Windows
Analysis Report
cen03-2018-rrb-notification.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 1784 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\c en03-2018- rrb-notifi cation.pdf " MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 940 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7320 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 40 --field -trial-han dle=1676,i ,250911981 3639347335 ,536631791 624859120, 131072 --d isable-fea tures=Back ForwardCac he,Calcula teNativeWi nOcclusion ,WinUseBro wserSpellC hecker /pr efetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Static file information: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.47.168.24 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1500273 |
Start date and time: | 2024-08-28 07:12:05 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | cen03-2018-rrb-notification.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/42@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.115.88.161, 34.193.227.236, 18.207.85.246, 107.22.247.231, 54.144.73.197, 172.64.41.3, 162.159.61.3, 95.101.54.195, 2.16.202.123, 2.19.126.143, 2.19.126.149
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com
Time | Type | Description |
---|---|---|
01:13:16 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.47.168.24 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.119387372150541 |
Encrypted: | false |
SSDEEP: | 6:NFTIq2P92nKuAl9OmbnIFUt88YZmw+8AkwO92nKuAl9OmbjLJ:NFTIv4HAahFUt88Y/+8A5LHAaSJ |
MD5: | F16B48DF11FE78C8B0F7B3AEB082E3BA |
SHA1: | 8B6B15C9707382E86A2FF057BE876BE02B0E4E34 |
SHA-256: | 73D7AADB4A6361B48062E4A73BBD3F46E0A6AA6CC60C13A54703859FE2B03A03 |
SHA-512: | C03A190F8A2D46D98421EF18B4DE8D5FEC09C9498CC173904F69C9A5859575B8FD3AC2A964F9683D06027577428E0C9A2A69C95398B8B2CBCC676D55905F5D4F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.119387372150541 |
Encrypted: | false |
SSDEEP: | 6:NFTIq2P92nKuAl9OmbnIFUt88YZmw+8AkwO92nKuAl9OmbjLJ:NFTIv4HAahFUt88Y/+8A5LHAaSJ |
MD5: | F16B48DF11FE78C8B0F7B3AEB082E3BA |
SHA1: | 8B6B15C9707382E86A2FF057BE876BE02B0E4E34 |
SHA-256: | 73D7AADB4A6361B48062E4A73BBD3F46E0A6AA6CC60C13A54703859FE2B03A03 |
SHA-512: | C03A190F8A2D46D98421EF18B4DE8D5FEC09C9498CC173904F69C9A5859575B8FD3AC2A964F9683D06027577428E0C9A2A69C95398B8B2CBCC676D55905F5D4F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.139499458628959 |
Encrypted: | false |
SSDEEP: | 6:Nqcq2P92nKuAl9Ombzo2jMGIFUt88XZmw+8pYkwO92nKuAl9Ombzo2jMmLJ:N/v4HAa8uFUt88X/+8i5LHAa8RJ |
MD5: | 5BC2C99F854960E7BD5A8B6A79AA2CFB |
SHA1: | B28369E388C5C41A738A5C98A80765ECA92850FD |
SHA-256: | E4F15BB7548917005494596F018CB80369B73A3B304C90AF0A29F6291068FF12 |
SHA-512: | 9EB23CE2DB5A22777FE2A35FD903D58B3C446151122D1248F0B9CB3A1B61F6114EBAB0838D4EBEBCE59C3C517E1D115733785DF59C9D670AABE83497D4A99EBA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.139499458628959 |
Encrypted: | false |
SSDEEP: | 6:Nqcq2P92nKuAl9Ombzo2jMGIFUt88XZmw+8pYkwO92nKuAl9Ombzo2jMmLJ:N/v4HAa8uFUt88X/+8i5LHAa8RJ |
MD5: | 5BC2C99F854960E7BD5A8B6A79AA2CFB |
SHA1: | B28369E388C5C41A738A5C98A80765ECA92850FD |
SHA-256: | E4F15BB7548917005494596F018CB80369B73A3B304C90AF0A29F6291068FF12 |
SHA-512: | 9EB23CE2DB5A22777FE2A35FD903D58B3C446151122D1248F0B9CB3A1B61F6114EBAB0838D4EBEBCE59C3C517E1D115733785DF59C9D670AABE83497D4A99EBA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\089b63cb-a0c1-4678-ad8c-d9b2eb2a5e0a.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.056751691114228 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqkMDsBdOg2Htcaq3QYiubxnP7E4T3OF+:Y2sRdsgEdMHc3QYhbxP7nbI+ |
MD5: | B9F668C06E0198C450CB18D499842A50 |
SHA1: | 56C650985915FDF15EB746C06C105EC3C74F1956 |
SHA-256: | 68A632B3C1C88EACDCC86D20C8E83989376622445CA3F0ECE72874E844E54890 |
SHA-512: | 455E188BE3DEA1780C4B1B17D4E801E5C508AE7338AFAE23364457C2D8776564E340BF4B486C3F7B124F7B3554EB6247DFD7D1AD476E6ACA3197FBE7AF917596 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.056751691114228 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqkMDsBdOg2Htcaq3QYiubxnP7E4T3OF+:Y2sRdsgEdMHc3QYhbxP7nbI+ |
MD5: | B9F668C06E0198C450CB18D499842A50 |
SHA1: | 56C650985915FDF15EB746C06C105EC3C74F1956 |
SHA-256: | 68A632B3C1C88EACDCC86D20C8E83989376622445CA3F0ECE72874E844E54890 |
SHA-512: | 455E188BE3DEA1780C4B1B17D4E801E5C508AE7338AFAE23364457C2D8776564E340BF4B486C3F7B124F7B3554EB6247DFD7D1AD476E6ACA3197FBE7AF917596 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.239521930852188 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUgulD2zH8zHr/Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLK |
MD5: | F8CB54FB19D32FFB7BC4B4B3FE3FE4EC |
SHA1: | B88E019D6644966B9031E6B2755714156E0D2508 |
SHA-256: | 985AF77A12C755F4ED16FA654AA3F557D99C4900972A7C03FDA89C7B0BFEE049 |
SHA-512: | 14CCA428CB89D7FDCE2E6A86D9AF7CE0DDD11EED3AFBCFAAC132CE8E9195F8EC08B6BF7F4CC5932D316F23F3893DE5417D08AFA282859B85AD2ECB8F917C4860 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.143182635650951 |
Encrypted: | false |
SSDEEP: | 6:NSkMq2P92nKuAl9OmbzNMxIFUt88oZmw+8HkwO92nKuAl9OmbzNMFLJ:NrMv4HAa8jFUt88o/+8H5LHAa84J |
MD5: | 3524B93A649669C9445D17D33B02163B |
SHA1: | C35DE119AB3939AB47E021AEB2D21CD84B5694ED |
SHA-256: | 83C7AAD5284B5A55C8F869761250992CCAC359C6D968F3E489E9492AFEFB3BC8 |
SHA-512: | DB62EDB9F65E04AC8403EC831EF0C87B28ED4A05958227F4F1220977B511688B06CB867AF879D1E9F2F76DCC248C289FC7C8BAC631E441AB5EFC9BCDB15A9018 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.143182635650951 |
Encrypted: | false |
SSDEEP: | 6:NSkMq2P92nKuAl9OmbzNMxIFUt88oZmw+8HkwO92nKuAl9OmbzNMFLJ:NrMv4HAa8jFUt88o/+8H5LHAa84J |
MD5: | 3524B93A649669C9445D17D33B02163B |
SHA1: | C35DE119AB3939AB47E021AEB2D21CD84B5694ED |
SHA-256: | 83C7AAD5284B5A55C8F869761250992CCAC359C6D968F3E489E9492AFEFB3BC8 |
SHA-512: | DB62EDB9F65E04AC8403EC831EF0C87B28ED4A05958227F4F1220977B511688B06CB867AF879D1E9F2F76DCC248C289FC7C8BAC631E441AB5EFC9BCDB15A9018 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240828051307Z-181.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 5.502149931547509 |
Encrypted: | false |
SSDEEP: | 768:xVdN9GudoTxd3yHFKj9GY7vqxwTbpfph/atOxqfCW+Vr:xTN9GudoVd377PBHatOxq6vVr |
MD5: | D8633DDEE4E2B978AC07F3C951C639C3 |
SHA1: | 4AE1522C054F40BCC320A2A7D51EDE049ACD41E6 |
SHA-256: | E6E83C282E27AF8E293B0075F71425B534A6C4A5D2B0E15AC8FD9E65EF6D7364 |
SHA-512: | A0C3C07C616611A96B0F879D35BAA8D3F1C3078C01D8FC2B3F9609E5B89961958713DF515ED2D499F4403525519A7094D3CF5D14528B3654A8E1F4E94A53F2AC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.026467887142631 |
Encrypted: | false |
SSDEEP: | 3:kkFkl0hlltfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7ln3:kKLnxliBAIdQZV7I7kc3 |
MD5: | 823CCCF1320B144A19DA9542A012ADD4 |
SHA1: | FBC443E6D51EA2F4BD8C562B8675CD0C23F123A8 |
SHA-256: | 3E5D673A41341EAC1121B97D99D775EBE3EF82F8C8C928BB81215F88BB885D2B |
SHA-512: | AB1C30370298AD90377C106FA877EF59AA5D897CC898664BD5DAB83D66241C1398A1A8FCFE73BFB77033F2EE9D30E5406F4F514007950B87358AD1B19BEBBA4E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 228339 |
Entropy (8bit): | 3.3972512438712084 |
Encrypted: | false |
SSDEEP: | 1536:IKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:BPCaJ/3AYvYwglFoL+sn |
MD5: | EDBFF1C61821480EE31E20FC731C9FBB |
SHA1: | EDA0AD2D3807C999C8665C9AC696F0DDF998AD9C |
SHA-256: | D509C5391DE4EAE2DBC22204C803205221E6C263EFD250687BAC29E09C3E219A |
SHA-512: | 2DBF1F9B0BE0E33F431D0AAAE4371E5C784033A5CA3516E17B367C8FC84D9A5BE94DFD9F39D66910088D6694EDAFDEE4461B0C27262CC38788034357A3273434 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3398027158176395 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJM3g98kUwPeUkwRe9:YvXKX5hZOUYpW7gc2GMbLUkee9 |
MD5: | 77DDA039CCAE04015A5BD1042C87FBFF |
SHA1: | C2A9239A8B8FA436BB468B61B8A289FC10A53C34 |
SHA-256: | C881F2FB636CBCBF4E4A7EBACC3869C84AB9E60205E80DFA6F22B1AEEFD79B1B |
SHA-512: | 5B589016F85EBAA6CEADBC533B8B0E015EC93F6D875B78B94126334CDEC5EE70BB086D8B80FA225AD3E16BF8CB42483532CC0D29EB0E4E0939A45E941C55AE85 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.275925586903718 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJfBoTfXpnrPeUkwRe9:YvXKX5hZOUYpW7gc2GWTfXcUkee9 |
MD5: | BD374ED2579A281ED39A928CA6E9A012 |
SHA1: | A037FA9370B2A3659913C84A7F2DF761FCA3B00B |
SHA-256: | 4B601C28354E7734412144D67A3C6FA1136005E128F86254CAD87F88CC7D794C |
SHA-512: | 5DF32AFDC328E50E96A94BFDEA15719CBECD823AFB0E3F5F453A4EEF28EC197AAB251474A87D81003CB25CC3CF55231A149E9804D75A1A3DAD9F57841991AD71 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2542178049545 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJfBD2G6UpnrPeUkwRe9:YvXKX5hZOUYpW7gc2GR22cUkee9 |
MD5: | F44C6CDA1C442307E27B9ACDE4DD8639 |
SHA1: | 3101114A77CED1770183FA58E89CB5E5997DBE8D |
SHA-256: | 316770F41C59E2B4CB3DAF778F6900A60AC5EC09A67C3CA6CA4E53C3BE2B3E9C |
SHA-512: | 96361F57EB75EA496ACA668AB7DE8DDAF2011A4B4AA8F939EAF3771FAA2239BA0A663736D1F5C7017F46C9E994B7198EAABBD7E1FC5A82E978EC97996ECF7D45 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.317868903278609 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJfPmwrPeUkwRe9:YvXKX5hZOUYpW7gc2GH56Ukee9 |
MD5: | 892972268E12A91C9DEE9A2CD41C0B0B |
SHA1: | F333B2CF02709A0EAF07F3A53518985C946C808C |
SHA-256: | 9D12EAA7436D64A637CD07E642C257499337344ECF0D8CE293E3C053B9172279 |
SHA-512: | 288C8FA269B5EE33455B5A342F1C40DB69887B098A64C069C6F7D0ADA0D5369399C7A12D7EFEDECA03A8A05582CFE980979F0AB615A3018B53C195A9F269344E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.6637239816320655 |
Encrypted: | false |
SSDEEP: | 24:Yv6XpOFiZjpLgEFqciGennl0RCmK8czOCY4w2nO:YvEZhgLtaAh8cvYvKO |
MD5: | 488A306CE17836AADD92E6830937B7B3 |
SHA1: | 39AFD97DB1855CF2FF631E1CCDBE4D8C43CF0E0B |
SHA-256: | 27D6769F99AFF83D8FD4F77D09717ADE5254F2C146BD8EE7F84B3BA945228800 |
SHA-512: | C49535DD78590E4B468708A8D54822DBD12E8D9C70859DDEF8BD2BC55B062240809AC215250A9F4255AA3ADCDF9C819F7BD4BFC504E642691D454F386D42D331 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.648997533453793 |
Encrypted: | false |
SSDEEP: | 24:Yv6XpOFiZ/VLgEF0c7sbnl0RCmK8czOCYHflEpwiVnO:YvEVFg6sGAh8cvYHWpwcO |
MD5: | D39113837F3C87A586158D6DB12D6676 |
SHA1: | 8EB2EF635E103A9DB3E84CB249E76E1FC1760F7E |
SHA-256: | 3700F8D82FBEA05846B916C750F297322A0542D5EEC7A04943B9C7A2747D6730 |
SHA-512: | BECB84E2E689052DA11C2657E70175908F75D3FB5BDA636EE948D8A867F889E4443DDAE101FBBE75AAC4EABBDA7B50A4BBE82F95C9556D39CC6A288140C48E97 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.262285835874067 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJfQ1rPeUkwRe9:YvXKX5hZOUYpW7gc2GY16Ukee9 |
MD5: | 0981BAB1A1019289F0A9A1AD860A3413 |
SHA1: | CFFDB069925A34DFB342C29C018575B3964B0176 |
SHA-256: | 1AC49893B0668F199757D5C068248DF8702997C9D26F66EDD1F77A9F266033BA |
SHA-512: | 965342849C00E5966DC8AF01B20A85A22133FF2FD21046022C854B09AA84FEE1C0DF60298EDDD19C51527866A3F5C6743A6EC5F1A385DD5955ACB429298DB17E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.645236394281104 |
Encrypted: | false |
SSDEEP: | 24:Yv6XpOFiZO2LgEF7cciAXs0nl0RCmK8czOCAPtciBnO:YvE0ogc8hAh8cvA5O |
MD5: | 9D548FE6158AC38E13E0D5FBDB53C258 |
SHA1: | 28BDE333F4DB4717F08FFAE1119FC4940849861A |
SHA-256: | 0A7B0F8F45EFD304D3DB3E60BA4DE030C1726B493A607EE28A67B6B7BE58BDC2 |
SHA-512: | C97D3725477D410B658254181B96DF8CD92508A9E922D4160A42B71CE78CB3DA3FE43541D11C710D79D93FBF233C90756D9EDC5C470FA9258291F19E422817BF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.696326997140974 |
Encrypted: | false |
SSDEEP: | 24:Yv6XpOFiZCKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5nO:YvEEEgqprtrS5OZjSlwTmAfSK1O |
MD5: | 1A97535BCD50A757798E518A7842816E |
SHA1: | 0AC5291294392EB1BB3AC051EE65ABD0381CA9D2 |
SHA-256: | F54F966E3290B1852A1294882C336B47E7CCC85ACE7FEBA0EC0547C9798D096D |
SHA-512: | 7A9EB3EE0253EAA10E65D225DEB7B0D678697817140F89617189638A93A858E8D514206D79CFAD866A0D2C326940D742D7FE2AA9447F9B9FEAC06125AA784321 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.270399194724087 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJfYdPeUkwRe9:YvXKX5hZOUYpW7gc2Gg8Ukee9 |
MD5: | 66F4A6178704A8DF3F3EA5E67731D752 |
SHA1: | 7C551EAB5176D62F73C75506B9C43EE69320AE3E |
SHA-256: | 398A7FE2BCFEEF037F1A708FF097A305E4C0371DA3AAD5DF3A486FBE5361FDB2 |
SHA-512: | 7303E4D7786C7CA33A51F685CF2E3D641B7FCB7AAAD3BA9D814CA64C39A36C4F72164F53BD9DBE9E2B89149ABB6EF88778D7206337AF8E901CB8E6C07701CF44 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.772545628430304 |
Encrypted: | false |
SSDEEP: | 24:Yv6XpOFiZBrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNPO:YvErHgDv3W2aYQfgB5OUupHrQ9FJ1O |
MD5: | F08BCC1F8AA5DB4A9798655C9AB09514 |
SHA1: | F1B47D595AB70DFCDAB7A76E2A104C1025221819 |
SHA-256: | BB1328F8FBE686BCAD33D4BBB7031951DFE061AEADEC8394059B361BF8BD5E2D |
SHA-512: | 71D64E15CD72C0BF9F50FCC6E789E24F47D88670F1C294F35E07E28FB7B66D1462B188CB9946DFD759063B734609679E8FFCB87932BB5D44222F6C77B56B40FB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.25414973435861 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJfbPtdPeUkwRe9:YvXKX5hZOUYpW7gc2GDV8Ukee9 |
MD5: | C8D6B40A95D17649291285642F766231 |
SHA1: | 81E4E50A0A13E6D63AE8AB56E154D6113162DF26 |
SHA-256: | F60FFF1646AC0FDEC91046CAD43709E01BB23369BBE1CCD03FD0EE72D8D3DF25 |
SHA-512: | DB43A5E9B8FC9F3E7D54D145D99A5F9D0C7AFEEB64D79C67C59DB226333242C952098EA89E02EA8FCD7C29596C00E3D829596E7174996FBACB00C85FBF6AC954 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.254763484202261 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJf21rPeUkwRe9:YvXKX5hZOUYpW7gc2G+16Ukee9 |
MD5: | 9B91AA3900AC07DE2E3658A7ED77173B |
SHA1: | F9DB6A8835A49DD02D4100D17A082913489B230D |
SHA-256: | EE85296F08BB52E363DB9CE14EAD439D98E15D06E7C1FACDFBCE5A7025CAE358 |
SHA-512: | 125FAC3EBB046EE880BC4E49DDEF6C8A14CE18E9D3AD37EC5FFE8BEA6F6481D1E1B2AE268EACE68F6768FFD3E158C1F08206C6F6DDF52FAFE4556FFA425EB1C8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.6524400276029505 |
Encrypted: | false |
SSDEEP: | 24:Yv6XpOFiZTamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BnO:YvE1BguOAh8cv+NKCO |
MD5: | 565AB73C25EA3126AC334EA5B721BE00 |
SHA1: | 1D0A321C58242E0F8A7BBA401B53714B4CD1D94C |
SHA-256: | A48AB7CD3E4E8DCF4FFF6816F8E1FADD7F51AD59D03DD7B1ACD9632985A781F6 |
SHA-512: | 2C4832E5A7A667C013B0244CB1436B31D1BDE3DC974DB3CDCD9C954B30EB80F3D2442F1EB7998483A9E4DD3D2F82EF1009D4A1449FBC2D764A957207B686FBE7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.23148595125775 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJfshHHrPeUkwRe9:YvXKX5hZOUYpW7gc2GUUUkee9 |
MD5: | 12891DC195BD351CC77F4EA135E8C3F6 |
SHA1: | B9944B2FE2C23F9C2D6F42C1F99E52830FB9238B |
SHA-256: | EC34FDC98E041785938F742E6705DAFAC9DEB7AF482B9A0CF11140FCB7D2C3F4 |
SHA-512: | 66703D9D26997A7BD4134A932D293A029FC7E0A990BFCB2EAF1FC0447739BEB79FCB8556C6AA341C437AFE39E33AD752497B464CB64694836A13F7BA291D85D4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.356493456172849 |
Encrypted: | false |
SSDEEP: | 12:YvXKX5hZOUYpW7gc2GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWzO:Yv6XpOFiZQ168CgEXX5kcIfANhcO |
MD5: | EADBFB6E5D5320E3F301DC89D6058AB5 |
SHA1: | 8F089045347F65978EB34F20FFBFF7D8669AE7B4 |
SHA-256: | 302B8A756A7F00CCC303EAC0D2C0C683FDC23D455BDE41936EB91C6D0F09D58B |
SHA-512: | 33C6BC3B2CF917CE661ECF9162A6DB2219C43C78A58EAF01ECA91F59602A81A876DC5DF0121A6C305E9CC52EDD4F40C184FEC9C63B196A5F93F52927D9B929B0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.132457084151802 |
Encrypted: | false |
SSDEEP: | 48:YcxPzdM+O9gTHUF1nXGS9x+/2VYjp3NB9EkVfpLR9XWZH:zLdMJ9oHuRGS9x+/2Sjp9rEyfpvXWZH |
MD5: | 9593E0395F11023FB1ED1907CDB9E02A |
SHA1: | 8BD2043CBC4ED3EEA0AD05A38894E2B27BCA87CA |
SHA-256: | A7FFF4D96DBEFD0F36EAFADB30C5646A912FCD32860540C89AD1D6136CD9A095 |
SHA-512: | 421EBA74DB06E8E44702304AF6F2E35D056188526A5AD469F138EC3682148889782EC5AF915A91564F5068E8A71DD50F87648888483924474ADAB7D9FBF5D553 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9846271206357214 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpXD24zJwtNBwtNbRZ6bRZ4+D2F:TVl2GL7ms6ggOVpzBzutYtp6P5O |
MD5: | A8EC7406DAFA14B79E8A3BD96D3CF4BC |
SHA1: | 3899B2D07EA1E3326498E2D766EC8C90AF0012AD |
SHA-256: | C064BC363579C2CFBF47B299529070C2E83FEF942D4E0B100A3CD9E4C408B208 |
SHA-512: | B4B08969A1B4633A9219C8A82BEDA128C501163E9F0A91703D43FB75FF5B1A554650D90C39401728C6CEDB1ED295F623AC93324664C6669B1DB4817C799E0588 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.339078949280979 |
Encrypted: | false |
SSDEEP: | 24:7+t/AD1RZKHs/Ds/SpXD2PzJwtNBwtNbRZ6bRZWf1RZKIaqLBx/XYKQvGJF7ursr:7M/GgOVpzazutYtp6PMQqll2GL7msr |
MD5: | 77F4773EA141F2E5AD3A4BB65C151CEA |
SHA1: | 0F5861F815C34ADCE779F678BF4C0708EAADAB93 |
SHA-256: | F79B64AE5A78504266BAFF3AA25BBE8BC66A713E9DF42B8789E28DE2B8D76681 |
SHA-512: | 1D61F48D2F419097A33AF7D4409A5BC811FD696FD8AD443805F6032F36EE208149DE352EEA5D171C62437EFB2DE4A027E32C5A63FBC7AC911E52A12D310066F0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5085442896850614 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8dYVH:Qw946cPbiOxDlbYnuRK5 |
MD5: | 8123026BB517AC6A2B62B834AABF6049 |
SHA1: | 34F95A043B52319AD61E5FF915D60426A7BD4F3F |
SHA-256: | 498B9FFEB8DF1C4D9381FB68886DB192763F2EF6C4356B8166440F28AEB51293 |
SHA-512: | 2BF6BA9BFE96A40BFB867153BFF724B1F4EADAE39B186E71E1370077EC9D85AE3FDA7758D9F66513A55BE5F414A5A820EF5DFC98D7589A779417C56ED61D85BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 925952 |
Entropy (8bit): | 2.3786648694914176 |
Encrypted: | false |
SSDEEP: | 3072:DoVEWBraUQ9M68Nl0O1RkVp3J2l/ZTt3hL1PCRM5KU2wCsOo6kGAd5F3RnFz2srb:uEUQ9RJkF1Cql3N |
MD5: | 708DCF1D69BBDA2E584DFA7A88B7C073 |
SHA1: | 596ECBEBC72C1BCB50B1E3503912B7647F977F8C |
SHA-256: | EEF54488D69336F4B70B455841AC4767E406866946BB4237E33D9644361D26F0 |
SHA-512: | 773C558DF31028F666FB34B6D2E60680987AC39CFC7FC44819CCE1A1FCFEC7C74920E1AEC7044739519A805B3562B0D8D3F86C11E521D95AC422A13CA047F6E1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-28 01-13-05-455.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.339181133080072 |
Encrypted: | false |
SSDEEP: | 384:v79CVLg5Zlhz5AWpVzzSpTvqOFtVZz7NcLGgaCwg11AoSDND2DnDfDxVbYvYRs6l:NZx |
MD5: | ACCDACB3DA913FA67A07E49B7AF61BCB |
SHA1: | 926280258C20210C8705084D707E973293A8FF85 |
SHA-256: | 0527137E0F78A529B88804D7418BB7161E203902FC4B0E00EB910FBBA71BE911 |
SHA-512: | 72168FF2977C08F81D6D34407188EFEFD9B6B8656E347F059292060AFF089CF0A4AF150FE232F38333DDF719C9DC9737C791114E7F752632961912ED4A9A3CD8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.39606217828831 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbR:t |
MD5: | CCC9EB0A066D758A77E76D4B383FEC47 |
SHA1: | 4404AB81A2FC3E852B1C64AEE8C1D1447D93A0A4 |
SHA-256: | 33875D8F9BD639C851DFA4620FA6FDE2204C3727B66E4DD87C51D6E7CFB8FCCF |
SHA-512: | A8445A89DC8399B2C85D3F845BC2684941B830F45FD4CD760564979991C09C6B6FED650D1D7995887A9E9B454A108672E6C03CFE762C733CB4ADC12D199AA6EE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.9891612747410035 |
TrID: |
|
File name: | cen03-2018-rrb-notification.pdf |
File size: | 7'048'365 bytes |
MD5: | 666f1e7ce43dca40014d716ed5f8f86f |
SHA1: | 067f7c26c169440ae03d4cd2c22bc0285659760c |
SHA256: | ca1271cdf8397b064bda6ba3cf89ae0f50564ee32bfd2e4d984fd1873a36a76b |
SHA512: | b5381d64dae3bb9c64764ef841b6af9e1bf8bf69400f4b67056e9da76d8a6471cde28624d024fc8c16e9ec01dd12f72150d0ff6634a8019869b7f46e6895a29e |
SSDEEP: | 98304:veVVeoF83xlJM6wrmz2EIjuZLS0Z2Pwhly:2VEoS3xPM6w7CP/y |
TLSH: | 9A661275D2684C38F1218C3FAF3E650A5E31F4E24D496E54773B628B7D62BB01E798A0 |
File Content Preview: | %PDF-1.6..%......1 0 obj..<</CropBox[ 0 0 595.276 841.89]/Parent 231 0 R /Contents 2 0 R /Rotate 0/BleedBox[ 0 0 595.276 841.89]/MediaBox[ 0 0 595.276 841.89]/TrimBox[ 0 0 595.276 841.89]/Resources<</XObject<</Im0 3 0 R /Im1 4 0 R /Im2 5 0 R /Im3 6 0 R /I |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.989161 |
Total Bytes: | 7048365 |
Stream Entropy: | 7.989348 |
Stream Bytes: | 7014941 |
Entropy outside Streams: | 5.233887 |
Bytes outside Streams: | 33424 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 191 |
endobj | 191 |
stream | 127 |
endstream | 127 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 63 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 2 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
3 | 0000000000000000 | a0f5b6cb024abba70bf4d43dde4bd652 | |
4 | 0000000000000000 | 0d98d5752f798633ca780aa081d4225d | |
5 | 0000000000000000 | af54f47b6a216720dc08c9e1854e3155 | |
6 | 0000000000000000 | abddd9fb9618c3bb4ab3c8261d5a16ed | |
7 | 70c4c45068c8e4e4 | 75cb9590cf1d288c4db82ac32a4a08ed |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 28, 2024 07:13:16.468389034 CEST | 49723 | 443 | 192.168.2.5 | 23.47.168.24 |
Aug 28, 2024 07:13:16.468420029 CEST | 443 | 49723 | 23.47.168.24 | 192.168.2.5 |
Aug 28, 2024 07:13:16.468529940 CEST | 49723 | 443 | 192.168.2.5 | 23.47.168.24 |
Aug 28, 2024 07:13:16.468728065 CEST | 49723 | 443 | 192.168.2.5 | 23.47.168.24 |
Aug 28, 2024 07:13:16.468739033 CEST | 443 | 49723 | 23.47.168.24 | 192.168.2.5 |
Aug 28, 2024 07:13:17.028461933 CEST | 443 | 49723 | 23.47.168.24 | 192.168.2.5 |
Aug 28, 2024 07:13:17.028774977 CEST | 49723 | 443 | 192.168.2.5 | 23.47.168.24 |
Aug 28, 2024 07:13:17.028786898 CEST | 443 | 49723 | 23.47.168.24 | 192.168.2.5 |
Aug 28, 2024 07:13:17.029936075 CEST | 443 | 49723 | 23.47.168.24 | 192.168.2.5 |
Aug 28, 2024 07:13:17.030014992 CEST | 49723 | 443 | 192.168.2.5 | 23.47.168.24 |
Aug 28, 2024 07:13:17.036331892 CEST | 49723 | 443 | 192.168.2.5 | 23.47.168.24 |
Aug 28, 2024 07:13:17.036392927 CEST | 443 | 49723 | 23.47.168.24 | 192.168.2.5 |
Aug 28, 2024 07:13:17.036520958 CEST | 49723 | 443 | 192.168.2.5 | 23.47.168.24 |
Aug 28, 2024 07:13:17.036525965 CEST | 443 | 49723 | 23.47.168.24 | 192.168.2.5 |
Aug 28, 2024 07:13:17.079474926 CEST | 49723 | 443 | 192.168.2.5 | 23.47.168.24 |
Aug 28, 2024 07:13:17.135411978 CEST | 443 | 49723 | 23.47.168.24 | 192.168.2.5 |
Aug 28, 2024 07:13:17.135610104 CEST | 443 | 49723 | 23.47.168.24 | 192.168.2.5 |
Aug 28, 2024 07:13:17.135701895 CEST | 49723 | 443 | 192.168.2.5 | 23.47.168.24 |
Aug 28, 2024 07:13:17.135895967 CEST | 49723 | 443 | 192.168.2.5 | 23.47.168.24 |
Aug 28, 2024 07:13:17.135911942 CEST | 443 | 49723 | 23.47.168.24 | 192.168.2.5 |
Aug 28, 2024 07:13:17.135920048 CEST | 49723 | 443 | 192.168.2.5 | 23.47.168.24 |
Aug 28, 2024 07:13:17.136015892 CEST | 49723 | 443 | 192.168.2.5 | 23.47.168.24 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49723 | 23.47.168.24 | 443 | 7320 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-28 05:13:17 UTC | 475 | OUT | |
2024-08-28 05:13:17 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 01:13:01 |
Start date: | 28/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 01:13:03 |
Start date: | 28/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 01:13:03 |
Start date: | 28/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |