Windows
Analysis Report
BRWCC6B1E080BAC_007512.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7404 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\B RWCC6B1E08 0BAC_00751 2.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7588 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7788 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 32 --field -trial-han dle=1592,i ,204904306 4737998012 ,732168443 6256655777 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
173.222.196.143 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1438583 |
Start date and time: | 2024-05-08 21:33:21 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | BRWCC6B1E080BAC_007512.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@14/43@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.192.208.138, 34.193.227.236, 18.207.85.246, 54.144.73.197, 107.22.247.231, 104.98.118.169, 162.159.61.3, 172.64.41.3
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: BRWCC6B1E080BAC_007512.pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
173.222.196.143 | Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | DarkGate, MailPassView | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PrivateLoader, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PrivateLoader, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos, PrivateLoader, PureLog Stealer | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Vidar | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.204738534511756 |
Encrypted: | false |
SSDEEP: | 6:DDyq2Pwkn2nKuAl9OmbnIFUt86jg11Zmw+6jgjRkwOwkn2nKuAl9OmbjLJ:DuvYfHAahFUt86e1/+6Q5JfHAaSJ |
MD5: | C689ADF85005FCB218D664FCF33BB223 |
SHA1: | 2094D99E55092A200E5BCCD1F6E7D97AE6E4E551 |
SHA-256: | E9F63111295A094221B4A4A132E9D54047A573A9FD3537DE487BCFFCA72A3F3C |
SHA-512: | 6E636A9909A0B2757B87C9874368147B8759A8697E769DFD7F5BAC77BADF066392C9B8B213C9A53213FD15EE6C6171781C5700008EB43E9ED2677D0D03BEA1CA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.204738534511756 |
Encrypted: | false |
SSDEEP: | 6:DDyq2Pwkn2nKuAl9OmbnIFUt86jg11Zmw+6jgjRkwOwkn2nKuAl9OmbjLJ:DuvYfHAahFUt86e1/+6Q5JfHAaSJ |
MD5: | C689ADF85005FCB218D664FCF33BB223 |
SHA1: | 2094D99E55092A200E5BCCD1F6E7D97AE6E4E551 |
SHA-256: | E9F63111295A094221B4A4A132E9D54047A573A9FD3537DE487BCFFCA72A3F3C |
SHA-512: | 6E636A9909A0B2757B87C9874368147B8759A8697E769DFD7F5BAC77BADF066392C9B8B213C9A53213FD15EE6C6171781C5700008EB43E9ED2677D0D03BEA1CA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.188706520398469 |
Encrypted: | false |
SSDEEP: | 6:D2oZlyq2Pwkn2nKuAl9Ombzo2jMGIFUt862iVFz1Zmw+62iVFlRkwOwkn2nKuAlx:DHIvYfHAa8uFUt8671/+6r5JfHAa8RJ |
MD5: | AFBF6FE3EFCC2178B437FE0FDDE8702C |
SHA1: | CF13F7B0A4C638B1A1324875D3ABBDEF8AF53A8C |
SHA-256: | 63A64D23A2699B36735FA33EB703562DF827D90D3ABBB7558876E62AD7EEA28E |
SHA-512: | 314854F06040EA29891BC88EF72720109D61E1DECAF79B7F82139E1790444F656110120604D3BEB4897F5AE8CEF8DE8B85CE1B9F863B6E46294293142E9CF42A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.188706520398469 |
Encrypted: | false |
SSDEEP: | 6:D2oZlyq2Pwkn2nKuAl9Ombzo2jMGIFUt862iVFz1Zmw+62iVFlRkwOwkn2nKuAlx:DHIvYfHAa8uFUt8671/+6r5JfHAa8RJ |
MD5: | AFBF6FE3EFCC2178B437FE0FDDE8702C |
SHA1: | CF13F7B0A4C638B1A1324875D3ABBDEF8AF53A8C |
SHA-256: | 63A64D23A2699B36735FA33EB703562DF827D90D3ABBB7558876E62AD7EEA28E |
SHA-512: | 314854F06040EA29891BC88EF72720109D61E1DECAF79B7F82139E1790444F656110120604D3BEB4897F5AE8CEF8DE8B85CE1B9F863B6E46294293142E9CF42A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.954820884383589 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZcvEsBdOg2HScaq3QYiubInP7E4T3y:Y2sRdsLdMH93QYhbG7nby |
MD5: | 08A8D0459047150B01AFA5D7A5E62F43 |
SHA1: | D98E3A5AF837EE65DA4AA30204A97E148B5366E8 |
SHA-256: | 6AE35727737CC7F65579160D2835C70ABEF337331194AED5F0C708D073E973D0 |
SHA-512: | 80F554A3F5989DAE77EA3973D8989D12FD3F3067BF86F3BD89077CDD7E794B78A68E915D60FAE61E92DA472CDE8AB0F9EE2DD5C8F1A3CA26723DE7420E3052BD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bebbf874-cc97-4a73-ac7f-328907a68fc6.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.954820884383589 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZcvEsBdOg2HScaq3QYiubInP7E4T3y:Y2sRdsLdMH93QYhbG7nby |
MD5: | 08A8D0459047150B01AFA5D7A5E62F43 |
SHA1: | D98E3A5AF837EE65DA4AA30204A97E148B5366E8 |
SHA-256: | 6AE35727737CC7F65579160D2835C70ABEF337331194AED5F0C708D073E973D0 |
SHA-512: | 80F554A3F5989DAE77EA3973D8989D12FD3F3067BF86F3BD89077CDD7E794B78A68E915D60FAE61E92DA472CDE8AB0F9EE2DD5C8F1A3CA26723DE7420E3052BD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.257640894376322 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7Cbi4BfNAbRR44GZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gok |
MD5: | EDB7D7F5CDDE65F2ACC63037DFD5BA20 |
SHA1: | 362DD387575A9D3CB9519C8C3B2E1826DB61EC12 |
SHA-256: | 4B3243BD35F06440CA0D7DBE9386E0D1647D0F363305816D4C383B9593C6F87A |
SHA-512: | D6EE0028FD00E5F1CBB04109CD472F4ED737055DFC11892F39E7D9DBF0348F32EBA349C05C74B9092ADBC5872182ADBB2CA05B2069D65D96130DC78DB02E7EEB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.156052175886799 |
Encrypted: | false |
SSDEEP: | 6:D6/yq2Pwkn2nKuAl9OmbzNMxIFUt86SW1Zmw+6URVFlRkwOwkn2nKuAl9OmbzNMT:D6qvYfHAa8jFUt86SW1/+6w5JfHAa84J |
MD5: | C3CC1F11180927288810FC8A022EBD87 |
SHA1: | 053E0160AFCE1BFCFDF6E06F44686D57E5812505 |
SHA-256: | A543F02C5551C65AAF3FBBB64AF70452E658C3F7AE2CC0262C59D3FB0E2B121F |
SHA-512: | E47F5C1D80BBE94D502D36A7EA498E619FF7F5620D01E83B9B93E4117440BF2904974B34A6E74E9C9353EE265F6FE821063CC8762F506E73CE1E18F1678077A7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.156052175886799 |
Encrypted: | false |
SSDEEP: | 6:D6/yq2Pwkn2nKuAl9OmbzNMxIFUt86SW1Zmw+6URVFlRkwOwkn2nKuAl9OmbzNMT:D6qvYfHAa8jFUt86SW1/+6w5JfHAa84J |
MD5: | C3CC1F11180927288810FC8A022EBD87 |
SHA1: | 053E0160AFCE1BFCFDF6E06F44686D57E5812505 |
SHA-256: | A543F02C5551C65AAF3FBBB64AF70452E658C3F7AE2CC0262C59D3FB0E2B121F |
SHA-512: | E47F5C1D80BBE94D502D36A7EA498E619FF7F5620D01E83B9B93E4117440BF2904974B34A6E74E9C9353EE265F6FE821063CC8762F506E73CE1E18F1678077A7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240508193410Z-152.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.3462168918357618 |
Encrypted: | false |
SSDEEP: | 768:sr9gTVrtBgX4U695K5xVQCpSM3IlT699L:sr9gTVJBC4U695K5xVQCpSM3Ix699L |
MD5: | 42679C44BC3E24D9F0FD5A2E12B48DE8 |
SHA1: | 89F5B5268CBAA55348D5D383589D710EA80C258B |
SHA-256: | 89BFA96829A2B12B594DB1FAD3189CA01B246C93EB0A418F1004E5041FA37A64 |
SHA-512: | 7CA0E0638E23EB027C02FCDA5A75806513822E435FD01C1ECE3F2016608F89F65DA921B8267D2BE5AEB7365617B38D4A4FAB50D0AEFBA4E66BA2F4852F2DC52F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445288544920547 |
Encrypted: | false |
SSDEEP: | 384:yezci5tIiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rvs3OazzU89UTTgUL |
MD5: | 35D67C70035F0FD15B4F407A01E3F29C |
SHA1: | 64447ED1E0D5E7B3561DF7AF1635D73669696EA9 |
SHA-256: | 7A5F36C0D4989CB9E8F66E29CFEE0637331C7EA9CDDBDDE1AB4FB1E01F5D32A2 |
SHA-512: | 7968BE0E4CD57D2120A8FCA47B472D7806BB47A3F1066C9A95F93B13A74AB4696053EA4718E05189007D78B77FF8B5445EA8D2B73EBECD8BEE43752795EAB624 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7716193661416773 |
Encrypted: | false |
SSDEEP: | 48:7Mfp/E2ioyVuioy9oWoy1Cwoy1uKOioy1noy1AYoy1Wioy1hioybioykoy1noy15:7opjuuFdXKQBRb9IVXEBodRBkP |
MD5: | A02E60D97F10ECCBD047B0B3E8E1381A |
SHA1: | 0E618218D3921FEC8C9DAE4267A8212866CE9251 |
SHA-256: | 36417AABDB16B4E960B031A5FC3477C28E5E59F31ADD436F19922E2F81A93C07 |
SHA-512: | 5DFEAB20E2A60325119106D60BADABFE924930320B632F0539C7F2CDA03DC8E7A6678FB809137E7F8F2D6C5F27BA1CEB9B106CCC4AE4BFC27D0BC158B16D9857 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.371044053237623 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJM3g98kUwPeUkwRe9:YvXKXadsZc0v/GMbLUkee9 |
MD5: | 38A53DB394E2358F79691523E1BB2B7D |
SHA1: | 2D50472286918B3712F2CD21CDC1EB84A5BCDECE |
SHA-256: | 190695E6F7F64985A9102E9CE043D7BBBFB76BF7AA32B850E91DC5B34B5815F0 |
SHA-512: | 5D8A627F22E9C2B9CF987FF9C0D85EFC393EADC426C970C11768C183DA64DAB8732E9367B198E9A151A36452679003F81ED0C802DA87A75C8520A1F45DBDB9E9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.320618976783587 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfBoTfXpnrPeUkwRe9:YvXKXadsZc0v/GWTfXcUkee9 |
MD5: | EFB77A61FE0949534D131298F5AD7C15 |
SHA1: | D240E2C5E9ADC9FBD046979208D58163862196E9 |
SHA-256: | 311FFBE74DA9FA4D4B7F914D74087E5BE362C8906B09CAA86109CCA3D9EC2E72 |
SHA-512: | 8E14B0468C7BC9008A55770D11FF06B2EC810E831318813659545FBE79375E09095CBF5D61E16856612319507532B896B05870D62275D0D4D1825EAE6C974AA2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2987578915288545 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfBD2G6UpnrPeUkwRe9:YvXKXadsZc0v/GR22cUkee9 |
MD5: | 7519A63C81B4DD4802A310DFE2F6276D |
SHA1: | A6429EC76723E11DF87B593323498335F3E81B6D |
SHA-256: | A28A16584F1CD57AEEED04A0557F438F21EDA7AD9991FFA1F316283ED5B08847 |
SHA-512: | 790E95DC767EA503FB9525EF79DCCA511FFDA42B587FC886DAC5624AC153A2D59D5C361C55ED44F0914793C3871E605861C3F45EA3CD3C524261DD4F4475D389 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.358324056517709 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfPmwrPeUkwRe9:YvXKXadsZc0v/GH56Ukee9 |
MD5: | 75479B52AD55DD8440513723CCEF332C |
SHA1: | 9210F3000151E3F4C17FBD3136640B25AB2A0706 |
SHA-256: | 95B785C067BE260A6291136CE0414D2FE271628752F183D42E4E33B12DBB48DC |
SHA-512: | 20C9C09BBE85322A19F685005692E5D4F92D13AAAF1A2AA05CFA0E46992FDA4D67FF90D13F3B19DEE8C13A74DE5DEAB7FE60DC20A47C4B72BF886E87632A424A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.318889288939371 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfJWCtMdPeUkwRe9:YvXKXadsZc0v/GBS8Ukee9 |
MD5: | E2846EBDD64B32DD6DAD59010646A4D9 |
SHA1: | 807DA5E2192054ED0DA2D04A1B2742BC0B1306C7 |
SHA-256: | F49F462CCE2D185FB3208A32B4875164F51FAE88D938805099CBD5C4546A9783 |
SHA-512: | 0967674C0E1A31601A17AB650A4EFA79E49A8CBEE2A0CF7ECA4BBCB5DCD5219A8BC0270D5290B1E0EF43244FAD34AD1148466A7F1B1F1A24A5886A1BA44F57BA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3054135420191235 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJf8dPeUkwRe9:YvXKXadsZc0v/GU8Ukee9 |
MD5: | CB9D35A56F200E4B81F453F7804D1107 |
SHA1: | 9C6E2C62FE468BD369C6D29EE0B43BE206C0366E |
SHA-256: | 7EC5DFA07F541E7729527F25A5F6646E68A411165E8441F40E5B003B44EC6C43 |
SHA-512: | 479A7AD5EA2F3F26DB9EC6B02295663A1CAA70EE10A15BC826EC82DD30FA37CDB1B5B57E8F3E52F6E5ACDB26E11D4900C636A6377C8B88DFCF9DE92B9C6F656C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.30894956167962 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfQ1rPeUkwRe9:YvXKXadsZc0v/GY16Ukee9 |
MD5: | 3439D0CA1D98F9F79C239BF1CD3D3BDB |
SHA1: | C38C6EB54797773A3C472E9F9A3ABA5102F1AA9E |
SHA-256: | 3A57285A9C266DC0E635AAC413631038C284BAF6E9B9946AC4BD13D572F536CA |
SHA-512: | 51246BDBE7ACC1D57948F75701424CF76E918B6CA73F23E2EB10E234C9CB30796F8BCA90AC38BA198C8BD26BEF7BC762EEFA3A4B50F463DD6BF686B2DB0D383B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.316176243387815 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfFldPeUkwRe9:YvXKXadsZc0v/Gz8Ukee9 |
MD5: | E037BC3C10DC99C68B400C6C33FFB327 |
SHA1: | 190ED28BC27C64AA755D50C99B03E6566FA34620 |
SHA-256: | 15A00D8D5D5FFF66AC8DE8FAFD1C7D8408DB59CC6B1E08289E6DACE7E419010C |
SHA-512: | 13A3458DD6287794C03C9DB05471104BA55047AD45B300409587250DAEC64CB4C734F8F7B622AC4D5379E840EBC257FA03C894A1E510D20CA0A6ADFD1D7975A2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.741648739035263 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xa+zvHKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN0Y:YvUfEgigrNt0wSJn+ns8cvFJH |
MD5: | E86B49767CFDA7F6C23B480A529EF353 |
SHA1: | 0C8AD0B85522A972167FCC7CA7498127EE6C21BC |
SHA-256: | AD1D939EC8E95F61D7A12C6C8B61F40C43DC688F5BF68C895D3D84BBDE5CA584 |
SHA-512: | 0AAC788073DB0ECCB2C8F3D0A3D3907DFAF6F90F1676C2E7E3D40E3773D2ECC912CA41EBA9E7D47EFED157E084DCD664F05710256017A498F6E2853B45FB9E6A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.312158670462221 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfYdPeUkwRe9:YvXKXadsZc0v/Gg8Ukee9 |
MD5: | AF2C187E4DFEDC3B607CAD5584AF01A0 |
SHA1: | 7CC4371DCD231A75892EC23C7A43C885527AC8ED |
SHA-256: | 1828C7520944829DF1CAD46D595BFFF6E7586C9AADECDF276EBF768ABC6DEAA2 |
SHA-512: | 4EC5EF7097BFD20EDE0898368CBBDE88616683D5A5E267E5B20DAC7D554762ED2FECEB0A0B8D136186F44B99AE793F85EA2D74EB0729F73F55A0B952AB213924 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.7794005954212535 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xa+zvarLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNsY:YvUiHgDv3W2aYQfgB5OUupHrQ9FJL |
MD5: | 8EE187BFCD358BE4576AE9B1EAC37D0C |
SHA1: | 332AB2D7EF0D0BE11F87CBBAFEC3FAA953DCB434 |
SHA-256: | 25B9E644792FC3B1C989A3820F534D4CF7454B88BE98FE5F9F81F70ADEA0F7FA |
SHA-512: | 725B01BC59173674EC81CA5F89E9B50AF955314A38005884C6DEE8E744E9C833A561B76CE827247BF2E1A90D7BB149690F87526A30425577E811ED7AE92638CE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.29562220339064 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfbPtdPeUkwRe9:YvXKXadsZc0v/GDV8Ukee9 |
MD5: | C466FC92BAF768822A486F39A446319C |
SHA1: | 459845B60A5D40D7FF0C9FE74872AFF568953DC7 |
SHA-256: | C22AE962DAEB33731CE59994096C8EAD0EEC6060F483DBAEC46F98858067CD61 |
SHA-512: | BEB74FCD707748839726B8688CAC4F728ED22C419037AC5ABFE89CB42C095C814C50B9FA4F56FB7AE44009286AFB1C1C945B06838B8F37ABA0095F92E22AB923 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.300127569572103 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJf21rPeUkwRe9:YvXKXadsZc0v/G+16Ukee9 |
MD5: | D37863DBCD975B081E720EEE6EA852E5 |
SHA1: | 0A2FB08333B69D62E16ECA85FDA8DDBBC8DFD261 |
SHA-256: | 99CECE5C81623DE29364711876A52E91CBFF9479ABECF921891C9DEEC951C87A |
SHA-512: | BCA52CD6EDE85DEDBB47CFC54A0D04EC6E43EB041488ACAE1233FA18782E64CACD17D1A392BCB7B8CB14FA615AC022C759B8F28CB7A95C89F00D97E926EA30FB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.318993799220369 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfbpatdPeUkwRe9:YvXKXadsZc0v/GVat8Ukee9 |
MD5: | F507DB3FDB84D3C86670761E3F67226F |
SHA1: | 3B4B7C051717D62F6863F6B30A5AA97229487670 |
SHA-256: | 105D51062C15F86081460ADA023A260C6356BF350F1A64B7F19276304901340E |
SHA-512: | 209922D26282BCD622B429400D3D0796024506142BD6C97F46EC1E04B9DCA5C9AE01AE4E9370AF1C4114E23EAC11AB5B7E704EA82F88178F8695A7A2BEBAA5B3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.277141818734792 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfshHHrPeUkwRe9:YvXKXadsZc0v/GUUUkee9 |
MD5: | BA8F3726307585193734ED4788A31C96 |
SHA1: | 36B6D3332AF948646DDD8999BC44C13E4BEBCD65 |
SHA-256: | 12FF4FF1C913CD8527868969D4ADE1168E3E3974D8D0B6385E5D9D791B4B8B48 |
SHA-512: | 6585384242783738A8CA0004C17586472039E2E52E23890EED0A27C18644646CAB3759DCCBEC694F0411A6EAFDD63540C747A290C4854FDE9A911D65017696C9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.375179017022997 |
Encrypted: | false |
SSDEEP: | 12:YvXKXadsZc0v/GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWe1Y:Yv6Xa+zvv168CgEXX5kcIfANh7Y |
MD5: | 275F915D2FFB0B90E80BC1D0A3C96EC2 |
SHA1: | 73166431395C55D0CD7C6C265C19D629370DC66B |
SHA-256: | 3099F80DFE5508AD0901327CBF6EDB940DB888B4C08F283CE3C89DF10B7B9F97 |
SHA-512: | C14B6B1AE0796412D5AB211E00128353ADB6FE99B41FF8369DF649B8CBC3CD76565671F0395C72CEC7E8B2C04B5B923C417683D0F4100DD823405FA8B749F4CF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.132188281296859 |
Encrypted: | false |
SSDEEP: | 24:YosJAqCFNV2yBNb2LStEVYYpPzsBaKEhaysDHlKzY3dspUxHX43SjEwUsj0StA2F:YPS/hLAV5pEEmt1XPfU+iSAJj9ON |
MD5: | 5654DE793F21BB91E83B1C22AF509509 |
SHA1: | 90351B890D40180CED2021503EC59D83ADDE445C |
SHA-256: | 41C6A9652C002A837491DE1D9CBBA40C29698767F75B887EF891D89C3271EC94 |
SHA-512: | 119451D381FCE8CE75D6F7B22D12207D862FB8EB2CAF3748CC34C7C415CA3CB3091834E727D6E2CB6920AC09BC75EFDB0454F9E9A99D211E661AB1CB1EA170BB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.188243804139362 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUm5k0OSvR9H9vxFGiDIAEkGVvpS5k0I:lNVmswUUUUUUUUm5k0O+FGSItm5k0I |
MD5: | 37BA80BD5D6010425471F17D28373DEB |
SHA1: | 5FFFB3D080FE9CAA997A5C87471B09823EE255D2 |
SHA-256: | 4E5C7E4622E8A198556D5FB42EEADF5168DD40B37207E995428DBAA9C53FE04A |
SHA-512: | 997B35B5CA95E4D530E7AEC6FCB8DB60C90EB013BDF67A892D3C328482CC38C19448918E632396509679310DFF6961DC82B4A6F98C3FC33547B664CC6DB07256 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.60770568089006 |
Encrypted: | false |
SSDEEP: | 48:7M0KUUUUUUUUUUm5k0cvR9H9vxFGiDIAEkGVvnqFl2GL7msU:7cUUUUUUUUUUm5k0sFGSIthKVmsU |
MD5: | E45A6C20363A2BCADE0CAC1C48E7579E |
SHA1: | B54651230EE871B4D0B91486C2997FDB00478949 |
SHA-256: | 10825D7BE575156002FB08F86E3620B6E13BFEC2F5DF7583278EFCC137A509D9 |
SHA-512: | 51663AC7BDCA8FFAF6B914F81BFF0C6574CDD691779F1B2DBF7B41DFDD7C998A26E5BBC6BC4CDF560F8E6E1738B99B012582157EE999B2DE4EDE7D29DEFC5D86 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5278731006694652 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8eo/24:Qw946cPbiOxDlbYnuRK6 |
MD5: | BCB7EDC7FB25045CB8600CAF0D6A4D15 |
SHA1: | DF92686BCEF50F87FACCFED98DBD0694A6E0F93B |
SHA-256: | C83BBC51AD2BEADA7C6DA4C5E54785AA67720588869E1371FC285E65E608E29B |
SHA-512: | 3BBBE8EC35EF6A7D91CD35E918F5A9BD03A3773F71CB4A6565132D2E98D36E8ABB0E5A1624A029A5E3086BB6095B1C0A0712B42E4A408A425410F481A5C200F0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-08 21-34-08-761.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.374144560796888 |
Encrypted: | false |
SSDEEP: | 384:BcApTfQtMPP68M7gk3etLtoAngcwRdLGNdxj3TWfVXW8XRTmXDXdXwX2pXFXcXFr:KJ9hkyfEy |
MD5: | E44064280230DCB2B2A6A348D3E2641D |
SHA1: | ACAD3E494AE42A657BC18D4A5EE8076401A685BD |
SHA-256: | A398BCA7AF88997C8D7E5CD9637A9443E643C8CEBAFC3C767623A9151C9B2A3B |
SHA-512: | 81FADA7A49364BEE2A55F199FA1969586CE2579CC1D60F206FA18786DDCB77429D3AF012D64C281CF08F10D6EEE7FA57BB1227F598CE661FFFDFFF9F9CA69993 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.390330370378727 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rA:0 |
MD5: | 8BBE6D2F1C8EF2CBCD43CD3C5B9B0E86 |
SHA1: | E209BACE9379C3B60F11AFDFC40D47D87E13A7B5 |
SHA-256: | FB8C54659EEE098925EC2040F4E81179A3F61C8F5858EE136D0B68B4455AE68C |
SHA-512: | 9DEE8837208A00D6617C3BD473492341BA40FAF007A54CEE12C89F07DA642127EAE56DCF8DEF2B74CCA9D90DEA00054A077433EE8B5316043AD65C994FC50B9E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLcGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLcGZtwZGk3mlind9i4ufFXpAXkru |
MD5: | A46246FAEAB95D87F5B4FE236C2B3D3E |
SHA1: | 7F018DB9238A63FEAD8D11A92297E7366058A75A |
SHA-256: | 7E822FECC47177C5A7F4C250E7D53509D104DE68B0D0CE9445877B508400988E |
SHA-512: | 8AAB79958BF39F014FBA7F69287FE0C357746E63FA3482DE3231BDF4A97B964A0815DAF7BFE9751C55BA6BE618E0A964CEB23FC30B4FA9DFEB284F42EBA897BF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.780122266816325 |
TrID: |
|
File name: | BRWCC6B1E080BAC_007512.pdf |
File size: | 116'309 bytes |
MD5: | 48c6eaa0d75d8a998ba92b92c8551a65 |
SHA1: | f62edc755e9d762817340e7a28a5f34c5e7014af |
SHA256: | c29ac9d47e8d316ab8f227e7de8d67eee972d0d403502452f0850e8ee03c6563 |
SHA512: | 99850bb1b80701583bf7f570212a44706384a9867e553baedf6f5a5fc74b10d4408b265eda402e8a48bda4dbad9d1e5744b940376eb98a68eb089b2041271205 |
SSDEEP: | 1536:NboZkxVoX5kaot+SZkO/cFKMxLHp6WCvc2oRFCOpF0:KZknoX5potNSO/cJpV6chF0 |
TLSH: | 0AB3CB178818DF87A068C3E4BF034E6C2F072B1DA9857AEB10524E9F7F606225DCE52D |
File Content Preview: | %PDF-1.4..%@PDF0123456789 1..3 0 obj..<<.. /CreationDate (D:20240508114627-07'00'').. /Creator (Brother Scanner System : MFC-L6700DW series).. /Producer (Brother Scanner System Image Conversion).. /ModDate (D:20240508114627-07'00'')..>>..endob |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 6.780122 |
Total Bytes: | 116309 |
Stream Entropy: | 6.760808 |
Stream Bytes: | 115000 |
Entropy outside Streams: | 4.978987 |
Bytes outside Streams: | 1309 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 9 |
endobj | 9 |
stream | 2 |
endstream | 2 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
4 | 74606776354e0000 | dc933df89a23e4e2f4b4d9b9245a53e5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 8, 2024 21:34:19.306806087 CEST | 49741 | 443 | 192.168.2.4 | 173.222.196.143 |
May 8, 2024 21:34:19.306855917 CEST | 443 | 49741 | 173.222.196.143 | 192.168.2.4 |
May 8, 2024 21:34:19.306927919 CEST | 49741 | 443 | 192.168.2.4 | 173.222.196.143 |
May 8, 2024 21:34:19.307090044 CEST | 49741 | 443 | 192.168.2.4 | 173.222.196.143 |
May 8, 2024 21:34:19.307112932 CEST | 443 | 49741 | 173.222.196.143 | 192.168.2.4 |
May 8, 2024 21:34:19.810194016 CEST | 443 | 49741 | 173.222.196.143 | 192.168.2.4 |
May 8, 2024 21:34:19.810578108 CEST | 49741 | 443 | 192.168.2.4 | 173.222.196.143 |
May 8, 2024 21:34:19.810601950 CEST | 443 | 49741 | 173.222.196.143 | 192.168.2.4 |
May 8, 2024 21:34:19.811476946 CEST | 443 | 49741 | 173.222.196.143 | 192.168.2.4 |
May 8, 2024 21:34:19.811537981 CEST | 49741 | 443 | 192.168.2.4 | 173.222.196.143 |
May 8, 2024 21:34:19.813649893 CEST | 49741 | 443 | 192.168.2.4 | 173.222.196.143 |
May 8, 2024 21:34:19.813714027 CEST | 443 | 49741 | 173.222.196.143 | 192.168.2.4 |
May 8, 2024 21:34:19.814008951 CEST | 49741 | 443 | 192.168.2.4 | 173.222.196.143 |
May 8, 2024 21:34:19.814029932 CEST | 443 | 49741 | 173.222.196.143 | 192.168.2.4 |
May 8, 2024 21:34:19.868500948 CEST | 49741 | 443 | 192.168.2.4 | 173.222.196.143 |
May 8, 2024 21:34:19.977904081 CEST | 443 | 49741 | 173.222.196.143 | 192.168.2.4 |
May 8, 2024 21:34:19.978034019 CEST | 443 | 49741 | 173.222.196.143 | 192.168.2.4 |
May 8, 2024 21:34:19.978094101 CEST | 49741 | 443 | 192.168.2.4 | 173.222.196.143 |
May 8, 2024 21:34:19.978416920 CEST | 49741 | 443 | 192.168.2.4 | 173.222.196.143 |
May 8, 2024 21:34:19.978441954 CEST | 443 | 49741 | 173.222.196.143 | 192.168.2.4 |
May 8, 2024 21:34:19.978491068 CEST | 49741 | 443 | 192.168.2.4 | 173.222.196.143 |
May 8, 2024 21:34:19.978522062 CEST | 49741 | 443 | 192.168.2.4 | 173.222.196.143 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49741 | 173.222.196.143 | 443 | 7788 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 19:34:19 UTC | 475 | OUT | |
2024-05-08 19:34:19 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 21:34:05 |
Start date: | 08/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 21:34:06 |
Start date: | 08/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 21:34:06 |
Start date: | 08/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |