Windows
Analysis Report
Document 35405 (2).pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
Acrobat.exe (PID: 7464 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\D ocument 35 405 (2).pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) AcroCEF.exe (PID: 7636 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) AcroCEF.exe (PID: 7844 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 92 --field -trial-han dle=1520,i ,339784488 602095305, 1381324470 6349730919 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.94.108.142 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1419159 |
Start date and time: | 2024-04-03 08:00:51 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 49s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Document 35405 (2).pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/44@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.204.76.141, 34.237.241.83, 50.16.47.176, 18.213.11.84, 54.224.241.105, 23.219.155.165, 23.219.155.148, 162.159.61.3, 172.64.41.3, 23.61.251.103, 23.61.251.67
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.94.108.142 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | NetSupport RAT | Browse | |||
Get hash | malicious | NetSupport RAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | ScreenConnect Tool | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.170153303581807 |
Encrypted: | false |
SSDEEP: | 6:7VB4e4q2Pwkn2nKuAl9OmbnIFUt8sVB4EYnJZmw+sVB4EYnDkwOwkn2nKuAl9Omt:RB4e4vYfHAahFUt80B4jnJ/+0B4jnD50 |
MD5: | 1145DF7A1697FB4E7117543DFE306913 |
SHA1: | B5F3E4275DD68ECE1168ABA566D26F356CB1ED8B |
SHA-256: | 9FFA1FB0CEE951702AD937E823987AC8264B545840CADAB3E7725626D5F62B9D |
SHA-512: | 7FF153B45B05EE4624AFA988E0F2EF97E31F9285A8FF6C35DD6EF04B37C5019874E468F7270D0008BB947A14C5C7FCAE27076F211A17B41373EBB9996E3B3492 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.170153303581807 |
Encrypted: | false |
SSDEEP: | 6:7VB4e4q2Pwkn2nKuAl9OmbnIFUt8sVB4EYnJZmw+sVB4EYnDkwOwkn2nKuAl9Omt:RB4e4vYfHAahFUt80B4jnJ/+0B4jnD50 |
MD5: | 1145DF7A1697FB4E7117543DFE306913 |
SHA1: | B5F3E4275DD68ECE1168ABA566D26F356CB1ED8B |
SHA-256: | 9FFA1FB0CEE951702AD937E823987AC8264B545840CADAB3E7725626D5F62B9D |
SHA-512: | 7FF153B45B05EE4624AFA988E0F2EF97E31F9285A8FF6C35DD6EF04B37C5019874E468F7270D0008BB947A14C5C7FCAE27076F211A17B41373EBB9996E3B3492 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.098254488410645 |
Encrypted: | false |
SSDEEP: | 6:7VB43hOq2Pwkn2nKuAl9Ombzo2jMGIFUt8sVB43YZZmw+sVB43YzkwOwkn2nKuAv:RB438vYfHAa8uFUt80B43YZ/+0B43Yzs |
MD5: | 0B34927FD28622BE91B23B8A67A0FE55 |
SHA1: | 9A3AC2DE4E1F03CA866E75872AFF62CAE7D3350B |
SHA-256: | 0BEC6C76C5720140D5331160EAC66AB23E4840B6D5F175B01838C18B639F6B0D |
SHA-512: | 818B6F69736AB8E176F790EEAE6C46334B28069BACFAE650C777C39EC1B45700B123FE5D72CD6391B734D49E2A55BBAB11D8235D788A575BBACE0D1489883FD3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.098254488410645 |
Encrypted: | false |
SSDEEP: | 6:7VB43hOq2Pwkn2nKuAl9Ombzo2jMGIFUt8sVB43YZZmw+sVB43YzkwOwkn2nKuAv:RB438vYfHAa8uFUt80B43YZ/+0B43Yzs |
MD5: | 0B34927FD28622BE91B23B8A67A0FE55 |
SHA1: | 9A3AC2DE4E1F03CA866E75872AFF62CAE7D3350B |
SHA-256: | 0BEC6C76C5720140D5331160EAC66AB23E4840B6D5F175B01838C18B639F6B0D |
SHA-512: | 818B6F69736AB8E176F790EEAE6C46334B28069BACFAE650C777C39EC1B45700B123FE5D72CD6391B734D49E2A55BBAB11D8235D788A575BBACE0D1489883FD3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\64262265-499b-43b4-9288-6eb699ef8e29.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.966983371696171 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZgBsBdOg2Htcaq3QYiubInP7E4T3y:Y2sRdsidMHc3QYhbG7nby |
MD5: | 618FECACCE152E17D428AA2C83EE1502 |
SHA1: | F97730018008ADE7859C7D1F1E399F027C1924DE |
SHA-256: | 083D7A5F2EC7394534C497257848DDD87111BDEAE1997A0BEADB3840B7CB073D |
SHA-512: | E89973B5D5F25DDF3C317834A65EBD6E40AB6F924D0B794DC3C25C4518632F358A81C8FDC918CDDAD1307BB4783B459B1FB1A42793282FD6DDD9D06D82F87F34 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.966983371696171 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZgBsBdOg2Htcaq3QYiubInP7E4T3y:Y2sRdsidMHc3QYhbG7nby |
MD5: | 618FECACCE152E17D428AA2C83EE1502 |
SHA1: | F97730018008ADE7859C7D1F1E399F027C1924DE |
SHA-256: | 083D7A5F2EC7394534C497257848DDD87111BDEAE1997A0BEADB3840B7CB073D |
SHA-512: | E89973B5D5F25DDF3C317834A65EBD6E40AB6F924D0B794DC3C25C4518632F358A81C8FDC918CDDAD1307BB4783B459B1FB1A42793282FD6DDD9D06D82F87F34 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.2555312992368215 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7dfl7Z:etJCV4FiN/jTN/2r8Mta02fEhgO73goV |
MD5: | 2E1A2338C470389A9B5E79236E71043B |
SHA1: | 3635EADBCD548F415F233474FC12F4DEC824D2A4 |
SHA-256: | A9F2ED4A144E7A27FB822B715E6079CE2FC5A60D4C784DCEC3562ED613C27155 |
SHA-512: | E158B8DD4ED710D2C6B11FCCC2AD14F2735ECBB8E9941EAAE9ADD10D3BACADC595E0A7083CF92D6A8F42943B33CCDBC54EAE7E77AD2A14F820007C794554AA26 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.134201527511092 |
Encrypted: | false |
SSDEEP: | 6:7VB4aPhq2Pwkn2nKuAl9OmbzNMxIFUt8sVB4CPZmw+sVB4S+VFkwOwkn2nKuAl9c:RB4ivYfHAa8jFUt80B4CP/+0B4l75Jfv |
MD5: | A8F438DFE9FE5416D123FDA4FBC9DF46 |
SHA1: | A1CF231465FBCBA2F78144A75FD776EFFB8629C0 |
SHA-256: | 7B7B6CF9DDEBDA17EF7E64890AF9339CA91444CC8E15C10EE4BAF45D4ED43F4B |
SHA-512: | 4CBFEE7B23EA6471156638DCD859D3F6F2EDD0B5035B69A603E672DB4B7F9E272B544252A82B694F2C8A1E5164EA44A7F812FF7C240E7F444D9C996CBF5E02C9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.134201527511092 |
Encrypted: | false |
SSDEEP: | 6:7VB4aPhq2Pwkn2nKuAl9OmbzNMxIFUt8sVB4CPZmw+sVB4S+VFkwOwkn2nKuAl9c:RB4ivYfHAa8jFUt80B4CP/+0B4l75Jfv |
MD5: | A8F438DFE9FE5416D123FDA4FBC9DF46 |
SHA1: | A1CF231465FBCBA2F78144A75FD776EFFB8629C0 |
SHA-256: | 7B7B6CF9DDEBDA17EF7E64890AF9339CA91444CC8E15C10EE4BAF45D4ED43F4B |
SHA-512: | 4CBFEE7B23EA6471156638DCD859D3F6F2EDD0B5035B69A603E672DB4B7F9E272B544252A82B694F2C8A1E5164EA44A7F812FF7C240E7F444D9C996CBF5E02C9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240403060141Z-153.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.1197295883984177 |
Encrypted: | false |
SSDEEP: | 96:QqMzNpM/MuMvEMMM1/MMMMMiEJEMMM3Gh4M9JaW6MQnMEMmMMRMrWMMFXWMMErhG:huN2Xxge9LaI/Gf |
MD5: | 033F4032395A1D74208179F7FA73E311 |
SHA1: | C3B795776DE57D3D4E8C1FA1E104D3B62BB2B736 |
SHA-256: | 237829B14154F7621EDB8A3C747834CE4ADF007D29A5E17AD51AEB3F9A86C8B0 |
SHA-512: | 96E468FFABB51FCB006F12083168A7470FE078C57AA6A7C4D8E7F48576BE87DB350B658B5B647E1B625EABF7A0A3C6C957635A623E4FF2A14C686D62A5D650A3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445143940660979 |
Encrypted: | false |
SSDEEP: | 384:yezci5tciBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:r7s3OazzU89UTTgUL |
MD5: | 2481042FCF702265ECC072BB16973122 |
SHA1: | A8855CB0CAD0FDD04333932AC179C3FEFBB3C9D5 |
SHA-256: | C24438BC8E7BC7B8D69DE9C13CEB41ABC96C18AED44DFF0E63846A742F75942B |
SHA-512: | 42E7EB0DD284BE0E9BDFB23F26328CA86DF6EC0CA1E17279E8D0E57B2CB65B1394359BDCC13791848F9C68D1F51CEFD3A7C5AA78DF9BEA5D565C02FA6E8F4F81 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.772869055606107 |
Encrypted: | false |
SSDEEP: | 48:7MUp/E2ioyVoNioy9oWoy1Cwoy1jWKOioy1noy1AYoy1Wioy1hioybioyRSoy1nG:7LpjuoNF2OXKQkQwb9IVXEBodRBkJ |
MD5: | 3BA111E0995FB0B3DDEF9B7387A81AF3 |
SHA1: | 752C31157731FCD7D97832924C1BB4902F4A36BA |
SHA-256: | 882E50281F224E0014F4E327962733C0ABEFD8ADB64582641ECCEF556FE03116 |
SHA-512: | 55C3975D107F146EF06E96A40F727DE1D669DCE39013B455DBE121FD2643FCB6BB9F16744D17C2BB8CBF5787DE527A0845022DB4F9295E228D0A7D72B6E399D5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.36771586803543 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR+AeT6QnHVoZcg1vRcR0Ypj8DoAvJM3g98kUwPeUkwRe9:YvXKXZeT6Qn2Zc0vej8sGMbLUkee9 |
MD5: | 8028F7B9061DBF5808929754AAD52EC8 |
SHA1: | 8C19640B8A751D170F60E5502F6B2B86872B593A |
SHA-256: | 09A247DA80B146DB21AC186F700E9CA0C859663BD6361D1F7372CFE6A407B20B |
SHA-512: | 336FD6DE3752EE894005727FE64254246310EA5E2C33EA3119A912844CCA6EF6CCD876D532EFAF1009A137D809CABEC279DA5D9EBF2EE81C9B97D53985003E3D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.318217723834961 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR+AeT6QnHVoZcg1vRcR0Ypj8DoAvJfBoTfXpnrPeUkwRe9:YvXKXZeT6Qn2Zc0vej8sGWTfXcUkee9 |
MD5: | FA555A82BC575D5973074DC9E2629BC4 |
SHA1: | B703B796ABA5FD7AB5B347354E8232BC3467FA05 |
SHA-256: | 0922442FA9CD212C543127F3D7B72464E4E5F95977F0CF60DFD807F060D6426D |
SHA-512: | 55410A8078945D806D711AE48815C75B06E03F5F572129B2F59A5BA21FCA42B9ADA2165D13CA20BF7DCE820AFF3C69BCD0BE839927FE084500F99B87A916D367 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.297212759230037 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR+AeT6QnHVoZcg1vRcR0Ypj8DoAvJfBD2G6UpnrPeUkwRe9:YvXKXZeT6Qn2Zc0vej8sGR22cUkee9 |
MD5: | 59CE9AF185F7B8EAC989346B88A3EE2B |
SHA1: | 5CF2C0ACCF94A30989E3CA72C8F3330C70517EC4 |
SHA-256: | 34D866D5B43475E1B3BB3114380A32C37773A47CFF7F16E52DD32473600235A3 |
SHA-512: | DACCF89015A288DB69BF9896BA955402817AC238E325F0993F80D79A4FDFC334B547A6F558589CBF4EA67B5E6277817E6B0EA2F1A3E3E29C477EF98ED81F6ED6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.354879092887369 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR+AeT6QnHVoZcg1vRcR0Ypj8DoAvJfPmwrPeUkwRe9:YvXKXZeT6Qn2Zc0vej8sGH56Ukee9 |
MD5: | 9A922FF37C7A3451CC2661E62C780264 |
SHA1: | EDD6E53F01934E246B17B6BD6917FF127C52B700 |
SHA-256: | 33CC0C9CD7F7EFCBF2B1BACFACA937EFA716429B87B0F2D30878B98638E88DA4 |
SHA-512: | 57E501CCE32EBFB2B57BCEB8A30AAC4B182F2F9A5F9069D21E533CBB26B1B1A657B5974A3E7C81A6223968CB2BCFF4CB55F5CF5137B59DD0FA40FBA26806A401 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.317205762778501 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR+AeT6QnHVoZcg1vRcR0Ypj8DoAvJfJWCtMdPeUkwRe9:YvXKXZeT6Qn2Zc0vej8sGBS8Ukee9 |
MD5: | D10BE0EB5538DC3DE90937F0B7E5D119 |
SHA1: | 7447E7AE97B6CD66CA90134A5A82625F4BB0700C |
SHA-256: | 71DFFD5EC91741E4DFDDC9519494518042C273DB55A47027A2EB587CFDFACA3F |
SHA-512: | 338D2E2A94E5793C3A899B5A76E751ECE5AC480713ADF1177BA09FCA874D95DF4F1BB0C41CE319AD459C4C8312E66843E0E25546ADDB42BAB6F9D3B718875232 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.304667025163679 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR+AeT6QnHVoZcg1vRcR0Ypj8DoAvJf8dPeUkwRe9:YvXKXZeT6Qn2Zc0vej8sGU8Ukee9 |
MD5: | 51B6327CAE3DE852BADB4188CFDD7AFD |
SHA1: | 357AC803E9F6A3C487043E894116003B1B936BF3 |
SHA-256: | 81C4E05B517296264A358858FC05CF2E0D17D40CFDA8619F0A4561AF62CB0F44 |
SHA-512: | A4C253C51CDC941E87DFA0D40856493DD0BDA05DC6AABC6D51D83AE7BA02394AE2478B49E12AE03B0CB34528DF591C1175C23C2DB7FD31E8B7A100EFF409581A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.308210714517896 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR+AeT6QnHVoZcg1vRcR0Ypj8DoAvJfQ1rPeUkwRe9:YvXKXZeT6Qn2Zc0vej8sGY16Ukee9 |
MD5: | 1D39F1D1AEC0E9CA85582FB42E9F474B |
SHA1: | B3F621AAA543A86F209CE3D5A45E51643ADDB7A6 |
SHA-256: | 61EC65F34BDADF23B6EDD076AE6215B2464C18805E532DDC7E3FA53046D9FDFD |
SHA-512: | 94EDFEAED343CC18A454A73781A819107B72DAB2F3363A99B382A53C3F825DF9322E9C5F3EEB6EFD32DB3A157883F29899F2D08292959AC5615CCF2E906E1577 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.315736583656418 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR+AeT6QnHVoZcg1vRcR0Ypj8DoAvJfFldPeUkwRe9:YvXKXZeT6Qn2Zc0vej8sGz8Ukee9 |
MD5: | 349CB613BB55D9D1C47786705D50DCCE |
SHA1: | 9952EE6EA3AEC746CA76770E77B52DFA9683D362 |
SHA-256: | B65569B9854F1DC52CC6012FC1A50F3AD0AD8B06B3BE6ACF6400131F83E715AC |
SHA-512: | 1F66184F6B65A8AFEAF80F19886669E9AFA540A713F5FE5843D728DC3797CEE78117C406EA3D701D3D87228442D3102E175245023F82B8C1B1DFF6FAF7996428 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.32988921902364 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR+AeT6QnHVoZcg1vRcR0Ypj8DoAvJfzdPeUkwRe9:YvXKXZeT6Qn2Zc0vej8sGb8Ukee9 |
MD5: | 5E25406511C6A78C559E6EAB5DEE5260 |
SHA1: | 93932A2F7E7316D70A74DA7CA267E62F35D4EF8F |
SHA-256: | A6E5CC4E5EA60F9D39C4696D38792D6FBFA8D5AA2D467877C0060CE760A74DCE |
SHA-512: | 4B19E735CECFCB7D404176C9C1662075008AC867225D66B04A3790F0C218033D84147EBB481C6A962A3288670D04542A2F74F7C330A8BDDAD0AF84C82E4E31C9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.310457668251238 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR+AeT6QnHVoZcg1vRcR0Ypj8DoAvJfYdPeUkwRe9:YvXKXZeT6Qn2Zc0vej8sGg8Ukee9 |
MD5: | AC72E549FB0128B7ED2835803C6EF599 |
SHA1: | EC419737BF24B940207AA7CFFCEC5565DB50D66B |
SHA-256: | CA5DEA40E696B44D08D175278EF66F4FBA788D61D0B65A8062DC2A7F7A63BE28 |
SHA-512: | C4E9C4E1E446EC1FAF1AFE03F37A4A07488A57BC67F9CA805963690E40E1258396263873561E1EA2CDE161BDBC9DF981FEB1CC7763D941CE31717D642D49E99F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.776118088090005 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZmVn2zvejCrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN6:YvKmwmjCHgDv3W2aYQfgB5OUupHrQ9Fy |
MD5: | 4180A6033FA7B488D2604152D600F1C9 |
SHA1: | 1562EBD0145342B05B66CBD6787D9F8DDB35E233 |
SHA-256: | E01EDCBAFFCA10A90B8CBE3501DDF3754349B6EDA9C4C647ADC3CE251417C4F9 |
SHA-512: | B890820487EC4663B831F7483C58A19EE02DF2F2B98C63E4885B3E510AC6388C54252279064BD7545D1AFAE8103478776683C8AE92B91C00812493E2D830CF51 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.293932891916502 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR+AeT6QnHVoZcg1vRcR0Ypj8DoAvJfbPtdPeUkwRe9:YvXKXZeT6Qn2Zc0vej8sGDV8Ukee9 |
MD5: | 3438F003DAD3167C911BDDDF3333FED6 |
SHA1: | 276447ED25DC6A1850424DA039DE91D56DC72F71 |
SHA-256: | 5DC532E39119151E046D448B5C474DD4352230FD840A96A6F7F4CB4DFF89A404 |
SHA-512: | 76D79E0B62AA8376AAA998A03AC34FE7FEB48DB27D2676E4D0FFC813F25CEA8EF9687486FF235C3C6A8D51EE66CD52D55765E92BCD5749AB53E619C7D7F6C184 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.298414713687176 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR+AeT6QnHVoZcg1vRcR0Ypj8DoAvJf21rPeUkwRe9:YvXKXZeT6Qn2Zc0vej8sG+16Ukee9 |
MD5: | A45F76B241AF06808091777CE66467D8 |
SHA1: | 40D0804EEC66DC82C948E8CDBC302D10AB9E08AC |
SHA-256: | 9D49DCE518053BBEE2DD048F1E2E48A79DFE7AFCB15BA6EA790F280B12E30236 |
SHA-512: | CEB8D864071791B88CB0326B22546D4E87DFC2F273314ECCC6787AF18FA7584B0CE506E605C4744412B83553FF3E1C1C9B791EF5AF638152FC2C96DC7DD3EEEE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.317292797009386 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR+AeT6QnHVoZcg1vRcR0Ypj8DoAvJfbpatdPeUkwRe9:YvXKXZeT6Qn2Zc0vej8sGVat8Ukee9 |
MD5: | 20B618B3F19281A7A5A78D25A1F0CE5F |
SHA1: | 938AE1891C486BE085796B718360149858776EC2 |
SHA-256: | 6B1B3EB72DE2CECC7C3E46641CDB0BEDC4B4476CBBA74F7579C718506B9F2073 |
SHA-512: | 6EB27DDA72E212AA77A8F41E7AA04BF76D97000344C94073E803647AE714C6DD9741AEF9A1182096938EF73C1AAEB8EE9E13A1E2EBD43CEC30B709E219D9236D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.276697547188031 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXR+AeT6QnHVoZcg1vRcR0Ypj8DoAvJfshHHrPeUkwRe9:YvXKXZeT6Qn2Zc0vej8sGUUUkee9 |
MD5: | 0720059214B85468B3832C3D25D9AD63 |
SHA1: | 21A099991F836C6611F917D434FE84582EE6DAD8 |
SHA-256: | BE4F1B240224F6018D1942FF1BEBC7371A27EFB6AA500C9E29291F95157C1FC1 |
SHA-512: | 5985061817027F2E2F0CBB32264B7C1ABC372B1C1E1089C2496317F58CF68963ABC159BF888BAD7B8B3D7D6F1110BD021E073BFA58D0A77819E42421168AA7F9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.369726431076865 |
Encrypted: | false |
SSDEEP: | 12:YvXKXZeT6Qn2Zc0vej8sGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW+:Yv6XZmVn2zvejn168CgEXX5kcIfANhj |
MD5: | C9B0E90C00AD4B4C60E0B032A316DC7F |
SHA1: | 76221FBA0B042BBF58B6998987B8C058615367EA |
SHA-256: | 35149FC78C8314CE0801668A8B8E7D86B2F2B9D5C926CB1F977BCC78AF43E76E |
SHA-512: | 6343B567E56A3360013DF2DFC9F9AFD8E291DAFC5FD7FBEA85D0A5140CD658C7FB816F7D3B6168F97C861F2AC5052A9EBCF3E4EFEA69E9B4A7369306E7AF737D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2813 |
Entropy (8bit): | 5.112472546553872 |
Encrypted: | false |
SSDEEP: | 24:Y1zCCSAsa7ez9dpbI5aUuhaynU95wiYAWiePjMhsj0SJHU0Ah2zl/2LSLVxyq5yh:Y1OhAsa6JLbKb9mggq+SvolV8q09k6 |
MD5: | 69BCEC4C0DC7EAD33B4FBD6BC96A63F2 |
SHA1: | 2E87C71E2FEFC0DF6613CAD715F2F35064AF82A7 |
SHA-256: | AAC0A801521296AA9811892500621674490715AB94651B567ABFF8413FC1390B |
SHA-512: | 8BD75DDEAB822C1054DE4446D248D9DCBB8389F1DEC640D1C6A0D2A0A212200AF7E03A9106CD641B2CC21BD9D3F712AD03A77213ED774F58699100CE4AC75A9B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.187223166924125 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUfSvR9H9vxFGiDIAEkGVvpD:lNVmswUUUUUUUUf+FGSIt/ |
MD5: | 923504E05B7F750CB1830D1B54C711DD |
SHA1: | 3D209C3DF4436711470085DF2CFDE35471E37FD2 |
SHA-256: | C54D596E92E0C12838F589226C3B1AA5E8512188DD841C1D8AE3FA48941F3495 |
SHA-512: | 97569171CC931802370944602EB0A0655CA4013AD44F940F21BC16BA4744AEC9DCB78BA96F9120A5B16A074D88984BAE23D7B3D2986F493818EEEF9993CE813F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6052144200227587 |
Encrypted: | false |
SSDEEP: | 48:7MEKUUUUUUUUUUjvR9H9vxFGiDIAEkGVvQvqFl2GL7mst:7AUUUUUUUUUUzFGSIt+KVmst |
MD5: | 16E8644845120888DC736837A8A548AC |
SHA1: | 75C660AB2B55F1600E54D94306B0685060FD54A1 |
SHA-256: | C4C046F5C3F3FEDAE9777044A226D1AD1D77A24E1613D1609CCECCDF48BC3418 |
SHA-512: | 4063CD86E04AFA2B6F4256E5FFF0A363D37F6731175CA3CB58F3094F9579E2A401CFD67EE965C23F0155A37D1A191A72E330DCA0421B8B39D5E45E55A8AC6D32 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.513199765407527 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82b4v:Qw946cPbiOxDlbYnuRKX8 |
MD5: | 2AA144B3240C0914048204D56EA030B9 |
SHA1: | DC0A1591E5F723DE7E67E7B3EEB1EFE57E62531F |
SHA-256: | AE0031586761E829F5CC9BE53CDD442DCD4F0D5C92878E6058646E8D9F50E51D |
SHA-512: | E9672F670F4713E55E96B64F740ACDB3D6E4EFB43B49A195D1604CB69BAC2E57DA043D340009E6EE64B5316B79591DB9726B75CCE2FD76099FB723BA1549B20D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.050663613536289 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOtWXy5Wv36fXy5Wv3VbmCSyAAO:IngVMre9T0HQIDmy9g06JXd95G6q5GxC |
MD5: | D0DB636BAA31AC1367ADCAB2E27BFDA2 |
SHA1: | D9816453571A47327F219E3538076C31C9A58CC0 |
SHA-256: | C099365BC332934B28D139572767C836DD68E12CE08FC5317C4C9F4C70641ADF |
SHA-512: | 08A6C125249CCBA0C85E45226C946D703AD61ABF7FB3AE7D9A6CF34BF5A23DFE163BA9A2740C1E2E135C9F48B7B656748C0B46A7A836456C8C2E2F8FECFD4955 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-03 08-01-39-145.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.392542826022398 |
Encrypted: | false |
SSDEEP: | 384:PE4hgkF9Un//zVVcCsftYybbo3Waf746tat76gKOqxhTJc8MXz3apaLCCMOP6COC:CoD |
MD5: | 540FAB7EEDBE8AC40CD9CD09B69AE695 |
SHA1: | 94BE2CE7EA85F748B7CD18197EE614E61DAFD44F |
SHA-256: | 35DC1B924D43F32838382779DE009709B63ED3B5EB23087FABFAA01FF16D6D91 |
SHA-512: | 79B4CF743F9AE5ED34C7E5FE13F5F054D69A058A78FD3E580E34B35CC80BA3E9DC394A4A1A08348E09434868A43BEF9CF44E03ABE6CA6A105AB619F370110873 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.3884745042415725 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rb:H |
MD5: | 032B8AE375843ABE748D0E4816938CF9 |
SHA1: | 5EC94058B270CE18069F5DCEC13421E7E13C1565 |
SHA-256: | A574C496C0A1E902785F33E4CC839E43D09939411FA99D724105D453E58201BB |
SHA-512: | 516865738154041B02F13B08F000FFE5738DB0FA07C3D66F6F7C073C77156A2C3BE36C4633991BC366C32529BC0AF5E2C1669BAC3D79239298E4CD74450F289E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/x0WL07oXGZuwYIGNPJwdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:J0WLxXGZuwZGM3mlind9i4ufFXpAXkru |
MD5: | E1FE9FA2454D30CD849F2060D8FED227 |
SHA1: | 5B5A33E386D7A2254DB5934F688C1F1A72A9D6C9 |
SHA-256: | 4B0AD0558FB8C3D63817011FCA33E51A9E9C46A91407B705C4E5150AE4E5A3E4 |
SHA-512: | C81A8B39C571531DC52A71E34188D3C95797B69E82A74896019723E0217A00D58367118886DDEEEC4AEAAF8A80931BA22459104847E2B0D8A77070BFEE3BE7F1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.991199266962408 |
TrID: |
|
File name: | Document 35405 (2).pdf |
File size: | 342'409 bytes |
MD5: | 4ff9fae10d7736c3572aa9e790956a1f |
SHA1: | 38b58154a27f443d3ee999e492ab25bd5cb3d5f2 |
SHA256: | 366cf33daf5f3807960a5c3120a793385a038b40483c593c8f3e971879b01c20 |
SHA512: | 3b04752ea93fb334f6477198523aff1665b563e40c0c689a6d471a088f8523f9727b24fa38ec6c8d2686e3d281832d28c96abe2ec6ee5ed1083160e2b9de8d6e |
SSDEEP: | 6144:JdCmmdsTkTEineK9uAQ3gMO9qYcBnvHCGGUvQQL57e8yf0SZcRczHq8SJwL:LCVwin791Q3gMOiPC+QQL54f0CEiK8SA |
TLSH: | F7742336ACD02D2CEC938D018E737406576EFA1271DC1C89657E8A5066CEFC4EBA7396 |
File Content Preview: | %PDF-1.5.%.....6 0 obj.<<./Type /ExtGState./BM /Normal./ca 1.>>.endobj.7 0 obj.<<./Type /ExtGState./BM /Normal./CA 1.>>.endobj.10 0 obj.<<./Filter /FlateDecode./Length 83672./Length1 278920.>>.stream.x....`.....o.=gwg.d7.c.%\.Y ..FXB.a@.U........x......j. |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.5 |
Total Entropy: | 7.991199 |
Total Bytes: | 342409 |
Stream Entropy: | 7.994965 |
Stream Bytes: | 333016 |
Entropy outside Streams: | 5.000969 |
Bytes outside Streams: | 9393 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 60 |
endobj | 60 |
stream | 8 |
endstream | 8 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 3, 2024 08:01:49.486036062 CEST | 49740 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 3, 2024 08:01:49.486053944 CEST | 443 | 49740 | 104.94.108.142 | 192.168.2.4 |
Apr 3, 2024 08:01:49.486119986 CEST | 49740 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 3, 2024 08:01:49.486290932 CEST | 49740 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 3, 2024 08:01:49.486300945 CEST | 443 | 49740 | 104.94.108.142 | 192.168.2.4 |
Apr 3, 2024 08:01:49.867472887 CEST | 443 | 49740 | 104.94.108.142 | 192.168.2.4 |
Apr 3, 2024 08:01:49.867877007 CEST | 49740 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 3, 2024 08:01:49.867889881 CEST | 443 | 49740 | 104.94.108.142 | 192.168.2.4 |
Apr 3, 2024 08:01:49.868941069 CEST | 443 | 49740 | 104.94.108.142 | 192.168.2.4 |
Apr 3, 2024 08:01:49.869000912 CEST | 49740 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 3, 2024 08:01:49.870754957 CEST | 49740 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 3, 2024 08:01:49.870810032 CEST | 443 | 49740 | 104.94.108.142 | 192.168.2.4 |
Apr 3, 2024 08:01:49.871040106 CEST | 49740 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 3, 2024 08:01:49.871045113 CEST | 443 | 49740 | 104.94.108.142 | 192.168.2.4 |
Apr 3, 2024 08:01:49.915339947 CEST | 49740 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 3, 2024 08:01:49.997411013 CEST | 443 | 49740 | 104.94.108.142 | 192.168.2.4 |
Apr 3, 2024 08:01:49.997538090 CEST | 443 | 49740 | 104.94.108.142 | 192.168.2.4 |
Apr 3, 2024 08:01:49.997586012 CEST | 49740 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 3, 2024 08:01:49.997840881 CEST | 49740 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 3, 2024 08:01:49.997852087 CEST | 443 | 49740 | 104.94.108.142 | 192.168.2.4 |
Apr 3, 2024 08:01:49.997860909 CEST | 49740 | 443 | 192.168.2.4 | 104.94.108.142 |
Apr 3, 2024 08:01:49.997899055 CEST | 49740 | 443 | 192.168.2.4 | 104.94.108.142 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49740 | 104.94.108.142 | 443 | 7844 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-03 06:01:49 UTC | 475 | OUT | |
2024-04-03 06:01:49 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:01:36 |
Start date: | 03/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 08:01:36 |
Start date: | 03/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 08:01:37 |
Start date: | 03/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |