Windows
Analysis Report
Viking Culinary - Catalog.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6764 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\V iking Culi nary - Cat alog.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2412 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 1812 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 68 --field -trial-han dle=1668,i ,119470703 7823209958 4,93219731 2791487134 4,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.56.162.185 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1500445 |
Start date and time: | 2024-08-28 13:43:05 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Viking Culinary - Catalog.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/42@0/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.227.187.23, 52.5.13.197, 23.22.254.206, 52.202.204.11, 162.159.61.3, 172.64.41.3, 95.101.54.195, 2.16.202.123, 2.19.126.149, 2.19.126.154, 2.19.126.142
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com
- VT rate limit hit for: Viking Culinary - Catalog.pdf
Time | Type | Description |
---|---|---|
07:44:18 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.56.162.185 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Phisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2094944717478935 |
Encrypted: | false |
SSDEEP: | 6:N3eHm+q2P92nKuAl9OmbnIFUt883eH0Zmw+83eHJVkwO92nKuAl9OmbjLJ:N3eHv4HAahFUt883eU/+83eX5LHAaSJ |
MD5: | CBBC1F27BF0DAF205D7182266EDFBFB6 |
SHA1: | 00CC109BAEBE1AFF4FB0198E3A783E698C59BE84 |
SHA-256: | 935682E6BDFD4D94DF0C38D4C9A78DF2DD4C2ECD48D51AB6183E365AA0BBA93F |
SHA-512: | 3E75CDB7AE36EB7D60890A1FCB51A654B1B04069CD3D982848027BF1D9416A7A703FC9CF582822902D2751D5E84A111D19EFE4141AF1E04DF7165F02B7CC96A3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2094944717478935 |
Encrypted: | false |
SSDEEP: | 6:N3eHm+q2P92nKuAl9OmbnIFUt883eH0Zmw+83eHJVkwO92nKuAl9OmbjLJ:N3eHv4HAahFUt883eU/+83eX5LHAaSJ |
MD5: | CBBC1F27BF0DAF205D7182266EDFBFB6 |
SHA1: | 00CC109BAEBE1AFF4FB0198E3A783E698C59BE84 |
SHA-256: | 935682E6BDFD4D94DF0C38D4C9A78DF2DD4C2ECD48D51AB6183E365AA0BBA93F |
SHA-512: | 3E75CDB7AE36EB7D60890A1FCB51A654B1B04069CD3D982848027BF1D9416A7A703FC9CF582822902D2751D5E84A111D19EFE4141AF1E04DF7165F02B7CC96A3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.182750936703346 |
Encrypted: | false |
SSDEEP: | 6:N3ezs+q2P92nKuAl9Ombzo2jMGIFUt883eOZmw+83eKVkwO92nKuAl9Ombzo2jM4:N3eQ+v4HAa8uFUt883eO/+83eKV5LHAv |
MD5: | 24D37288EEE9F7B338D22D3DF8806486 |
SHA1: | E07F3AE260CD5119577E717A0834165AFB1848C8 |
SHA-256: | E3163353D6C001BBC5121EA7135E82927422557706AC778B60879726F7A969AF |
SHA-512: | 744B8BAE3AA530E903BC4F20B7EC5B8A471E1AC1933B525BDC48066E3CC9FE6C7D63BFDEFC2A96F9C07731A036A0925D616B0C52A70BA961E5295CA9637BD84B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.182750936703346 |
Encrypted: | false |
SSDEEP: | 6:N3ezs+q2P92nKuAl9Ombzo2jMGIFUt883eOZmw+83eKVkwO92nKuAl9Ombzo2jM4:N3eQ+v4HAa8uFUt883eO/+83eKV5LHAv |
MD5: | 24D37288EEE9F7B338D22D3DF8806486 |
SHA1: | E07F3AE260CD5119577E717A0834165AFB1848C8 |
SHA-256: | E3163353D6C001BBC5121EA7135E82927422557706AC778B60879726F7A969AF |
SHA-512: | 744B8BAE3AA530E903BC4F20B7EC5B8A471E1AC1933B525BDC48066E3CC9FE6C7D63BFDEFC2A96F9C07731A036A0925D616B0C52A70BA961E5295CA9637BD84B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.05473930140692 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqjEpIsBdOg2HwAcaq3QYiubxnP7E4T3OF+:Y2sRdswEpddMHwr3QYhbxP7nbI+ |
MD5: | 4D3A75E9D19F4379B812985914EBB105 |
SHA1: | FB780A77021DB27B9094D5FDA52AD3B616BF4A96 |
SHA-256: | E7E45038BD66845307E07F7054DFA6A7BBBC9F362FBFCE1E76BE6F750A4E5E8A |
SHA-512: | 856C201D1831A68C9C6DC7369FDA0D2CED45A473BE510D63A4F6DBB6B24A1CE7CE409966C035A7D30F763F6E8D7CE2AF4A00EB3E5C534D1ED1212F2B0CD46FFF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\cd6014bb-cd0e-448f-b7b8-e498db0bb490.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.05473930140692 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqjEpIsBdOg2HwAcaq3QYiubxnP7E4T3OF+:Y2sRdswEpddMHwr3QYhbxP7nbI+ |
MD5: | 4D3A75E9D19F4379B812985914EBB105 |
SHA1: | FB780A77021DB27B9094D5FDA52AD3B616BF4A96 |
SHA-256: | E7E45038BD66845307E07F7054DFA6A7BBBC9F362FBFCE1E76BE6F750A4E5E8A |
SHA-512: | 856C201D1831A68C9C6DC7369FDA0D2CED45A473BE510D63A4F6DBB6B24A1CE7CE409966C035A7D30F763F6E8D7CE2AF4A00EB3E5C534D1ED1212F2B0CD46FFF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.233728396682314 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUpBxIvcc1vcXJZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL6 |
MD5: | 38B6D7372482B4C7D0AD11606DD0297C |
SHA1: | F68593B10D9C5B68A5C62F0A1E567FFA11174A20 |
SHA-256: | 82460C0ECCC8E0E11F8704A3CC0CCA24137953995473732072C48BAED958ED34 |
SHA-512: | 061A2B3D8CC28B7550D10A7A74813E9B5077E1CA54301657E1B1846ED5DD6B6DA13DFA82B941386A8BC87509140424E91031DA344CB936C7152E7F5883792AC3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.202000727491496 |
Encrypted: | false |
SSDEEP: | 6:N3a2i+q2P92nKuAl9OmbzNMxIFUt883rZmw+83fVkwO92nKuAl9OmbzNMFLJ:N3bi+v4HAa8jFUt883r/+83fV5LHAa8E |
MD5: | A3E2E09F6A1251A111479875A313477D |
SHA1: | F8B9BA87A8C3BD26740A1992F470F196B3649A3B |
SHA-256: | 6840B94A90636C45462243632EFEB106A9BAD528CE7EF90EB5726FD17DBEF966 |
SHA-512: | 25C8B1D2600EDEDDCFEBDB5B3F35C99C36D8DF8085E9908E660F29097AECF69A2801B5AD1792FBEE1F768D848617D58B5095A5DBC03AEFAAA19BCDF5A3AC096F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.202000727491496 |
Encrypted: | false |
SSDEEP: | 6:N3a2i+q2P92nKuAl9OmbzNMxIFUt883rZmw+83fVkwO92nKuAl9OmbzNMFLJ:N3bi+v4HAa8jFUt883r/+83fV5LHAa8E |
MD5: | A3E2E09F6A1251A111479875A313477D |
SHA1: | F8B9BA87A8C3BD26740A1992F470F196B3649A3B |
SHA-256: | 6840B94A90636C45462243632EFEB106A9BAD528CE7EF90EB5726FD17DBEF966 |
SHA-512: | 25C8B1D2600EDEDDCFEBDB5B3F35C99C36D8DF8085E9908E660F29097AECF69A2801B5AD1792FBEE1F768D848617D58B5095A5DBC03AEFAAA19BCDF5A3AC096F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240828114409Z-157.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60406 |
Entropy (8bit): | 6.1988427915953155 |
Encrypted: | false |
SSDEEP: | 768:zukbf1euvgD/XeGyGYxcyG8nWQVQAcHN0Zsuid6f3d/V7DVfLUbFWy68hrS:NedmLEm7Jidk3ZV7JfLU0lJ |
MD5: | EB4FC72A29E3F382ADAA894D145F5950 |
SHA1: | 13334E1C72D4A9D5917933ACA5BF6B3E79648ABD |
SHA-256: | 4A3CD2F26AE993E5309D0125991A47256D319EEF11BDFAC8CAB2B7BA85E9A75D |
SHA-512: | 6D00F6879BF0907FFB752C43A8B0C1846A84233F093FF80110DC8C71AF4161B9B6C370C90B2BA2AA7776FAE6AC4144B5009C0AA367A78C46E13E96A4FE0793B6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.026467887142631 |
Encrypted: | false |
SSDEEP: | 3:kkFkl7c/kPtfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7l3:kK8lxliBAIdQZV7I7kc3 |
MD5: | 62D6D879B6601B6184972D6F991A816E |
SHA1: | 9AF32C9E3E5920B34B89214786F2772908682404 |
SHA-256: | 925AB38A4253224EF2BE2C43A59639C3D57157EB759F5885FEE13790BF968A66 |
SHA-512: | 7F96F859B58DA725092A91B16058FA72B4E1472C7ADF10F2312FF6DE2ECDB9EA1A157A5E81C49CCE1A65230366B2BDB147ECABAAE220155D3FE3BC3F3D20626F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.317804805028064 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJM3g98kUwPeUkwRe9:YvXKX8f00YpW7+GMbLUkee9 |
MD5: | 6D8CFA7A2D9F7FA38900BC58FD69D5FD |
SHA1: | 976645EF4C13185B2C65B72A785C4F8EB69FDEAB |
SHA-256: | 83B889F49712C426BAE967E551E82921CDCB78F1739C61B0C200F681C8780C54 |
SHA-512: | 576F1130ACA490B157613778F8BF334E69C6E8ABAD806835935B149A8881087CD2D79A752745952CE7EF3611DBBC2D8FA043B820E7DE21B52955DDA871C7FB60 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2557577890022795 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJfBoTfXpnrPeUkwRe9:YvXKX8f00YpW7+GWTfXcUkee9 |
MD5: | 03015F11D71D35E2D65C5DFAB1D19071 |
SHA1: | BA09C63841A4B814B9A004BC7CFA2203C724E389 |
SHA-256: | 00EE0D41660F7904B42BEF280A69F98ABB9DF6F38FBB80CDF22ECFC0D66A0AB2 |
SHA-512: | 700CF3386AE23353A2AD00575AE713D47A0B87AA44719EEB9B199CA5A7DB62D0DE447EF727FC3696EBBF4213F21D58B7B971B6FBF42DC81A55C6F7064890CE1D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.234306105528285 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJfBD2G6UpnrPeUkwRe9:YvXKX8f00YpW7+GR22cUkee9 |
MD5: | 17DF09E73B5D0BF6992626C210754556 |
SHA1: | 8BE57F7904926E272DD2499D999F2B11D9464EFD |
SHA-256: | 9FCD8F4AC5298E47EAEABEC733AAB5F464B95210FBA16773AB846544C1E240EB |
SHA-512: | 6244308C57D2C6B29C0E1E2334276017ABAAF710BDA92B3358B49D91918C0124D29D87A3BD41113B1142F15C5374096748940A675E7E9C9343408CC750FE4D8C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.2950991359701005 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJfPmwrPeUkwRe9:YvXKX8f00YpW7+GH56Ukee9 |
MD5: | 3A2235CE8AE1B97302E5851E7F898CAE |
SHA1: | 292B63B3AE671C207B2A502E59038C7057B64E28 |
SHA-256: | F193A291B3B4B971BB8A52B5D19773A1D36F4A8151E49FC19A10219F42E91CB1 |
SHA-512: | D7433FC881AEDBE7B2F9B3E498AB8E77D6801D56BCCBC13D7E5339E5E1660BB8EAD0A438376AFC894BC83240A8CC937E55609C2DCD7E279CA774CF0AE49914DB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.6614528619027835 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8f0iLpLgEFqciGennl0RCmK8czOCY4w2qX:YvnfLLhgLtaAh8cvYv1X |
MD5: | 683643543553B216329DB60C3636B7F4 |
SHA1: | 9AF86D5A9CF46A56532A6CC4851331A708E375A6 |
SHA-256: | 6836D6050D416AA39D41D35FAF786AC6B142C306B7BED8A98038A0F945E48EB4 |
SHA-512: | A599C6B0EC599B42EE52BD1BFA808A9442F8338772CC90EF617DC1794EA9F478DA6BAA092EFC0710F4ECA19480E7D6FD921EDBE82B73D1F9AE229EACD3593B6B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.645564282119858 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8f0inVLgEF0c7sbnl0RCmK8czOCYHflEpwiVqX:YvnfLnFg6sGAh8cvYHWpw7X |
MD5: | 6C54AC6F39B84143F011B11247EF4EE9 |
SHA1: | 979ED46A7515EEDBF959D5B1BAB6F89C52E52522 |
SHA-256: | 0AE82AE371DFF7D772CCC28FF59CBF872B54461F5BE56164649A349D021BE739 |
SHA-512: | E8DA1F416C05BB9120AA993B97D579B06F444CE24C28D28BAC98DCFC890D68656B107DBCD3178B27C07166067117A088EF9ADE44E43FC48415A9ED361AAD0262 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.243658755095472 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJfQ1rPeUkwRe9:YvXKX8f00YpW7+GY16Ukee9 |
MD5: | 8B6F6A0849044AB249CBBABA943EA1D1 |
SHA1: | 48571AB2BC04DEFED45389B26820CEBB3345A815 |
SHA-256: | 93DDA39783263C73535EA8F7279AD52FF0D3292793F78D3F19004A3A46B1ADE2 |
SHA-512: | A8647BD284E80FAF001F799F86B680EDE602814C8DD7FA8B8E4C2D5193C4395FCCB6C163BDA1894C3D73571D0A00276F041B82F3503C0BBDAB47452E3D1E46CC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.641362757731418 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8f0iW2LgEF7cciAXs0nl0RCmK8czOCAPtciBqX:YvnfLWogc8hAh8cvAwX |
MD5: | EA0F67CDC031219B1CDBB46FC3327076 |
SHA1: | 49F985F303EC2339BB9AB6F5D27C6733A38BF6EF |
SHA-256: | 9506BC0031AF141C89F99932E9F999908CC9719865D8118B00E266BCB32D2C44 |
SHA-512: | D0601713D28E6703D1AA4DED2A0560826A405EC414AF97664B7812B3C5842439F4A2F3CB6A198F27055C266C24256D3304B664E41FA6D622FAFC0EEACDB1AE36 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.692622058233032 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8f0i6KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5qX:YvnfL6EgqprtrS5OZjSlwTmAfSKMX |
MD5: | 9001811FD038C1966625A32B43A8DF8B |
SHA1: | AFBEBCFD8753C72A098234BCFF4643D9F9C09824 |
SHA-256: | EC23EF55C8AD7B5872027EC0167EC14EFC141A8B74CDEC05592CF3C384A269FB |
SHA-512: | EF55847DC72DEC8556199AB7EA2C6FEC0F22261CEA255669665D5EA4D9950BFCD454FAA4D9581A1E1DECA7D123EF1A1FA54A3AC3A0983912E75307F7A6EB0452 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.24949127167032 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJfYdPeUkwRe9:YvXKX8f00YpW7+Gg8Ukee9 |
MD5: | AAF7AD9AC1933D08746515DA981732DC |
SHA1: | 810D7D21892FDC175A991E65B3FB25E5B346025B |
SHA-256: | 98380BF7F7F4C9093344696913397D7F55121973E8EC356B82784C6C922FDDF8 |
SHA-512: | 31C74A78E8DCCF1779466449F7D458570BF15C5B197294920F9457377E0560AC93DEC6E05AEDC20954B855A1D0CF3E9C00A4A4AD21B9FF2BA010909B56CDAD77 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.7743550553614496 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8f0iprLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNiX:YvnfLpHgDv3W2aYQfgB5OUupHrQ9FJMX |
MD5: | 33B68877D8E5340E0AEFABBD6E16EA40 |
SHA1: | D568F159757BF4A373EEF637C9CB83E3FD358292 |
SHA-256: | 05E73A4F280DF073A85EB92E086187578A9696BBCB297EA53966ADBA4396AA5A |
SHA-512: | 8D70002C5799CC100353D408BF6DC0274A1EC0A06FEFE05FF91D5CEE0C7853F915B37987B46670731088742EFAC88B01137E1BC347FDC02DBAC74DEBA4BAF1E6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.233385508370505 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJfbPtdPeUkwRe9:YvXKX8f00YpW7+GDV8Ukee9 |
MD5: | 69B8203C3C382E7A789E0A3D47EFA4DF |
SHA1: | 7D1E87AE0B2B535D3E78C973B24D99E44876597E |
SHA-256: | 365F75E3F4F1F9EE87F3CC061BC5793F311731430F3B652C38A49F36AD2A2CCF |
SHA-512: | 60EBF066C94C55C0766711FBD6C7D14F800E3ABE7AB7E1941AC0A7461EA74AC81AECE991109A4A8A4450ED7CCF8FA8ED8A0D6C5D175C11BC574D715B86A40979 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.234934888179984 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJf21rPeUkwRe9:YvXKX8f00YpW7+G+16Ukee9 |
MD5: | B51D2F7D32AB37A66EC00DA3205421C1 |
SHA1: | 8E29CCD904C6E94E816B560CB732B1C815E42E08 |
SHA-256: | F25843372851DD871E0B1B35C0718B59AEE1D592680BBA2A508FB453DCB530D6 |
SHA-512: | FAD2699D5C8F9C6B2F8AF352A8331A7CC8F56350AC4FA53EEACAD1716E9413ADB6406E83941134BAD1910014BFA36ACF39653847AD00B5BC08F129590C2BCAF1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.65103201252883 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8f0iramXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BqX:YvnfL7BguOAh8cv+NKdX |
MD5: | 66A9F46DFC3571D0738DE1950BF93190 |
SHA1: | F8C6D45F572C949D21BACDF1192176EB4B1FB927 |
SHA-256: | 8A84CFA8FD61F7D7077D4C3BB6A660804DC104985FD49207D018E748A47D4CE2 |
SHA-512: | 0F149DD710283CE43335ED8EEB76E66C65C1042CC80F5D1D3161EB2567FDC01DF6BA822F3E5B1BD22C8F4EC25FC1681B850051639AD43FDF5F847EBED2936D97 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.211087282713863 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJfshHHrPeUkwRe9:YvXKX8f00YpW7+GUUUkee9 |
MD5: | EED20689D003985932E403DFB9F8B327 |
SHA1: | 67FEB5A475DA0C07EA0294F82492C9D50C8F74AF |
SHA-256: | B7754AFD4F7A48104D22557A4A3E508106D4933B16C0EC128AECFE7ECEF2B67D |
SHA-512: | 498C57F2A1C860201B5784915574B2B884948C3FDAABF94F6C5F77EC42B03ED8AB23D5345C420B3A6A965BE1CF8476C8F3EC8A3410844EC06EC278200C77B07C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.359229534051959 |
Encrypted: | false |
SSDEEP: | 12:YvXKX8f00YpW7+GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWalXn:Yv6X8f0iI168CgEXX5kcIfANh7X |
MD5: | 9739A7866FDDC27A3ACF69F7354BB2C9 |
SHA1: | BB48CA60FF5680E4B89BE13AE5BFD7AF23AC3358 |
SHA-256: | 7E1CCE0305F5E21383E5BF7AF53747D8FC1ABCD2D2A951254BF5C25EF831CF87 |
SHA-512: | AA000687DDCF43CEDA4E1D56C92DCF74C85444625005244DC8E7CD9CA20300F50B05790228C5D77A889D9A28D8E042E5E7A54BF9E688A914C4D948DA5070E64F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.134917580543527 |
Encrypted: | false |
SSDEEP: | 24:Y7DaEdaAf33ayRWrDFcCsubCigOEwvTR22jkj0SyJ5G2tVP2LScT0A55M9z6Pubj:Ylf3y6VubHgfwbjGLcVP6IA5e91 |
MD5: | 3272B418BF3B2F6856EEFC82E3C6FFFF |
SHA1: | 716131C4D52F9448D245C04BE8307204CCFAB7AD |
SHA-256: | C7B2D680ED7F165C89F0EC22B9B60BFB049452BF7BA25E41F92CBD6C855C7863 |
SHA-512: | C26DEAB2CCDAD87B384FA4ED80F9B4F42D44635DE7295044AD7059F2A01CA240BF628B131C0C41DDC46D189374FABEAB584B31EA2C450F75C40875F1957B8CA6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9845049256735938 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spjh4zJwtNBwtNbRZ6bRZ4QhF:TVl2GL7ms6ggOVp2zutYtp6PJ |
MD5: | FC2D10E47EE33448188BC5F766A33C10 |
SHA1: | B19D8107F3BE27D759C1070621C5C588C6DEB93C |
SHA-256: | E312D23EAAF3D5C9C541EE55213A58E9D46CDA6380D128DD362E5D9B0C28A37D |
SHA-512: | 297ABF08F84774E0510476AE71C4BA5224E96CE3D756A38BD651C301AF91A29860471021F34C146A5F2072699B791DE37CE6A623280EADA9A8D4299229869C35 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3384608559395441 |
Encrypted: | false |
SSDEEP: | 24:7+t51AD1RZKHs/Ds/SpjhPzJwtNBwtNbRZ6bRZWf1RZKzisqLBx/XYKQvGJF7urL:7MnGgOVptzutYtp6PM+qll2GL7msu |
MD5: | 0F986600219C8ACD369A9C3BD881B36D |
SHA1: | 58D2F81621ED174902D0C59B7B5A9D9E61E0A834 |
SHA-256: | A659FD793249FAE137D9E6779F5DA241F614914308B5436424323BF6A1796AD8 |
SHA-512: | 3E2ACB141AD7179BE57650E8222006C30D1EC7C83209CA75EAC20AAB72CA2F5B132EF152C0B25DBD7A2C595B7EC84227E70CCD6028D7B10FFC1040C517A1B42E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.51161293806784 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8deOj:Qw946cPbiOxDlbYnuRK9g |
MD5: | 734D8391C1889A8984914195B0321149 |
SHA1: | BCDE6D07EEF9E28B55F39C069D1E4FB9717A9F3E |
SHA-256: | 0685232B9857847D263741F6A663909317FDC82D0071E86438C61A3CD3FD0F6C |
SHA-512: | 26E2D9F3EF8EF521E85E22F5FBD3D839E1EB09C1C7E392CBD4E8569DD5A6F41882568F4C589A8AB6F27BE7819179FED74F0BC1BE85E4B81EA74804D7CA8C7BDB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-28 07-44-07-745.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.3240225045444385 |
Encrypted: | false |
SSDEEP: | 384:Os6Vis3Bmfa0qjbqPvRjjOiQGvzUt9+KudqR9PxfWYMGkOMf6F3icZHGHaLx+kHW:Abj+T |
MD5: | 7D641EFD01DB2713BDB2CF4AACA9307E |
SHA1: | 74E6686CFB7064EE445CD46A675A9939C72BA6E4 |
SHA-256: | CDCD7C65AEE0D8B1E608E24D35BE5610736A577285DC3D86BB08B31CEDD9BE4E |
SHA-512: | 09F65634F3B6C6C007BF07CDC0ABBBB782DBBE04E3D349E98B58B4758DCD54D5D707CBC0215747FD96C968ED63A184E7B569D4CDDD495323C253D380DFB303AC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.395202568405588 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbV:TbiAEs |
MD5: | C366993A1E30EC6B336D5A3033554366 |
SHA1: | F32C4934AB50BAACF9A0435ACDC6AD582C7076D5 |
SHA-256: | 52FBB98ADB23E598E15274F5764163D9159FEB5CE4776C4C0DF1AC6004AC6A1C |
SHA-512: | 765ECD2863F52F8628F7D011E48CD4B2612A0B04E1DA294A36A157118562DBC215C56D931891116724B690D9F5EB45A459005F7C61A4A69D4BCE47AE8053120A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xaWL07oXGZGwYIGNPJwdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JaWLxXGZGwZGM3mlind9i4ufFXpAXkru |
MD5: | 0A347312E361322436D1AF1D5145D2AB |
SHA1: | 1D6C06A274705F8A295F62AD90CF8CA27555C226 |
SHA-256: | 094501B3CA4E93F626ABFCAE800645C533B61409DC3D1D233F4D053CE6A124D7 |
SHA-512: | 9856C231513B47DD996488DF19EEE44DBB320E55432984C0C041EF568B6EC5C05F5340831132890D1D162E0505CA243D579582EDB9157CF722A86EC8CE2FEAFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.976889500241774 |
TrID: |
|
File name: | Viking Culinary - Catalog.pdf |
File size: | 4'161'872 bytes |
MD5: | 8b1ca015ddd4cfbc27e92e4e4458d0f4 |
SHA1: | 35cf3dc2316ffd8ff97d187bd76fbc83cd6516db |
SHA256: | b30d51215ecf070eba0f2bce1f39cbd9073636af5ed4598fab4f5e58f7805392 |
SHA512: | dc3f331513e228c893f0aa382c230145a14d795efcfef06e5bbcda3b56258b94b8306e425d9a3476397f887aac899e78f3e6fd61294759bddb99cf8a856c3f92 |
SSDEEP: | 98304:xxemgjaLrJ5SIl4+g8ZFUryLXZnWhXDCMbVWttXsH:yVaXDSIS18zUrmXZ4XDCMJck |
TLSH: | E316237CDA2E4294CFB10530915C3B86EC98B5F2E49414E6A611899F3BEDD92E724CFC |
File Content Preview: | %PDF-1.7.%.....2 0 obj.<<./Metadata 4 0 R./Outlines 5 0 R./Pages 6 0 R./Type /Catalog./AcroForm 7 0 R.>>.endobj.4 0 obj.<<./Subtype /XML./Type /Metadata./Filter /FlateDecode./Length 576.>>.stream..x..WKn.0......i.R.H.....6.f."h..[...!.(H4..jY.H.B).ve.(.). |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.976890 |
Total Bytes: | 4161872 |
Stream Entropy: | 7.977193 |
Stream Bytes: | 4129581 |
Entropy outside Streams: | 4.834052 |
Bytes outside Streams: | 32291 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 394 |
endobj | 394 |
stream | 392 |
endstream | 392 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 0 |
/JS | 1 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
66 | 167c7a3ef8f8f6f6 | 26f6d011d72329e3019fb1e6ea591a1e | |
67 | 2241611323014191 | 10519ebb880f0d3855a0210f57b1bce8 | |
68 | aa236113031109a7 | 8da62501f015f9946be1d58ef0e97e18 | |
69 | b83a2b37131123c6 | a584dd484cedb6adef193313630c3798 | |
70 | ea03daadacf60fa0 | 18e8d598b6a0837a7216fdc9020d3c89 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 28, 2024 13:44:18.698076010 CEST | 49724 | 443 | 192.168.2.5 | 23.56.162.185 |
Aug 28, 2024 13:44:18.698112011 CEST | 443 | 49724 | 23.56.162.185 | 192.168.2.5 |
Aug 28, 2024 13:44:18.698200941 CEST | 49724 | 443 | 192.168.2.5 | 23.56.162.185 |
Aug 28, 2024 13:44:18.698375940 CEST | 49724 | 443 | 192.168.2.5 | 23.56.162.185 |
Aug 28, 2024 13:44:18.698385954 CEST | 443 | 49724 | 23.56.162.185 | 192.168.2.5 |
Aug 28, 2024 13:44:19.274576902 CEST | 443 | 49724 | 23.56.162.185 | 192.168.2.5 |
Aug 28, 2024 13:44:19.274868011 CEST | 49724 | 443 | 192.168.2.5 | 23.56.162.185 |
Aug 28, 2024 13:44:19.274890900 CEST | 443 | 49724 | 23.56.162.185 | 192.168.2.5 |
Aug 28, 2024 13:44:19.275859118 CEST | 443 | 49724 | 23.56.162.185 | 192.168.2.5 |
Aug 28, 2024 13:44:19.275918961 CEST | 49724 | 443 | 192.168.2.5 | 23.56.162.185 |
Aug 28, 2024 13:44:19.302179098 CEST | 49724 | 443 | 192.168.2.5 | 23.56.162.185 |
Aug 28, 2024 13:44:19.302248001 CEST | 443 | 49724 | 23.56.162.185 | 192.168.2.5 |
Aug 28, 2024 13:44:19.302393913 CEST | 49724 | 443 | 192.168.2.5 | 23.56.162.185 |
Aug 28, 2024 13:44:19.302405119 CEST | 443 | 49724 | 23.56.162.185 | 192.168.2.5 |
Aug 28, 2024 13:44:19.351114035 CEST | 49724 | 443 | 192.168.2.5 | 23.56.162.185 |
Aug 28, 2024 13:44:19.406234026 CEST | 443 | 49724 | 23.56.162.185 | 192.168.2.5 |
Aug 28, 2024 13:44:19.406410933 CEST | 443 | 49724 | 23.56.162.185 | 192.168.2.5 |
Aug 28, 2024 13:44:19.406688929 CEST | 49724 | 443 | 192.168.2.5 | 23.56.162.185 |
Aug 28, 2024 13:44:19.406816006 CEST | 49724 | 443 | 192.168.2.5 | 23.56.162.185 |
Aug 28, 2024 13:44:19.406833887 CEST | 443 | 49724 | 23.56.162.185 | 192.168.2.5 |
Aug 28, 2024 13:44:19.406852007 CEST | 49724 | 443 | 192.168.2.5 | 23.56.162.185 |
Aug 28, 2024 13:44:19.406903028 CEST | 49724 | 443 | 192.168.2.5 | 23.56.162.185 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49724 | 23.56.162.185 | 443 | 1812 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-28 11:44:19 UTC | 475 | OUT | |
2024-08-28 11:44:19 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:44:04 |
Start date: | 28/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 07:44:05 |
Start date: | 28/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 07:44:05 |
Start date: | 28/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |