Windows
Analysis Report
20240927102105.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6832 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\2 0240927102 105.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 4924 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6592 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 80 --field -trial-han dle=1736,i ,119101585 9049687940 8,60695654 6599633943 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.41.168.139 | unknown | United States | 6461 | ZAYO-6461US | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1520454 |
Start date and time: | 2024-09-27 11:05:45 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 20240927102105.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/45@2/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.144.73.197, 34.193.227.236, 18.207.85.246, 107.22.247.231, 2.19.126.143, 2.19.126.149, 172.64.41.3, 162.159.61.3, 2.23.197.184
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: 20240927102105.pdf
Time | Type | Description |
---|---|---|
05:07:02 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.41.168.139 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ZAYO-6461US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2430700985756475 |
Encrypted: | false |
SSDEEP: | 6:PEsd6ryq2Pwkn2nKuAl9OmbnIFUt82Esd6tVdAz1Zmw+2Esd6tcMjRkwOwkn2nKZ:PEFWvYfHAahFUt82EFtVw1/+2EFtHF50 |
MD5: | AB19D7D9941B0C31F8E1BD4D90129102 |
SHA1: | CB8649D9EF18074A89B5B3209393B564D887E87C |
SHA-256: | 8E7B6770D1F916F8B8E5BFAEAF07CB79706BBCDAFF23CEE7F84D39D7BC0B6334 |
SHA-512: | 3A01E8FF2EA3C8708A5B819F12F0C924561184D3235EBE53ABC9A852E774039FE92BC9FD3165D9112B0C042617FEA65938724A24DE43FAB76F582E6DCCB1EADF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2430700985756475 |
Encrypted: | false |
SSDEEP: | 6:PEsd6ryq2Pwkn2nKuAl9OmbnIFUt82Esd6tVdAz1Zmw+2Esd6tcMjRkwOwkn2nKZ:PEFWvYfHAahFUt82EFtVw1/+2EFtHF50 |
MD5: | AB19D7D9941B0C31F8E1BD4D90129102 |
SHA1: | CB8649D9EF18074A89B5B3209393B564D887E87C |
SHA-256: | 8E7B6770D1F916F8B8E5BFAEAF07CB79706BBCDAFF23CEE7F84D39D7BC0B6334 |
SHA-512: | 3A01E8FF2EA3C8708A5B819F12F0C924561184D3235EBE53ABC9A852E774039FE92BC9FD3165D9112B0C042617FEA65938724A24DE43FAB76F582E6DCCB1EADF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.205277584397921 |
Encrypted: | false |
SSDEEP: | 6:PEsk0q2Pwkn2nKuAl9Ombzo2jMGIFUt82EskjEZZmw+2EskjEgFkwOwkn2nKuAlx:PEovYfHAa8uFUt82EnEZ/+2EkgF5JfHA |
MD5: | 26E4A101A2751E3D6D244E8D14326C33 |
SHA1: | D8573AB4DD24D84E5D517F8E56F7F29DE3E98F04 |
SHA-256: | 07FCF14B177285A926509F6A1429B4396769C4FC2AD4C7F6BAF2E516BF4E6A60 |
SHA-512: | 8F4E20E70A1C63E4EB2800C53AF5B488AF88B9B0D01B6FFBFEE6AD94C3625FE9D7B13561BAB6B2E310782716D0E81C1F89E0A291F4A0769608B93AA34805E17A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.205277584397921 |
Encrypted: | false |
SSDEEP: | 6:PEsk0q2Pwkn2nKuAl9Ombzo2jMGIFUt82EskjEZZmw+2EskjEgFkwOwkn2nKuAlx:PEovYfHAa8uFUt82EnEZ/+2EkgF5JfHA |
MD5: | 26E4A101A2751E3D6D244E8D14326C33 |
SHA1: | D8573AB4DD24D84E5D517F8E56F7F29DE3E98F04 |
SHA-256: | 07FCF14B177285A926509F6A1429B4396769C4FC2AD4C7F6BAF2E516BF4E6A60 |
SHA-512: | 8F4E20E70A1C63E4EB2800C53AF5B488AF88B9B0D01B6FFBFEE6AD94C3625FE9D7B13561BAB6B2E310782716D0E81C1F89E0A291F4A0769608B93AA34805E17A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.972225950634431 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqzvWsBdOg2H7Acaq3QYiubInP7E4T3y:Y2sRds4zdMHf3QYhbG7nby |
MD5: | 6F7C6C69C41319AC65D7F84051321567 |
SHA1: | 7DF8FBE3AFA4137A04493CB35799A4DD4CF3B818 |
SHA-256: | FEE79CBBD5BE175A04101E30D6A775D87BF51F2A1769674441063081DF9D14C1 |
SHA-512: | B1A02046A46C407A0A653CA812771CCBA2780CAC2E93D5338F6479CA07B350228FF34D775EA63B53C1A4FDAB0FF3F2009A147FA5C9179BF831A3F0A718DF7910 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\af2bccc6-5ad1-4e98-b292-4a4596955b6a.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.972225950634431 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqzvWsBdOg2H7Acaq3QYiubInP7E4T3y:Y2sRds4zdMHf3QYhbG7nby |
MD5: | 6F7C6C69C41319AC65D7F84051321567 |
SHA1: | 7DF8FBE3AFA4137A04493CB35799A4DD4CF3B818 |
SHA-256: | FEE79CBBD5BE175A04101E30D6A775D87BF51F2A1769674441063081DF9D14C1 |
SHA-512: | B1A02046A46C407A0A653CA812771CCBA2780CAC2E93D5338F6479CA07B350228FF34D775EA63B53C1A4FDAB0FF3F2009A147FA5C9179BF831A3F0A718DF7910 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.258562560702671 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7cDe+mnTDkCArD8mZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goo |
MD5: | 6D75F5D5ED585823DDA1C22E28CF7E08 |
SHA1: | 0CC5D7D9DEDAB9AE83305B819F48328D038449B0 |
SHA-256: | 6EC2F2792BA1366F46644F6BAB7A252CC55914D5E795A03CF226117AB6436FE1 |
SHA-512: | 689F5E05FBD228A3BBA69E0621E50FE18F33B7828074B73B13B12ED4A2AF98BB9EEE80F15AF1867D306C7F23D6A31AADEA70CF98F42D6A555478661F9992A194 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.215622474127717 |
Encrypted: | false |
SSDEEP: | 6:PEskpxq2Pwkn2nKuAl9OmbzNMxIFUt82Esk09Zmw+2EskiojzkwOwkn2nKuAl9Ob:PEbvYfHAa8jFUt82Ew9/+2E9P5JfHAab |
MD5: | 243C99D85FED5552E108BFF1F0C3A00F |
SHA1: | 79CBB49A0052B9706DFB90C63FA609D00EAAB647 |
SHA-256: | DEDD80F59A00EE0D7C398D59B77524EE8358A06D6E4FD61E905C6A23D79A837C |
SHA-512: | 2FF1E1C18461FA2845477D688477588CA4571769487952FD1F6FBA3D7BAF29BE927FC0FDB76E3FF4114D5EE11660B83A166AD8A6237D4D547B6CABAF219CC685 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.215622474127717 |
Encrypted: | false |
SSDEEP: | 6:PEskpxq2Pwkn2nKuAl9OmbzNMxIFUt82Esk09Zmw+2EskiojzkwOwkn2nKuAl9Ob:PEbvYfHAa8jFUt82Ew9/+2E9P5JfHAab |
MD5: | 243C99D85FED5552E108BFF1F0C3A00F |
SHA1: | 79CBB49A0052B9706DFB90C63FA609D00EAAB647 |
SHA-256: | DEDD80F59A00EE0D7C398D59B77524EE8358A06D6E4FD61E905C6A23D79A837C |
SHA-512: | 2FF1E1C18461FA2845477D688477588CA4571769487952FD1F6FBA3D7BAF29BE927FC0FDB76E3FF4114D5EE11660B83A166AD8A6237D4D547B6CABAF219CC685 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240927090654Z-153.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 3.523084141976745 |
Encrypted: | false |
SSDEEP: | 768:gHmjghKF8Zf0xF9z/s3IAHNKuJu9QcuGxQy6Ow6:q8MKF8Gxf43IwKuJyQcixOw6 |
MD5: | A33CFEAC332D8A5E2CEBCF1E08596240 |
SHA1: | 61AABB910157FF9306CDE7BF7B54E51CA8C17815 |
SHA-256: | 4C6D58E2329DB46E91521B41075EFA33912D49CB2E8DD118A8D24F264B73335E |
SHA-512: | 5CDC036718EA4B8525607BCCA146357DB888F566E55DFAE3BFCBCDC29861EA5CED0B1ED8FB28408768F15BFA4D853B922013664BE84D7821150279AA66C62225 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.44472060524489 |
Encrypted: | false |
SSDEEP: | 384:yezci5t+iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rRs3OazzU89UTTgUL |
MD5: | C7E792DFCDA42A91252ECF24E13A8F4F |
SHA1: | F99E67D1F9E283301894C9A9AEFB3E960B8E7DF0 |
SHA-256: | F21DA543D7F9167649C7F10A094AABF885F96F7DCD5BE339A7B9AD7302361ED0 |
SHA-512: | EDFBD98CB5077EA2F4B371EC7B37761E4892E26C9139756E121410111E6D07BB0AF3876ABD70B42BFA95FD0A6B357D3686D7716CCFF669FC8D37956106D945E3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.774047271212034 |
Encrypted: | false |
SSDEEP: | 48:7Mhip/E2ioyV3ioy9oWoy1Cwoy17KOioy1noy1AYoy1Wioy1hioybioyroy1noyZ:7zpju3FSXKQ2Qxb9IVXEBodRBkQ |
MD5: | 835B1AA2F8865FA40758CF9678310C00 |
SHA1: | B15E79C83898B59C4713E6709C9F770ADDD89EC5 |
SHA-256: | C14B2326A3AB4A5A7177E064E9D31D3AA649C4E3EFD7F9522C5B8A768D83309F |
SHA-512: | D34A07903EAE8C885108F2883D0E73B52B47F06EBE665B5C632CC4788720DFEFDB92FF7C088BA446659713DB9C2C6050735BBBABA6F7CF592CD4165CCF95FAFC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.727684695701949 |
Encrypted: | false |
SSDEEP: | 3:kkFkldnt1pl/tfllXlE/HT8k3zvNNX8RolJuRdxLlGB9lQRYwpDdt:kKS1L/eT8YzVNMa8RdWBwRd |
MD5: | 492B0801836AA87A521A0CFB9B9E4D50 |
SHA1: | 33F9CF77803B6C5FD27B524C748329679EC561B6 |
SHA-256: | 854835291760D1B3E6D4E22B8B8620F2B4393A06023CEE091273089D1FEA6EFD |
SHA-512: | 338CD7738F47A8AC7FC2FB8ED6D45598B579E7D8F58FB7209F8DE29FEFA819321B58F1655DFA96D7AB9B215A56B7D93F6DBBD571E3B2F32185DB8B22D56B2366 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.361253781411831 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJM3g98kUwPeUkwRe9:YvXKXuTyTVZc0vOqGMbLUkee9 |
MD5: | 30BA22E9A658CDB9627FFBD70400AC62 |
SHA1: | 68A61AD6D5CDE7F304346A5A081BAF198E01D294 |
SHA-256: | 9FB004151D5E60259BCF4CC3AECBA11F644B39DE5ED8FE07E2E3524B7770F8C7 |
SHA-512: | A72833013E8C186C061D762829A448938B78B2650055F788760DEDCB2821596D9FB5137C447017A1606454C4D5D1603C7EEF101F5ADCA20BA160E13845D5BA3E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.30746044907956 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJfBoTfXpnrPeUkwRe9:YvXKXuTyTVZc0vOqGWTfXcUkee9 |
MD5: | 8398530248B9298DC73F7AF4F843D524 |
SHA1: | F273B33C6560D1FDD4C7B14F6BE4518646FD4ECF |
SHA-256: | F147143B106E8EB55A37D17256A3D84983B5EB40A67E38A469F88726EBFC6844 |
SHA-512: | 41CA814CDF6272F5E9AEDA3BD2FB345B19AB525695D67F3F573F15E8267D6A6850587E3E3C5AF5CBC7AE42F044C90359E26C77ACC38579AD3B1047A4D70512D9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.286539913284521 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJfBD2G6UpnrPeUkwRe9:YvXKXuTyTVZc0vOqGR22cUkee9 |
MD5: | 6DFEA0D28B2E2AD63BFD90D0FDE0D3D9 |
SHA1: | 4C7183D5AC041505C11302759DE9DAFFD8DEA193 |
SHA-256: | 4B5DC8366756BCF3A596623804221F4AE321A00455D59D3312F2310FBF5F37F9 |
SHA-512: | 4FDABF2DA6CF13CE8DA9FB7B57B01F46A83BEA350238E913F8E8A10F71B9A90A1AC9B65CC4D3AF3799C2021F32FEE213D5A368DFA08CC217D8407EF6D51947D9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.3481902663822405 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJfPmwrPeUkwRe9:YvXKXuTyTVZc0vOqGH56Ukee9 |
MD5: | 2A93FCCAFBC5A7E1A52C38077158C63D |
SHA1: | 332BD431FECD55A45B6591070C41AD2921F0906C |
SHA-256: | 874C258030420535033B00A3C1D380E05B975CA7CF400A58781353CDE1982503 |
SHA-512: | 67C75DF7EA0B933DDF2D05598D261996DBCC7846023C57CC30D3170CF9D70DF7A43B0C8088549D602372DEE9860DD12F949132ABA89E5DB62E59F2C519678E53 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.664089933423719 |
Encrypted: | false |
SSDEEP: | 24:Yv6XjVzvmpLgEFqciGennl0RCmK8czOCY4w2CF:YvaOhgLtaAh8cvYv1F |
MD5: | C7BC660B287E8B349A4E7897856B0A13 |
SHA1: | D2003CE0C7275CF1B9604C83E27B058F266C8B6B |
SHA-256: | 544B10114495A646E4A28A7EE3A7DD7F10ED4234971C2B2AE76FF55CD6BB6CB3 |
SHA-512: | 3EBA3BA896F9202D6EEE206B505CD4F2CD15C2AFAD0587ED85C7C24A7B8C70EE2DA458183C0BBE02A0A236295EB55EC9C3C3ABF05C0445F344147A5C8A50DD0E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.655600667977356 |
Encrypted: | false |
SSDEEP: | 24:Yv6XjVzvQVLgEF0c7sbnl0RCmK8czOCYHflEpwiVCF:YvaYFg6sGAh8cvYHWpwfF |
MD5: | D370576A678E3DFEE3B9C29976D9276B |
SHA1: | BA4C28E032E40CA7A29C0847275B6C3E6582AFDC |
SHA-256: | 5BA74E31CF83DCB67285259407F88DE211AACD5B25972914BCD6CAFFB6471B01 |
SHA-512: | AB14A04AC5D00817750D5F1EB5F91BD2B2262640CBC5238C03C7F20F70666C3F9E40EE9CA08A9F0EB9EB5261A718D7D0BDC400C87106ECE4820F4A235CD2A546 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.296274677618165 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJfQ1rPeUkwRe9:YvXKXuTyTVZc0vOqGY16Ukee9 |
MD5: | AE7F273A8B7F51E042C5DFCB0672FB89 |
SHA1: | A40EFCB615A9011B788AEB1B8D76B46997517A84 |
SHA-256: | 335A9DAFDE908171FDF5E92D78BC5070D9B5222CDD1008F91C2ECDC195817F06 |
SHA-512: | 616353061AB1F4BFAE702E6AE8B47553E4BF9D40F88EBAE68AAFA7CB607ADACFBFE862B2953C2DD4CBDB39C0774165650149042909AEA2B09B82C3C77E4397D2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.646827886511124 |
Encrypted: | false |
SSDEEP: | 24:Yv6XjVzv12LgEF7cciAXs0nl0RCmK8czOCAPtciBCF:Yvadogc8hAh8cvA0F |
MD5: | 8F4AD8311BE60CAE4388B99701C3DF51 |
SHA1: | 59508D6DC4B0902BB38DE0FDCDD05C23E2BEA5AB |
SHA-256: | 33FFE67F9039E4853A134BC112C6F0418142AFCB833D3D2A0F82B0B0C553A10A |
SHA-512: | 75A6CC5F4474DC6938692E10CED12E0107301DD9A295EBD4FE2F799A9C8C44917B84395A29FA9AA67F65734F3B7CE4601F55E35407389FF548C5358EB4C395F0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.699631391178184 |
Encrypted: | false |
SSDEEP: | 24:Yv6XjVzvdKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5CF:Yva1EgqprtrS5OZjSlwTmAfSKIF |
MD5: | 95DB1215076E67CD8C42C9EBA9F32D3E |
SHA1: | 5CB6878F34FBDB1791E316267E715E4FB7FB16EF |
SHA-256: | B04DFEEED422167A48FBCE58EF6D25B411C141457B39A837D081D972D2C1D0B9 |
SHA-512: | B662F42A8AB436828721F490BE7FAD2FE91CCBDC8AE40F3E91BFCA1B3336C7EEAB80D62A7B70BB73F620D02B6285269E43B1DA912F50B1B7616792E5A9A26034 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.29923081422381 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJfYdPeUkwRe9:YvXKXuTyTVZc0vOqGg8Ukee9 |
MD5: | 299B92C1C9791E68A331BC278B934722 |
SHA1: | 0BBF67E1C647D31081BC0F783FD449D0E513A0F1 |
SHA-256: | 5EF112DAB580205590B727A127E168D98410EAE64C77266177143C8FDBEA3588 |
SHA-512: | 3B183F5B45954685DEC8C684DAC77B59869DA0DBDFA9AE9090ED772123C28EB9D2353F4E01CCAB62E252A472EF35A7A42C892A36BF95BF03713484B715FAC896 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.7788097195240375 |
Encrypted: | false |
SSDEEP: | 24:Yv6XjVzvgrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNqF:YvaoHgDv3W2aYQfgB5OUupHrQ9FJIF |
MD5: | 8949D762C53C66B5D367771FA08C4DB2 |
SHA1: | 72AAAF88FCD74E9EB0DFA5A5C14DE4FF9522FA9A |
SHA-256: | 0EA9E0C6832B27B1319B28884F71B6BACF088891CA902C237D14B6191B1F4B1A |
SHA-512: | 593AE486C61C4FB01D6D1CB779A5B793FD091FFBB970E70237B724C3C654A739D1C9D41CA3E22C57BB0963640F045B54021039269F9250FBCEE58276EB249BF4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.282783198397853 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJfbPtdPeUkwRe9:YvXKXuTyTVZc0vOqGDV8Ukee9 |
MD5: | E6ECD28368140A351BDC5F2FE67C6765 |
SHA1: | DB1FAD719470E74B3596540DDF285BC4B4D24092 |
SHA-256: | 2E314822E7223E8BF3C1C75E7FB89B229FB46F2D4DC90C60AB899722571C28E5 |
SHA-512: | 3501B009EBF8B3E2636B9385032D4A935924B12C7F46DD555964DD20631A28C6B968597595F287B3DF34BB20E0AB083AEF31FD2E9B91FFBC1066989F5954477C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.286774254263909 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJf21rPeUkwRe9:YvXKXuTyTVZc0vOqG+16Ukee9 |
MD5: | 47609E049C87BA0EA9E8952A79FC3DA4 |
SHA1: | E1008644CE7B863F58853E76A9432E7E96DE19BB |
SHA-256: | 12304F27ED652DCD8ADBE713B8779CBEDB7597ADE22D30E6DB84E0846C234DC5 |
SHA-512: | 4ADD450889C2BC49B9949FCD1AEB7F3357E463E904824641F9433B98FD835C245DEFFAED901FBB76FA8207EA2499F054D1929ADC2ACBED965875225AA94C1A64 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.65396377860096 |
Encrypted: | false |
SSDEEP: | 24:Yv6XjVzv6amXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BCF:YvasBguOAh8cv+NKNF |
MD5: | 7C9AEFF4AAC90A38DDEA4C6EC99B7BBB |
SHA1: | C54019C8ACC970CE55B3BE57328A773BD7ECA095 |
SHA-256: | E0E83B6AC16239D6C659EC54DC1A382CF6E10CB30844957EC259178BD1731EF7 |
SHA-512: | 10D8A226F100F0D9A553AC2AA875747C736C8061B52CAB8AD18CBEA97B2FEA0547BFAAB491E85FD58EE8ADF28FAA0367D0BFE9EB6018CBC447AC6505EFF7A97F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.263608647088845 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJfshHHrPeUkwRe9:YvXKXuTyTVZc0vOqGUUUkee9 |
MD5: | F157C27083D2D7F84D5CAAD0C5B4FD78 |
SHA1: | 9392188BACD8FB3FD609CBCE4EBDAE52BC469797 |
SHA-256: | CEE600185C40D766BE0664246ED286F8D4548861977F364FE393565308F05C79 |
SHA-512: | 29938277B20D18F50B0078DB1236E5A139428A1298BFA02AC8DED2D56842FFAC11EE430AECF98932FE3E3CCA6F2491BDBCCFADE1C8517DB4F5CE19B2443A16B0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.365304166815584 |
Encrypted: | false |
SSDEEP: | 12:YvXKXuTyTVZc0vOqGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWmF:Yv6XjVzvN168CgEXX5kcIfANhfF |
MD5: | 361AFA21D73DF082F232F44D49BCA8C6 |
SHA1: | E91C0F36A31B2C51BABC6769B3CFB77F7EBC94DE |
SHA-256: | C030DF9315D992C6EC3FB6FE38A598B0BD618651E22E84F6CFD2279BAED0AFC4 |
SHA-512: | EDB77B837C98A55918DF26777518413848BD4351BA1D129FC16D2D96948F2F408DFA7ADB09E6746DC16CF2607E8695F20ABBE0DC339802D0B7D76842F229598C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.138333840892529 |
Encrypted: | false |
SSDEEP: | 24:YpyEP3UOaaayM4TS5RcWKZCBs6LfyxDWeEEP81BZfTMHjoNj0SaHqeh/1a2C2LSw:YpJJuCdRIcDWdMg6o9ehQH4Bvrlh94e |
MD5: | 734D093F20BAE8A2E740475ED9B9170D |
SHA1: | 076DDCD01DF46A1068A692686B38213B31C51BAB |
SHA-256: | 2B7B61F6B1F3AA07B724C9105DA9EB5F70A19F887120191C5386CA925949347F |
SHA-512: | 2FA6F3C4CFE2ABC11226D5ED3F283E2DF9F532B0B0609BBB52CDD14BAA5E6FF8513627D68E25411109468EBE6185667F5296A23517AC95C1D4752D47CEB8433E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.187041591212825 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUU70SvR9H9vxFGiDIAEkGVvpna:lNVmswUUUUUUUU70+FGSIt7a |
MD5: | 85638C9126F9B49045205046E90517BD |
SHA1: | 0E9E2C0E79FCA42007B3CCD1B463F31A44C95737 |
SHA-256: | 63652DB930B2B4731690294C5CF19D02DD03780DE6ED12FAD34C203A51DC6035 |
SHA-512: | E7193C96A13EEDB64B9BAA9028D6582D3396C7313DEBF8B95F5095CE513B93520B48B0CCDD146314AECBCF6A620AB40D46CA89C861E950D1FDC1409346FA691F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6073373049270505 |
Encrypted: | false |
SSDEEP: | 48:7MPKUUUUUUUUUU7WvR9H9vxFGiDIAEkGVvDqFl2GL7mse:71UUUUUUUUUU7aFGSItxKVmse |
MD5: | F22DEC7A39356BAF6DDCE31F066E4FD0 |
SHA1: | 3110A14341B57A8EAD5262C11985E25CFBF2315C |
SHA-256: | 9BA30008E2270846F23B0CBCF360ED3E9479430D7DFEA167C24B9EE267E88C1F |
SHA-512: | 5B9441D07F4829886D3D0C3A6557405F2112F4D721F74A438CBCCF723283E8C29354CB24EFC7C3E2A55FD80B532361D936F38F9465D82FD9404B0472FDED61F8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5421404787358357 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ofPpw:Qw946cPbiOxDlbYnuRKRxw |
MD5: | 25A1C31CF582EF731F756D4812B5084D |
SHA1: | 209472739EAB4DA5A91421AD8353658237C46E96 |
SHA-256: | A63BBD9C57EBA80F12B25C7C333611F5816ADCEE19CDD56FA8B77A1D77555C3A |
SHA-512: | 895BB497EE10A0035783F5564673D3CC57214243814D36A69D6110C205B70BBE465FC3D16CF13B224FE94354EE26F19CACAB196CFA495BC8C162239DAA1BBC02 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-27 05-06-52-218.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.340996968234535 |
Encrypted: | false |
SSDEEP: | 384:SqJGfGuGnGVGwGbNFoFXFBFYFqQN9DY9E9kcOcSHoHc6f6L6y6t6fHXfKzKdKphx:Fl3 |
MD5: | 5DE26D0F7FD677AB527C3164FB19B5E9 |
SHA1: | 39062AF78BBDFF2394654D3839E54912A9242C6E |
SHA-256: | A9EE01C07818EC4B80EFBBE29A96505BA12C0ABFC74713B06330DD419105D753 |
SHA-512: | 86B58899144D805C4AF5C844EEDF62C12C10FD3414435ECFDBBAB06A3E77B6FF1C4CAE8F293BEFC00800AA0F20A108C33C1FD6B44B1331A7A021DF3968745053 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.396194239799176 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rX:j |
MD5: | 5101A7394D9266FBC5C6482EB1F6D9C9 |
SHA1: | 829F6EEAEE7C3DA3022A6F8D36732513C7DE08E6 |
SHA-256: | FE318C5E579A320296D20173E21B7A8D319073AB451E6D32845B3DCD6281BD81 |
SHA-512: | 0F7EF8ACDF3B05CC415824B06F358A38CD139A7D4A1BFA05224D12ADFAA2B24BE10FF7A13D8FBB5BDE95F2D8ED87B44D53690EBD8BAE9017C5A4519257CFE0C3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7ouWLgGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLgGZtwZGk3mlind9i4ufFXpAXkru |
MD5: | A8E5C37206C98D1B655FF994A420FFB6 |
SHA1: | 827237782AB5971EC205C3BCECCC7950BE9F84C3 |
SHA-256: | F1F755059AF7C2CBC36920337941AEFB18FBDB3CD14D3239CBBBCF0CB8F208EA |
SHA-512: | 12DE33EB7624458AEC44D83D4E2C09E626F8E54E177FC0C26EEBA232935F34FAAAEB71FBB025EB7C53BEA9933C46ADCE759C32516D1B80C03B6734C61D61CEB2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.759946493106042 |
TrID: |
|
File name: | 20240927102105.pdf |
File size: | 223'164 bytes |
MD5: | d9a3a230b5e4c8d5712abc0b1bcd3287 |
SHA1: | b1878a18271a71ed9eae127069731536f184f15e |
SHA256: | d14b6f0341d5073b29abd846a8dbac6ed60e64a6103677835e9491390a13ace4 |
SHA512: | a5dd5467341366eefbef6252648458eb379cbfe13b014b99e7d2d6d4ec80f0054e7ea0161b429e7991f3ded9d72b8ae137da1ab9732c4ef78ad2cce3c11481bc |
SSDEEP: | 6144:FV6XoFtj8PyyKfSpqwr9DYKGHJfIdwPuTV/2rNqOb+:FF6K6pqiEJfywPuTl2Ia+ |
TLSH: | 0724124218DBC748ECAF341D4A7DBA2D480FB084F6CAF672B8794A6FDD443069550AE7 |
File Content Preview: | %PDF-1.4.%......1 0 obj.<< ./Type /Catalog ./Pages 2 0 R ./OutputIntents 10 0 R ./Metadata 11 0 R .>> .endobj.3 0 obj.<< ./Type /Page ./MediaBox [ 0 0 595.2 841.67999 ] ./CropBox [ 0 0 595.2 841.67999 ] ./Parent 2 0 R ./Rotate 0 ./Resources << /ProcSet [ |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.759946 |
Total Bytes: | 223164 |
Stream Entropy: | 7.759162 |
Stream Bytes: | 221405 |
Entropy outside Streams: | 5.073143 |
Bytes outside Streams: | 1759 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 11 |
endobj | 11 |
stream | 4 |
endstream | 4 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 11:07:03.149450064 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Sep 27, 2024 11:07:03.149497986 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Sep 27, 2024 11:07:03.149590015 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Sep 27, 2024 11:07:03.149785995 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Sep 27, 2024 11:07:03.149802923 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Sep 27, 2024 11:07:03.725883007 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Sep 27, 2024 11:07:03.726222992 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Sep 27, 2024 11:07:03.726241112 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Sep 27, 2024 11:07:03.727341890 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Sep 27, 2024 11:07:03.727405071 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Sep 27, 2024 11:07:03.777858019 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Sep 27, 2024 11:07:03.778060913 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Sep 27, 2024 11:07:03.778125048 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Sep 27, 2024 11:07:03.819403887 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Sep 27, 2024 11:07:03.828665018 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Sep 27, 2024 11:07:03.828685045 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Sep 27, 2024 11:07:03.875508070 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Sep 27, 2024 11:07:03.878211021 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Sep 27, 2024 11:07:03.878308058 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Sep 27, 2024 11:07:03.878365040 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Sep 27, 2024 11:07:03.878897905 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Sep 27, 2024 11:07:03.878918886 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 11:07:02.737267971 CEST | 51561 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 11:07:18.775667906 CEST | 49167 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 27, 2024 11:07:02.737267971 CEST | 192.168.2.4 | 1.1.1.1 | 0x1010 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 11:07:18.775667906 CEST | 192.168.2.4 | 1.1.1.1 | 0xf0c1 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 27, 2024 11:07:02.744801998 CEST | 1.1.1.1 | 192.168.2.4 | 0x1010 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 11:07:18.784584045 CEST | 1.1.1.1 | 192.168.2.4 | 0xf0c1 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49748 | 23.41.168.139 | 443 | 6592 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 09:07:03 UTC | 475 | OUT | |
2024-09-27 09:07:03 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:06:49 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 05:06:49 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 05:06:49 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |