Windows
Analysis Report
fw9.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6884 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\f w9.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2368 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7272 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 24 --field -trial-han dle=1728,i ,119590920 0460578341 0,16645408 2530184361 85,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.41.168.139 | unknown | United States | 6461 | ZAYO-6461US | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1500781 |
Start date and time: | 2024-08-28 22:43:34 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | fw9.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/47@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.227.187.23, 52.5.13.197, 52.202.204.11, 23.22.254.206, 2.19.126.205, 2.19.126.209, 172.64.41.3, 162.159.61.3, 2.16.241.13, 2.16.241.15, 2.16.164.121, 2.16.164.11
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: fw9.pdf
Time | Type | Description |
---|---|---|
16:44:43 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.41.168.139 | Get hash | malicious | Sliver | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ZAYO-6461US | Get hash | malicious | Sliver | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.233082808742767 |
Encrypted: | false |
SSDEEP: | 6:NLR5WEN+q2Pwkn2nKuAl9OmbnIFUt88LR5Wp9XZmw+8LR5WeGEVkwOwkn2nKuAlz:NLRWvYfHAahFUt88LRw9X/+8LRj5JfHi |
MD5: | 0C950843BB795393FA896FC7A62B82B3 |
SHA1: | CA70EB81C684E0AFE6E98C04F0DBBEC3AC52FA44 |
SHA-256: | F44595A1F368EB836B3996A09090917CC890D040FE3EC2ABC94554B7C4F2EF2D |
SHA-512: | 021D02840E2690E72CAB48A66DB616AE73AAA3CEA68DB6A728F2E489D87101D3A3F9C6A71F9D684B23B84E4FCBBF3803E4D8B2D73768E988F6E10408895E6460 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.233082808742767 |
Encrypted: | false |
SSDEEP: | 6:NLR5WEN+q2Pwkn2nKuAl9OmbnIFUt88LR5Wp9XZmw+8LR5WeGEVkwOwkn2nKuAlz:NLRWvYfHAahFUt88LRw9X/+8LRj5JfHi |
MD5: | 0C950843BB795393FA896FC7A62B82B3 |
SHA1: | CA70EB81C684E0AFE6E98C04F0DBBEC3AC52FA44 |
SHA-256: | F44595A1F368EB836B3996A09090917CC890D040FE3EC2ABC94554B7C4F2EF2D |
SHA-512: | 021D02840E2690E72CAB48A66DB616AE73AAA3CEA68DB6A728F2E489D87101D3A3F9C6A71F9D684B23B84E4FCBBF3803E4D8B2D73768E988F6E10408895E6460 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.209788485839804 |
Encrypted: | false |
SSDEEP: | 6:NLR5WS5pq2Pwkn2nKuAl9Ombzo2jMGIFUt88LR5WSQFs9Zmw+8LR5WSCzkwOwknV:NLRnpvYfHAa8uFUt88LRyFs9/+8LRY56 |
MD5: | 8718A52439E3AB5CFB6F55F62B9B8CE3 |
SHA1: | 978BD990D46EF8E03C3A1AA1C2D54E7B708AF6C6 |
SHA-256: | C284E2A9C89CF598CBBE30B3BC4F38745F156559E215F2DEAB45F9DCE01BB00A |
SHA-512: | 68B089B21BE1715BF6C3958FB2F7199AE25100BFE98911826BE2AC49BCCC4EE58679C4D28D636E87E1C053D34A178A9CBB96D6222C2F05AD80E16CB288C534A9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.209788485839804 |
Encrypted: | false |
SSDEEP: | 6:NLR5WS5pq2Pwkn2nKuAl9Ombzo2jMGIFUt88LR5WSQFs9Zmw+8LR5WSCzkwOwknV:NLRnpvYfHAa8uFUt88LRyFs9/+8LRY56 |
MD5: | 8718A52439E3AB5CFB6F55F62B9B8CE3 |
SHA1: | 978BD990D46EF8E03C3A1AA1C2D54E7B708AF6C6 |
SHA-256: | C284E2A9C89CF598CBBE30B3BC4F38745F156559E215F2DEAB45F9DCE01BB00A |
SHA-512: | 68B089B21BE1715BF6C3958FB2F7199AE25100BFE98911826BE2AC49BCCC4EE58679C4D28D636E87E1C053D34A178A9CBB96D6222C2F05AD80E16CB288C534A9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.965217949670705 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqRsBdOg2HZtcaq3QYiubInP7E4T3y:Y2sRdsTdMHm3QYhbG7nby |
MD5: | 4F3696B8FEF9A0CA57CC55692BF31606 |
SHA1: | 53DBA66BD428780881B0D134D37F918107B328C6 |
SHA-256: | 578D34ECE67137314ED63D58A39CC3287D21AE1C6EA506754A878C581C289643 |
SHA-512: | 566E84E9F46F53562DEFBD780716BDCFD55871EC46CFC9CAB7D23E2D6C365BD1033D4959A2DD8F789BF9BD5517D3C4B5F8837EFB07D160C1CFA69DBD8F15EC49 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d8d54b14-9269-4362-8268-297212cd6dae.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.965217949670705 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqRsBdOg2HZtcaq3QYiubInP7E4T3y:Y2sRdsTdMHm3QYhbG7nby |
MD5: | 4F3696B8FEF9A0CA57CC55692BF31606 |
SHA1: | 53DBA66BD428780881B0D134D37F918107B328C6 |
SHA-256: | 578D34ECE67137314ED63D58A39CC3287D21AE1C6EA506754A878C581C289643 |
SHA-512: | 566E84E9F46F53562DEFBD780716BDCFD55871EC46CFC9CAB7D23E2D6C365BD1033D4959A2DD8F789BF9BD5517D3C4B5F8837EFB07D160C1CFA69DBD8F15EC49 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.255385755348742 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7Z6qZxb/+qcwdxZ:etJCV4FiN/jTN/2r8Mta02fEhgO73got |
MD5: | 29347ACFA081B0B375CC77631C7604BA |
SHA1: | 5B1ABD826BCE1E2848804C9193ECB5BBF55B71FE |
SHA-256: | 30DC010551F7153FBC24954FB46014112423D8C54AEFA14998BC4DF7AF641F28 |
SHA-512: | 438F1E1BC3DC00CFFF4A39FAAFD61722B286957D586669136D28A48F23168CE51D8B957B874DF3979F8AB9A0ADC33D19A266B1C76D7C570363E403753B229539 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.220583088199007 |
Encrypted: | false |
SSDEEP: | 6:NLR5WDdOq2Pwkn2nKuAl9OmbzNMxIFUt88LR5WOHZZmw+8LR5WgCzkwOwkn2nKuP:NLRaOvYfHAa8jFUt88LR5/+8LRHq5Jfv |
MD5: | 2DD4669908D16E41787037089BCEC7FD |
SHA1: | C6FB4974560006E333731154BBF83E739F2530F7 |
SHA-256: | A482C2FD23D1227368371E071F2AB7EF10ACA631B4E4F880604B4744EC3A6BDE |
SHA-512: | E80CE4A8FD0F369E44051D906E0C92A6E5AD835C846690C5A7AA9C74D7629C6F2059C9C2D98B33BF931903183C5EE1AC1B1C31BF9E263D53FD349105F0FAA6DC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.220583088199007 |
Encrypted: | false |
SSDEEP: | 6:NLR5WDdOq2Pwkn2nKuAl9OmbzNMxIFUt88LR5WOHZZmw+8LR5WgCzkwOwkn2nKuP:NLRaOvYfHAa8jFUt88LR5/+8LRHq5Jfv |
MD5: | 2DD4669908D16E41787037089BCEC7FD |
SHA1: | C6FB4974560006E333731154BBF83E739F2530F7 |
SHA-256: | A482C2FD23D1227368371E071F2AB7EF10ACA631B4E4F880604B4744EC3A6BDE |
SHA-512: | E80CE4A8FD0F369E44051D906E0C92A6E5AD835C846690C5A7AA9C74D7629C6F2059C9C2D98B33BF931903183C5EE1AC1B1C31BF9E263D53FD349105F0FAA6DC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240828204435Z-236.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.5815784782085038 |
Encrypted: | false |
SSDEEP: | 96:w1oZMqX8efH1MyTDMT3M4M3qAM4MtHhMM47zFiM6MMrMMx6XgMMMMM4YfI4MM1MB:3AHoAePgT |
MD5: | 64F36373DD14F2D05E45B3430EABE0DA |
SHA1: | 6B293984AE01F9253421DC20BDD718644F4DB4F9 |
SHA-256: | D1E3F20F275AA7B1BD1E31D606C2A1FDB5AB0E400BE608517039BEB408AF0565 |
SHA-512: | B1418272765CD3B554F93169A313BE584E819DD92668FA68AF9CB0281582683C8C290C5CD5739FB729C56DF8E0F9E2809FAC27C4B0DA310080DE4E3010B66C07 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445633664156097 |
Encrypted: | false |
SSDEEP: | 384:yezci5tUiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rDs3OazzU89UTTgUL |
MD5: | 878FFB9E67150848E6A15CF7E3320FC5 |
SHA1: | 8FBB9E4959D0F4FF64961D0A0BAC79DB2C955D81 |
SHA-256: | 35C4E56CCD626C960590C9EF722297B960576989756DE483C90D3AD3B54CD108 |
SHA-512: | 6D258A2FFD268602F2D260B3D07B346A2E7FF2BB12067F55DF329017B920C8B7549BD73B9AA66E36F9DDD35D917A04B9E49A1EF2226AD53134CAE5B3AEBCB1FF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.777183207450017 |
Encrypted: | false |
SSDEEP: | 48:7Mhlcp/E2ioyVWJioy9oWoy1Cwoy1hyKOioy1noy1AYoy1Wioy1hioybioyLmoyR:7HpjuUF3XKQXeb9IVXEBodRBkvO |
MD5: | D3749E826143C9BF7BD2B2BC04E7FCAE |
SHA1: | 44E64E1B8DD025A55DD71BA93B40CEDEB731BBC2 |
SHA-256: | 3C63EB1B474D5F8D070F3365F3E6A3AA9A8DCE117A34A775488A4B852CDD35EF |
SHA-512: | DA1CA7770687EA146EC6FCDE5240BFD987F9581C1E1FAC52090F83455A16A8FD757CADA94C4ECAC3E85D531988758319DD3BBDDC2984739D5C38082C99950E63 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.034404395079139 |
Encrypted: | false |
SSDEEP: | 3:kkFklIvREttfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7l3:kKjZAxliBAIdQZV7I7kc3 |
MD5: | 128D8F8B7549D04B1916477A4B6B19B8 |
SHA1: | 369AD7FA9B1C13BE1768E32BA8AE7DE5640559A5 |
SHA-256: | D6ABF661F32DCE7D92EB76B86A9F9F0D7CB7610C383466FB4CC7BBDE4AC72CD3 |
SHA-512: | BBEB85527725DDEBFDFC8642A721FC23A0DA0701318EF9AECCAE9C63113BDC05A0EB57F3A7DAE3F25610D6D51CF2CAF58D36262EDF5274DDB33D9A5E2BDF60E9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 245879 |
Entropy (8bit): | 3.3455256012212757 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqZrRo+Run:yPClJ/3AYvYwgOFo+Run |
MD5: | D416A6606BB6270032E37D47035F593E |
SHA1: | D2F1F1FEFB92B06B1939863F2EEF439A48078512 |
SHA-256: | 93A60D803CFBD0C40616A8864443F78BACDA50208883358876378B831B91C489 |
SHA-512: | 8373BA3C5D8010A2E0BDAB5EBB4CA03D01A183B122EC2ED59A2266D183673E32973E110C11E2A594AE80AB8D3A895784420EB44989952E26DF12FA16F2A46BA2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.37261723294546 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJM3g98kUwPeUkwRe9:YvXKXFdamrqVWZc0vo5GMbLUkee9 |
MD5: | 548949997DA5CF4FC70FB23027A5DF0A |
SHA1: | EC60724288772E4FE106FDA247B27324797D5A47 |
SHA-256: | 9E05BCEC6A6BF5EF82C6729B0B172EF5FE06CAC38738BE6C4DCDED24E39B62E5 |
SHA-512: | 8C05DE96F80C11A76BDDAA1AD860DBE0D9FCCD1DAAB983D6025377729CA7D2FDA125191FB29C54D4A030F88BF08CE82690659DD1B884A81CC008153DABA6BC11 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.324830641576452 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJfBoTfXpnrPeUkwRe9:YvXKXFdamrqVWZc0vo5GWTfXcUkee9 |
MD5: | 8056ECC50DBBDBBE07B3E865FC7FF464 |
SHA1: | A5FA1D1982B3493800781B1C660981125BEA2D51 |
SHA-256: | E6673831E5B05FBFCD5E56074EF4586E0989E71E327DE38E49CB77E693F6E13C |
SHA-512: | 3128AC84DAEABF29332DEB0150FDFB042A21620C6FE491D8497157639A05E41F2C30D23F9B4B64D8AACD1D6E455A11D2EF1BBB895595AD7A585455500759985D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.30309013693426 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJfBD2G6UpnrPeUkwRe9:YvXKXFdamrqVWZc0vo5GR22cUkee9 |
MD5: | 4D7E94A9527BAADEFBC7D6FE95899397 |
SHA1: | DE06A6E043BED905D5F62C2B386EE9C157FE35E6 |
SHA-256: | D6AE7788EF189A8E28CFBC5085F0A8BCEF42B27BEF4F4D6639F9018F139F2436 |
SHA-512: | EA1F5A37670FD7EFF9F5567982FC54F7D42F792AA9411F3DD3ACA7C27E99E38391B646F18668D4D5E8F38A2C3A081E307DD8D0737C069101ADC698E7A304F524 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.3599524355135415 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJfPmwrPeUkwRe9:YvXKXFdamrqVWZc0vo5GH56Ukee9 |
MD5: | D985909DA072A9C76BAB5C456DEF7F48 |
SHA1: | 9EA9F03C2C95A87E9F267477835A6FA26A8D3382 |
SHA-256: | C6FD8F16B3C1D9361AA18739EBF44B1B0781B79FB8B2EFFA67A5E43F6DE505E1 |
SHA-512: | 4065036F7A348CD2AE020E909534E363739955CEBB503E2F1F0205550019D7F3998FD72074D0D9AFE8F8092D87F56FC811F21A3C3735BD6C948164854A724525 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.663293213005563 |
Encrypted: | false |
SSDEEP: | 24:Yv6XamruWzvfpLgEFqciGennl0RCmK8czOCY4w2ZI:Yv5unhgLtaAh8cvYvcI |
MD5: | A076385E7006B0EC401750D938EBCB8F |
SHA1: | 295FBA9BFF3C0487EA850944A397EC489F0E1463 |
SHA-256: | 663BEE80D07174317590568F574440CF8CBBD6D53CA297FC5A9F3CDF01617E06 |
SHA-512: | 26813772A4AB7B12E9591F5AE8007993FFD8D06562AAB86223B74D0CA4B6EC07BDE89A836A57EF16F8BC514427B51FD13BDCBBF3B038DF926050AD7B8F86EA8C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.653495293195391 |
Encrypted: | false |
SSDEEP: | 24:Yv6XamruWzvDVLgEF0c7sbnl0RCmK8czOCYHflEpwiVZI:Yv5urFg6sGAh8cvYHWpwKI |
MD5: | 2EAA590793ADD0180D898AC4A535A70A |
SHA1: | 36772CB842AB88D40677A053F33DDB6A750E8E0E |
SHA-256: | D4E4DB66F5B8AFADE7BCC0D75FFD26CED0405F344010ACAD056650DCA9DEEFCE |
SHA-512: | 32338EAE6D16AA58E09B2CCD76B3C24CC4D49E001F1CA2186FC168FB0C09485091DC988CE57225897BA14ED7EA79C3592D25281F5C893D3B15D4AD8B1BBB8459 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.308162912449282 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJfQ1rPeUkwRe9:YvXKXFdamrqVWZc0vo5GY16Ukee9 |
MD5: | 32167DED0B9613862A18A33B1C9A5D5B |
SHA1: | 8337CB95D01C03CAC96B5D4A2A3C1B318F0BEB25 |
SHA-256: | B617950A45C7605222C754167BC16686A3944B897C1F1DE8998C7A18AD3212BB |
SHA-512: | 2184CCF506FAC782650BBD2E0F28E8192B13C5F2DFB359058998E03BC9D2144BAEA739774C8CC17D5C7A4513407EC5C235EE33C6AD97955AAC427837EE975A7E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.64438445638575 |
Encrypted: | false |
SSDEEP: | 24:Yv6XamruWzvS2LgEF7cciAXs0nl0RCmK8czOCAPtciBZI:Yv5u6ogc8hAh8cvAXI |
MD5: | 5B32E0405A00DF38F5724B9D219C346A |
SHA1: | 537E2B110932578F08D079303EDBEDD41774E3F6 |
SHA-256: | 877EB4BCD0D4D571A5965F2D7EC5299A096A128F4705793B857A704B1D56892A |
SHA-512: | 5EFFEEDF06484866F31B995AC06C747A4B0363998E1BE097F687509927D01C963A471B9CAB218FF6430C4328FD1E6826ADC2A46A95633B7F7688076011D3C52D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.697671933799994 |
Encrypted: | false |
SSDEEP: | 24:Yv6XamruWzvOKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5ZI:Yv5uGEgqprtrS5OZjSlwTmAfSKLI |
MD5: | A225A677C037F40D96EC9E40917C9D18 |
SHA1: | E3AC902D1F5B37D1A43083E57B89FA767A59BDAC |
SHA-256: | 689F03939E4444C53284F8B69B6DC5421EA7E42060B4245E23802C2B12E09A7D |
SHA-512: | 4A88523A0552573B67BEAEF727510104C2BA7CA621203321BB475C2D291D6CB5D3D2313698EA250015BDD5525ACAD3A082042CCE4E2C3B0B99270A8FDC059086 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3105972027869655 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJfYdPeUkwRe9:YvXKXFdamrqVWZc0vo5Gg8Ukee9 |
MD5: | 90D0E04DD6D16586292D8B92CAAEC7CA |
SHA1: | F45E4C9E5AC3ECE75583627E6B0B9E946FC469CF |
SHA-256: | 79406797E8CE4924AB9581F624A6ABDE46CADA35D369570C2590ECEED73891CA |
SHA-512: | BBECF374EF5D449449A8DFA31BF37C7752B34A2554166F4235260CDDD0B785B3F598D2C944B1776FB383798C53FC9B31C573E7678380887E9BBE92F38D281104 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.775539379772106 |
Encrypted: | false |
SSDEEP: | 24:Yv6XamruWzvFrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNhI:Yv5uNHgDv3W2aYQfgB5OUupHrQ9FJLI |
MD5: | F8F2CE13595A9210DDF953B96D0CD778 |
SHA1: | 7ADA7B4A7613B0CC51B89DE543779FF379BDBACE |
SHA-256: | A5B958231E71F7222CFEAE901B5C8FEDF29F12AFF2D167403D0F9E543C09E6A7 |
SHA-512: | 5A039555D43FC5A0087B983574CAEB6A652FB7E525EC559F8705D86DE65822F6F546EB933D7BBF72CE327747FAD3342FF02A2C93856E6631F1B4931F7D27DF05 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.294071467451983 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJfbPtdPeUkwRe9:YvXKXFdamrqVWZc0vo5GDV8Ukee9 |
MD5: | DA085596E2423104BE6F1B0A8CA33880 |
SHA1: | 20D1358E29B056FC65B175DB92EAF9B63A3614CC |
SHA-256: | ED1EDA7CFB3CDBE02490DCC4F47635F9CD2A3A331CADA42DDDD83A3D3AB0FF48 |
SHA-512: | 4E5BED8D07940F86C285CCEE7CEE6F3D360050581C8F672FFABA715B5513797EB645100003057120C57F6E9B41D3057880E50B5AD836FF75EFCEBDEE9A44D13E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.298869601200098 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJf21rPeUkwRe9:YvXKXFdamrqVWZc0vo5G+16Ukee9 |
MD5: | 3C402A869C63D01A680F759A85A9B965 |
SHA1: | 69152D9372DE54E9C382A6D35CC1C88D788B1071 |
SHA-256: | 10571630623E2903AD57083521F8C4A12FC9C90B05900E498DF32D66DDD87B67 |
SHA-512: | C8EB4D3CB71A12FCD4C625AEA516B85377703966ABB8D1060FBFFB3BA4586DD2E5D8202AD642242530EBD38440E091ADA1B914EE4543E91CAC6A1ACEC494AA1F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.650857266036492 |
Encrypted: | false |
SSDEEP: | 24:Yv6XamruWzvHamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BZI:Yv5u3BguOAh8cv+NK0I |
MD5: | C9E601103A7A7FA2CB801C2533755E82 |
SHA1: | 610411C4D521550E0D45A263B4023DAF8D63030A |
SHA-256: | B7D927FF9E3A661EC9F8859F092130BFAF3E1F0FA11C505DA178A08D2F5B286E |
SHA-512: | 5629364A014EFA40D71ADB86D06993E96E633BA6ED303770DF2F549DE85FF4A15388267FC9EEED4BCF1CA31DC74501ADE5C9911436C6A484003EBBF327DA2777 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.272051391741286 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJfshHHrPeUkwRe9:YvXKXFdamrqVWZc0vo5GUUUkee9 |
MD5: | 153E713B9B5438C58FEF22F5813D3ADE |
SHA1: | B28361B97EC546ABD135B88C7FA361FFB7DA5105 |
SHA-256: | 24E0DD31AF3659AB5C57B07F24980E47B19CE339F5CA506D6B3272E8E6F944A4 |
SHA-512: | AA9500088506692823CAE02399CE12E6E4ECFE31CAABF887F62E38BB391C4E01F7F13C384B34682546DEFFD5707CA8725E314A20864F9EE3CD0444A5E61ED1A6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.366023209906743 |
Encrypted: | false |
SSDEEP: | 12:YvXKXFdamrqVWZc0vo5GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW1U:Yv6XamruWzvs168CgEXX5kcIfANhKI |
MD5: | E0C07303C4526700A0C7327047FE127A |
SHA1: | 3FFCA7C7A0C618B4B8B48A945C1EAECDCA561E16 |
SHA-256: | C4B8AA29B57CCABEBA09F620326DA9A12AB2F46FEAB2131748842A4EACC389B4 |
SHA-512: | 476B1F626F61C0871715D0EF6552DFB35FE4C133E6BC12A0C054C56FCA2D6AA542CA28AD6875DE11A1FF7202C7314D72DDB8EA072853F770431FE7A974618E4B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.140199711314335 |
Encrypted: | false |
SSDEEP: | 24:YzLB1xXhnaQ4aypIPPhNXMCLhxnmcq0vqxmpxd7cfpcjqENvj0SHS/Ij0Y/2Z2L7:Y5JbSKLrYx0ZD7Rj3gikpWR9T |
MD5: | DA23F71C483D215014F37EFED078A5C8 |
SHA1: | CDBA0C2E513B1A18943F62D72354827942AA0FA9 |
SHA-256: | 6A059A284858FA9088CF321F842F0FEB23998620C246B4D8F5C48D48E8CB1FC8 |
SHA-512: | 7B6C95FF0BEE58C7221AF5953EC2C1E6A3BDD3C97CB0904BB1767614711087AFD70B8EA4B204C0A973F7E959B3622B781546BE484E575688D352BFD8BDEE0508 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1884113824958602 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUU1SvR9H9vxFGiDIAEkGVvp1:lNVmswUUUUUUUU1+FGSItB |
MD5: | C10FE8751EAA4500737AA708DD54F562 |
SHA1: | 2D2A2B8608E123DF4342280948C267866C74CA31 |
SHA-256: | E5AF701E5F75599BF05E6EA2BA4E0D412504AD7B911F30974257696DFBE7B0AC |
SHA-512: | D29E294DBE53658817CA38E12F7BF64A685F826D43BB12DB2B36AFA0B424C2BC50B611BBD50CFF4F1830683CE3CAAD1CFDF0EBDE0282FC3C13B25D89D996D5D9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6083009294560506 |
Encrypted: | false |
SSDEEP: | 48:7MIzKUUUUUUUUUUtvR9H9vxFGiDIAEkGVv7qFl2GL7msM:7KUUUUUUUUUUJFGSItJKVmsM |
MD5: | CD3DCE06638882F9100CE4AA51F5972F |
SHA1: | 665A17B10D5246DF1EA4636B2A168AC0AA60068C |
SHA-256: | A389E409A10209B0594AB6363F1A094FC65301FC1E2C36FA86E1AC319267903E |
SHA-512: | DF3BD39D8101D3F067FF359CF66508DB66BB42B5DCF4876B3679E7438CBDCF7BDAB686C668969C10DC45BF9BFDF40F2FC90CE9DBDAB0553492B598748D4C73F4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5441332632710916 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8dArN07w:Qw946cPbiOxDlbYnuRKfN07w |
MD5: | D4D873CC44B8D9E0C624FBECE1FC11E1 |
SHA1: | B22654DF2B1A4D0859CA7B091C143373148C4CD3 |
SHA-256: | 209A8E2261670A9F4B7B5544080E93D92A803183677115B08299B8FEE9FC9DF2 |
SHA-512: | EF9B9EEDEB7DAA2F9CE7F50C28D6D0BD7511FF189EB2B450A4AD90FCB34FA27524B0D723DA32D36DD161EA730EF184EB5F22DD46370E7959C2765D3D183B9AA8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.0485935471883865 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOGBtIsitIsJqLCSyAAO:IngVMre9T0HQIDmy9g06JXWB+GDlX |
MD5: | A813E24A1F2ACC1579A0FC65632DCAC3 |
SHA1: | 6B18F0EAC940E596D1392176D7B5436376CD745A |
SHA-256: | 8CB4A78DC63A2B3E12AAAFB886EF356AC3785638B8BC56739CEA6463C0452924 |
SHA-512: | 0F018F635CA0C50629DB66211523B67184279BC27E18348738A2DF023A193F585098AE05D294A6AB1841060606E674D78FD0D62B9706ACD60325613889EE2383 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.043861014527863 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOCuj3Fuj3amCSyAAO:IngVMre9T0HQIDmy9g06JXSS3FS3ZlX |
MD5: | 8F0E3278255E6FE6475338C0640F53BE |
SHA1: | CD7E9EEF2DD7229E43904266CECAC1E1BD7BF3B5 |
SHA-256: | A49F982E78214283F94C7DB628F2DFDB95AB82386D6592C03A36B70A7466A7DF |
SHA-512: | 5C007CC9600CF1FA15193727D61283B1AB85BE6CC6215EBFC98BAB91939B3AB3FF4844AC869BDF4E7BB3EDE32EB90613F47DDD224BBA70BBEDA33032A2CDD744 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.08176424552524 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOxqjgsScwbvggsScwbvqCSyAAO:IngVMre9T0HQIDmy9g06JXhqclRlmlX |
MD5: | 94CB264E918AF5C690BF85D96EECDFEF |
SHA1: | 0D30C54DA27D64B291461D7264A8675EC2B4C630 |
SHA-256: | 042663D8D4372FEDA96FE28616AF267A5850E252521108E0867AC27E5574A18B |
SHA-512: | 0D114F634D757696F28C49A5BE6CD36642A27351C2BD832E88423079ECE251897BDC6D4C0AE097B1F74B7FF7D2F70CF049664B3A2AA0401F9F9424E7A5E4794F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-28 16-44-33-360.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.366439423369836 |
Encrypted: | false |
SSDEEP: | 384:90yBaYzLgLqs7n+jSQzHX3iWShIPFrzdBKYC8UvEVCItPR9P/cLEFeF4tXFxZ63A:13T |
MD5: | C73A31689EF66DE4FE165A11BAC9E6FB |
SHA1: | BB73BF9FE9558C47AADB1A038F001B30193EFD40 |
SHA-256: | 68050B189522804F6F82923034B6B45A36F3DD0DDE53F5810CEE3A9DD837190C |
SHA-512: | BB6D8D64303F05188321603185955A0A76DB8BA112ACDB9657B70136A989D67E0CF3DD3610C50CAB972244B790DB8779C0FED2BDC482EE5AD3AE3EBDB83CCF71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.389013700522475 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r3:L |
MD5: | 2C93336034511D22C50EF3268674B0BA |
SHA1: | C2555CD20507ED87C9938C0959B47F9B38184846 |
SHA-256: | 79D589E39E095C030FAAECCC607AEB7E9FA92E3FF1CF6EE796EE479123D51A95 |
SHA-512: | 61272C56EAB48B58320D5670FB5D0689829979E0A25BCA07D97E822BF006AA3AC10A4E95D597E57C011640078DC2200C66F814CB7531B821C764DCEDD4AC3FA5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7ouWLaGZ7wYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLaGZ7wZGk3mlind9i4ufFXpAXkru |
MD5: | 13F55292D0735B9ABD4259B225D210FC |
SHA1: | 810CC5D545BFA11D2825F6E1DFA69176794DA7EC |
SHA-256: | 8C3FFEA68963D108599E8C5AE20DE6E9C473BF33197A03A9A7DDCD0F25A6C7F6 |
SHA-512: | 4F54EDA9EB61172A5243DAA718CFF42A0BF079CC0FA7BE3553CC8B79772763B49F530DD6B54A9D595C4F46B8416ADF7D5C8DAD58FC43A5C651258E669DC375DA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.66829583405449 |
Encrypted: | false |
SSDEEP: | 3:So6FwHn:So6FwHn |
MD5: | DD4A3BD8B9FF61628346391EA9987E1D |
SHA1: | 474076C122CACAAF112469FC62976BB69187AA2B |
SHA-256: | 7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486 |
SHA-512: | FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.795081950047265 |
TrID: |
|
File name: | fw9.pdf |
File size: | 140'815 bytes |
MD5: | 4e7f7065f6e4a526452ffacb0134bc50 |
SHA1: | 3c265a136ba7fa236cdfc7b8f8b7853ed6c63e08 |
SHA256: | 2d420cbb4123dcf1fb82595b2359cfbb5d81f00b9df9d359fcc7af361d093f53 |
SHA512: | b2024cd63a5a9e3a2245b72c36bdfea1f083373b01e7e2acc3e5f264053ba6e3030073d5966dbc1f01f99c221dea28e1c24c8b9b44e1de812faa5d565e1c1df2 |
SSDEEP: | 3072:NZ99tHvNziv76ksxL+dugQh2h7nU/SQqwCe+l/OrHKq:NJtvNis9+dHQh6HQECHv |
TLSH: | 8DD3E084570358E4D4534A60B72CB66ACAFF70E67ECC28077D8C06D64F41E93B6A86DB |
File Content Preview: | %PDF-1.7.%......1031 0 obj.<</Linearized 1/L 126744/O 1036/E 31275/N 6/T 126277/H [ 515 302]>>.endobj. ..1052 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<12253618B019F6419353B3C715534797><17D07252539C784A909EE21165D93 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.795082 |
Total Bytes: | 140815 |
Stream Entropy: | 7.954572 |
Stream Bytes: | 116159 |
Entropy outside Streams: | 5.026620 |
Bytes outside Streams: | 24656 |
Number of EOF found: | 3 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 86 |
endobj | 86 |
stream | 76 |
endstream | 76 |
xref | 0 |
trailer | 0 |
startxref | 3 |
/Page | 6 |
/Encrypt | 0 |
/ObjStm | 17 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 2 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 28, 2024 22:44:44.262317896 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
Aug 28, 2024 22:44:44.262351036 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
Aug 28, 2024 22:44:44.262407064 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
Aug 28, 2024 22:44:44.262543917 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
Aug 28, 2024 22:44:44.262556076 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
Aug 28, 2024 22:44:44.853672981 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
Aug 28, 2024 22:44:44.853965998 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
Aug 28, 2024 22:44:44.853987932 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
Aug 28, 2024 22:44:44.855052948 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
Aug 28, 2024 22:44:44.855108976 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
Aug 28, 2024 22:44:44.898556948 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
Aug 28, 2024 22:44:44.898616076 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
Aug 28, 2024 22:44:44.898721933 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
Aug 28, 2024 22:44:44.898736954 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
Aug 28, 2024 22:44:44.947184086 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
Aug 28, 2024 22:44:45.002908945 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
Aug 28, 2024 22:44:45.002963066 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
Aug 28, 2024 22:44:45.004578114 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
Aug 28, 2024 22:44:45.004590034 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
Aug 28, 2024 22:44:45.004617929 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
Aug 28, 2024 22:44:45.006371021 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49747 | 23.41.168.139 | 443 | 7272 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-28 20:44:44 UTC | 475 | OUT | |
2024-08-28 20:44:44 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 16:44:27 |
Start date: | 28/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 16:44:30 |
Start date: | 28/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 16:44:31 |
Start date: | 28/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |