428969FEA290E65E3A0A9095F |
SHA-512: | 50D563DA4F548D690AD5A09C574B94DEDE29A31C63B362736FCE02AB264AA68FCFDB33F60171D8640B0625A1266DB2105F08E435205E22017183780BF7EC692F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.256380995807553 |
Encrypted: | false |
SSDEEP: | 6:RpDM+q2Pwkn2nKuAl9OmbnIFUt8kpgZmw+kpDMVkwOwkn2nKuAl9OmbjLJ:s+vYfHAahFUt8P/+PV5JfHAaSJ |
MD5: | 5A94980AC2F4401CBF18B12847EAA967 |
SHA1: | CE316120B37375E366E9A8B5016DA2081A8255B7 |
SHA-256: | 5D75CBEBF266A3DF8C17778938D1C26242F567E428969FEA290E65E3A0A9095F |
SHA-512: | 50D563DA4F548D690AD5A09C574B94DEDE29A31C63B362736FCE02AB264AA68FCFDB33F60171D8640B0625A1266DB2105F08E435205E22017183780BF7EC692F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.261200210258741 |
Encrypted: | false |
SSDEEP: | 6:LlL+q2Pwkn2nKuAl9Ombzo2jMGIFUt8y0T1Zmw+SFLVkwOwkn2nKuAl9Ombzo2jz:kvYfHAa8uFUt831/+y5JfHAa8RJ |
MD5: | 09B74785D4C3680BD077F67E8B71B5EF |
SHA1: | 3046A86B5ECABA1536626415799B80160E4A0383 |
SHA-256: | 0E279A40A5FD173BDFEDCD80F075BBC07B12F59044050EA98845EA7B6622D6EC |
SHA-512: | C8C36759E4CC43C075A45BA8FF1F973554BA14BD241EE6EE2EDC68829A7809A2B099CCF336BFA2F48304A748D9566D23E741A2CD9B202E69557F917A0F76E5F2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.261200210258741 |
Encrypted: | false |
SSDEEP: | 6:LlL+q2Pwkn2nKuAl9Ombzo2jMGIFUt8y0T1Zmw+SFLVkwOwkn2nKuAl9Ombzo2jz:kvYfHAa8uFUt831/+y5JfHAa8RJ |
MD5: | 09B74785D4C3680BD077F67E8B71B5EF |
SHA1: | 3046A86B5ECABA1536626415799B80160E4A0383 |
SHA-256: | 0E279A40A5FD173BDFEDCD80F075BBC07B12F59044050EA98845EA7B6622D6EC |
SHA-512: | C8C36759E4CC43C075A45BA8FF1F973554BA14BD241EE6EE2EDC68829A7809A2B099CCF336BFA2F48304A748D9566D23E741A2CD9B202E69557F917A0F76E5F2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0ffd80e5-669c-4ab7-b5f4-6cbcabc13ced.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.97119389801196 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZQMHsBdOg2H4pcaq3QYiubInP7E4T3y:Y2sRdsrModMHd3QYhbG7nby |
MD5: | 8E01557F78577C770B8417FD31B7133F |
SHA1: | 294FC46FB605C570E44DF78325F1AC67B399AADE |
SHA-256: | C59805B1C424816181AB1B289C1118467A777376CF1D196E8737BB6DC14F1264 |
SHA-512: | B426234191CBD4DBD05BCBD0A6490A5BD23BD7064E1490C9A6B19174D5CE58D0FFC3F38BDBACE7ECEFD1AFF31903EA2578A34494B0A82C0EFEF12E02E10E0730 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.97119389801196 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZQMHsBdOg2H4pcaq3QYiubInP7E4T3y:Y2sRdsrModMHd3QYhbG7nby |
MD5: | 8E01557F78577C770B8417FD31B7133F |
SHA1: | 294FC46FB605C570E44DF78325F1AC67B399AADE |
SHA-256: | C59805B1C424816181AB1B289C1118467A777376CF1D196E8737BB6DC14F1264 |
SHA-512: | B426234191CBD4DBD05BCBD0A6490A5BD23BD7064E1490C9A6B19174D5CE58D0FFC3F38BDBACE7ECEFD1AFF31903EA2578A34494B0A82C0EFEF12E02E10E0730 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.251371941251095 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7tW0HZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go/ |
MD5: | DD5D23AD1605F888DC843E0E4D0CF7B8 |
SHA1: | F18CF5DBF20106E0226562EE075A830A235537C7 |
SHA-256: | 7152CA34DDB490185A37415A11506F174798748712F01B421073F92AE33EE80F |
SHA-512: | 2713C1290860AC1C24C6815EDFE08A6BD0E4096135EDDD81AD75A6E59A8A3C6953910580E0AE33E9073AD106521EFB23D1E7E2F78BF345CD8A70A9A6C3F1289E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.265539704461587 |
Encrypted: | false |
SSDEEP: | 6:ikFlL+q2Pwkn2nKuAl9OmbzNMxIFUt8F1Zmw+3QLVkwOwkn2nKuAl9OmbzNMFLJ:ZFIvYfHAa8jFUt8F1/+3I5JfHAa84J |
MD5: | 61627DEE20F839770E36740692B0B6CD |
SHA1: | F33793AB5F1B112F0E2B87834CF5B2BB6D667412 |
SHA-256: | 1727603C820BE322CC668EF27ACC30B390F6E6149B1C9C00C331203864974B74 |
SHA-512: | 2565A5FBEBE9119FDB375D73D134986CDA9A17FE30854002267AFE1C4C55305DCE6EE3E7C615354C92E2B0F137DFDC1AD82C120B43DC5B51DB9C97E4B7BE9993 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.265539704461587 |
Encrypted: | false |
SSDEEP: | 6:ikFlL+q2Pwkn2nKuAl9OmbzNMxIFUt8F1Zmw+3QLVkwOwkn2nKuAl9OmbzNMFLJ:ZFIvYfHAa8jFUt8F1/+3I5JfHAa84J |
MD5: | 61627DEE20F839770E36740692B0B6CD |
SHA1: | F33793AB5F1B112F0E2B87834CF5B2BB6D667412 |
SHA-256: | 1727603C820BE322CC668EF27ACC30B390F6E6149B1C9C00C331203864974B74 |
SHA-512: | 2565A5FBEBE9119FDB375D73D134986CDA9A17FE30854002267AFE1C4C55305DCE6EE3E7C615354C92E2B0F137DFDC1AD82C120B43DC5B51DB9C97E4B7BE9993 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426143748Z-175.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.3048090156200625 |
Encrypted: | false |
SSDEEP: | 96:+uL0K8mMMlMVsFqINMMRJT6QvgX1+GAWdqrMMMMMHVAtMfUTgVm+AmUtiMhQ4UMv:/4c+F9Sh |
MD5: | D1ABFE76FE91000996B13251BA985482 |
SHA1: | DCE46047E0CB3853650111622778238F8A3C1644 |
SHA-256: | 9CF00181781D3700D314587ED4F342176F739289EC0C0F03CCC8A74D93ED0210 |
SHA-512: | B456AC697CF89D245D0E7D747B8C8CD6CACA22E8B94E3F8CB63213E2FACF7413DA588A4128C6F0EFEDE827D39F1BAF77F19153E4FF161F6A53D715ADAEAA022F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445437511138103 |
Encrypted: | false |
SSDEEP: | 384:yezci5tFiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rus3OazzU89UTTgUL |
MD5: | ABBF82400C048B9CDAF485E274E02E79 |
SHA1: | 47A774D059B3FD51322B475ED93E25FE26957414 |
SHA-256: | 7F72EB6842B3284AEC34593CD3B0AAB5159BC5EAFDC7CB2A7FE44A1AA6E459E3 |
SHA-512: | C842A466889A4F588822106671DEF3B5179E8E82658697E2A7183460499A7F7F8C33DAF3AD5CB884A983CE143425942D19FC3E8D556B659577E90392AF0838F2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7780639918019 |
Encrypted: | false |
SSDEEP: | 48:7MBp/E2ioyVhioy9oWoy1Cwoy1NKOioy1noy1AYoy1Wioy1hioybioy1oy1noy1x:7upjuhFEXKQQLb9IVXEBodRBkN |
MD5: | C78C942C1E0BB4AFE9A66D87FD1C1FDA |
SHA1: | FF5BAD9042D89171D0687A644D921AFEA8C8E55E |
SHA-256: | 3D36E421912F42ABCA88894FEA74E067C5BEE26D03CAE7994646CA1CFB37679B |
SHA-512: | 6F343ACE083A2ED73DB2194B8C94BD599A37AED324DE68B749EDC4CB6E41ABA2B5A7DEC7299A04EDC6AAD0544B1099B17981B4E88F36482C28DEA39D127ACCBD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.381994271227511 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvXX6qVJ2kVoZcg1vRcR0YcKDoAvJM3g98kUwPeUkwRe9:YvXKXPXDJEZc0vpGMbLUkee9 |
MD5: | 624F98FBBA2AC0BF44A0C28DC39BD376 |
SHA1: | B2A3AF52F6DB457D108096F32533277CE0D49E64 |
SHA-256: | B4913F0FF67CBC37DAD4209B163F7A917CC4D22326D326CFE8518AB6FAC6901E |
SHA-512: | 045C6FBC8DCDA5566FEC8D4CDADDFF925CD0900E51C150A0CC49D82AEED538B38B3CF5432F33A6128766DD99EFADCBF8EEA01E547EFF9FDC524BA0D95488AD60 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.330360758467838 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvXX6qVJ2kVoZcg1vRcR0YcKDoAvJfBoTfXpnrPeUkwRe9:YvXKXPXDJEZc0vpGWTfXcUkee9 |
MD5: | 46436D003E340A7F77A513D0FA720BD9 |
SHA1: | 205F1DCEEA86892C9B9C89056F632732DD6EF5A0 |
SHA-256: | A643D95B4BBFED2AE01AED782B11B812D6B743026D40E21F4AB125F34C844688 |
SHA-512: | 85CC60554EF56F6CD39862962BECB80ED7E3660F2E7EAA2E0F90921390B01BFBCB3910B4442B4A94D95FAFC0B493DAB4288F05C2377D7FFCF4D291969F123315 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.309628552382508 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvXX6qVJ2kVoZcg1vRcR0YcKDoAvJfBD2G6UpnrPeUkwRe9:YvXKXPXDJEZc0vpGR22cUkee9 |
MD5: | 3F68B6E7548787D7C84AB99B8F43D2D8 |
SHA1: | F4E4FFAF6F1F5EAF3468D472C4CDF4F8A4552052 |
SHA-256: | 1143A719E21F76FF2B39CA294A3E2CCD681E14FD7A089FBBFFC4B3ACCD4AE58B |
SHA-512: | BC925CCEC5DC104B90568DF9CA665A177B36D220D247CA16C0D1B9B2A947C12D12DEE3F8294FE223BC6B40DD00FEC5D86EE20981548FF2CAEF4F9A8661F7D102 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.369658492682682 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvXX6qVJ2kVoZcg1vRcR0YcKDoAvJfPmwrPeUkwRe9:YvXKXPXDJEZc0vpGH56Ukee9 |
MD5: | 4C92C528BC417037A9D443DCA2F7F99C |
SHA1: | 5E42F40D3119F0D61A5E3EA506D4E241C931F007 |
SHA-256: | F8D38A2262557412D519B16282412AF77969968C9437C44EBDBB818C3E66B532 |
SHA-512: | FFC273D6A8BD234C5615F7F1AC7F2796675C95B7CEB1ADABD1B182A1EE0972550A3410CDF5FDCBAB3DD58AB3AF385E6EE629E7AAA92A69BA24C778171CFBA6F7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.326504732675051 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvXX6qVJ2kVoZcg1vRcR0YcKDoAvJfJWCtMdPeUkwRe9:YvXKXPXDJEZc0vpGBS8Ukee9 |
MD5: | C79FE319B7520600CC08051187DED34C |
SHA1: | 57DFCC3577C94CBB0E8A382B32447C1E6D43B61B |
SHA-256: | 5701CE632EC75CF4C027FE65FB13738180F1D185B1FA6336E70E462769B0A7C2 |
SHA-512: | 214B72D46491ABBCC0A49714096FF57CFB929C5B8A4B78C77D7639CD5F1A171CF6E55FF2EEA919981F3CC40BC57E567D05E17774DCDD97C310E7EF13C9A91A96 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.314340001684625 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvXX6qVJ2kVoZcg1vRcR0YcKDoAvJf8dPeUkwRe9:YvXKXPXDJEZc0vpGU8Ukee9 |
MD5: | 7E60521FC7384390A537B477507C4F09 |
SHA1: | E71AE8733A592CB49809732F07A0EB80AAC1463C |
SHA-256: | 853FE341100010B559763E17A479702AB71EDA781D643F07C6B0470AF0913C42 |
SHA-512: | 6E42161A5750325D1F5DD21D6BA4E48565D504D283FA15DDCFA9DD2F611EB5B4650118B13416A70679D075DC6F472342C7CFFB1813E3F676BB77D0894B3D9466 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.317509684414446 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvXX6qVJ2kVoZcg1vRcR0YcKDoAvJfQ1rPeUkwRe9:YvXKXPXDJEZc0vpGY16Ukee9 |
MD5: | 12E5B72762E79A80673E9AFB5F871611 |
SHA1: | C882C299315EBCBF753BB23D07B733C6A7B4CDEA |
SHA-256: | 0A58A63616E2F2F66C84BAFDBE3975488A54098B83206D555E3F14D78E84B778 |
SHA-512: | 497029B607FC94C45F493C1DB3884F2FA50FD59492F1AC9210B4717D2393F431C20E88335DD9B066B9E800E400CF2DA4EBD2E6E945AD954959EC4E0A33AAAE7B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.322307148577917 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvXX6qVJ2kVoZcg1vRcR0YcKDoAvJfFldPeUkwRe9:YvXKXPXDJEZc0vpGz8Ukee9 |
MD5: | 5E602696D1F8AE3E3F1DB4D34F65128D |
SHA1: | 640950EB24E046DA30673CF1C07F2C62ECE8D11A |
SHA-256: | ABC3AB3A4763DBC6B445CB7AB6515A8E3A8667A695CDB66B5372794C247061F3 |
SHA-512: | 4E91D44C9E5BBCE67FBDF13CDF9226EB243ACAB6EAA95B15B180A8F717CBD3B97E0150EFA721DCC1E9E6BFA9D8CB89D6ECCBF73E3E57A2982585A5B3BB1C8ED2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.737355450344001 |
Encrypted: | false |
SSDEEP: | 24:Yv6XP1EzvVKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNY:YvlNEgigrNt0wSJn+ns8cvFJq |
MD5: | 72C5778A3EE2E9B1037BD288746946AC |
SHA1: | 04A3323BD0CBF032D62C76B4923C3170664C2D1D |
SHA-256: | 0EC4FBFDFD29A10F0A07828363E14C87D5C91AC04327FC6F51CAC4B449E9443C |
SHA-512: | E0D20ABB09FA3B449ADA29C7D82C0B60CA1C7E9B38C3645F1458A195952F16B67E34B887E55DEE93622B26A3B461DD960AF21E8B2B523AAA81ED7D89AE8FB3F4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.31985316724706 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvXX6qVJ2kVoZcg1vRcR0YcKDoAvJfYdPeUkwRe9:YvXKXPXDJEZc0vpGg8Ukee9 |
MD5: | AA180A8D6FED6F204D8662076C6F19C2 |
SHA1: | 2EB699C1F1C5E47E57FA1F7CDFC639F78FFD337F |
SHA-256: | 0CEE29741308BF93496B5E5736103AC08D8D7C7716106C5C25E7074DA48E25C4 |
SHA-512: | D4160FE0F2481DBE9FB4CC8DAD25EBC59F549F28AFD7C0B418D9270913A5F9EA5802220709F6E704FE15F789502D6E8524F0147CB6AB1E5A2ABD4A4BF3A90BBE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.776047345171912 |
Encrypted: | false |
SSDEEP: | 24:Yv6XP1EzvIrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNA:YvlQHgDv3W2aYQfgB5OUupHrQ9FJO |
MD5: | F481B904825C7B1471BC88658FA52A66 |
SHA1: | 32E074628A2E78C111D890A1C85F2FECEF6CD2D7 |
SHA-256: | D74E0CD72131A9C9EE04FF9AD4D29AF547E40C05A96B96583B0261F28A23707F |
SHA-512: | 3C4179942CCA527D287E410826A0F1E61686D283C36E33F59188580CBD080ABB04266BFDD1DB4C3FA1B5E8EF728122953A7D8A2428199D754800DC16F1792759 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.303263817036064 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvXX6qVJ2kVoZcg1vRcR0YcKDoAvJfbPtdPeUkwRe9:YvXKXPXDJEZc0vpGDV8Ukee9 |
MD5: | B85559386DE3ECC36F72D1D0D9509F0C |
SHA1: | 0F4B95EC2CFBC50C2B9598F1B5B768326D300E19 |
SHA-256: | 0229C613FC3F067BE538FB476D1199DC0027AFA00C99F9E7D8A5E9D545EB4A4D |
SHA-512: | BCCAE001BEFF36882EC43818BF188231CB134D1F279190CF26B15EF30F240716C4BEC60CA702E289C618DBC6A1D8C26544D05251301927AA0040EE6E5F453801 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.307875686543596 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvXX6qVJ2kVoZcg1vRcR0YcKDoAvJf21rPeUkwRe9:YvXKXPXDJEZc0vpG+16Ukee9 |
MD5: | 62742153610E3E1098EB630FF53DC997 |
SHA1: | 8D243F11368E940CD50C6A170D8C854C2749AA51 |
SHA-256: | A13665A9284EEAE3CF05DE9FEDF6D466E5290FD7383B8F0CD9003EA259DBCA61 |
SHA-512: | 7F0AEBFC6A8826EE2343F7A6DE0498ED6A046BD122844B277DC3E566E77849298BBD360D21B7F577AF131CA5D5AE98BDB9E213239C6F7BE7FDC814B36DEE44DB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.326965773530331 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvXX6qVJ2kVoZcg1vRcR0YcKDoAvJfbpatdPeUkwRe9:YvXKXPXDJEZc0vpGVat8Ukee9 |
MD5: | C32C3A0F3E5E5D4E80043D6924F48E2E |
SHA1: | F93A09D7BB46B5310D9D7601D27F90B65447F9AB |
SHA-256: | 2B58FCB35D260B8FD59829E12D24BAFC48549F9E5B8EBD9ACA479C06AA9D995A |
SHA-512: | CC6CD26FD04D338C8468147D4FCF38B6577470AD1D4CBB307B38F0698BA496A5286ECE0CB467446DBB7644355B73AACDC1303753FBAB72CDEB8A8BC4408470C8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.283337034119198 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXvXX6qVJ2kVoZcg1vRcR0YcKDoAvJfshHHrPeUkwRe9:YvXKXPXDJEZc0vpGUUUkee9 |
MD5: | D8BBC500BD13CEC764BC3E400DD58EFC |
SHA1: | 5AF21FE154ACFF8A64D4F58294B4E1F4F2BB4F18 |
SHA-256: | 3A5F3663B3643A32B2AEF65C6E68AD6B5A086040767DF591DAF9F73A32BB28CC |
SHA-512: | 7C58C78395D047A3E03D008AAA5083AA62FC96003741D9108B4A6F84A4C5922DAE97D0E6CF24B8305943D54252DF3FBA26A4D82B29A8DCA87F3841AC7A205632 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.370837600591791 |
Encrypted: | false |
SSDEEP: | 12:YvXKXPXDJEZc0vpGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWvX0n:Yv6XP1EzvF168CgEXX5kcIfANhd |
MD5: | 0E612EB26DA6778F82EA8BC3059363C5 |
SHA1: | E8BD6D16569A9626B83857B414609444530FFD9A |
SHA-256: | 5DC78B10E6507DC4E9A51AA60B9D01D730E256F66EA408DF81EE6BA3121E7421 |
SHA-512: | D3761396C7407ADBF1913F38B950234431D62594E81227D3AB36B17D7C495731A223744C750272DB7321CEA3655DAF3088A2BCA9A6292240D4964C9AF53576F0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.117244053082682 |
Encrypted: | false |
SSDEEP: | 24:YA4hCIrcc6zIZLmwzkkqa/aylYOGmsCGjmuej0S2hZ0y2H1D2LSAJtF5Qh9RQgBD:YAIVcr0ZSwzkJvmp+c1DafFWh9+g1 |
MD5: | 7DC576F6EC583B8D18D674F1DC2282AD |
SHA1: | 5EBE584EF319CBEAA160BD91EB1A6C5185DFE4A5 |
SHA-256: | 36D1F24C73FEEE9F1F617D172CB19ED247508544BBF208B97E561200D3CC4945 |
SHA-512: | 79D104C1A668C0A65791F8ECEDA4B1CA93FE00BE743060A1E056CD2110EB94DFB47642411BCE2A2EBBE0505CB7859FFC3747B09B4748826390814B58FCF6C6E3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.188737649964641 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUU1SvR9H9vxFGiDIAEkGVvp1:lNVmswUUUUUUUU1+FGSItB |
MD5: | 1C77259BE59FD3C7D96CBEFE10F9A889 |
SHA1: | D258675424965E5A0F9A50D0C7FBDEB8EDDCA6FC |
SHA-256: | CAF9C36168AB70F054D95FF86F7DDE4C228D06A81509896C5F3B54140BA16E79 |
SHA-512: | 4757B618E29FEC1D2ADA10B07AA5F91A47390800C9E522330617B723214FDC9DF52A1389BE3E6F14DF46D2BED7C50171BFDAE3AE71EB815A162E9FB32F1F8524 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6078121682516469 |
Encrypted: | false |
SSDEEP: | 48:7MVKUUUUUUUUUUtvR9H9vxFGiDIAEkGVvdqFl2GL7ms6Y:7DUUUUUUUUUUJFGSItTKVms3 |
MD5: | 1C0BB08927F0C934308D9979D7C4673C |
SHA1: | ECB160949DB4B83DB22EA5CC4EAF1D7DABC3C8B4 |
SHA-256: | 22CF1562542F924AF614E64C2CFF70F41B5AB5EFAD8F5BA62B1AA884184B9DE5 |
SHA-512: | B35042AE6CDDA7BB92F864516B6E53F8B2B8450FF7769CF524870C58705029A5C4E8A21CC35FEA338B4A6C4E4FA0E4DBE5BE1E178D8785B06E950D32F92A41CB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.534010397435022 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8mdWarNvH:Qw946cPbiOxDlbYnuRKvdNP |
MD5: | C7A9E0624979E8B00872CB14602362DA |
SHA1: | C88EDD9132FC07D2EC8DF4816624EC092A8D3205 |
SHA-256: | CC70C32B8B5494B3D1D5C95DD3E26B4D336E227DF38D1E8AD6ED1464C2156E09 |
SHA-512: | 7821941777FB33C31E1864DB067AAF5D14901C7A938C7F638EAF776B05E78900FF581F812ECE3A8FD96906F30C04CCDD4968102B68820C379F7F05B584C6CC9F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.045928808367464 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROODegUwQegU0TCSyAAO:IngVMre9T0HQIDmy9g06JXzezwQezulX |
MD5: | 7930BDD4128E5F768FD6972F35625ACD |
SHA1: | 42F12EF2DA4CEDC4AECF26999406EA6660CE3691 |
SHA-256: | 6D52271F8DFDE01F7BB23563880E8A42929DB0B6795828A7AF2CDC2C8940166C |
SHA-512: | B5CC6D92DD0E920E31C1D5B68BE028CEF514836DF1949E7CEC40A05D0613837A8043C1157349D936CA50392EA660C6D363AEBC896F0E6C9779FD9E5E5FDB1D92 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 16-37-46-445.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.363018120773752 |
Encrypted: | false |
SSDEEP: | 384:ayGbuKPWj8x0uNeX9aLzAvildUuqGep124bJhLKn/H98/9AKTIgafxot/9zWtNFx:KXF |
MD5: | A772FD932EA0A39640777ABCE26C6110 |
SHA1: | 46629EDD180DEEDAAAB044313DEA6547C336B550 |
SHA-256: | DB143B875768DCDF11D04E86DCBC3C7B11979DC9E7DE5041AE2F41EA16872243 |
SHA-512: | A3BCC833399A3391BF8ECBF113695B4C558FDADA420E7071A2BE9592E0CAD6C74110696CBAFAA15436042F09F215ECE6F81801180576C0895472FE53420EB9A7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.396354792475079 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rY:8MiPHB99OUeK5 |
MD5: | AC7584745497249FBECA31F6FFC1B94B |
SHA1: | BE30100924A761EFDC07FA5F8311BCEA08CEF8EE |
SHA-256: | AD419F8B90BA3E82326285E10A79DA59F93965841220E2970337CF0D9D4F08CA |
SHA-512: | 0695ADF14338BB1F4B6575301DF267918A563DD4DDCDCA2E8BE67148F32DB34486EC66826671F8454E69C452B39D1AF02218574F9122E5E6262CE61EDBF8744F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.78846854292164 |
TrID: |
|
File name: | 986645_FACTURE NO. 77B10.pdf |
File size: | 47'989 bytes |
MD5: | 0056e1be2a13804d722569b668fd7095 |
SHA1: | df0ee7e6dd3138bc99d0efa7e74f9f039c192937 |
SHA256: | 3c9c3f943d3435091789ea7f0fbf19d274e165d77af8d1a320c63213b21ce65a |
SHA512: | 0ccf5b100c7e68b9f0b89ed430978e8196d175571cb1769fb6f43d4e9b04fc2e5f6890e576224bd3316660af46e0418dd53273af16d28f7075bc36d758813ba8 |
SSDEEP: | 768:ykIqUNXjpPICM64r2SI0HvGVmRMyG5S/4+YsQUTZiDl5jC1kFsl2MJHndmNjHtYp:5KI/6HBCjYsNT0vD2l2MdnoNbSMZGXpz |
TLSH: | 5623CFA8DE92ACDCE955E5C78F0C2856636DF22774C998403C6D8DDB0B90FD6E42F206 |
File Content Preview: | %PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /Metadata 25 0 R/ViewerPreferences 26 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.788469 |
Total Bytes: | 47989 |
Stream Entropy: | 7.871461 |
Stream Bytes: | 42740 |
Entropy outside Streams: | 5.201320 |
Bytes outside Streams: | 5249 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 27 |
endobj | 27 |
stream | 5 |
endstream | 5 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 16:37:57.275229931 CEST | 49741 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 26, 2024 16:37:57.275343895 CEST | 443 | 49741 | 104.94.108.142 | 192.168.2.4 |
Apr 26, 2024 16:37:57.275429010 CEST | 49741 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 26, 2024 16:37:57.279383898 CEST | 49741 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 26, 2024 16:37:57.279423952 CEST | 443 | 49741 | 104.94.108.142 | 192.168.2.4 |
Apr 26, 2024 16:37:57.659846067 CEST | 443 | 49741 | 104.94.108.142 | 192.168.2.4 |
Apr 26, 2024 16:37:57.660167933 CEST | 49741 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 26, 2024 16:37:57.660233021 CEST | 443 | 49741 | 104.94.108.142 | 192.168.2.4 |
Apr 26, 2024 16:37:57.661125898 CEST | 443 | 49741 | 104.94.108.142 | 192.168.2.4 |
Apr 26, 2024 16:37:57.661199093 CEST | 49741 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 26, 2024 16:37:57.663650036 CEST | 49741 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 26, 2024 16:37:57.663714886 CEST | 443 | 49741 | 104.94.108.142 | 192.168.2.4 |
Apr 26, 2024 16:37:57.663875103 CEST | 49741 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 26, 2024 16:37:57.663893938 CEST | 443 | 49741 | 104.94.108.142 | 192.168.2.4 |
Apr 26, 2024 16:37:57.709481955 CEST | 49741 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 26, 2024 16:37:57.800926924 CEST | 443 | 49741 | 104.94.108.142 | 192.168.2.4 |
Apr 26, 2024 16:37:57.801035881 CEST | 443 | 49741 | 104.94.108.142 | 192.168.2.4 |
Apr 26, 2024 16:37:57.801086903 CEST | 49741 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 26, 2024 16:37:57.801460981 CEST | 49741 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 26, 2024 16:37:57.801476955 CEST | 443 | 49741 | 104.94.108.142 | 192.168.2.4 |
Apr 26, 2024 16:37:57.801489115 CEST | 49741 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 26, 2024 16:37:57.801516056 CEST | 49741 | 443 | 192.168.2.4 | 104.94.108.142 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49741 | 104.94.108.142 | 443 | 7284 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 14:37:57 UTC | 475 | OUT | |
2024-04-26 14:37:57 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 16:37:42 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 16:37:43 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 16:37:43 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |