Windows
Analysis Report
5BPXX1HIGER9.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 3712 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\5 BPXX1HIGER 9.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7200 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7424 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 00 --field -trial-han dle=1556,i ,245485976 5742305140 ,672387566 0102114181 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.56.162.185 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1520635 |
Start date and time: | 2024-09-27 17:35:27 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 0s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 5BPXX1HIGER9.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/44@2/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 23.22.254.206, 52.202.204.11, 54.227.187.23, 52.5.13.197, 162.159.61.3, 172.64.41.3, 93.184.221.240, 2.23.197.184, 2.19.126.149, 2.19.126.143
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, wu.azureedge.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- VT rate limit hit for: 5BPXX1HIGER9.pdf
Time | Type | Description |
---|---|---|
11:36:33 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brand":["PayPal"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":true, "has_visible_qrcode":false} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.56.162.185 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Vidar | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.1857686257107485 |
Encrypted: | false |
SSDEEP: | 6:PE6fE5fvIq2P92nKuAl9OmbnIFUt82E6fEyuGzZmw+2E6fEIkwO92nKuAl9Ombjd:PElIv4HAahFUt82EPi/+2Ec5LHAaSJ |
MD5: | C7545697CE8704917D2ED5BC47ADC5FA |
SHA1: | CBA8A973366C99299E41F37A6FF1F9D0F6F01209 |
SHA-256: | 8C5216515CDB8C7CE4EFAF25D7D2302B0EEF23A69C1D36F673A17F6909EAB77D |
SHA-512: | B2E5042256CE948FB4579B2AB068245FF4AC380A5BCBE71C5C1564EE9CE0E76FBDEBD3E481FD12B43300FAD844FB704818C57BF83582EDBB0337956DDB431895 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.1857686257107485 |
Encrypted: | false |
SSDEEP: | 6:PE6fE5fvIq2P92nKuAl9OmbnIFUt82E6fEyuGzZmw+2E6fEIkwO92nKuAl9Ombjd:PElIv4HAahFUt82EPi/+2Ec5LHAaSJ |
MD5: | C7545697CE8704917D2ED5BC47ADC5FA |
SHA1: | CBA8A973366C99299E41F37A6FF1F9D0F6F01209 |
SHA-256: | 8C5216515CDB8C7CE4EFAF25D7D2302B0EEF23A69C1D36F673A17F6909EAB77D |
SHA-512: | B2E5042256CE948FB4579B2AB068245FF4AC380A5BCBE71C5C1564EE9CE0E76FBDEBD3E481FD12B43300FAD844FB704818C57BF83582EDBB0337956DDB431895 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.201050767217404 |
Encrypted: | false |
SSDEEP: | 6:PE6fEg0+q2P92nKuAl9Ombzo2jMGIFUt82E6fEIjZmw+2E6fEsVkwO92nKuAl9OU:PEcJv4HAa8uFUt82EEj/+2Ew5LHAa8RJ |
MD5: | 34A4E707E7120F6925D2BE43C0686D88 |
SHA1: | F9A50ABBD8C10DA18EBB841E2E56796817FA70BD |
SHA-256: | B3FB4526BF4B33714CC3B74ABF0AAE863B0CDF2749AF860823689FD67C018930 |
SHA-512: | 16A15AEDA7F34A8AA9A31D7DE4809DE7C6D805342EEE37ECDCFECEFC0E42CCA3C4E07C4C13BA24370FA905CA6C84CE3878094BF6158701D07798878EB248DFD1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.201050767217404 |
Encrypted: | false |
SSDEEP: | 6:PE6fEg0+q2P92nKuAl9Ombzo2jMGIFUt82E6fEIjZmw+2E6fEsVkwO92nKuAl9OU:PEcJv4HAa8uFUt82EEj/+2Ew5LHAa8RJ |
MD5: | 34A4E707E7120F6925D2BE43C0686D88 |
SHA1: | F9A50ABBD8C10DA18EBB841E2E56796817FA70BD |
SHA-256: | B3FB4526BF4B33714CC3B74ABF0AAE863B0CDF2749AF860823689FD67C018930 |
SHA-512: | 16A15AEDA7F34A8AA9A31D7DE4809DE7C6D805342EEE37ECDCFECEFC0E42CCA3C4E07C4C13BA24370FA905CA6C84CE3878094BF6158701D07798878EB248DFD1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.057583481403094 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8squsBdOg2H/caq3QYiubxnP7E4T3OF+:Y2sRdsidMHO3QYhbxP7nbI+ |
MD5: | FCFC7929A6DA8D17F8416175B9B0983C |
SHA1: | 26E8568A72F46DBD0DB0240766F572B4DAB31A87 |
SHA-256: | B68ADA877DC4606E4D3D8B21107149B13FD657C6182F81DFD8E80BBF5BFD31AB |
SHA-512: | 94B940C7750FBCD7B5F00364398B8CFAFA07B6B04000781EBDE3AF0CD28571C51B08B5C7164E07FF8B649865E3520DC97544A434E6FE1D5E5B5348E2A7FC8B6E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\efac3a12-5687-47bf-9ecf-d69b4cd64453.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.057583481403094 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8squsBdOg2H/caq3QYiubxnP7E4T3OF+:Y2sRdsidMHO3QYhbxP7nbI+ |
MD5: | FCFC7929A6DA8D17F8416175B9B0983C |
SHA1: | 26E8568A72F46DBD0DB0240766F572B4DAB31A87 |
SHA-256: | B68ADA877DC4606E4D3D8B21107149B13FD657C6182F81DFD8E80BBF5BFD31AB |
SHA-512: | 94B940C7750FBCD7B5F00364398B8CFAFA07B6B04000781EBDE3AF0CD28571C51B08B5C7164E07FF8B649865E3520DC97544A434E6FE1D5E5B5348E2A7FC8B6E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.23503621499676 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLU/p6f4gZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLl |
MD5: | BF1A42ACC184760757826A5D4D6E6064 |
SHA1: | A799C98E4EB77B9ADE6F455C02788C4F59932477 |
SHA-256: | 1EA61AF4055640AD7659564813B27760BEA8CAA86DCAC54C8109EEAA865BAF5D |
SHA-512: | 76ADF642CBECB3FA3C650F1013CDD79DD763F4E74448A4B10E1C22405D4AB895671AAAB8DE5D4C607077E7FE8213CF8E06716F9D294C948537936678485230EA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.248568791225709 |
Encrypted: | false |
SSDEEP: | 6:PE6fEm+q2P92nKuAl9OmbzNMxIFUt82E6fENOXZmw+2E6fE/gtVkwO92nKuAl9Ob:PETv4HAa8jFUt82E5OX/+2EbU5LHAa8E |
MD5: | 6AEEA61E6CB92F7569D2F3CF72404FD1 |
SHA1: | F91EF624795BC1262B413A262B7B078C5A9CAF49 |
SHA-256: | 0E427BDC3276D65B355CFEA73C724B487937F40D4404A619CDC70C3C33F4D1AA |
SHA-512: | 30D68D9F6204180465C7781DBB3A39E8A2C93545F368C9DAF59EC4CF17D2494934E5523BAEDF77D8B8A2A4899BB75987252E10A2AF584F2A0546691F3450792B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.248568791225709 |
Encrypted: | false |
SSDEEP: | 6:PE6fEm+q2P92nKuAl9OmbzNMxIFUt82E6fENOXZmw+2E6fE/gtVkwO92nKuAl9Ob:PETv4HAa8jFUt82E5OX/+2EbU5LHAa8E |
MD5: | 6AEEA61E6CB92F7569D2F3CF72404FD1 |
SHA1: | F91EF624795BC1262B413A262B7B078C5A9CAF49 |
SHA-256: | 0E427BDC3276D65B355CFEA73C724B487937F40D4404A619CDC70C3C33F4D1AA |
SHA-512: | 30D68D9F6204180465C7781DBB3A39E8A2C93545F368C9DAF59EC4CF17D2494934E5523BAEDF77D8B8A2A4899BB75987252E10A2AF584F2A0546691F3450792B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240927153624Z-163.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.7187518082532125 |
Encrypted: | false |
SSDEEP: | 192:UICYc/RZO36poY9OL0WiHglOoAvgcgWAQv7OvZMvC:gY/OoYWiHglREw |
MD5: | C5D6746889D1C6B83BB5F998FD0E9340 |
SHA1: | 4F80DC977415A12140DCA98E4AE6A0C10AD03CC2 |
SHA-256: | 7051068E7F4F95422ECEBC7E793F0BD4512E9C7CA938AD23270BA2E34E0F1A37 |
SHA-512: | 59C131F1E98E14159F6AB7B8F2AEEF7240501FCAA0AE3D1687B357BA02EEC621B411B5EC65F1B46F63BF7BA0D7E724C4409E2B29D8C06E786B201597CA16C1AE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.750397451508313 |
Encrypted: | false |
SSDEEP: | 3:kkFklcC+/tfllXlE/HT8kyNNX8RolJuRdxLlGB9lQRYwpDdt:kKFCueT8FNMa8RdWBwRd |
MD5: | AAB31FDBC3A05DCB7B9675FF4A49A398 |
SHA1: | 48FF1F67B2CB521D485A55578B6ED6288F1F0025 |
SHA-256: | 3996D34C2A8D081AD5F5E14CD4D018F5938E1053E16A908CE9D056F6FAC43097 |
SHA-512: | 507C9CF73651624F0DE3CF8ACA2D9FA0DAB7E82EDBB5A4194DE1E479D4932C4B781FC29A7E1180EA389071C4BB1AE655443505AF10A5CBD86EDB98064AE2A05D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.1440865988908953 |
Encrypted: | false |
SSDEEP: | 6:kKrdL9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:DcDnLNkPlE99SNxAhUe/3 |
MD5: | 9583506BE77AB5802FAC94A368EB284F |
SHA1: | CBD06EB03CC9D948DBCD2BDDFBB108710A943C99 |
SHA-256: | D9756ECBDFAD7D66D057FD97E788F5D8B3A282DA3B1505CADD2B19D376323022 |
SHA-512: | BD020A818655FA40E7675200A2D8F3E0B35172BA0BB5A642A521D5142A1510BA6E16BFC40A6F8DABD5CEB2FEC044B4435BB5BBFE382A624866312CCA9C68A1BC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.333154241453163 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDQBAhd7+FIbRI6XVW7+0YMURMqoAvJM3g98kUwPeUkwRe9:YvXKXaAqYpW7ZIsGMbLUkee9 |
MD5: | 2E457459430E4D6943E26602E22894D5 |
SHA1: | 61799558AED523245186AEA43217AA8E07FF6291 |
SHA-256: | 7FA5765EC493633D77518417F39661F41945DCD37F4A7A6794E628F0F48AECD0 |
SHA-512: | B576A561DB7893A2D630D37146F463676C6AF8C85CF74950BD262F4BC94BD561A8F5AEE3193C4F2144E6CA1B3C3A2CBEED0C36785B48BA7A93FF0573BC86963C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.273486575740654 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDQBAhd7+FIbRI6XVW7+0YMURMqoAvJfBoTfXpnrPeUkwRe9:YvXKXaAqYpW7ZIsGWTfXcUkee9 |
MD5: | F26574A9718D52370DA3B31B38894674 |
SHA1: | 50616EDA4D74E6F451AC1A040612D9339903ED5F |
SHA-256: | AD8B124574AAC76FBABF3FDE5505A1F92CCA056F296CB751F0329329014021FA |
SHA-512: | 1F74C90A6967A9372ADD92FFCB51D04670136ECF13357D800614A616C571931693C48128286EE7E929A17BFEEF631DE8DB08FC449C87376D666FD14A5EC4106E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.25248161113573 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDQBAhd7+FIbRI6XVW7+0YMURMqoAvJfBD2G6UpnrPeUkwRe9:YvXKXaAqYpW7ZIsGR22cUkee9 |
MD5: | BA06E3FEAC3377A65837B7EA6BB84235 |
SHA1: | 02C8196A06E5EAC4B92B1E99F44565E8FB1D4540 |
SHA-256: | 29B2CE171A1BDAA8607636A2F4DA1E73C451A9E38881557B499ADB631D3DF6D1 |
SHA-512: | CFCF10AE5890B93AE0E610EB67ECF4F948E5E9026D27669F7766B27A0D58AF878C4E1FF0BE1454AD9571C0BA91850B88DD016F755F2D1E61B3B8ABD03CED20B6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.310987149111869 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDQBAhd7+FIbRI6XVW7+0YMURMqoAvJfPmwrPeUkwRe9:YvXKXaAqYpW7ZIsGH56Ukee9 |
MD5: | D73E7612A1B0933E2664A53A84E889E0 |
SHA1: | 95B6E2C93A667B51A988300FBC686C87C1C06814 |
SHA-256: | 6114A978817020AF7AB4E409DD11467AB6215239379AD18C60A6B570832357CD |
SHA-512: | 58524687399D8C91E5214BAAC8AC8E8F75C1964532F3545F15E21243B983C8B7115A25C9FC733B21CEFA2735B92B5512282C8C0DB60795BAEE0BF568AF8BC43B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.6638003663745184 |
Encrypted: | false |
SSDEEP: | 24:Yv6XaKiupLgEFqciGennl0RCmK8czOCY4w2Y1:YvHuhgLtaAh8cvYvp |
MD5: | 2060779D50501E5F02D706AD79BDCEFC |
SHA1: | E1BD71527E911FD304052C243CA867BC0D4CB471 |
SHA-256: | 33B55F983C4A12A01C761DC323892DE834C4AD38DBE11FC25B6C8BED286C6727 |
SHA-512: | 45C531E4FDD8D9249EC8E7AAA18E52C56E6C99F968A886CA19EE5B854A9740FEC345A1D753D2BE0EBC2162C2F30FCA52CA9DE467B9780B6CEB6F3E6DFC548F4E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.6481193373696055 |
Encrypted: | false |
SSDEEP: | 24:Yv6XaKi4VLgEF0c7sbnl0RCmK8czOCYHflEpwiVY1:YvH4Fg6sGAh8cvYHWpwj |
MD5: | 7C5317DAE411B55395D9FE6334439B34 |
SHA1: | 5714A2CC61F63E41C811F39752C589DAF473ED22 |
SHA-256: | 0D2804EE05B4D101A3EDACF75D4E3C35358D475C17A1BA1BFCA2118AE2F2E643 |
SHA-512: | 07BB789BCADBE4D35CB584CC04F914EE56EC391E740F1DD9A973118D8F24AD42699688B17FA297D7BDCC0042BAF11F55C6080966EF04FCAB9B1DAF17D7C791E0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2573333521920755 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDQBAhd7+FIbRI6XVW7+0YMURMqoAvJfQ1rPeUkwRe9:YvXKXaAqYpW7ZIsGY16Ukee9 |
MD5: | F754B36557CC5A647A9171A465B54759 |
SHA1: | 036B0532E5E896B5BA3A4E707DD20AC022EE64EE |
SHA-256: | 25038E7AF691E538F835665EFB75DBACD1F18DECE1295612FB7B042554B550BC |
SHA-512: | 3D51F1872CDEAFD26F4F8D43DA87F891E8DFE3611E7427B98C3CF1560A0420DDEC76C0EA1B0745B86C6FB8225C17706B24091A9313340DA934734E99832C90F9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.64273703021092 |
Encrypted: | false |
SSDEEP: | 24:Yv6XaKi92LgEF7cciAXs0nl0RCmK8czOCAPtciBY1:YvH9ogc8hAh8cvAU |
MD5: | 936D13C4A10DFFC26898CE1BDB5D5A33 |
SHA1: | 830AE6E9C94D97B8C3EAC82198672EB9C2B5580C |
SHA-256: | 629593DEC914EA00DEE6A2DA7C87C15E2DF1DE769859CE2176FFCD6D5ACE6260 |
SHA-512: | B712AB582D857E77173148C1061E613FEEDA50DA2DB343916089A2521ECDA5A135E2C25C24213E5487DD4394158DDB172CFBCAABDE0F3E088752261BD812A218 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.69413086104119 |
Encrypted: | false |
SSDEEP: | 24:Yv6XaKiVKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5Er:YvHVEgqprtrS5OZjSlwTmAfSKqr |
MD5: | 7E119A83E5B80D57D188F8A73907270B |
SHA1: | 00BABE474C1012C8A8A89BA4BE1C6FB0ED5ECAD1 |
SHA-256: | 76B582B30CEBFCD7F70B051E81753C7837C9E21A4D67BB8DC88BE314DE40CBDE |
SHA-512: | C43EC2F3E6D104A739D59A318968D4064CB21E365CA650C9591D82BB4BCA842B83D7A633DB3B25432DAF0934A02DD28F46B3D5CBA44BADC71F63CE1828049F70 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2633790774148705 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDQBAhd7+FIbRI6XVW7+0YMURMqoAvJfYdPeUkwRe9:YvXKXaAqYpW7ZIsGg8Ukee9 |
MD5: | 2CF2A904F73D71292458D31282E6A584 |
SHA1: | C073D76CFDEFB39B7D3AB62464CE921FD7869E81 |
SHA-256: | 69BB8434D232E7226930F6CB7505AF3B091106C720B12F291B83CF75CE625C7A |
SHA-512: | 7AB781F1ADD0F3650B2AC93B94A69317817FEAC8E4B89BCD771A4F3B355419D0AF82F56A7D41E9BED69D915293FB23967FFE8BD5A79A9CCC2666138988C9EB9A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.770644420554089 |
Encrypted: | false |
SSDEEP: | 24:Yv6XaKiIrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNA1:YvHIHgDv3W2aYQfgB5OUupHrQ9FJI |
MD5: | F4701E0782D3241AB84520E28802D6C3 |
SHA1: | 2258FA630E47B9AA6CE784FA8BBB5A76373EE347 |
SHA-256: | A1CD6CEF2BBA1EAA5CFA1E0A9FA51A51BB5469025886451E41B1F03B5D09216D |
SHA-512: | 74B2167C2FF5D245D34731D7E4D9454D0A5D6980354407FF5C67F9D09D7BA6B476A20A7FC5FF11B0F1FD6BC003EFC3E621F99C4052728DB8592E97A2C767DC80 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.2471778652783225 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDQBAhd7+FIbRI6XVW7+0YMURMqoAvJfbPtdPeUkwRe9:YvXKXaAqYpW7ZIsGDV8Ukee9 |
MD5: | 35D65BF7704DE87F5523D0C1B8855BCB |
SHA1: | 9EB1982FBDF99C9AC85E7654A97CDE12AD327D2C |
SHA-256: | D6CE5414C615540593C265818CA261E676FF05A3C01509D0443CD783197444DC |
SHA-512: | DEDB9A657FF11F22FA7F69262DB29DC88AC21005B2168DEFAA63BF65C6D816211964FBB9A72AA5C39B1CFAA2CAEB173D73393CB84DF1563D8EC9F652783EE43B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.248344196305295 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDQBAhd7+FIbRI6XVW7+0YMURMqoAvJf21rPeUkwRe9:YvXKXaAqYpW7ZIsG+16Ukee9 |
MD5: | 8E5D6530FDC86036B5E4CF40BE130FBB |
SHA1: | C3CFC50DDAA001891D906740C4F30360E33C895F |
SHA-256: | 74B8413220AEC148247545D41B9BE5F24DDD395E3C3A01BFE7450990FC95E5D7 |
SHA-512: | B6F5C853E7707AD47B36080F7FBCC8DE40364A413A86D35094901CF56C7CC13966C6B995B5DF844F7814035C82F761825F00E711D3C547FBF630B7253FC62D99 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.649562790427565 |
Encrypted: | false |
SSDEEP: | 24:Yv6XaKiyamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BY1:YvHMBguOAh8cv+NKh |
MD5: | 406F36241E2EDA48372CBDF00CEB0FB8 |
SHA1: | 1F9C2DD9E372C51E3A8CCBB28AD9C09CAB6EEC71 |
SHA-256: | 75EA60AE325318EDD50123D4EC8D14CDEB923550622145F2A9A6509B85EBEA5B |
SHA-512: | 90FF0DBD059DCF492960EB9C8A8091308AF663983567DF2455BF6688855907D79EA048C859D2735C9AF5B6F9E749A916C96148FD2D628D6552A9FECE898EEF4A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.2228304779170855 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDQBAhd7+FIbRI6XVW7+0YMURMqoAvJfshHHrPeUkwRe9:YvXKXaAqYpW7ZIsGUUUkee9 |
MD5: | C58553D37F59FE60D6F0953BD8DB0FC3 |
SHA1: | 7DB0C8DD858C07EA8F9F6B1CD955D0B0F1CBC17C |
SHA-256: | 9F643CC8A6828643C93798785853ECA7ED1C4099AE4AADE11926EBD4FCD98A56 |
SHA-512: | E520823C92B3B1ABE9380D5EFB1F1046F31AC039F6C41FD228DAE493D5806BA7A941634CF9A3C1ABE7FB550921965109FDA5B8DFFACE249072CE6E9C5548B113 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.359258472004852 |
Encrypted: | false |
SSDEEP: | 12:YvXKXaAqYpW7ZIsGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW81:Yv6XaKiF168CgEXX5kcIfANht1 |
MD5: | 543E5F8DDB334D06A20141ABCEEC63FC |
SHA1: | 75835912AEFCDD9D6C65FE2C22C8DB6FF955D17F |
SHA-256: | CC55813299EC644A277B6BDCBE96FEFC9DE03B3CDC9FF2BB6905F4A521ECE691 |
SHA-512: | 6256CE077CD871ACFC6F3E4B3B8D8400466AC711C48BB936DEA5E5415BA9AC495BE8E9EA60270E4274743C79F293DE86353F476410F6F43F8EE373DF17942232 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.141097587629666 |
Encrypted: | false |
SSDEEP: | 48:YQPrlpVL2MKOmzlMAmHgMQ1QmJRv0+pdfzm99/Y9lwUF:Jl2ZmAMp+Nq9AB |
MD5: | B6855D21C1FD750C889796E37B31F80E |
SHA1: | A3D73176C5E29A06D31A1B0DED8479CB7EED4613 |
SHA-256: | 80F26499FD56776C8866FDBE38877B1EFBD9540F2E59BA5D928039889217ECEE |
SHA-512: | 0F9DBBE2ED5052EC748CC6EB475BB2377D852A34586790556A4D7E04514280EAFA789497D018E19145B3795C055C876BE9085AAAB45F657D4908FEE0C33B7387 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9841183229049072 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spij4zJwtNBwtNbRZ6bRZ4PjF:TVl2GL7ms6ggOVpNzutYtp6PI |
MD5: | 91DCF7A1E86A301BA93CE7366B3E5BB9 |
SHA1: | 2300E84CE03E63EA30FB5FEFAC19B0633F98AC21 |
SHA-256: | 837D82B74D6D854C24D8B8648ED12047C939668A163559A0C468862953351951 |
SHA-512: | 1A3EA341B828D5B6FEB8B81FB881D1FC7B6A817B87B33C292B76AF52B086C476AA23A2B73C4833BA45806947EB594E07F68EDBD4EC84E727E324CB2FA1074A4C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3394288537700634 |
Encrypted: | false |
SSDEEP: | 24:7+tCAD1RZKHs/Ds/SpijPzJwtNBwtNbRZ6bRZWf1RZKuqLBx/XYKQvGJF7ursWl:7MCGgOVpWzutYtp6PM/qll2GL7msWl |
MD5: | A5E413E587264D88EDCD2324C9B2B503 |
SHA1: | D2AE4765569E38D9AAC13D8919C6C8E73460889D |
SHA-256: | CB4B8468A5814773513139E5DBFEDC5615157F49EAEDE40691E87C2ECCD53128 |
SHA-512: | AD09B7AD05FB5D1AE7EF43C64E2AAF16D286B5143101961B8912C5FB7875DEF578AE2387DE6942AA72A899FB9071F58254D7BDF895C9A4D83A5E7DFE1FC9AC13 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.53559722477471 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8Ub9:Qw946cPbiOxDlbYnuRKZ9 |
MD5: | 9EA9816384D13C340E5978028FE5795D |
SHA1: | 7EAC3553E05FF7AB233763FA09000543CF606192 |
SHA-256: | 6893AFF66CA4D67635EC60A596E6095579C0C03D3D87CDDBF279943213C4B8A6 |
SHA-512: | 8E790D5FFBB32D781C3AC7E9E468FA272BBF4A9BA2922894BFF78453DC7925C0C1CB6B53D7CB85F84B7E887EC7345FA2610FC06C0AF9661B71FB40DA91C8C77C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.05841900170208 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOAm47umbZbm47umbFCSyAAO:IngVMre9T0HQIDmy9g06JXw97usZb97Z |
MD5: | CC4EF60F8FB300E5A746E8A41C1C4688 |
SHA1: | 95CED1E4E18C55E3E271D8AEC1298DBC0258FD26 |
SHA-256: | 1A36F2FED25B25A4A7C5A1C1C43082CC777E64A26525F106529864DA496E3CF4 |
SHA-512: | 3DBBD240F4665F939E72E7BD3E6DA465F7A95B9F66BFBE620651132295E26B22716E19682C4E9C5E9DB445254300A290A2A5EA1CF9D450041F83E991B9B02B06 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-27 11-36-22-743.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.355806726025244 |
Encrypted: | false |
SSDEEP: | 384:xkQJaaE8ygp1n7769LFXl0hlwPwMA/HtvsVxnvBejdOq06uMm78Y232lgug2I5ZV:zj9 |
MD5: | 5EF356983D602C9C87C521AEB6057DC0 |
SHA1: | 4CB04CA0B7F125936FBEC69BC6ED24BC9D2B7ABA |
SHA-256: | F887C0D45C9BCCA5E879F41DE953ED13AB24C84298FEE0FC575C021F8782047E |
SHA-512: | C5BECD65C2E68F7EDF17E16C6B8225EC1A4EDAAB096E65268604A7351E6A763A2D59FC2744504C512F1C7A4A05D542459AFD39CC9ACD8B413DB9811DA5F26A5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.405206716435118 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGb2:a |
MD5: | F86B0A155E992F8A82611D903856A308 |
SHA1: | A6A36A8A80EFC4CF4E4E5F5B06D339DBB4C8339C |
SHA-256: | 33F3098CADEFC6C0C28A2A6D2E928179724DC1AA6538D1A55A2974C41ED57A3D |
SHA-512: | F188B834DF04B0D21C465F608DF3E9FCAB4B5E0F534DC35D333F306F2C22BE3B34A666C08221C57503CC602D15D767D4C1F7829DC7E1AF0E6B7C209A580987D4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.863567354573888 |
TrID: |
|
File name: | 5BPXX1HIGER9.pdf |
File size: | 50'795 bytes |
MD5: | aa55b36be9bbd1bdb65a4b2741e70f8b |
SHA1: | 3953604d2ebf3bc6d692b2c186a0001c941cab27 |
SHA256: | 80d1d9115bd719cec06ec131626f9f8721f8e9259d5aead43b8d20c24f6ce556 |
SHA512: | d71f888b89ef918ee9ffddb205769413bb5a30176f44acefc639d93d409d29731997b20cf423d3d640a278f6d1dc0f5d2bffcd1d9b1cbc3cce5c61eacd0ba36b |
SSDEEP: | 768:4zyH2yhB3zXReHqol5+oXi81PUVhi1DHVHWaUNI7/uAtqu+0TxGeU:4zcTlUHhXfi8s6ZHWacI6AMu+0TxGeU |
TLSH: | 2933C0B2B7865C4DDDE38772ED64BA4D88B8BD5745C840A3F0320A956D9DC38B6328CD |
File Content Preview: | %PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20240927145741Z).>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endobj.4 0 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.863567 |
Total Bytes: | 50795 |
Stream Entropy: | 7.951490 |
Stream Bytes: | 45293 |
Entropy outside Streams: | 5.152872 |
Bytes outside Streams: | 5502 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 36 |
endobj | 36 |
stream | 10 |
endstream | 10 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
9 | 69647b6b66e4d054 | f82a3f5e12732395a25774e01a227be4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 17:36:33.983266115 CEST | 49721 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 27, 2024 17:36:33.983321905 CEST | 443 | 49721 | 23.56.162.185 | 192.168.2.5 |
Sep 27, 2024 17:36:33.983393908 CEST | 49721 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 27, 2024 17:36:33.983740091 CEST | 49721 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 27, 2024 17:36:33.983757019 CEST | 443 | 49721 | 23.56.162.185 | 192.168.2.5 |
Sep 27, 2024 17:36:34.684871912 CEST | 443 | 49721 | 23.56.162.185 | 192.168.2.5 |
Sep 27, 2024 17:36:34.685425997 CEST | 49721 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 27, 2024 17:36:34.685467958 CEST | 443 | 49721 | 23.56.162.185 | 192.168.2.5 |
Sep 27, 2024 17:36:34.689131975 CEST | 443 | 49721 | 23.56.162.185 | 192.168.2.5 |
Sep 27, 2024 17:36:34.689214945 CEST | 49721 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 27, 2024 17:36:34.714464903 CEST | 49721 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 27, 2024 17:36:34.714696884 CEST | 443 | 49721 | 23.56.162.185 | 192.168.2.5 |
Sep 27, 2024 17:36:34.714730978 CEST | 49721 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 27, 2024 17:36:34.757169962 CEST | 49721 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 27, 2024 17:36:34.757184029 CEST | 443 | 49721 | 23.56.162.185 | 192.168.2.5 |
Sep 27, 2024 17:36:34.804008007 CEST | 49721 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 27, 2024 17:36:34.885026932 CEST | 443 | 49721 | 23.56.162.185 | 192.168.2.5 |
Sep 27, 2024 17:36:34.885200977 CEST | 443 | 49721 | 23.56.162.185 | 192.168.2.5 |
Sep 27, 2024 17:36:34.885621071 CEST | 49721 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 27, 2024 17:36:34.885653973 CEST | 443 | 49721 | 23.56.162.185 | 192.168.2.5 |
Sep 27, 2024 17:36:34.885667086 CEST | 49721 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 27, 2024 17:36:34.885696888 CEST | 49721 | 443 | 192.168.2.5 | 23.56.162.185 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 17:36:33.518146992 CEST | 52702 | 53 | 192.168.2.5 | 1.1.1.1 |
Sep 27, 2024 17:36:47.501492977 CEST | 55741 | 53 | 192.168.2.5 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 27, 2024 17:36:33.518146992 CEST | 192.168.2.5 | 1.1.1.1 | 0x6586 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 17:36:47.501492977 CEST | 192.168.2.5 | 1.1.1.1 | 0x6793 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 27, 2024 17:36:33.525928020 CEST | 1.1.1.1 | 192.168.2.5 | 0x6586 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 17:36:47.511512041 CEST | 1.1.1.1 | 192.168.2.5 | 0x6793 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49721 | 23.56.162.185 | 443 | 7424 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 15:36:34 UTC | 475 | OUT | |
2024-09-27 15:36:34 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:36:19 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 11:36:20 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 11:36:20 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |