Windows
Analysis Report
BRNB4220046D2EC_004113.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7272 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\B RNB4220046 D2EC_00411 3.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7460 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7648 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 96 --field -trial-han dle=1564,i ,183003503 1038592885 5,12573409 8820205460 5,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
x1.i.lencr.org | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1560181 |
Start date and time: | 2024-11-21 14:19:00 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | BRNB4220046D2EC_004113.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/52@1/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.149, 2.19.126.143, 172.64.41.3, 162.159.61.3, 52.202.204.11, 54.227.187.23, 52.5.13.197, 23.22.254.206, 2.23.197.184, 199.232.214.172, 88.221.168.141
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateFile calls found.
- VT rate limit hit for: BRNB4220046D2EC_004113.pdf
Time | Type | Description |
---|---|---|
08:20:07 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DanaBot | Browse |
| ||
Get hash | malicious | BlackMoon | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.262996873191139 |
Encrypted: | false |
SSDEEP: | 6:HE6Ffxyq2Pwkn2nKuAl9OmbnIFUt8YE6FfMG1Zmw+YE6FfMQRkwOwkn2nKuAl9Oe:k6lxyvYfHAahFUt8/6lMg/+/6lMQR5JK |
MD5: | B36CFF45E4607F9641CD4B4218668DCC |
SHA1: | F1FBEFA10A072199CC28D6307C5571D31AD61F2A |
SHA-256: | 3E0E3E658F36510A47251DEF3A65328E80F332815D36510426B74D1E7344FD1F |
SHA-512: | 4509AF502D5BD3114C762F04552AF78AD970CFE0F357D70EDC6AEFFA1AA72F5AABD0EF1FD73DBB02B95D201FAF228CB1AAF1B9BC7BBD94E14AC2C34E2F109D3C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.262996873191139 |
Encrypted: | false |
SSDEEP: | 6:HE6Ffxyq2Pwkn2nKuAl9OmbnIFUt8YE6FfMG1Zmw+YE6FfMQRkwOwkn2nKuAl9Oe:k6lxyvYfHAahFUt8/6lMg/+/6lMQR5JK |
MD5: | B36CFF45E4607F9641CD4B4218668DCC |
SHA1: | F1FBEFA10A072199CC28D6307C5571D31AD61F2A |
SHA-256: | 3E0E3E658F36510A47251DEF3A65328E80F332815D36510426B74D1E7344FD1F |
SHA-512: | 4509AF502D5BD3114C762F04552AF78AD970CFE0F357D70EDC6AEFFA1AA72F5AABD0EF1FD73DBB02B95D201FAF228CB1AAF1B9BC7BBD94E14AC2C34E2F109D3C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.198182101830389 |
Encrypted: | false |
SSDEEP: | 6:HE6Ff+L+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YE6FfQ1KWZmw+YE6FfQjLVkwOwknV:k6l+L+vYfHAa8uFUt8/6lQAW/+/6lQj+ |
MD5: | 2A4ABA06B841D07A0A6D4B604FB9D682 |
SHA1: | 44C41882670C6FC21D3FB66D8F63DE860BEF085D |
SHA-256: | 455FA1C300161DFB6954B167432F765749D309CB1A05F54C5E6084D4771D1AD2 |
SHA-512: | FDE1E065F112EF08E796894ABDFA8DE0A4D7FCEDA691B5D64F2C29BA7851C613B22F0BF57975FC538CD268DE159CF1C0501A1249C75475A4339C719C8C89F78A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.198182101830389 |
Encrypted: | false |
SSDEEP: | 6:HE6Ff+L+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YE6FfQ1KWZmw+YE6FfQjLVkwOwknV:k6l+L+vYfHAa8uFUt8/6lQAW/+/6lQj+ |
MD5: | 2A4ABA06B841D07A0A6D4B604FB9D682 |
SHA1: | 44C41882670C6FC21D3FB66D8F63DE860BEF085D |
SHA-256: | 455FA1C300161DFB6954B167432F765749D309CB1A05F54C5E6084D4771D1AD2 |
SHA-512: | FDE1E065F112EF08E796894ABDFA8DE0A4D7FCEDA691B5D64F2C29BA7851C613B22F0BF57975FC538CD268DE159CF1C0501A1249C75475A4339C719C8C89F78A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3c910f6d-04cd-4ce2-84b1-750cc6801fa5.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.967403857886107 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7 |
MD5: | B7761633048D74E3C02F61AD04E00147 |
SHA1: | 72A2D446DF757BAEA2C7A58C050925976E4C9372 |
SHA-256: | 1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67 |
SHA-512: | 397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.967403857886107 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7 |
MD5: | B7761633048D74E3C02F61AD04E00147 |
SHA1: | 72A2D446DF757BAEA2C7A58C050925976E4C9372 |
SHA-256: | 1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67 |
SHA-512: | 397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF423130.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.967403857886107 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7 |
MD5: | B7761633048D74E3C02F61AD04E00147 |
SHA1: | 72A2D446DF757BAEA2C7A58C050925976E4C9372 |
SHA-256: | 1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67 |
SHA-512: | 397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\eb1acd8d-42b1-4ef0-b505-8d5377240aa4.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.973413864143525 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqTuXhsBdOg2HBcaq3QYiubInP7E4TX:Y2sRdsE7dMH43QYhbG7n7 |
MD5: | 5B0D1D422CF465FD69C41E007D523A78 |
SHA1: | EC498C995628D352D32DD510883DDC584EB142B4 |
SHA-256: | 991BC1FDEC24B3F548E3311FA0003E7793568AA55C0BAE3E5DF1AB85EBD2EFF1 |
SHA-512: | 2CB51CB998C3CB1BC1C9ADE3DF84BC3EB9AD6C853EAF65A6E1BDAD8870C149E1DB1D4A899FAD1FDE2DF3A29819694A75803BC67375AB73E3C7E3E1FEB3FF27AC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.2605868595991305 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7kA0jZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gos |
MD5: | 01F64B08563FAFDB2012E6BFCE3E2EC0 |
SHA1: | 59CCC4FA0650D92C17300E924BC60F9C6DD39ECF |
SHA-256: | 1ED6770B41D7A76141C245F10B4308C95AD7ABC6649CE2D4F9BB356549161E4E |
SHA-512: | 25D65746E9FEE22416BEF519C0E6CA35A59542B1F52C42FD2BA3C1DD53428FD467B1E27D1CA1F1C36A5AC6CD78EAAF35F3198E83DE0C1A8B125076ABD42C623B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.221058655443426 |
Encrypted: | false |
SSDEEP: | 6:HE6FfGL+q2Pwkn2nKuAl9OmbzNMxIFUt8YE6FfBKWZmw+YE6FfSZLVkwOwkn2nKA:k6lGL+vYfHAa8jFUt8/6l8W/+/6lSZLV |
MD5: | C0FD855F5AED1A1D0A0E07CB85575E59 |
SHA1: | E7984F73C2CBCF839C42036B21677725DB07041C |
SHA-256: | 5187879B2057AAB126056862367F36001D8B52B9BB8D35A8A11BC48E42CC58B8 |
SHA-512: | AB2E44BD6A99055BEEF291076E92A8A7E5111C124DB8348DB170263B86B2F107C472B122DF3E6D33C8EB7D0CB829A3F1C44EFD1ABE225C337D0B75126F5D5B48 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.221058655443426 |
Encrypted: | false |
SSDEEP: | 6:HE6FfGL+q2Pwkn2nKuAl9OmbzNMxIFUt8YE6FfBKWZmw+YE6FfSZLVkwOwkn2nKA:k6lGL+vYfHAa8jFUt8/6l8W/+/6lSZLV |
MD5: | C0FD855F5AED1A1D0A0E07CB85575E59 |
SHA1: | E7984F73C2CBCF839C42036B21677725DB07041C |
SHA-256: | 5187879B2057AAB126056862367F36001D8B52B9BB8D35A8A11BC48E42CC58B8 |
SHA-512: | AB2E44BD6A99055BEEF291076E92A8A7E5111C124DB8348DB170263B86B2F107C472B122DF3E6D33C8EB7D0CB829A3F1C44EFD1ABE225C337D0B75126F5D5B48 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241121132000Z-151.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64502 |
Entropy (8bit): | 4.611300969135374 |
Encrypted: | false |
SSDEEP: | 384:0jPjHjr4kMLP4AzN5waUqB144HRJyZy0fd4MV9yc9+aKZanL0cZNhvQoDVHptN+e:pKPga60PZTvddzY5+0LivBOcWRPb4hX |
MD5: | 1BA56C13DF444ECF590B6F31E53D4266 |
SHA1: | 79E48DFE2BC86B90349727CDE0945DC7B2893FC6 |
SHA-256: | CC9959CE06C1AC449734D60223457977D69E43F77B1FCBA17B17C322369654F7 |
SHA-512: | CE880EB68762988285E26F9915AF344B634171EEBD5C5D2EFA9D502691FC1E2AEFD5AD39596F8CBFB537FE658624AC36AB29B7B035CFB969CEAD8279945A394A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444873028454647 |
Encrypted: | false |
SSDEEP: | 384:yezci5twiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rHs3OazzU89UTTgUL |
MD5: | 93DA9EA704CF34F9BC9D7794C93AA893 |
SHA1: | 797FB2261C91E84B40A8C09BBDBC5FC10CADECBF |
SHA-256: | 42D0142117C35C79A5DA77C20D160DC8805D810518CA2CB7347FC34C202BBD3E |
SHA-512: | 919366160BA2BAE8CD2A852A3906FA55C2AFF72BB54518883D614FA8E49261313AF8455D9A7051E7CBA6440D71E0EB13E14A4446F3302B346FB3F8722755C849 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.774845462749924 |
Encrypted: | false |
SSDEEP: | 48:7Mmup/E2ioyVORioy9oWoy1Cwoy1JaKOioy1noy1AYoy1Wioy1hioybioy3Ooy1D:74pjuORFsSXKQiM2b9IVXEBodRBku |
MD5: | 12CF60B5A61AFAE7C09D1C30A7D5CBB8 |
SHA1: | 174BF4FAA38BB2F7F57703ACEABF6CDA1F5BB548 |
SHA-256: | 57E5DBB49DC8AF35962F5E8642BBB43AB03E888D051DD76E5A21AF1EDE0C3F0E |
SHA-512: | 444304C09B1C896BD80B8A8D43A37DC7FCE842AFA97082E59AC3C8451E8A9A7D3EF25FFAF55510A55BA5EB42CD905F1608817975009769ED35C81362E1A1E3C8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.756901573172974 |
Encrypted: | false |
SSDEEP: | 3:kkFklnvw9jfllXlE/HT8kwbNNX8RolJuRdxLlGB9lQRYwpDdt:kKz9sT8FNMa8RdWBwRd |
MD5: | 715EAC09B7F180428552CFB6D65952E7 |
SHA1: | A6218E7B3D7C36119F180895DD1ED124949B8B88 |
SHA-256: | 4AE010AF54229D75AE4F5A61787F44E2DE856F6298282A461D7A72117D376F09 |
SHA-512: | 51035D1737E27746CCBB6E519E5878D2AB655F2FD1F39942C68541AC781739D3FAF86D1E69313948AB9245F752F8A1AF5DBFC31DCE7CA2E7ADEAE7909812A056 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.2418003062782916 |
Encrypted: | false |
SSDEEP: | 6:kK90MD9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:GDImsLNkPlE99SNxAhUe/3 |
MD5: | 065B91F2AAF0A199E1DAAB96F6351A57 |
SHA1: | 08863FC469D23136B2F4BF69D042E6A62A2B5ECD |
SHA-256: | 16FF6883C5F82C914E914F69FC9357B0815BDEE278330B2633BA4DA2ED6EE2FC |
SHA-512: | 08536310161D2368FAA4757AFE3A898FB065179FBECD573F3AC82F6104E0EF8DEA5CD752AA845484C646F5D9AD7F42DD57C39B09F8869301D593F39D5B835E64 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.373713913014458 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJM3g98kUwPeUkwRe9:YvXKX40EZc0vNeGMbLUkee9 |
MD5: | 36C1A5C3D4CAA7FA38F5F0C714764D2E |
SHA1: | F3AD77FA6E03E24D48C3A884FFD2E343C58C65B6 |
SHA-256: | C1BCD6F606A0742AE981A7D47ABB2267EE181800E60EB16CD2FA38EA770998F5 |
SHA-512: | 9053602DC2A3F5D1B47E9424C7FDD80BA976E6375DBFE4A1A0CD09F8C86D18D1FCE67727731F4A089AF581828F88136510E6CB9A11AA0CC4B5C452971562BBA2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.322703473855263 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJfBoTfXpnrPeUkwRe9:YvXKX40EZc0vNeGWTfXcUkee9 |
MD5: | CA8EC443DE98C15071ADBCBA977CD0CA |
SHA1: | AF346690E9AF341E594AE6CDFBE205CB538FBAD8 |
SHA-256: | 76E501651D96713FD29C575D4CFA38049EDCF3B77AA719607FA3C98F8709A1EB |
SHA-512: | 14A60F0874A5D72FA200AFAB468AF21099413BA9A42BF9A863E09C62CADE59F47BF3C68142EFFED3D5D2D0D6270189D17DF85CC7F3EBB2FB7F1D3738ADE2E884 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.300175723058891 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJfBD2G6UpnrPeUkwRe9:YvXKX40EZc0vNeGR22cUkee9 |
MD5: | 0CF89C1C11EDC1F04E18F19127D2CD27 |
SHA1: | 7539C514DAD2B905B6C742D49EFBDDE884E7AA40 |
SHA-256: | 30DC96D82D0EA16AACCEAFFFA058CDF16F0FDAB3C6928538991390638D20FA1D |
SHA-512: | F73C972898DECFD9F2F621BEF10C32926A4DF8A8B85AD8F201062F9CB4E285BF9979BD7EE7DD88291FE2A26F4404A47FB6E4C8172900319E1375AE7C5FC348C9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.3610875955849595 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJfPmwrPeUkwRe9:YvXKX40EZc0vNeGH56Ukee9 |
MD5: | A61CD03FB08B07A796771506B857B648 |
SHA1: | 28EDA9CC8F4B2693F2597C3F1BF2B0D35CE5813B |
SHA-256: | C1DC1B703A6F249EB47BCE76C80033E0531773A2B3BA3F1AE2EC86ED78EA62DB |
SHA-512: | 02005559505A246B387EEA3DB1F975628E3C02CAED22B46B2ECBF3349FD206E7825FE4FD9DFE4DA9AD0501566275D2B36441ED0A384A16BAF3C6FA59508252B3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1123 |
Entropy (8bit): | 5.693737131958809 |
Encrypted: | false |
SSDEEP: | 24:Yv6X4nzvppLgE9cQx8LennAvzBvkn0RCmK8czOCCS7Y:YvdRhgy6SAFv5Ah8cv/7Y |
MD5: | 912F3BBA8942BA86B00A458F6FBB5BA5 |
SHA1: | 20AB3AEE3981F2E3A4C081106AD188C7F29E0A78 |
SHA-256: | 8BEB855521DFE813EFC8DCA47E56992995B4FB039EB03277BA5C7E9CD56B4BB5 |
SHA-512: | 35A81D8B3F2AB0EB15B8CEB881EA2A2836315C11BB012DE35154588873A3D87D5D5629F42FB6C4669F9914A82BBC4F8542F737AD6DF5B5918BCC79CBF4C7BEC8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1122 |
Entropy (8bit): | 5.685627389111958 |
Encrypted: | false |
SSDEEP: | 24:Yv6X4nzvFVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBkY:YvdNFgSNycJUAh8cvYHRY |
MD5: | 5BCE874BB9D6447E9732F9F0EE2CC98F |
SHA1: | 59CDA6F65E1449CE199F6A45F080852CE91D85BF |
SHA-256: | B7662EDDCC39C3CC9DFE304677D733505BD10A42256BC552ACD22CAB8B1E88D8 |
SHA-512: | 2AD13D30448F6A97BDB61C303B9E7A42F55F932CBBE480F11FE217EF63093EBB4A972A20436EC276E58BA156FC254E2A999F5E83DA0A7119848BC1008ECEE852 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.3106272640174925 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJfQ1rPeUkwRe9:YvXKX40EZc0vNeGY16Ukee9 |
MD5: | E38D0321AFDC0C699B6090FCA298914C |
SHA1: | B4135C2DDA3F3FEAC9318618465655EEEDFE61D1 |
SHA-256: | 17EEE783FF32E8C7F64DCCA2E9879BE4E3FFD36B166B205F0ADE179FB5900CD9 |
SHA-512: | EF5C64939702B0759EE6D39CFBD30ED5CC63B1048D675EAC0F014D7F9E2E76A25997657BBAFF7B39A5D5DA3E36B1171CD07681F6210C777F7C905BAB54C6BDF4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1102 |
Entropy (8bit): | 5.677126264340734 |
Encrypted: | false |
SSDEEP: | 24:Yv6X4nzvk2LgErcXWl7y0nAvzIBcSJCBViVkY:YvdMogH47yfkB5kV7Y |
MD5: | 04F3B961C96668FEA7075CDB4C7E6589 |
SHA1: | 4D5251AD0D6F119DA4BF6ECBF09E1ADE6E37FE6C |
SHA-256: | BC7CC96BF882DB8DED76404C8DD9BD07104EEAFA7EF9EB14CEDB89459FAC07D3 |
SHA-512: | 38156758EA71C80FBC6BEA23E83C3D7251A3E8E78E874B724FE0BB956AA134E8D6D94EBB9E0CF8513E40E94E42339C17674BB7B32C8BE42061CE4F9776BF3771 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.702238781988155 |
Encrypted: | false |
SSDEEP: | 24:Yv6X4nzv0KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5kY:YvdMEgqprtrS5OZjSlwTmAfSKKY |
MD5: | 7E5132082507CA5B71CBDC45A2F773B7 |
SHA1: | AF3698B2EC8D9057491B626DEE11372DB4E36CD4 |
SHA-256: | 076FD5797DD5813F5489516CD16F52AE06832B7123F0C0094EFC62067542F621 |
SHA-512: | 4AD96B14220B185F585168ACCCDBD15953965321A35E49414D77A81D2C0853F539A05BA7C66C446D2F014F2930ADFECE8D8B1A1B14C54986D17CF6B6E6A179AF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.314603321835047 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJfYdPeUkwRe9:YvXKX40EZc0vNeGg8Ukee9 |
MD5: | 2C69C0C62A871AC8CA448634C2E713E3 |
SHA1: | 3CE41B923241B15897545D83B795647C9C201516 |
SHA-256: | A8F04D1D366D62B61B2AADFD14508423D9314763929C09B6E43322578EC0D61B |
SHA-512: | 1FF0E524348AB5AEB1236FBEC5AF7B01AEA2234A7CBBD6CB6794D326C95E91C5CDD169BAFC17DEB031CDA3624BB8C090E79D2D587B2564C42EB37B02A004B24E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 284 |
Entropy (8bit): | 5.300910795394452 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJf+dPeUkwRe9:YvXKX40EZc0vNeG28Ukee9 |
MD5: | F8625534024651CF82EEF2779FA15121 |
SHA1: | A7EFAEE2E3F7776866030D199A259E0D46D4D3D6 |
SHA-256: | 42EACEBBEF6937E08CAA4C5CF88A579AB7120CE26C79A0EC0FDCB4991A603B50 |
SHA-512: | C3955A8CC7E78F2C41EDB40DFDCBEF63918B3116933A862B50D988846C83E54842DFDAD8B791A2FF3FD100F41BCDB53424D8DB778E66DE1D404E8DB350B2B844 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.298050053035816 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJfbPtdPeUkwRe9:YvXKX40EZc0vNeGDV8Ukee9 |
MD5: | 3A8E773CDE5A32D5DEEBAD70FA26B149 |
SHA1: | A97381C8F866CB08FA2A95DBBDB93E5C10CC4829 |
SHA-256: | 8CB2C97DA38AE40FDDECCBE86C35C585B827C8F93313337EDC4B36FD5760AF93 |
SHA-512: | 81B704C67BC5EB9F25E82D8AEA677AFD6869BCF33539F43F8E07BFCFA00EE72F8B00BC5F177940E0DB9D5AEEC9338291DE5869785462BE85509E77C831587627 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.302253887363725 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJf21rPeUkwRe9:YvXKX40EZc0vNeG+16Ukee9 |
MD5: | 163799B569D2AA7D5DE52DA74CBC91E5 |
SHA1: | 4A89A95458CED7A2107E54EBDB2BC1CF2CE0C41E |
SHA-256: | 0D1431D916C4249B9B5DD399FE4AABCAF69D1610D7BFF64C8B883CAEE0849698 |
SHA-512: | AD3D1CC6562A1FD3E29832886ABAB558F124618146C4131A1FB7A48F31459D6E2E7EAC1D944FA50C19C58766E67236B9B87D9C37037047F41678B4AB3097DADC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1090 |
Entropy (8bit): | 5.671656953452707 |
Encrypted: | false |
SSDEEP: | 24:Yv6X4nzvZamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BS7Y:Yvd9BgkDMUJUAh8cvM7Y |
MD5: | EC5458E9A866864BDD3A9568BE7F3D3F |
SHA1: | E9E01241D59910AB77D97D82952DBA06F463A4BD |
SHA-256: | D53715743FF38C66C9E5C62623CE73BB90BA29820E5FBF3F1D76A1699F2CF2F6 |
SHA-512: | 5E503CB4B800EE5BD380E79DDF6CBB676F0192A0EF6F74C26CA579DA1CC647F371A1EF13009DD8A3F822F6E8500F01848DD931C52F2B0AF0ED107D87C85A79C2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.2774548321881385 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJfshHHrPeUkwRe9:YvXKX40EZc0vNeGUUUkee9 |
MD5: | 041CF67101E99396D9CDD9DC04A6BF2E |
SHA1: | 0458CB49737B95F6D68F8A209E98D254B6BD9C13 |
SHA-256: | 8F5F9F5001156490A453E75694AD3EED4342B0B00A1FA0098FD22A121BFC3FE4 |
SHA-512: | 00FE4321C55382F64F9448993B103D0909ED852EC2DFB1FC34AE9D37870459C21F5890AA50EE732A2A8371DEBF95827834C1A70F8AC3DDD589D3057751D776D6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2817 |
Entropy (8bit): | 5.124035848723945 |
Encrypted: | false |
SSDEEP: | 48:Y8YThsp74DyiNep9/+80ohGWvpgFub39YxfDpiMY:r+a2yvV+M1pvNcvY |
MD5: | 704EED59E0B343E392AD8D563537571B |
SHA1: | 85529A2A2A226BE9FFC141BF2E7AF4C9099E8BC8 |
SHA-256: | 37AA3AB17A318180352071935FC982899CC0D403E40372D80E31E86A688ACA33 |
SHA-512: | 95105AB59065850AC7D59E04C624E56486FF8D674CD311034FCA1018ADB9DFE774272CD1A5BFB24923513CB7C190707E7AC994C72B7204A904204B9D13EC4134 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1877571744626652 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUEhSvR9H9vxFGiDIAEkGVvpgF:lNVmswUUUUUUUUI+FGSItm |
MD5: | 3604F6083531DD39D79FD6310E11D7BC |
SHA1: | 879E48B56275306FCCA582D7883825222C3F2F4A |
SHA-256: | 950A03418382B63DF98F13573B5A791C2D434E670809EBCE5D151570CB844D58 |
SHA-512: | 4008FABAF839026F704DD911994616ECB9F4F772E5F054A106F76C25E63AC87E8A7F04540EEF47B04F4D9F79B8130BEBB9CC8801828C68AEF083A56AA77FA649 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6072348562439787 |
Encrypted: | false |
SSDEEP: | 48:7MGKUUUUUUUUUUEpvR9H9vxFGiDIAEkGVvXmqFl2GL7msf5n:7eUUUUUUUUUU2FGSItoKVmsf5 |
MD5: | EA513956192DECE08A2DDCAF9BEF9689 |
SHA1: | 9DFBE2388B15B8B800B8267B8A98128A527F2C48 |
SHA-256: | A4E94021F0479368F63A799EA7C153E1A1AF672ED29DE8FB8A3B39C6B5B8EDCA |
SHA-512: | C8997DEDF1083F9ABE2F788EE1CEBC285F6FB75571CDE54607900399908EFBBCFD4E5B5D482E9EE8EDBA8AF8A9AD216B7B13F11EECDC396880A1BB8CC9DF69F6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgOpeXl/RrV9isO03hgjdyniFPsYyu:6a6TZ44ADEOpe1/RrV9iO6sK |
MD5: | C1DF16D302363483A9FDF28ED12A0E37 |
SHA1: | 5A74CFB17C510E8086998EAEE31E85A2D10A02F3 |
SHA-256: | FE95768D3689CA5B43DA1F26748B99ADC5C70757727CF91E581E7C1E6C12E098 |
SHA-512: | 68E939768C00A8AD1FA1275C37FCCFCC4BC95A2A67BE43BBF3E8ABD01A8C33A7349A09B16F8A313AEFCE8B339A8C366519111C2CA1B4E910C5AA505725177099 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.4965336456103326 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8hlO:Qw946cPbiOxDlbYnuRKV |
MD5: | 3D405EB0E53037D6E09A5B86823805E1 |
SHA1: | C94697F53196D96923C9548113E753154B7FC422 |
SHA-256: | AFBA6FAD672928D2C15D217A5EE85DE61B2FE097D257DF22E4F79D237985C560 |
SHA-512: | ABDF0DA9B6498E6B7E98029AC28B6B436CA6503D4BF8C5F40212DEF2FEF7AF27642F031DB032CCE496D79AEA14D85DB84AF575B8E4341310BEB584B2BF090344 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-21 08-19-59-033.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.3721336592635005 |
Encrypted: | false |
SSDEEP: | 384:ZzPWXDiGumlFEO+KQfdF8C0BwjMehuObSRoMG+ZiM+vsSThemJFLU/UNoa4/SIAR:edI |
MD5: | FD92ED35B7CDA21EFAAA39728B1CCACD |
SHA1: | 17142E61D509D81002160199FD96AE83E6A510CD |
SHA-256: | 95E278A9B0AC6552A13D80680C2B897E79E38D07A10B5025AA53CBD0C4D8A29A |
SHA-512: | A7CD217CD2F83BC9016C193BF1662A83AC5977A39FF21F067F390B8BFCA01273093597DC9048A950F168BA71A158564636255AAE6BE9BA2AEE51F325A4EB0394 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.3964135711706955 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rc:g |
MD5: | F36CF0B80F5613F931C9B166919304F3 |
SHA1: | A039C62D009B1EDD3FBED5D25DC2A9EB7CBC402A |
SHA-256: | 4C78A429038828CE51147DBE33F391D936D326B62505525C8124DDC2BFCC3F74 |
SHA-512: | 207153BECC39B584BFB773B484AD46532675401F68CEED1FC4877DCE13F4A73DC8B07326592F4D1BA5439C98DD74300A958C29D910362C3C8F52F3B2A0809FBE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/rwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TwZG6bWLxBGZN3mlind9i4ufFXpAXkru |
MD5: | 95F182500FC92778102336D2D5AADCC8 |
SHA1: | BEC510B6B3D595833AF46B04C5843B95D2A0A6C9 |
SHA-256: | 9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9 |
SHA-512: | D7C022459486D124CC6CDACEAD8D46E16EDC472F4780A27C29D98B35AD01A9BA95F62155433264CC12C32BFF384C7ECAFCE0AC45853326CBC622AE65EE0D90BA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.671715282969651 |
TrID: |
|
File name: | BRNB4220046D2EC_004113.pdf |
File size: | 354'784 bytes |
MD5: | a3b90129336364fe04a62672bec5bac2 |
SHA1: | de0d07aff56bc86c34e47c87f6aca19123828437 |
SHA256: | 6580703f8adcba9ad7214b8d5be3ec7091351a8f1c0dea71024183adf2f5d486 |
SHA512: | 26646c1cad60e603744d15e65b2b31936083559bdb95995a10dd19f5087fd3fa22c773c6028ded7b7ebfb2e5d19416169c9be35ed41bf54dfe84f7add846373a |
SSDEEP: | 6144:DB29i/v6p5TCq2jVCELPIV3jZvoirOGt68v1jPmwIBPk5exzYLw8lmEK04xRIE4g:N5/SPeqAVCELPIdj68NjPHOp9LKHWv4g |
TLSH: | E674F163CC912903A9A5D7FDBF42AFED3F21B61D26B0736121815ECF3D64211AD89139 |
File Content Preview: | %PDF-1.4..%@PDF0123456789 1..3 0 obj..<<.. /CreationDate (D:20241121110243+01'00'').. /Creator (Brother Scanner System : MFC-L6800DW series).. /Producer (Brother Scanner System Image Conversion).. /ModDate (D:20241121110243+01'00'')..>>..endob |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.671715 |
Total Bytes: | 354784 |
Stream Entropy: | 7.668194 |
Stream Bytes: | 352810 |
Entropy outside Streams: | 4.910331 |
Bytes outside Streams: | 1974 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 15 |
endobj | 15 |
stream | 4 |
endstream | 4 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 2 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
4 | 746613313131410b | f034166678b69e1c7504ccc4fc546e88 | |
10 | 746653734f27220f | 3408c1415b0a423fda8e81969a58e7ea |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 21, 2024 14:20:06.770392895 CET | 60821 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 21, 2024 14:20:06.770392895 CET | 192.168.2.4 | 1.1.1.1 | 0xddde | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 21, 2024 14:20:06.996792078 CET | 1.1.1.1 | 192.168.2.4 | 0xddde | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 14:20:08.778096914 CET | 1.1.1.1 | 192.168.2.4 | 0xe919 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 14:20:08.778096914 CET | 1.1.1.1 | 192.168.2.4 | 0xe919 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:19:55 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 08:19:56 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 08:19:56 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |