Windows
Analysis Report
INV114721.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- Acrobat.exe (PID: 3020 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\I NV114721.p df" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6920 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6408 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 52 --field -trial-han dle=1572,i ,133730862 2310929345 4,25706823 0547399797 5,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs | Document-PDF.Trojan.Heuristic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.56.162.185 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1500786 |
Start date and time: | 2024-08-28 22:51:52 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 0s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | INV114721.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@15/46@0/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 107.22.247.231, 18.207.85.246, 54.144.73.197, 34.193.227.236, 162.159.61.3, 172.64.41.3, 2.16.241.13, 2.16.241.15, 93.184.221.240, 2.16.238.143, 2.16.238.147, 2.19.126.209, 2.19.126.205
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, settings-win.data.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, wu.azureedge.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, login.live.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, geo2.adobe.com, apps.identrust.com, wu-b-net.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- VT rate limit hit for: INV114721.pdf
Time | Type | Description |
---|---|---|
16:52:39 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brand":["Erma Foster"], "contains_trigger_text":false, "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.56.162.185 | Get hash | malicious | EICAR | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Phisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.211542627470606 |
Encrypted: | false |
SSDEEP: | 6:NLmcyq2PRN2nKuAl9OmbnIFUt88Lh1Zmw+8L3RkwORN2nKuAl9OmbjLJ:NLmcyvaHAahFUt88Lr/+8L3R5JHAaSJ |
MD5: | 5777BBC16D5094E5FD63FBB4F66580E5 |
SHA1: | 8C5B021E322689701211DCC47705E3E66D36E677 |
SHA-256: | 302963031B9083C1A413B361AA5772F00300DB79A59CE836029CC0381614D636 |
SHA-512: | 8F769A63A989682117C54090ECF571838AD9164AF6F6624279DF7869130F169AEFDBEE560B7D651B9C6C31230045C808BEEF511929955D4FCEA3375A5B0BAC0B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.211542627470606 |
Encrypted: | false |
SSDEEP: | 6:NLmcyq2PRN2nKuAl9OmbnIFUt88Lh1Zmw+8L3RkwORN2nKuAl9OmbjLJ:NLmcyvaHAahFUt88Lr/+8L3R5JHAaSJ |
MD5: | 5777BBC16D5094E5FD63FBB4F66580E5 |
SHA1: | 8C5B021E322689701211DCC47705E3E66D36E677 |
SHA-256: | 302963031B9083C1A413B361AA5772F00300DB79A59CE836029CC0381614D636 |
SHA-512: | 8F769A63A989682117C54090ECF571838AD9164AF6F6624279DF7869130F169AEFDBEE560B7D651B9C6C31230045C808BEEF511929955D4FCEA3375A5B0BAC0B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.209684837235404 |
Encrypted: | false |
SSDEEP: | 6:NLHcM+q2PRN2nKuAl9Ombzo2jMGIFUt88LqEDGNJZmw+8Lz3cMVkwORN2nKuAl97:NL8M+vaHAa8uFUt88LU/+8LoMV5JHAaU |
MD5: | A8636B09EBF41942155362488953EC01 |
SHA1: | C818D0E241A909DA2994335156C463FC2AE88669 |
SHA-256: | 92DC2D6EFF3C3DACABEE1DE448545AFD9DA09D5ACBB04CB4292C586B428274A5 |
SHA-512: | AED8EAF41C3DA89CABB3C304CC07C3A894AC44D5F399994877C5D1DC466B9396FA3F03820102BAB2CCBF4B5BDEE7F2888CF2F7911DC4990C78B9D799C79A8B29 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.209684837235404 |
Encrypted: | false |
SSDEEP: | 6:NLHcM+q2PRN2nKuAl9Ombzo2jMGIFUt88LqEDGNJZmw+8Lz3cMVkwORN2nKuAl97:NL8M+vaHAa8uFUt88LU/+8LoMV5JHAaU |
MD5: | A8636B09EBF41942155362488953EC01 |
SHA1: | C818D0E241A909DA2994335156C463FC2AE88669 |
SHA-256: | 92DC2D6EFF3C3DACABEE1DE448545AFD9DA09D5ACBB04CB4292C586B428274A5 |
SHA-512: | AED8EAF41C3DA89CABB3C304CC07C3A894AC44D5F399994877C5D1DC466B9396FA3F03820102BAB2CCBF4B5BDEE7F2888CF2F7911DC4990C78B9D799C79A8B29 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\7b56304f-82fb-4290-a659-90d714338861.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.974222621667791 |
Encrypted: | false |
SSDEEP: | 12:YHO8sqOTsBdOg2Hncaq3QYiubrP7E4T3y:YXs10dMHG3QYhbz7nby |
MD5: | D25E5DE1516A2F66C0630662F17C1FC1 |
SHA1: | C5118E6F7832487F4B262ACD93A330FF4B489247 |
SHA-256: | DB5F14C77FFFC69F3A7888976E58DAF006946C8E6FDDDE71C2A32549BBD5F2E2 |
SHA-512: | A8D24BE986BB45A0926D40617CEF683CE42DBAAE5F0DE6B0936196B7D06D8F3D9F23FE882967BFAE8E39E9599841520C8A59E6D3117EC2D59B5038D0EBE0A102 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF501577.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d9794878-8f2c-4eda-94bc-ab6f714d7055.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.234811901155984 |
Encrypted: | false |
SSDEEP: | 96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xeReEc6U:OLT0bTIeYa51Ogu/0OZARBT8kN889c6U |
MD5: | E6CBDF22F768B4E143073D1AD3137151 |
SHA1: | 74158EB9C228A6253749F51FA2F7DB4FDF301574 |
SHA-256: | A6B52861965089BB2D1F99CD9ACBDD7A2773FBBFE435BB05949689DCD610D08D |
SHA-512: | C6CC86EBB90E2B4BCB4FD88527C538B5FC0CC6488552336BCDDCE9C669B4C94D2D33B10E7115EFD06CEFFD20C2817967AFE8A26A4B235F72313C611473082C8C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.211407077949657 |
Encrypted: | false |
SSDEEP: | 6:NLLEcM+q2PRN2nKuAl9OmbzNMxIFUt88L6GF3JZmw+8Lh3cMVkwORN2nKuAl9Omk:NLdM+vaHAa8jFUt88LtFZ/+8LhMMV5Jv |
MD5: | F9837CAC023B954445ECB82E7A17871F |
SHA1: | 7C1460893C60628B7075C530E17026FE04BFAB42 |
SHA-256: | F62BF6413707F9880DBCCAE943FC93A9B156BAFF61DB5C0D55AFB56D1D189B7B |
SHA-512: | 98B7A43BE60F459E125AD0DB73EB341D343A5A7687D57BD8055C944FDC6BC7D907A259ADDD324305D6FAA6FDF82DDC36320B365BE7C4E39DDAC1B63A2757A443 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.211407077949657 |
Encrypted: | false |
SSDEEP: | 6:NLLEcM+q2PRN2nKuAl9OmbzNMxIFUt88L6GF3JZmw+8Lh3cMVkwORN2nKuAl9Omk:NLdM+vaHAa8jFUt88LtFZ/+8LhMMV5Jv |
MD5: | F9837CAC023B954445ECB82E7A17871F |
SHA1: | 7C1460893C60628B7075C530E17026FE04BFAB42 |
SHA-256: | F62BF6413707F9880DBCCAE943FC93A9B156BAFF61DB5C0D55AFB56D1D189B7B |
SHA-512: | 98B7A43BE60F459E125AD0DB73EB341D343A5A7687D57BD8055C944FDC6BC7D907A259ADDD324305D6FAA6FDF82DDC36320B365BE7C4E39DDAC1B63A2757A443 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240828205230Z-162.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.362083954420442 |
Encrypted: | false |
SSDEEP: | 192:lRzrPX1AmDI1WWe13D4fBkk1UzZSXn92h1um6iRl1S14awpV1hP1yL1L51BO1k1v:Pzxwk3D45JUzZZp6WM0VhdILq+WAl |
MD5: | ED4C408D4EF163DFE60ED5DBF060E5F4 |
SHA1: | CD423EECBD5AC2542E5150D0E7D542FF685F36D2 |
SHA-256: | 2001999823E9F5D7F3E282EC32AE68B59A94A201A03081D7800292D78EB24B9B |
SHA-512: | EE377F391C6B137051F7FBE4BB21F9CDDD56C05E77661BE2E2B357429106224CABFA5E27C23AFF3E9134F3CA22C27B0FE60B859C7E86C1A1AC2D1216B7322B57 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | 192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.215383195776262 |
Encrypted: | false |
SSDEEP: | 24:7+tx9MqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+i:7MYqLmFTIF3XmHjBoGGR+jMz+LhF |
MD5: | 6F24251B85EED34B3A9668C97B8AA83E |
SHA1: | BD4FB1D43D99D611F84ACC7A24F5509EDA28FB05 |
SHA-256: | 5BC50C01EDCC28F09F25DD198B9937C0871A86420B73DE0287F5D8B0F9A51C4E |
SHA-512: | 45E6918E7B1B5E91E942A6E38B4600DF486DF1C969C5F015CAF6B6D5BC7D27B6678E58BBB38AA666FCCF2C6853353DEB26D8027B351EFC38F329F89B01AE0084 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.144086598890895 |
Encrypted: | false |
SSDEEP: | 6:kKj19UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:7cDnLNkPlE99SNxAhUe/3 |
MD5: | 8E4A9C08357719031F9288DEE8F8F0C8 |
SHA1: | F5EB46C4013093C9D8FA6C0E05762DE1B5307487 |
SHA-256: | DF9DF961F90CD64C287AC08BAB8ABB1D5AC6F1BFA16D3BB5CA443FB12F0FAB38 |
SHA-512: | 1835E35163915446E2D41FD40236C1E44CE208C8FD03E71304AA6956960EE873BA7919714F9DD0DC3B555EFEB3C44E902A4C96CA73C5C670A32400F9AA48E010 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.0056539486591523 |
Encrypted: | false |
SSDEEP: | 3:kkFkl3TrLVltfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7F:kKyrLlxliBAIdQZV7I7kc3 |
MD5: | 523C9F7108952D8492711120367225C2 |
SHA1: | BA707CEE4931FC2B66B634E655A7B727FFA4C0F8 |
SHA-256: | 632C31C8E664AE7DE31CD4034413693A4DF3435F12938030C00FA67E091392F1 |
SHA-512: | E37A45DED45CAA4341958CB3700687EAE4DD8B32E843F3BCA335CBF7B7C383B41A33AE45A208186E90AAD20050C6CD43E3FB5C408F3F8D47C14EFBF7812B96CF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.374823581747444 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH8M1aHNVQ5IRR4UhUR0YBRWxoAvJM3g98kUwPeUkwRe9:YvXKXz1aQWRuUhU2OGMbLUkee9 |
MD5: | 73A13C637F3DD56A79DFCA3E53A2989D |
SHA1: | D33CBB62649AEABE2C1CD78A40514062C9AB93AC |
SHA-256: | 2D84DBB7B3F6E8331DB616DDFB6FA43B30B744372FE1FBFCE39BF0056D12C359 |
SHA-512: | 0B75415CE0AD09BE630DB9F7D1786F8B333916B55CA00BCA4E51CEF4B24BAF737551972E6AC481F1CA41708C2DCA3A42D4304622729F5961B8C34090B2202CBA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.324343853151872 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH8M1aHNVQ5IRR4UhUR0YBRWxoAvJfBoTfXpnrPeUkwRe9:YvXKXz1aQWRuUhU2OGWTfXcUkee9 |
MD5: | 3B824387DAF92ABB47FC0E47C38C0F56 |
SHA1: | CC87916A03D93CE4FD0E69059122BA432C586E08 |
SHA-256: | C1A8415CC0D71D116EEBFF39A68B3F781257EC44FAC39C4306262823BED70EBD |
SHA-512: | 2565EE913DFE961DB9A6220D7B62AA3888D91964DE82E5258895446F5299D7C6C35CEC01CC4E631DA9BD5E7FC71346F25F85984C8737C8769AE69BEF8B7AD330 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.302296453151231 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH8M1aHNVQ5IRR4UhUR0YBRWxoAvJfBD2G6UpnrPeUkwRe9:YvXKXz1aQWRuUhU2OGR22cUkee9 |
MD5: | 4504C7A6A126E71AED5B8CEEB1D8B400 |
SHA1: | 45E1B4C36347AE27CEB7CCA56D53BE1C84A95ED5 |
SHA-256: | 74460812C9CDFF5D1547BF5733EA8D40ADF39F10D05C0F4A401A370009CB9E05 |
SHA-512: | D41584890D96AC80CB3E0BD5FACD103C6AE1B3FEBA867B6E1502873D352C962717416D85992D7A4554F6E6F7B3F742EFD74B27823321AA76BE1251DCD6199390 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.363605882608799 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH8M1aHNVQ5IRR4UhUR0YBRWxoAvJfPmwrPeUkwRe9:YvXKXz1aQWRuUhU2OGH56Ukee9 |
MD5: | 188225AE0FCF9D676209773F4DBC639E |
SHA1: | 68999971CB3FCCAC20D52880D2C7EAEB34CA2739 |
SHA-256: | 445C025E8583596A01CFB77C6CD9CE82AE94455243B7785C7583D50301383C3A |
SHA-512: | 9D313025D190CB382974CB9A55FD9E7D8B8BAF95E383E83838A35E5DEDC889CB56059FA0F12B80F880D687DE7C430A2D1E8335A892E2D3B79C92083C1962A37F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.669719844495914 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xz6U27pLgEFqciGennl0RCmK8czOCY4w2aS:YvZU+hgLtaAh8cvYvfS |
MD5: | F6FED228B53D855B0E9CD81FAC05814B |
SHA1: | CA44FCF0037451B1B74420DB69F08D66F37BEF7A |
SHA-256: | 21D86CF469A64D4C82296531FE35F7EE8B2D9FD140BF3866E830F614C7558EF0 |
SHA-512: | 3E6166F12DDBD8B0BAFD479C6C01E72C7B0B7D8A2A5893B7B98CCD2E2334454C4F1ECC1EC0B401F0D07EAF251F551632B1B4F0BC8BD4307EE32D985DFC5FD381 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.657635593844822 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xz6U23VLgEF0c7sbnl0RCmK8czOCYHflEpwiVaS:YvZUoFg6sGAh8cvYHWpwRS |
MD5: | 3E970BBE3334089E67F7E7AAAEAAA87A |
SHA1: | A9E30BECDD1AF2C35C32474767E7D56E5DE1E975 |
SHA-256: | B5E371C4CE4BF0C24B014E800D0759838E0168A7D37A067F9A9C76B28B2F4900 |
SHA-512: | F2DA5D44D0246DCEA9C057A3D45CC70819CB190E1DF32D476797B6CD30215AE830FD5C6353C50B547700C0D491783F84E18CBE9A2B3ACF7CC3C05DED9A05EED8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.315031641245687 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH8M1aHNVQ5IRR4UhUR0YBRWxoAvJfQ1rPeUkwRe9:YvXKXz1aQWRuUhU2OGY16Ukee9 |
MD5: | EBD2A10FBFBF2F4BC190F74880A49FAD |
SHA1: | 4C16F34BF09394892748DC70516FD72524B86DE3 |
SHA-256: | 6D32484A2890BAF50EB2BD623CA38FEAB3735C869E218271451C81130A118E89 |
SHA-512: | BB55174C11EA5903535AA3FABC7F203FAEC2CE275A6105FC25A066EEB74B6406DA16A59734E2FAB8FACAC50A15C40643C04AA9940E92412F3282298273031B8A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.650657164909142 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xz6U2m2LgEF7cciAXs0nl0RCmK8czOCAPtciBaS:YvZUtogc8hAh8cvA0S |
MD5: | CABDEEE8B89F862A0FAB2A102F070D41 |
SHA1: | FACE2424180ABBB8462D27ACB9720D6EA6507FE7 |
SHA-256: | 439B5A2A60ED042B4678636F667B7E2E97DC9814A816452AFC98F8209B551128 |
SHA-512: | 24E87842E6052AA5E96751424558636FD43A51A06038C732D787C2185AF32CBD2EA72B451763912E7A6E5F8146EB39316DF2803BBE1672F45D93A9FE77FD6B8E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.700514799554353 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xz6U2KKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5aS:YvZUFEgqprtrS5OZjSlwTmAfSKgS |
MD5: | 3154723F45D633EA688AF7DA2B53808C |
SHA1: | 0D371E17F0A4A791AE61E33B613D60CBB9C765B8 |
SHA-256: | 69B73443A2F03C6A831AF70CC209D3265605FBEDD00B47C6D8037E00A4B47314 |
SHA-512: | 3D0EFE67BE7CAB25235FBF0C7E231EE211676CB31D37B81567C73B9F07E8D647FF83BDAF8A168D2DF0B03DB2AD61692ED2AF8900AC82DBD997BAED096121E856 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.31822728014662 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH8M1aHNVQ5IRR4UhUR0YBRWxoAvJfYdPeUkwRe9:YvXKXz1aQWRuUhU2OGg8Ukee9 |
MD5: | F18C4A8C6CB1D6E7EAF3611D1043E4AB |
SHA1: | B50730AB773FFEDD62DD4103F10F9A9251A7C400 |
SHA-256: | E7CDE0958541C50147527AF85F62CB3B8551AB6F6B0DB013AAD692A229CE2FD5 |
SHA-512: | 4D2D91CCD0BBA7A5FEF5F8FA205222FB7894A740A689F83A6341A08779F3A00C594D8D497587641FA14670E7126B86E2F475BEB3C6BCD50C3AEEA39651C022B1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.775790238918671 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xz6U25rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNiS:YvZU4HgDv3W2aYQfgB5OUupHrQ9FJgS |
MD5: | B6AA005232063C6C2D28B1EE21087BEB |
SHA1: | 6140311FC950958716BEB4DD85A5D50CBE8B52C8 |
SHA-256: | 54B261A52BECB3E3EB14D014DE47D7B245F6E4527F0FA9957263E0A998BA4D1F |
SHA-512: | 0E59DE168E10670A8791D39D1A76A767FEA4BBF4B25C4DD2E995F704534C1E59169C76347F74CBF693B626FC37DBD7EB9753D33E6AC10D426F7F7CA835541E7B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.301649104417412 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH8M1aHNVQ5IRR4UhUR0YBRWxoAvJfbPtdPeUkwRe9:YvXKXz1aQWRuUhU2OGDV8Ukee9 |
MD5: | BE1952CE6A726436716915A03D6F4B32 |
SHA1: | 99BC29D3815FC01C734860C448A55A8F2A3C9B6E |
SHA-256: | 1565E9200A525712246F5A3ACA4893F8D0B656DC47E29093FFC62DD6C16B12E5 |
SHA-512: | C8CF6693BD3687E74E05DEB5FC6E620946BD0C52A69E66AC0B7AD3D51CC509589511805F62CE148056036FBD06904D8AC71A3F4C24DC79DEFCC2C9CEDFEBBC92 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.30585799426125 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH8M1aHNVQ5IRR4UhUR0YBRWxoAvJf21rPeUkwRe9:YvXKXz1aQWRuUhU2OG+16Ukee9 |
MD5: | DF11BF18A612079860D26C55A2C6F6FF |
SHA1: | 90BDF2F078CE6541D040119D4A89580DEF9DF566 |
SHA-256: | 491143AB6E7F6DC17DFF68DCC919C715EF6499398AE3CAED4B6F9A42F52E7503 |
SHA-512: | CAFE35CCA1D41099E1C5C5194F2701D45BBE394B700AD6F71076006D3B4D6B33091363139EB0A244B29A37BD4E9F2642B933B5AB31C385F2F370F7444A0124B2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.6586074181113215 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xz6U27amXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BaS:YvZU8BguOAh8cv+NKXS |
MD5: | 7C2E1EAB74BFE49737337534883698E9 |
SHA1: | 7C50863B9FEA1B8EF601AE0FD2CAA62E11F8C368 |
SHA-256: | EC35B71C45898C089B32C8FD5413F0EB81020E550BF094D2E1AF7F9C8A043D5E |
SHA-512: | 84859035526F59670FD29E051344E4378A438A906CEE71D06AA14FC2590B8D3E6B164662E9EC0BE13902C1227EC81C02B1B08A31383F33E7AD799AC9F4BCFC09 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.280371418412778 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH8M1aHNVQ5IRR4UhUR0YBRWxoAvJfshHHrPeUkwRe9:YvXKXz1aQWRuUhU2OGUUUkee9 |
MD5: | 201D8ECF85A4C1A3B87AB1CD772774D1 |
SHA1: | B36C876FB50A604E5C4EC9424107946BC269726C |
SHA-256: | 814BF237A33BAD9B300D2B4B04CD6827BD68FED459EE4141A8E8A0D90E2B0E2F |
SHA-512: | 0A437E134D3BE8C1E53501F1234197B95386223C807BF3F89991900191A6D6DCFCE026FF6188207D03897E9892B829BBA60B791728D41298A80BB45B69169A2E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.37178103754273 |
Encrypted: | false |
SSDEEP: | 12:YvXKXz1aQWRuUhU2OGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWE1S:Yv6Xz6U2Y168CgEXX5kcIfANhRS |
MD5: | 4D20F1324CAE4A2CD35A5577E776ED68 |
SHA1: | 7BD4DC9B8121A42CB73A5898A3FA49A15DFCF0F0 |
SHA-256: | 7B8E4161EF2A169D89916B27EE9C1F1664ABB42EC9214ED2ED8F61E7D0F2BD9E |
SHA-512: | 154BB4AA41D8136E7A3BBCF7D474416C7F627D2626A7983F28359B83DD9CEE638C7E3C0DCA73E59B922E411003F1CE24CC4FCC73F8DE95C88FE30053CB8110E8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.139064501156319 |
Encrypted: | false |
SSDEEP: | 24:Y4hfKWk6agawaySIQwElC/oft0QPC29KbYbFMfKo6KNSTStjjqDj0S4VNRw2tzq5:Y4X7OtdobWFMfIJ8jqPRQGq1Ng9B |
MD5: | C8794B89344A2C2AE05756CAF1450620 |
SHA1: | 2BC63CD66493F4B800CDE0FCF82674377915C54E |
SHA-256: | 66DCC0AA9FA82C4C8A3481C17E15644E6AC703470550E75B08EEAAA1974029C1 |
SHA-512: | 0DB54BDA569CF97D810734620697E2695BF870D6B1626A8DFCA58180864785D6686EE6E19E5276620D1D65A120CB57FE718F847FA057E547181A0E67CCE7E0DE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9879570545601732 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs67Y9QmQ6Qel6IcLESiAiet6F:TVl2GL7ms67YXtrDcI88 |
MD5: | A77EDDE09AEF077E7A64C4F4F0B2AADC |
SHA1: | C7543BA3005F1E5620CB84A918049DEB9BDBFF56 |
SHA-256: | 69A697DBAA58ECE193EC3257625CC71F7A1A8A89748E20934B60F647316BF406 |
SHA-512: | 3EFECD656015228B65D517BE9A26E3C584EABC3B79E48A4EEB1BF444167DAEE092FA70A6FD2E229482DDD7BE989B610D105DE35488BF0C78D3D33DF20A69FA1B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3414063682729054 |
Encrypted: | false |
SSDEEP: | 24:7+tZASY9QmQ6Qel67cLESiAi0mY9QWWqLBx/XYKQvGJF7urs3:7MZlYXtrgcI8KY1Wqll2GL7ms3 |
MD5: | 95F82BDAF92657E4499DD6284827A780 |
SHA1: | 7DC79115910210BB0CC885D3B82676DF12F40387 |
SHA-256: | 3E8B8CC5130E869A4AC73FA9AD1AC699FB687D0EE4C16C7643E3489AFAE1288E |
SHA-512: | 6903FB9EB5811FFBC727C81DA8B2773828BDC561432358B24FAB68DA1936D01B789ADF288EB9BE8A7BD1A38D1CB0DEB91C8ED7991E740CAED62352D8AC77353C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5406586576927443 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8dArNhDl:Qw946cPbiOxDlbYnuRKfNn |
MD5: | E7A7147834D79DCE8A924856E87904F7 |
SHA1: | CB51F62F1118FBC93EFDBB924FFB8B2A8C37B30C |
SHA-256: | FDB16B27AA3D21CE000819519BFDA4409D0E18E44058ED36AD33DF7ACBF1EEF9 |
SHA-512: | 35B0BE5A08FC6F425165BDEE5B4985002051139189849D64542C4332A24B20C926C3459E8DA08BF46462964C98C13D1BF2EA71D3CC39F8D59A2DC36214360D05 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-28 16-52-28-704.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | 384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.34309915717823 |
Encrypted: | false |
SSDEEP: | 384:lRrgcKBPWJEeU9EBjWxgpUINJKP7o3PQg//LNVF9030UaUUUsbK6Fj3qtG/O4iX4:CJNpXI |
MD5: | ED38772A9D0B39C76C28FC588327C5E2 |
SHA1: | 7915B5E8C61E9CC147F89608A9503E17B8464F3C |
SHA-256: | FD2B2E36A0D7F900033153AD81899D5450A48E96D481878157F2DC50E8B56A06 |
SHA-512: | CBFF21347DF87677F4BE415F31258CDD73BAEBB435A07442A6DBDA6A8A252B0553C5154B44B498769CCD53426633D69A094828BCC3F7AB73C279C2D0AF1FDF61 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.419503698466664 |
Encrypted: | false |
SSDEEP: | 192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbmcbIIXhcbt:fhWlA/TVgXS |
MD5: | 36E9CC862909BDB5D6D276F5B4792833 |
SHA1: | B3E41F2838B1EB120F633DDC3E02859DBB966154 |
SHA-256: | 391B11A578BDFB7E47AD33FC83ECABA8AF9BC30C4A59A92888F2F6A06E437BE1 |
SHA-512: | 792D86388B96F1713B3D1ABC0375D4FD107395E9F263369E4DAC1993457E95561BBF4769E2BFF2680342D1EA9DFE8FC042AD1AC95A1211BBB1CC776A8FEED053 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7ouWLgGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLgGZtwZGk3mlind9i4ufFXpAXkru |
MD5: | A8E5C37206C98D1B655FF994A420FFB6 |
SHA1: | 827237782AB5971EC205C3BCECCC7950BE9F84C3 |
SHA-256: | F1F755059AF7C2CBC36920337941AEFB18FBDB3CD14D3239CBBBCF0CB8F208EA |
SHA-512: | 12DE33EB7624458AEC44D83D4E2C09E626F8E54E177FC0C26EEBA232935F34FAAAEB71FBB025EB7C53BEA9933C46ADCE759C32516D1B80C03B6734C61D61CEB2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.043833511544227 |
TrID: |
|
File name: | INV114721.pdf |
File size: | 2'556'708 bytes |
MD5: | d58320c091ec675e2c61e3ef86b03c3c |
SHA1: | cca2339754b1e8069e3fa6def3385e83d6b34585 |
SHA256: | e0a63d3fe13447097706ab3cad1df47308f05b6b546b799ba0ffcbf13963bc93 |
SHA512: | 35db14655a3feee22d75e7b8f75cfa5bf621e082091ac0301551bcd58027ae2553f2ddc9e3b9721d1105161b4e819118a81a7c1f5074aca6070e9cfc03e64914 |
SSDEEP: | 24576:r1yziomUj1b7i6vwxXHW4WhtEvUK34xdjDeCooB5QmL9SGOeaIPqofX0h1oW2KSN:KVh2X24WcMK6a7oP2ebSoWVGZ |
TLSH: | F2C56B9C9488E48C5477ABC1A747D9E6E24E676B46880C77B16F4FC20B03D9EFD4B806 |
File Content Preview: | %PDF-1.7.%......9 0 obj.<</AcroForm 59 0 R/Metadata 60 0 R/Pages 2 0 R/Type/Catalog>>.endobj.59 0 obj.<</DA(/Helv 0 Tf 0 g )/DR<</Encoding<</PDFDocEncoding 61 0 R>>/Font<</Helv 62 0 R/ZaDb 63 0 R>>>>/Fields[]>>.endobj.60 0 obj.<</Length 3279/Subtype/XML/T |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.043834 |
Total Bytes: | 2556708 |
Stream Entropy: | 7.908809 |
Stream Bytes: | 1544915 |
Entropy outside Streams: | 4.112955 |
Bytes outside Streams: | 1011793 |
Number of EOF found: | 26 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 992 |
endobj | 992 |
stream | 460 |
endstream | 460 |
xref | 26 |
trailer | 26 |
startxref | 26 |
/Page | 41 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
70 | 0010143d77203400 | 2d131cec9a4c3836b93c3c31521b013a | |
87 | 006068c088404000 | b2c1725cc3d8cf004308b7172db368f0 | |
606 | 0010143d77203400 | 2d131cec9a4c3836b93c3c31521b013a | |
607 | 006068c088404000 | b2c1725cc3d8cf004308b7172db368f0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 28, 2024 22:52:39.891935110 CEST | 49720 | 443 | 192.168.2.16 | 23.56.162.185 |
Aug 28, 2024 22:52:39.891971111 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.16 |
Aug 28, 2024 22:52:39.892041922 CEST | 49720 | 443 | 192.168.2.16 | 23.56.162.185 |
Aug 28, 2024 22:52:39.892205954 CEST | 49720 | 443 | 192.168.2.16 | 23.56.162.185 |
Aug 28, 2024 22:52:39.892218113 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.16 |
Aug 28, 2024 22:52:40.506865025 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.16 |
Aug 28, 2024 22:52:40.507175922 CEST | 49720 | 443 | 192.168.2.16 | 23.56.162.185 |
Aug 28, 2024 22:52:40.507194042 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.16 |
Aug 28, 2024 22:52:40.508102894 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.16 |
Aug 28, 2024 22:52:40.508177042 CEST | 49720 | 443 | 192.168.2.16 | 23.56.162.185 |
Aug 28, 2024 22:52:40.510174990 CEST | 49720 | 443 | 192.168.2.16 | 23.56.162.185 |
Aug 28, 2024 22:52:40.510230064 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.16 |
Aug 28, 2024 22:52:40.510365963 CEST | 49720 | 443 | 192.168.2.16 | 23.56.162.185 |
Aug 28, 2024 22:52:40.550302029 CEST | 49720 | 443 | 192.168.2.16 | 23.56.162.185 |
Aug 28, 2024 22:52:40.550313950 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.16 |
Aug 28, 2024 22:52:40.597268105 CEST | 49720 | 443 | 192.168.2.16 | 23.56.162.185 |
Aug 28, 2024 22:52:40.607423067 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.16 |
Aug 28, 2024 22:52:40.607815027 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.16 |
Aug 28, 2024 22:52:40.607857943 CEST | 49720 | 443 | 192.168.2.16 | 23.56.162.185 |
Aug 28, 2024 22:52:40.608484030 CEST | 49720 | 443 | 192.168.2.16 | 23.56.162.185 |
Aug 28, 2024 22:52:40.608499050 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.16 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49720 | 23.56.162.185 | 443 | 6408 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-28 20:52:40 UTC | 390 | OUT | |
2024-08-28 20:52:40 UTC | 247 | IN | |
2024-08-28 20:52:40 UTC | 120 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 16:52:25 |
Start date: | 28/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cd680000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 16:52:26 |
Start date: | 28/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6480c0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 16:52:27 |
Start date: | 28/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6480c0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |