Edit tour
Windows
Analysis Report
Unilever Rfq letter...pdf
Overview
General Information
| Sample name: | Unilever Rfq letter...pdf |
| Analysis ID: | 1544427 |
| MD5: | 40aa3755b571d5f21f4e0fc3d474a694 |
| SHA1: | ab6ae191590e046782fc73e70455c10fc532f2d5 |
| SHA256: | 14b8c00c07841f9c3d8b019394010d1e92fb353c5b5e29340588b17cf2ab34ba |
| Infos: | |
 | |
Detection
| Score: | 0 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
Potential document exploit detected (performs DNS queries)
Classification
- System is w10x64
Acrobat.exe (PID: 4276 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\U nilever Rf q letter.. .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 2180 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 3596 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 68 --field -trial-han dle=1716,i ,600779431 6461202166 ,252516408 3264681267 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
| x1.i.lencr.org | unknown | unknown | false | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown |
⊘No contacted IP infos
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1544427 |
| Start date and time: | 2024-10-29 12:08:49 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 6s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 9 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Unilever Rfq letter...pdf |
| Detection: | CLEAN |
| Classification: | clean0.winPDF@14/46@2/0 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 107.22.247.231, 34.193.227.236, 18.207.85.246, 54.144.73.197, 172.64.41.3, 162.159.61.3, 199.232.214.172, 2.23.197.184, 88.221.168.141, 2.19.126.143, 2.19.126.149
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- VT rate limit hit for: Unilever Rfq letter...pdf
| Time | Type | Description |
|---|---|---|
| 07:10:01 | API Interceptor |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | Get hash | malicious | Stealc | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AsyncRAT | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
⊘No context
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.197390069912539 |
| Encrypted: | false |
| SSDEEP: | 6:c0cf7cN+q2P92nKuAl9OmbnIFUt8H0cf7GUoZZmw+H0cf7GUoNVkwO92nKuAl9Oe:pSv4HAahFUt8UhZ/+Uhz5LHAaSJ |
| MD5: | 34A9E69307806D64DFE5217E1346A825 |
| SHA1: | EF3B6FBC2A954B94B98948343492469E97E52E50 |
| SHA-256: | 5741FC338785C02C6FBC947149108B145EF59F77BC9D337F49A05C817C68D7A8 |
| SHA-512: | 86B21EDA3ACE9160A8993ED2FB099A3685C43FEA31C0C05F9BE8BA634C244C77E2C885FABDF12DA4873170A4A04F14F9EFD4C4806AFA86E0D89ECE04D6F72AD4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.197390069912539 |
| Encrypted: | false |
| SSDEEP: | 6:c0cf7cN+q2P92nKuAl9OmbnIFUt8H0cf7GUoZZmw+H0cf7GUoNVkwO92nKuAl9Oe:pSv4HAahFUt8UhZ/+Uhz5LHAaSJ |
| MD5: | 34A9E69307806D64DFE5217E1346A825 |
| SHA1: | EF3B6FBC2A954B94B98948343492469E97E52E50 |
| SHA-256: | 5741FC338785C02C6FBC947149108B145EF59F77BC9D337F49A05C817C68D7A8 |
| SHA-512: | 86B21EDA3ACE9160A8993ED2FB099A3685C43FEA31C0C05F9BE8BA634C244C77E2C885FABDF12DA4873170A4A04F14F9EFD4C4806AFA86E0D89ECE04D6F72AD4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.190080419891921 |
| Encrypted: | false |
| SSDEEP: | 6:c0cf7yvUYVq2P92nKuAl9Ombzo2jMGIFUt8H0cf75YgZmw+H0cf77IkwO92nKuAv:p/v4HAa8uFUt8U8h/+UV5LHAa8RJ |
| MD5: | C5731D7C331D3E5EE0CB548E6F27D482 |
| SHA1: | 034C0679BC3D199613743A981F7C6FBF611D4615 |
| SHA-256: | BCC9C9007589F2D7BC6F8803AE42A4808AEAC84A8984B1D72DD0978F1A8B4D9A |
| SHA-512: | 0C018CAD9DD9A1E8359B83C7B729A4FFA89C10F990A0FBF0005AC63D08A58207B6AC04A7E2F0CC4A67FBC56C379E1F1D18BE16A8810B3CCB9BE69309DA7DE299 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.190080419891921 |
| Encrypted: | false |
| SSDEEP: | 6:c0cf7yvUYVq2P92nKuAl9Ombzo2jMGIFUt8H0cf75YgZmw+H0cf77IkwO92nKuAv:p/v4HAa8uFUt8U8h/+UV5LHAa8RJ |
| MD5: | C5731D7C331D3E5EE0CB548E6F27D482 |
| SHA1: | 034C0679BC3D199613743A981F7C6FBF611D4615 |
| SHA-256: | BCC9C9007589F2D7BC6F8803AE42A4808AEAC84A8984B1D72DD0978F1A8B4D9A |
| SHA-512: | 0C018CAD9DD9A1E8359B83C7B729A4FFA89C10F990A0FBF0005AC63D08A58207B6AC04A7E2F0CC4A67FBC56C379E1F1D18BE16A8810B3CCB9BE69309DA7DE299 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 508 |
| Entropy (8bit): | 5.053486809992764 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqBsBdOg2HpAcaq3QYiubxnP7E4T3OF+:Y2sRdsDdMHpr3QYhbxP7nbI+ |
| MD5: | BE73CEC42E39D4E266B19E32DFC800E0 |
| SHA1: | 2DE83259031F806B9C6CFB0542CB0F87986CE080 |
| SHA-256: | 323F863D6A53D379AD98888BBE79724A5D530173C8B2A0E381CE254EE63AFDE1 |
| SHA-512: | 601A6621FA0F66C929D45FBA750E1D9574E1C0CD57D7EEDC83120919E6E4EA3F1F10C845AA8C3F7FA97D3E82911134120D7E027E67A916AC73C12D8B5CA00C82 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bfb68ca1-fcca-4c15-8374-c6b2d2aedce2.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 508 |
| Entropy (8bit): | 5.053486809992764 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqBsBdOg2HpAcaq3QYiubxnP7E4T3OF+:Y2sRdsDdMHpr3QYhbxP7nbI+ |
| MD5: | BE73CEC42E39D4E266B19E32DFC800E0 |
| SHA1: | 2DE83259031F806B9C6CFB0542CB0F87986CE080 |
| SHA-256: | 323F863D6A53D379AD98888BBE79724A5D530173C8B2A0E381CE254EE63AFDE1 |
| SHA-512: | 601A6621FA0F66C929D45FBA750E1D9574E1C0CD57D7EEDC83120919E6E4EA3F1F10C845AA8C3F7FA97D3E82911134120D7E027E67A916AC73C12D8B5CA00C82 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4509 |
| Entropy (8bit): | 5.239211484209965 |
| Encrypted: | false |
| SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUeY0kbeh6Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLe |
| MD5: | 16E4F2D4CDB80C6F3268EA257B9F0B63 |
| SHA1: | 4FCA4F30BC98D6B90F3B592301B36C4C9A04076F |
| SHA-256: | 1BCB9E1A46B6743EE4DB9553F0147443BF043497FBA1FD70014CFBF40F9328D6 |
| SHA-512: | AEAD1A200775B673EA71A2A2CF0CB5DEDFC0C48AAF74EA8F50E2FDE564EF4505E40E1A6F21112484E62851E9E915711858D96544B8811118798DA8C945DC8FBE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.172788045276865 |
| Encrypted: | false |
| SSDEEP: | 6:c0cfeWYVq2P92nKuAl9OmbzNMxIFUt8H0cfMVgZmw+H0cfJIkwO92nKuAl9OmbzE:pLv4HAa8jFUt8U5S/+Uz5LHAa84J |
| MD5: | 7405E5F318FDB0D002DD487131CCD6E5 |
| SHA1: | E0B38A78382D42F6CD8B76689303D2B41A05CDEC |
| SHA-256: | 821B4C732F96859AB4E017A064447263D2065F9D9A2765F303458DE5ED3D3BE1 |
| SHA-512: | 1D9A447AE18E9BE9608DAFB4852EA97B49093D26E0D1E94F755263549C1E6E10AB3E4EF562224F797159DD6A774BDA98D6D24036B8DF21BE82DEEE1953B43DD9 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.172788045276865 |
| Encrypted: | false |
| SSDEEP: | 6:c0cfeWYVq2P92nKuAl9OmbzNMxIFUt8H0cfMVgZmw+H0cfJIkwO92nKuAl9OmbzE:pLv4HAa8jFUt8U5S/+Uz5LHAa84J |
| MD5: | 7405E5F318FDB0D002DD487131CCD6E5 |
| SHA1: | E0B38A78382D42F6CD8B76689303D2B41A05CDEC |
| SHA-256: | 821B4C732F96859AB4E017A064447263D2065F9D9A2765F303458DE5ED3D3BE1 |
| SHA-512: | 1D9A447AE18E9BE9608DAFB4852EA97B49093D26E0D1E94F755263549C1E6E10AB3E4EF562224F797159DD6A774BDA98D6D24036B8DF21BE82DEEE1953B43DD9 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241029110952Z-162.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 1.4541332732364332 |
| Encrypted: | false |
| SSDEEP: | 96:rO06yJLMqXRkCfARUPkTbKM9sAdMMMrP754MMtMEwMvMnERfMGe4lMCXr+Mj5Xs9:r9nRknR3Meyu2Lvo6bZB+qprH |
| MD5: | 2503E21A6B02AAC145C7BE40BD420E51 |
| SHA1: | C845B3F1C0DD2F1B2072F00E5947A2ADDA05F802 |
| SHA-256: | A70690751D2557288D89BA09A6995BC65036D6C9ECD90FFD3C0464070B4FFD01 |
| SHA-512: | B44F4DBB69F14E2D1286187BFBC978E954CC9E27F85D904A454746B0FD9F10D0DF81F663A6DD065FF04D38C47F8FFDD864CF523E0DF55436FE0280B5834709A0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1391 |
| Entropy (8bit): | 7.705940075877404 |
| Encrypted: | false |
| SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
| MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
| SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
| SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
| SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192 |
| Entropy (8bit): | 2.752969867432539 |
| Encrypted: | false |
| SSDEEP: | 3:kkFklj8JM/tfllXlE/HT8kxdhlltNNX8RolJuRdxLlGB9lQRYwpDdt:kKXSeT84dRNMa8RdWBwRd |
| MD5: | 363A6AA229144BAA666874C3AB7FC2AA |
| SHA1: | 0727FB50CC15778E16C9372A3EEFA00BD93BBBFB |
| SHA-256: | AAFB40DEEB31B794B2E4BBED2FA3A8C69A7DEC57BD7A87FCC5ADEEA3EB4FF8F1 |
| SHA-512: | FA0C7A7213C0C53B9323CFC86B33EE52801D8495A497703E1DCF3084B0D45C3674FDD6E2034AE55D6A95B770FE8132FC788FC0978D65DC6A9C9B7A6ACD400F2B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.2539954282295116 |
| Encrypted: | false |
| SSDEEP: | 6:kKNstL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:iiDImsLNkPlE99SNxAhUe/3 |
| MD5: | FE201ECBBB4CBCE99FEA0265176A922C |
| SHA1: | 9526F51C8F6E183D1B936287A00B2B80C486281E |
| SHA-256: | 37A36AC754559B9329282C26607DA569B845B43451DE44D2CA0E4FCC75A1B92A |
| SHA-512: | 1E335C8112FA7D549EF2F51C2C7D0F94E61AE41B7E93D07A2515C984687FD701747DB1F8557BA6858FD131374857113DB584E32214873070BABB41AEB2BDE7DB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.363990005789236 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/Bp40GQn7+FIbRI6XVW7+0YOTUkDoAvJM3g98kUwPeUkwRe9:YvXKX/b/nyYpW7fUksGMbLUkee9 |
| MD5: | 5BF45A82151497842DE63E40A6D6F183 |
| SHA1: | 1DED28DFF375CDB4BCED2B7FB3C9253D9ECBFCFB |
| SHA-256: | 6B580676D6288ACCB21CF6ABB5E570B2EFA73F38C4DC2398564B53B4F3DCAADA |
| SHA-512: | 496924A27DE9A7E1898D7B31DF488AB9D94C11A45AF95D31169945DBF7B846E357AC7BAE0C58EA2D1EDD517CE7D823937B5942FC3E7F5E5308784A1294AD56C6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.302526642025141 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/Bp40GQn7+FIbRI6XVW7+0YOTUkDoAvJfBoTfXpnrPeUkwRe9:YvXKX/b/nyYpW7fUksGWTfXcUkee9 |
| MD5: | D480FC94D4CC237783EDA75CBABD4FEE |
| SHA1: | 800E2BA7F0A6E8620093D558D3FAA2E78FBD90C7 |
| SHA-256: | 1B0E271892D6E0B3CE015D77ADC96108DA57CD62AF3210055D8143635418ACEA |
| SHA-512: | 82E9FB6A5DB810A5CB7BB3A300DC4EE057556AA941487ADAA54E38B76831F00FC9B319F2461FAD463858493931597ACDC214C8C44E94B52283063174147E66B8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.281521677420217 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/Bp40GQn7+FIbRI6XVW7+0YOTUkDoAvJfBD2G6UpnrPeUkwRe9:YvXKX/b/nyYpW7fUksGR22cUkee9 |
| MD5: | 4C054B0F8918F5187063C24521195A2B |
| SHA1: | 698BC7DDD6C6649FF301EE11A6E69EC6EFB3FBD0 |
| SHA-256: | E848E8B46B37B1DD246E9759EF9CA896B8D84C81B4E5919CC6AD47E497027A01 |
| SHA-512: | 49490A523A238505A24A92210268ACC959614B0E9E688D77E4532AF4F140B0D448DCBACF7838C2563DA4B73D098840524F292F8C61703B43C1E5E8A3C260CFC8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.342904870091314 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/Bp40GQn7+FIbRI6XVW7+0YOTUkDoAvJfPmwrPeUkwRe9:YvXKX/b/nyYpW7fUksGH56Ukee9 |
| MD5: | 45776467E0FC932803E9855F41EC8852 |
| SHA1: | D61096D66C1E303B80C108BD34FAE7420855BD26 |
| SHA-256: | F65EA412D1D921651767839F9D8F9CE4C877A27F71C8707C6720EC5396E7D40C |
| SHA-512: | 0B57F84027205921351799D6E90E617FC5A35EAA64FD3531FE39EE5BAF706E6C95AE0288F2C4F35AAA5D215023AAA658E5BD92B2DACCF04E887C9223EAD69AE5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1055 |
| Entropy (8bit): | 5.657198703545353 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XDPi1pLgEscLf7nnl0RCmK8czOCCSVt:YvK61hgGzaAh8cv/Vt |
| MD5: | 87AE9F4125C97566F40C9444F9B7793F |
| SHA1: | BC903EAD13C1EFCE69926D6F69D94DB48346D723 |
| SHA-256: | 3C8D6E67191C0ED5AE9541456360310A368ABBD42C11383C8E9CD2AAE41F0A3F |
| SHA-512: | 4EDC942FE0EB0416EB8CF83EA283FBE13E253E6882AAF73B923A20FDAD499C913301482F7F4EA2058890DFEFE72EBE355433BE895D0EA8EF8676E114B95A61B6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1050 |
| Entropy (8bit): | 5.647705156754194 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XDPiZVLgEF0c7sbnl0RCmK8czOCYHflEpwiVot:YvK6ZFg6sGAh8cvYHWpwVt |
| MD5: | DC4E08AAC976A96C1DEB77E2733A73BA |
| SHA1: | BB9D1CC24A4570D16C69CA556465D5F6FF80AEFF |
| SHA-256: | 2A7EA8C6065284409726029BE5E01390617FFDCDFEB6638DA075D562D51CF263 |
| SHA-512: | 1648E9523EB1D35C884C55C7FA8E1193706B9F105BEC7150CA6D9831659F54E5D1536A20E7C58A365ACBD8BDB4C404B6CC8CD779EAD46B4B569985068D2EDF98 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.288815549177324 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/Bp40GQn7+FIbRI6XVW7+0YOTUkDoAvJfQ1rPeUkwRe9:YvXKX/b/nyYpW7fUksGY16Ukee9 |
| MD5: | 1F02879504A10D59BA8E1E47466A8C92 |
| SHA1: | 83B6369BA4CB646325D6259E705ACE6A30DB369B |
| SHA-256: | 94A2913A616331A1E0F85AAEDCC67BFF3BDB2DCBA519EDA242380E4F3EE12AC5 |
| SHA-512: | 988DA133919C5AFA49820C56B187E57CB0D8235E15CEE237A7FE1A8920439241C2BEEFC7D0A8BF66FEA6D9D73510633928DF2ACBEE31317322FA99F631D0433F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1038 |
| Entropy (8bit): | 5.645265445330104 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XDPiI2LgEF7cciAXs0nl0RCmK8czOCAPtciBot:YvK6Iogc8hAh8cvA2t |
| MD5: | A010143810D70E11B05B95DBAF378C00 |
| SHA1: | 78D3AD8B223374B10B3C1B1FD4DBBDE0D691B6CA |
| SHA-256: | 80B2AA90C4F490AD05543F0975FFF4BA90C19E853021427AB3E2739F8D5ED71C |
| SHA-512: | 506E090AA969D7CCFEE2EFE1B788C16C52AD639E0A24A15492F28078C36E1E0A18E6BB73E6C8412D54BE23BB8825D5D73BBF156A8181E5CB48A9DC753A2E6109 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1164 |
| Entropy (8bit): | 5.696907323704256 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XDPiAKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5ot:YvK6AEgqprtrS5OZjSlwTmAfSKSt |
| MD5: | 0395A285E1FFC5D593DF4E43C9304A67 |
| SHA1: | 058DC71C7EB41A5094BF57BFD57B735666650B99 |
| SHA-256: | C3943D62E3CC59E2E5B3C969EEA9047D738537E8FF46FE5E3BA5FBD796D20345 |
| SHA-512: | 5B443083018B91F0F7AB9A55E8A52261C6571D0A453EA5A47C9895B043D1B13AEED5BAA9E95CB9291C4CBDAEE2189DB9BC765C05EA89BE166798B203C478BA37 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.295500284179841 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/Bp40GQn7+FIbRI6XVW7+0YOTUkDoAvJfYdPeUkwRe9:YvXKX/b/nyYpW7fUksGg8Ukee9 |
| MD5: | 45F8CA3F0795152AD251DEE1553EAAE3 |
| SHA1: | A75F65A5B161E5C666F737F05E88CE7EF7E399EE |
| SHA-256: | 33E25A4875C5C41E30FF2020DBAC8BBCF92F4270D34F65F24CCE5F0AF79C276C |
| SHA-512: | 2BF2079CE05F2F6B197D05D40AEB4168FE5BA19D43085A16DFE530C1793A81A2D78201C609212E0D60C28F86D6D417B0775F16F6341647E0F8010E7E341D1AE4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.770363953454641 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XDPiPrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNQ8:YvK6PHgDv3W2aYQfgB5OUupHrQ9FJS8 |
| MD5: | DEB3B097C00FCDD14456CAC2D92E1FF5 |
| SHA1: | E23A93EA229359B3BBD05BD5B9A9E3E3BB06405F |
| SHA-256: | E4D567B91A20767ABF6E910F46D96730D4F113C525AC7D0064733BF62BC6DEFB |
| SHA-512: | 2CC2D85F859BA74C62B82374740CF1642DAE0BC569340E71BF9CDBD9E8825371919806785155F227DC029304398A2F61905839209A1070E1708E109C27C1EED3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.27907830773563 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/Bp40GQn7+FIbRI6XVW7+0YOTUkDoAvJfbPtdPeUkwRe9:YvXKX/b/nyYpW7fUksGDV8Ukee9 |
| MD5: | CCA262D25FF627C1C5BE456773AB9D3B |
| SHA1: | F4C9428E82E16F55623AB2436571315D0A026A20 |
| SHA-256: | A102A3E19B584A5909CA8BC1A34472AAB7100D620AA55A9797D0B0687B48008A |
| SHA-512: | FAD371FF17C3CC25D9504629902778FAF5A880F16A81140B2162ABFF548E57076DAEA03E6DC5A9937F4588999963F738930BB0D2F62D05EDA9A8189E06E26DF9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.280374863621297 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/Bp40GQn7+FIbRI6XVW7+0YOTUkDoAvJf21rPeUkwRe9:YvXKX/b/nyYpW7fUksG+16Ukee9 |
| MD5: | 2BF6CA2A7AF8578FCDE836B982F7A530 |
| SHA1: | BDC4343F40EF64C7A51596B2384371C452802F9E |
| SHA-256: | 6D6D853146C4DB7307CD5F311FBD3F6220F8DB6A91C01783C6EB4ED53FDCA6C6 |
| SHA-512: | CD68362C86C6734DF5B6A52C91C6209DAA06BF8EA08248B24DE35D05B0193E71E11BE6A270DE658636B4E4B6B6F3A2DDB6F3CBF8B79DCB68D8F12193326E6484 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1026 |
| Entropy (8bit): | 5.626694290270964 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XDPitamXayLgE7cMCBNaqnl0RCmK8czOC/BSVt:YvK6BBgACBOAh8cvMVt |
| MD5: | 2D700942F5CE43E5D20EFA6AF2BDC30B |
| SHA1: | B90D705A789AC694E157FEE0AA850D394FF8E9D3 |
| SHA-256: | DD9192050FBABA15BBB21CCC1B5E5794E1890B01AE493EF0C35AA4281598A71D |
| SHA-512: | E2B7A6BDA5732D700CD66ED4EDAEDCA6D9EE626B005F0AC757A8E9E51EFC5D22786C166E6EFC08C5C7F6FC5C2F8B7B6BBA615A947896C06E99F35276D903C51F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.255288620417353 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/Bp40GQn7+FIbRI6XVW7+0YOTUkDoAvJfshHHrPeUkwRe9:YvXKX/b/nyYpW7fUksGUUUkee9 |
| MD5: | B1AB5C616AD744943E063C41A4CECA4E |
| SHA1: | E52662AB72A12BF35C54A337303E13AA98B6B64F |
| SHA-256: | 04FB8C6F249A6BB233E2FE4D79C23FA674581609B0E86333895A1455F66467FC |
| SHA-512: | 3169B908877E57CDD9042A5A97A521F4879A89AB4A810CA16868A2C87209509B343C2FCD2D00423F065EEEB4E2E968E13B5F1B11A5FF52A8C147217B1E75FA4B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.363665679250207 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKX/b/nyYpW7fUksGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWUt:Yv6XDPi+168CgEXX5kcIfANhVt |
| MD5: | 5C96C602FEA604BFC485D7D1D19DB8C1 |
| SHA1: | 76813F9D51A35211D5AD11FEDF26025336B16DC2 |
| SHA-256: | 13B6806639535D00589D9F357AA3ACED7FAB210BB7299036753038A930B13569 |
| SHA-512: | 27D9B779AED03623C027E244FA858952B981127D504944FB7F68E6C9821D39BED6E58ADB5C609FBF6A78DFC63614B72CF3AF86EDBC5282B8E4A8775E282B1101 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2818 |
| Entropy (8bit): | 5.1100260661570545 |
| Encrypted: | false |
| SSDEEP: | 48:YemaTjaGmB4arqjaiaPNYaB8abvOaOaNaBpV+Ea2MaawEVaankga2Ds9YaUaPM:cEYDv6pV+9FzkKi4 |
| MD5: | 8EF68F394E87B3EBFA6CD158DF74CB7A |
| SHA1: | F0556CFA169E8A01A7574890D8B21877A883E1EF |
| SHA-256: | B91C68A17D56B45379BB0E84141A883AE5053F90F1F087FCDA997C8CC61F7774 |
| SHA-512: | C8976169BAC325E15360F4DB3D03ED7B99ED50EC408CCF25432248B2C5EB51D24C9485A54C0698EB48523881481C007DC9715B84C5100C5897F7B78297339B23 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.9850366229116186 |
| Encrypted: | false |
| SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SprdT4zJwtNBwtNbRZ6bRZ4OdTF:TVl2GL7ms6ggOVpRMzutYtp6Pv5 |
| MD5: | DD150AB66DD524FA42FFCB674821761B |
| SHA1: | A7279B675874C5F4920682E738C14CE8645F2051 |
| SHA-256: | 7048BCE79EBA27724C01151032E3289ADD255158C8996BCEDBBFCCED7579BD62 |
| SHA-512: | 00D2F47BBA50204F208B131BD884B26C62BBDC56280C5B6882D58C07A3572A3929C58D4103D76A4A4C942BC4D1F72639CBB2FDF1E3A181CF554FFC4CF881C837 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.3399088073746184 |
| Encrypted: | false |
| SSDEEP: | 24:7+tyhAD1RZKHs/Ds/SprdTPzJwtNBwtNbRZ6bRZWf1RZK4fqLBx/XYKQvGJF7urR:7MqGgOVpRzzutYtp6PMdfqll2GL7msM |
| MD5: | B58C39D9A8351C69E0E8073074DB9605 |
| SHA1: | 16AC5121FBE857D6DA35F7D80CE5DB51133472E8 |
| SHA-256: | 4BC3CDFD49E0A5C7E465A37160C25B40E359E7B1CE515DD0B0D1391AB4954CE6 |
| SHA-512: | 2DBD89B2E9DD6F3E6F5B7BDD44FA749F25654AF11B89190213A9900623D3807AF2D8C9BD8BFF070DAB2BD8F7FE4478DA636ED76FD3E3C60A65CA602D74AD53D4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5309417490522437 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8xOlQU07e:Qw946cPbiOxDlbYnuRK5L1 |
| MD5: | EEC5473B75F5F7D775D1C030CB001B54 |
| SHA1: | 8CFE8654008C4CFC13359775DA1F5BE35F2E853C |
| SHA-256: | 8E2584D3868AD696491FD4D4C5007883625BF903382E825744D35DEE876F320E |
| SHA-512: | 037950BF6DBBEB1F146C176B220912016F9319DE3B5FE51DB3DBE65AB395E21F9E00A9C80AC0224EA589D4CD57B4B50E51CD682DF89E4E6407FB2740C3B840B1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 358 |
| Entropy (8bit): | 5.074160543666884 |
| Encrypted: | false |
| SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOplxGUlxGcqLCSyAAO:IngVMre9T0HQIDmy9g06JXXgSgcqLlX |
| MD5: | 64BF18F86C9E807FE913F7B2F70257E4 |
| SHA1: | A3B1EB2F9D6C6DA9446B9EC3A100BC8E6B51A982 |
| SHA-256: | 311CB1BD2CD34EFF97DDB6EE00846F289FEF15A2043556D29E6EC965807512C1 |
| SHA-512: | 444A2DD3C7A861073309CA4C1F0AF6B3F2DB69C1335C0CFC239AAA9F88C89C22E5CBB1ECBBEF0423247C1E0A7CC9C8547CE3B1133FF7B9F6F7C83C2141A648D6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 814464 |
| Entropy (8bit): | 2.288724017886762 |
| Encrypted: | false |
| SSDEEP: | 1536:98vPxSdpWGSgOnd6hHPoqGH5TO19Omjx6bRXvKm06qbz:Mm1SgOohHQ529ZcRfKm0 |
| MD5: | 9788A640297A2003C6945CDCDB52DE04 |
| SHA1: | 4A87B3FD8113D9751B8740ADACBFAFD1BEFCF308 |
| SHA-256: | 0DFC18E66F5D03C73CB191CEF14DDE0335928C164E298C41C2900AED5EF3AA49 |
| SHA-512: | 2664FE3F311C173E780279814ED27055F81CA474B6D84093C0E2F514537989C1C632AEE6C1B618731F81278E066EE23D23B3F0B5070C0D4FB8ACB1D4450B3C25 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-29 07-09-50-623.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.376360055978702 |
| Encrypted: | false |
| SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
| MD5: | 1336667A75083BF81E2632FABAA88B67 |
| SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
| SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
| SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15114 |
| Entropy (8bit): | 5.340641840050199 |
| Encrypted: | false |
| SSDEEP: | 384:kAiV6MvzcnuwXBeHWgnKGdI3QJBPjVps+lvzRl0pkrgNLdKgQnLfCFCD6ACoFEcA:QPcz |
| MD5: | 8C32CC8BAB31167211EF26A77E802D76 |
| SHA1: | 9B8E2D5E40450A2758CC713019BFD0239EFF7213 |
| SHA-256: | F438EED1CF0FEAD7721DEFC64E9B3C28AE37F77A35508E2AF1A3E8672AC0977E |
| SHA-512: | 7FE24D7D276443D2FA109B3D4803D4EF961E97B6AC6296EDF8D77E23739DB371629DE45D5885A7681F51DE3CF573CEDFA4DB1C1A85F492BEE7B2F9222FB2F558 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.399397197065623 |
| Encrypted: | false |
| SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbe:YL |
| MD5: | 3FF5F74A2AB5AE86B86DAD14992D58ED |
| SHA1: | 42F3F045C085E213384F2714EA434DA708A544AC |
| SHA-256: | 88AC653AE7D6C598344B4B6A383A2613ABF393C07CEBD849D21B6C91E17CF411 |
| SHA-512: | 1BDF77B828A4ABE8E1093CD0D2ADA045EFEC927CBEE2313C40B4156008C9367B340B3232BA83FB0519C0C71527DBA769ADE8A0E65D8D962FC86DC23D4E5D4D36 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xTwYIGNPgeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JTwZG/WLxYGZN3mlind9i4ufFXpAXkru |
| MD5: | 62F2E9F22B4021BA764763F066157442 |
| SHA1: | 0BBCDDCCA2B7342980503F1522E9249B077DED4C |
| SHA-256: | 747B773557070E01063EDCDF20C3DA8DD01599EF5EE5E5320BA7328DFDB2E721 |
| SHA-512: | 0D58BA35B2BBE548612357D9252FD87DDDC939B346DC666778CCE2C44E60F4A58434A42FDA5BDC7DF9552999D29ACD35E2F77FC5BD3D423B336F224D157F00A6 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.993467411990922 |
| TrID: |
|
| File name: | Unilever Rfq letter...pdf |
| File size: | 310'686 bytes |
| MD5: | 40aa3755b571d5f21f4e0fc3d474a694 |
| SHA1: | ab6ae191590e046782fc73e70455c10fc532f2d5 |
| SHA256: | 14b8c00c07841f9c3d8b019394010d1e92fb353c5b5e29340588b17cf2ab34ba |
| SHA512: | 3d0371dcf4681e33c4b4f8a92019cff4b631db5aa61321627a4785695d238b6b6fa74585680279eca988c116c16346f4736bfd512bfea9a0711a59292bd70a90 |
| SSDEEP: | 6144:1zQ7y7TVcH9g9dtkv/w0EM9929MmD1UO0UAZMAfiq4BBACsP:1lTid+tkHR90vrxq4DQ |
| TLSH: | 5564121EDB52E90CF953154A3C3F3F4A845CF79823DC6C1E099C97992A01DB0BAB5792 |
| File Content Preview: | %PDF-1.3.%.....5 0 obj.<</Length 6 0 R/Filter /FlateDecode>>.stream.x..}.T.W....w.]:(..D....|cI5...&..+..vE..n.c.......{W.."H/.{....|@....|..|..'..8...s.3.....".ZF.DF....~H..m.s|........(.....F....qq1....:..q....JtL\...D..b".[.DE.T.........7&Z..)....c.1.. |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.3 |
| Total Entropy: | 7.993467 |
| Total Bytes: | 310686 |
| Stream Entropy: | 7.997993 |
| Stream Bytes: | 302964 |
| Entropy outside Streams: | 5.175846 |
| Bytes outside Streams: | 7722 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 58 |
| endobj | 58 |
| stream | 16 |
| endstream | 15 |
| xref | 1 |
| trailer | 1 |
| startxref | 1 |
| /Page | 3 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 10 | 333333370b0e490b | a49cbf67294879e34e8e7ef0955969f2 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 29, 2024 12:10:01.961796999 CET | 57921 | 53 | 192.168.2.5 | 1.1.1.1 |
| Oct 29, 2024 12:10:15.249891996 CET | 61877 | 53 | 192.168.2.5 | 1.1.1.1 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Oct 29, 2024 12:10:01.961796999 CET | 192.168.2.5 | 1.1.1.1 | 0xe16 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 29, 2024 12:10:15.249891996 CET | 192.168.2.5 | 1.1.1.1 | 0x3f6c | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Oct 29, 2024 12:09:59.955334902 CET | 1.1.1.1 | 192.168.2.5 | 0xbb8d | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Oct 29, 2024 12:09:59.955334902 CET | 1.1.1.1 | 192.168.2.5 | 0xbb8d | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Oct 29, 2024 12:10:01.971030951 CET | 1.1.1.1 | 192.168.2.5 | 0xe16 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Oct 29, 2024 12:10:15.258068085 CET | 1.1.1.1 | 192.168.2.5 | 0x3f6c | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 07:09:47 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff686a00000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 07:09:47 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 07:09:48 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly