Windows
Analysis Report
Invoice #23078.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 4328 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\I nvoice #23 078.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2084 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 4512 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 88 --field -trial-han dle=1652,i ,133776888 8944357620 0,60426323 7396927369 3,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.195.76.153 | unknown | United States | 2914 | NTT-COMMUNICATIONS-2914US | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1523619 |
Start date and time: | 2024-10-01 20:55:29 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Invoice #23078.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/42@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 34.193.227.236, 18.207.85.246, 107.22.247.231, 54.144.73.197, 162.159.61.3, 172.64.41.3, 2.19.126.149, 2.19.126.143, 2.23.197.184
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
- VT rate limit hit for: Invoice #23078.pdf
Time | Type | Description |
---|---|---|
14:56:56 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brand":["Wells Fargo Bank"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.195.76.153 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
NTT-COMMUNICATIONS-2914US | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 298 |
Entropy (8bit): | 5.19732958026055 |
Encrypted: | false |
SSDEEP: | 6:fAHlL+q2PN72nKuAl9OmbnIFUt8m1Zmw+wLVkwON72nKuAl9OmbjLJ:oovVaHAahFUt8m1/+o5OaHAaSJ |
MD5: | 4D50CE5E19E7B47DDE21020813EA2F2D |
SHA1: | 3E484732A712F7AFB8133AD36988D3B3F98FBA8E |
SHA-256: | A4CF0A56E915135A30F1CC9D639D0AE52ACEB6CEE08F52673E157F5566EE31AD |
SHA-512: | 4E6C118C984CE16364373EE09B901861506E176466F4FDCF15FBE9152DE5694BDD97B968AC1E5E3C0BE943ABC55202DBFDB73091ECDBEC67ACD9F93B324A4C71 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 298 |
Entropy (8bit): | 5.19732958026055 |
Encrypted: | false |
SSDEEP: | 6:fAHlL+q2PN72nKuAl9OmbnIFUt8m1Zmw+wLVkwON72nKuAl9OmbjLJ:oovVaHAahFUt8m1/+o5OaHAaSJ |
MD5: | 4D50CE5E19E7B47DDE21020813EA2F2D |
SHA1: | 3E484732A712F7AFB8133AD36988D3B3F98FBA8E |
SHA-256: | A4CF0A56E915135A30F1CC9D639D0AE52ACEB6CEE08F52673E157F5566EE31AD |
SHA-512: | 4E6C118C984CE16364373EE09B901861506E176466F4FDCF15FBE9152DE5694BDD97B968AC1E5E3C0BE943ABC55202DBFDB73091ECDBEC67ACD9F93B324A4C71 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 342 |
Entropy (8bit): | 5.198543011690446 |
Encrypted: | false |
SSDEEP: | 6:8NIq2PN72nKuAl9Ombzo2jMGIFUt8LZmw+tmFzkwON72nKuAl9Ombzo2jMmLJ:zvVaHAa8uFUt8L/+tmFz5OaHAa8RJ |
MD5: | CA3B221966F475216406748DC9E0E8D4 |
SHA1: | F333BE9D8FBA5BC16C0391F5448C2D90380E40F1 |
SHA-256: | 63B6A20B2C45E9AA8CD323535B524BAB5D52B43468F1DB0C11232BFF66EAC03E |
SHA-512: | 87512F5164EAAB15EE88A6E2D7F1040E34C14BC5EA6FCE1B0D844AB0C50F514E83556306EE0B289386FFD7C51BFB0D38286FC2A146C8D99F86D91D5C48E8C8A5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 342 |
Entropy (8bit): | 5.198543011690446 |
Encrypted: | false |
SSDEEP: | 6:8NIq2PN72nKuAl9Ombzo2jMGIFUt8LZmw+tmFzkwON72nKuAl9Ombzo2jMmLJ:zvVaHAa8uFUt8L/+tmFz5OaHAa8RJ |
MD5: | CA3B221966F475216406748DC9E0E8D4 |
SHA1: | F333BE9D8FBA5BC16C0391F5448C2D90380E40F1 |
SHA-256: | 63B6A20B2C45E9AA8CD323535B524BAB5D52B43468F1DB0C11232BFF66EAC03E |
SHA-512: | 87512F5164EAAB15EE88A6E2D7F1040E34C14BC5EA6FCE1B0D844AB0C50F514E83556306EE0B289386FFD7C51BFB0D38286FC2A146C8D99F86D91D5C48E8C8A5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.965726528450044 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqysBdOg2Hqcaq3QYiubcP7E4T3y:Y2sRdsOdMHF3QYhbA7nby |
MD5: | 1FEE01798F01F34F9A70A8E9953F0DFE |
SHA1: | 61FFF3D2FF258CBB09424E487E24E0618006732B |
SHA-256: | 8709E147C229BCAACA6BB12E3D12EB6E1B252FF7029EC2DBC5BD87830C471896 |
SHA-512: | B704D6A5F776E3C7DC5904CD5B1C1BD447AE1AEC8F4E7CEBDB0B735891202AEFA07533E5853A5691EB892B5F22FC45C874F863C9145DA83665D6EDA23301C32E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ec5b3fb2-3273-4470-b557-468b6e1a07a3.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.965726528450044 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqysBdOg2Hqcaq3QYiubcP7E4T3y:Y2sRdsOdMHF3QYhbA7nby |
MD5: | 1FEE01798F01F34F9A70A8E9953F0DFE |
SHA1: | 61FFF3D2FF258CBB09424E487E24E0618006732B |
SHA-256: | 8709E147C229BCAACA6BB12E3D12EB6E1B252FF7029EC2DBC5BD87830C471896 |
SHA-512: | B704D6A5F776E3C7DC5904CD5B1C1BD447AE1AEC8F4E7CEBDB0B735891202AEFA07533E5853A5691EB892B5F22FC45C874F863C9145DA83665D6EDA23301C32E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5859 |
Entropy (8bit): | 5.248997861979617 |
Encrypted: | false |
SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7NIN7P:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhY |
MD5: | D28240B3333D6A803C707A063E6636EB |
SHA1: | 3994AD4C9ACE73B9FB73C4075A6F32D84247AA5F |
SHA-256: | 3729C3146693C37909F5B055ADF57FED012B05C65F6F0C85D5017544400B2C86 |
SHA-512: | DDAA8BC24A6EA40CB0F8F978564A72544BCBA0FF02E917D5D378D8A64455F75083FD94AE6760A22763FE8DADE3B40AF81257403E8E668B280A960FFDFB29D220 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 5.161097784955056 |
Encrypted: | false |
SSDEEP: | 6:gOq2PN72nKuAl9OmbzNMxIFUt80CZZmw+0CzkwON72nKuAl9OmbzNMFLJ:gOvVaHAa8jFUt8t/+f5OaHAa84J |
MD5: | 417117EF6DBED690AE2D9794481CCB19 |
SHA1: | 4B7F75108541F43602FC6232D245C986C7EAE148 |
SHA-256: | AFF88B8EAB31ED5786BD27C4561AAD378868D85D223BF2248791CA3A9666FCF2 |
SHA-512: | 389936E0E490D2F8DC3FCC341E07AF9CB8BB23CD94588A25AC9F32E5F91563ED76BA9B29BCD963C966B90A74F46C59F1DBE977081E3B51C8904F2B580277EF9F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 5.161097784955056 |
Encrypted: | false |
SSDEEP: | 6:gOq2PN72nKuAl9OmbzNMxIFUt80CZZmw+0CzkwON72nKuAl9OmbzNMFLJ:gOvVaHAa8jFUt8t/+f5OaHAa84J |
MD5: | 417117EF6DBED690AE2D9794481CCB19 |
SHA1: | 4B7F75108541F43602FC6232D245C986C7EAE148 |
SHA-256: | AFF88B8EAB31ED5786BD27C4561AAD378868D85D223BF2248791CA3A9666FCF2 |
SHA-512: | 389936E0E490D2F8DC3FCC341E07AF9CB8BB23CD94588A25AC9F32E5F91563ED76BA9B29BCD963C966B90A74F46C59F1DBE977081E3B51C8904F2B580277EF9F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241001185648Z-163.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 0.9455337676252302 |
Encrypted: | false |
SSDEEP: | 96:QkMYceZRPh7hGWLcXaxlAvY8/+CpwIRaGqOb:Qw9nhka6wI8rOb |
MD5: | 0863531C18A5B8B9C8261AEFB61A5EE2 |
SHA1: | 80977F21A6D354412800D4C062FD8A1BDB88AE7B |
SHA-256: | 618564B413B670D58C1C8E82C1494C4874CDC13FA8C51A144B4AF570D9CE4237 |
SHA-512: | D5B518A745487688D2106699DBDBEBF773AC57CD02BDC843EAA8BCB8C1873079569F9DF16F64547983FB7A4546A6ECE3B1CEE30DA5724981F5D6620986A86242 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444973441227032 |
Encrypted: | false |
SSDEEP: | 384:ye6ci5tBiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mSs3OazzU89UTTgUL |
MD5: | F5187E66E1271B06A943EBBC4E16FBFB |
SHA1: | 234023AA7753C8C8DB6EC26F583D1152AA73B618 |
SHA-256: | 24741DCBA2D3D77C9000B159B4FB2C0785CBF94D80C9FB850EC423FF36AE8BD9 |
SHA-512: | F05D50F11838CF786DE998FB6F799161A2EA67C62A2EE4621290E77ECF4121D2A950D2AC3F53BC97D5E5D456E5DD868650A8850ECB4C7636FD66D9D1EA3C0ADD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7669506022217925 |
Encrypted: | false |
SSDEEP: | 48:7MvJioyV4ioyCoy1C7oy16oy1qKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1Ov:7kJu4elXjBiCqb9IVXEBodRBkQ |
MD5: | 44A91E25644C435461000FFE5A2EDF91 |
SHA1: | DE22F4D3E127DEEBEDE1FFEC5945CC71FC4823A6 |
SHA-256: | A339A7261D5EAF2BB393871E41D9832611BF44DA8FF21C93CA1DFAE73C9279F6 |
SHA-512: | DFEC1005B887CDF29E8F09C6BCED524C8A594839878FD3614D9BE49E508836F8DD4B7C2F8BC7AACE06257DC296AEACE914F7C70286BB00A1895AAAF333042C93 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7569015731729736 |
Encrypted: | false |
SSDEEP: | 3:kkFklEBk31fllXlE/HT8kwxtNNX8RolJuRdxLlGB9lQRYwpDdt:kKdBkmT8hNMa8RdWBwRd |
MD5: | 465E6A88BA7F92D0258125CE0EB0F384 |
SHA1: | 6A25676C450C34774A400C399947ACDD88917FE6 |
SHA-256: | 2A0B9FB627DF4F506E5291632685071E08F126DED374FAFD7C4844CA3B19415F |
SHA-512: | 8B2CD780E11E164F334E3E8D73B66C225E22A821E043B619ACA931EA507AE6FBDCD782751D14E6C3B7C9BF2C783F448ABDF756652C26CC12F6286067A2B054B4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.362302647609421 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPqU16XG1RInZiQ0Y9mtoAvJM3g98kUwPeUkwRe9:YvXKXyU162scliGMbLUkee9 |
MD5: | C65F98151371C803F205811F6FB11A3F |
SHA1: | 0DE4B08769280A01ED6288F85352F24F13277337 |
SHA-256: | 78E116D2777F6C0739B811A41E47582313BB5C19C703098FE3B610BDFE6BA339 |
SHA-512: | 2B6E71FF604C1EB4F6BFD3FE1F2B6912D6BAF87DB3AEFC8023E4EA07D16174C950FB1BB9C8A2533088371CA8B5F6A5C721FE8F63329E020AACFBB82A40BC3B3D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.316340553444514 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPqU16XG1RInZiQ0Y9mtoAvJfBoTfXpnrPeUkwRe9:YvXKXyU162scliGWTfXcUkee9 |
MD5: | DD150681DD0AD49647E450510B57B9C9 |
SHA1: | 13CF9D35D04C4A4868006B753FE35BB84F6B8C27 |
SHA-256: | E17E58B81D71A22FDA8F73A1B160B52E32CAE3FB591F216527369CAE80A2B527 |
SHA-512: | 7621AC57868C7D74DCCE2A7B64174D9D6C4CBBE9320DECF9DD6FB3BF722E3475151B138259A773367482C582BB048798CC94BBB57CD34F050133A5A49097606C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2955383014137185 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPqU16XG1RInZiQ0Y9mtoAvJfBD2G6UpnrPeUkwRe9:YvXKXyU162scliGR22cUkee9 |
MD5: | B37882CC11DDA0B13DBEC5DF23072188 |
SHA1: | 54651B02F4F1DF3DA177DF8EE6E4CAA8A91297F3 |
SHA-256: | 07D050D19B851E23189B3677383D8B70F468ACE14009EEFA439E863F5A1F699D |
SHA-512: | 8778799B3394ED87D195028F9478EA6B3D0DFDD22195C47AD4FC599DFD21629EDA0DB3836A70F4192756F893AE2824507BC3F316430C35BEF16BE1BC10A690F3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.342288004371331 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPqU16XG1RInZiQ0Y9mtoAvJfPmwrPeUkwRe9:YvXKXyU162scliGH56Ukee9 |
MD5: | 91BEB6BE7C3AE4C92082FA3D5A806E1C |
SHA1: | 5491A3428E8BA2A69F5121D8417FAA276F7FA8C1 |
SHA-256: | 73F6C0CFBF9D37195351E282474A701F61B76D4B16DB3FD1BA193C7B967D8B4C |
SHA-512: | 4A2EB5E731F2395B597A90461471944060743C4A4B3994C9C801646F0AFEBE9902B816D2B445BD6CDB37A2659C88C685A5C1C9B6D4F1AD982A2B8ADB294F7E9A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.663024552853313 |
Encrypted: | false |
SSDEEP: | 24:Yv6XD6IlfpLgEFqciGennl0RCmK8czOCY4w2J4:YvEHfhgLtaAh8cvYvl |
MD5: | A0F4D7465A64876D9DF8C4537D0877C0 |
SHA1: | 43DBB647246892BD60C89C7EFE3C858ABF7B322C |
SHA-256: | 74B5CAA21960C707DF4997C521A53917FA43EFA5905CF4A075A9A6EE35BECBBE |
SHA-512: | F2DC89ED149FA42487824524088BF67744D7024220AA9BAD33D7844308731CF6754F9BFCD6937B2EB03CDF80C4FAFF092FCAD1F7C0F9B0F3DD5F59E10393401F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.652292957348472 |
Encrypted: | false |
SSDEEP: | 24:Yv6XD6IlDVLgEF0c7sbnl0RCmK8czOCYHflEpwiVJ4:YvEHDFg6sGAh8cvYHWpwj |
MD5: | 6CFB4CDAAD1F8D985CFDCE9118C8D2B0 |
SHA1: | 6B96BD37E748E748090585BEB52EA2ECB84B6D43 |
SHA-256: | 0921C3D34C635DA4282F1FEE6AA82079447429305030A84E32F3947869D51D7B |
SHA-512: | 452FC52C19DD045228103A693CD3BF92986F33157BDBDF10FAB809CAABCD37795F3E26D6F11A8CDE402C24AD5B5925962B8706BD81C0DFF32EED518BAFF62378 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.294547507745476 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPqU16XG1RInZiQ0Y9mtoAvJfQ1rPeUkwRe9:YvXKXyU162scliGY16Ukee9 |
MD5: | 2DDDF068A8F52A8C0085FE8706B2577B |
SHA1: | C124D9AFA191197A6CF745B7CA5EB6CCDBAEBE10 |
SHA-256: | 8228FA9243553997322E8A501565B3789B0292233994C5941F75D6F1FA5960A8 |
SHA-512: | 38BDA339A8128E3E0DFFE2A07F2E47B2C24BEE461E0225BDA6C89D34CCAF63DA3E6DE89EB31248E299FC1D53C25BA988142C9FE7C8D971E413AD6B1E9AB340A1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.646616439826197 |
Encrypted: | false |
SSDEEP: | 24:Yv6XD6IlS2LgEF7cciAXs0nl0RCmK8czOCAPtciBJ4:YvEHSogc8hAh8cvAs |
MD5: | 80E0F46589DCCD8FB0BC4F2D0D93EE12 |
SHA1: | 64A5F0F70E2A5D42251C3D869AD16CAD1F6E4DA2 |
SHA-256: | FC0DD2CF0420F621D3B4A65F6AA18AF2F48CA064658F2DAAB895EF760FD536F0 |
SHA-512: | DBE76F519E805D27E98A1579E16FCB89D212C9C4FA8AB0D3E1EFAF9255D1587A39CCEF097A6E2206228314F1012BFE13C60BA45AA3B418CBCAC0AC45E8E6E186 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.7010151953257155 |
Encrypted: | false |
SSDEEP: | 24:Yv6XD6IlOKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5J4:YvEHOEgqprtrS5OZjSlwTmAfSKI |
MD5: | 036D6B67F11E8F76C4166D751505B201 |
SHA1: | 2A0FA63E0C4D0B464A04593993FC873FF43CFA9A |
SHA-256: | 8F08E7E2EBEA7FDF523C143C272E640E42D31DF30CC8BC8B3FD23DA544E07211 |
SHA-512: | 435FCB8CF6D32A3C6B0E3BEFCB02D9F3A63089E35C18D0A485E66BDEC4A5FD44964DF3B420C7FDE42D71DED39765A9FA761F32DB3322F5486D98069E2D3538BE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.298227404690871 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPqU16XG1RInZiQ0Y9mtoAvJfYdPeUkwRe9:YvXKXyU162scliGg8Ukee9 |
MD5: | 4F179A2E1DE324EBF9BB32D64A69C161 |
SHA1: | 11A18AC73B7755BFF0A1385050D32066BD5D118F |
SHA-256: | 2CC92197CD451D2F176799456B6C3C13766B0CB4C8205DD58F6157C0C8AB4603 |
SHA-512: | 6574F0FFF8308F5DB3B9145542920539C1F625EAA2DEED82815B1140D934D454EB73E4BC04F1F14CA1B3BE2BFACC21D0CD3A639AC14582F1BDCE944FB7A6E4BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.77214851858196 |
Encrypted: | false |
SSDEEP: | 24:Yv6XD6IlFrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNB4:YvEHFHgDv3W2aYQfgB5OUupHrQ9FJI |
MD5: | 65D101A7E41227D8FC245F2234AA9702 |
SHA1: | 35D7740DADC991D5E1C2B23229CCB390E374F80A |
SHA-256: | D4D0DC50433578FEFA29AD6F1C658B6A3451E18A1C63D5369CD59FF4429C2CB8 |
SHA-512: | 1477C0435CD4233353D7178CF5FE19F569C57087B9AF33B375154763532A560BB633C4ED6A721C73875A0DC9400CE786707B0B07DC94240B999C1857F3A42F05 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.281786685150364 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPqU16XG1RInZiQ0Y9mtoAvJfbPtdPeUkwRe9:YvXKXyU162scliGDV8Ukee9 |
MD5: | 5F6F1B5B2E367712BD949BBEA24D5C7D |
SHA1: | D1F2C78B8E73CBB0E01F34BBECCF60CF18705DF5 |
SHA-256: | 22EF88A67941B9B308D5186D5DC1C2A21C0F584118CC784E9FC3CC1472C874E0 |
SHA-512: | E068B037DBD567525178B6A31537E3650C272FB8DD81815F9F3955BCCCEC825B6E4EDDA643AB80C6FDF3761B0694B940DF81294C5CEBF2404785CB5AF68B7ACE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.2851434700977595 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPqU16XG1RInZiQ0Y9mtoAvJf21rPeUkwRe9:YvXKXyU162scliG+16Ukee9 |
MD5: | BFA4D260B39931FE528A159D208108D2 |
SHA1: | 23E25BCE9434C863FC108CE8B7F102B00B4852D0 |
SHA-256: | E38199A997CDA23859B6AEC0477F7815E8FF9D04701E79566640958A826BD6C0 |
SHA-512: | 54DDE4999EC568E91653A4D853C1E7440B5D2F9D806BAFEB8CBA2205086F69E009AD5146C9BE533C6BFF31302F4BBF523B686114DF5A3AEBE4BE3CFB109A96CF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.652852092385271 |
Encrypted: | false |
SSDEEP: | 24:Yv6XD6IlHamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BJ4:YvEHfBguOAh8cv+NKN |
MD5: | C3D42939F8F925354F33B7D7EA9B9C0C |
SHA1: | 1516B6CBA256E419107589D585751027DC7D63D5 |
SHA-256: | E7839D9872614B18213A64985EA015BA228B3A3FBBF8540D59675E82F2E266C4 |
SHA-512: | 013CB13975517736AA6CFBE665CF16D7521C5D1E6B7FA603F0160480B90FF942312D98CD719B079C29C7CB6679DD17F16365090AF582943EAB3ED5FC019F255B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.260184041453219 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPqU16XG1RInZiQ0Y9mtoAvJfshHHrPeUkwRe9:YvXKXyU162scliGUUUkee9 |
MD5: | 3B9823DCEEE0E9CD30688A185CBEF7E4 |
SHA1: | CA27B745262A32CE0348E16F00ADF7A3DEA587BA |
SHA-256: | 0340C1BCC1053D13AF46C9FFD78E86369935973F70E55652F9D417EB9CD0B075 |
SHA-512: | ED3EDA4C20A826FB8085C7715A145029D04045730FDEE65054931BA7B954036EE83EE4005CE3C9EEE71E4466917AE4C4F34CCD3C76874B27E439CAFED4A89DC2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.358695371914168 |
Encrypted: | false |
SSDEEP: | 12:YvXKXyU162scliGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW3V4:Yv6XD6Ils168CgEXX5kcIfANhC4 |
MD5: | B73A66A7F1FE6116C462FB0638EBDBD3 |
SHA1: | A76AFA8FBD91B007E8AF7CE841BA4DDDC2984F99 |
SHA-256: | 73AB1C4B031D761A035EABA539ACBA4A3C97DFE55B4B36A5090559A7BDDDBE59 |
SHA-512: | B5D624AD3878C54D4EEFAC56037F1A53CF484D7085FA6E91349554D06383565401BEFBC06E774DF7007E42ABC2BBE8D156A3CD12AE27F80FD760533E7168AC2E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.116445309373005 |
Encrypted: | false |
SSDEEP: | 24:YQmXljsWPzsGa6FlBayrssVZxsEJsRCqcz5sNpdRsJtkjsGpfEs+XrsPjfj0SZsq:YP9pnCkUMWHZr/zdCyGRNY94cz |
MD5: | B0F8B471731A181DC8698D7DFBDF7AB3 |
SHA1: | EF9547D58D875215178C3C89B78FFE4F72198493 |
SHA-256: | BF33AF2377F20F251D72712C4F8B780D03B91AA93D36D7ED9DF6DEEE0CF13AC7 |
SHA-512: | 60BC67577C951E9E7BFDEF3997C8B9B9728960EE8048416F8005E5901A91CC52BF5D4BF123E6820B201EE6EC8EE9581DDB2171C805F79112943168FAFFDB9770 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1446268111378946 |
Encrypted: | false |
SSDEEP: | 24:TLhx/XYKQvGJF7ursjRRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcE:TFl2GL7msxXc+XcGNFlRYIX2v3kk |
MD5: | B2643A9EE177D47F520DE944752C671C |
SHA1: | 52AB8FF1848DC0A69C1D77359FE98EC865D8D544 |
SHA-256: | CB8C8BCB05FD1C6B572D97B4B614EF5D4511B1473DC2D7CC56664B7F95EDB096 |
SHA-512: | 881AD4EF7F89E43CCE0E132612001F3241032B8FF4677C101058C44CA86A938B47BB955547DEAA3DF63179F24CAE91FB315A123EE6DE9B343E98499E3ECF53F2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.5501832421474895 |
Encrypted: | false |
SSDEEP: | 24:7+tWRUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxoqLxx/XYKJ:7MhXc+XcGNFlRYIX2vFqVl2GL7msx |
MD5: | 49292CCF6368A1561162847ABDBEC488 |
SHA1: | 9EAFF60A85C9488781CD2ECFBC0B2E34A0D76BE4 |
SHA-256: | 43AC0FBD9BBC54B0EABA7F44E04198682ED0EFB18121961FFCC4BE270E849DC9 |
SHA-512: | CA1FB2155610880268DBEADD82E917E42B862170BE55558F9D5998D1E314BB9CDC3656F3D04259F73F4F4F2F76322B95C9C3DB8F24FAFA4A40CA2DCA979755A4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5136057226030957 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K80QRqRKH:Qw946cPbiOxDlbYnuRKA |
MD5: | 7C2F01E58795A1FBAEB5908E1DC75EDD |
SHA1: | 1FC382398B5098D50FDF2627563B9B9F1ECDDC18 |
SHA-256: | 3E4D47443D71FC82CAEF5AA87F9E74392B76AC08084A7200F14B461B6E267AC7 |
SHA-512: | 2293EB7326AB400D0A3062959C3FBBE1FD372BB592D591F3740F839F3C1534D830473B0910E00A2B0C5A4C4C4C2D152542AEF030FE8BEEE9A296F3F9108C577C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 14-56-45-997.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.338264912747007 |
Encrypted: | false |
SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
MD5: | 128A51060103D95314048C2F32A15C66 |
SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.319054473383209 |
Encrypted: | false |
SSDEEP: | 384:hz+rkr5r8rKrLrfmrTrkrerLr+XrOIXIVIyMBMlf7fPynUgQgVgygLAIQIcIOPSP:h6gtIGXjmPYq/qXi4KxQ2zHLJUtHz/lS |
MD5: | 3CEC75DBB4D783E09BDB22AB04DBC86E |
SHA1: | 5407F37CB048FEA3D5D0753E2F5994EAD895582C |
SHA-256: | 4BABAAAA260302DEB7EB5045DEEABF9AAC76052C9F98473B6D52D33AAA3892FB |
SHA-512: | 47D01B82A1A97816322EAFCDF5EE7DD006329AAE823DBEA943D080310BDF3035930BD829943B6CEC60DC6A1C29834734F83A52D4E91019E7A037E80E99E8F4D7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.3969021068405345 |
Encrypted: | false |
SSDEEP: | 192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbScb4InNcbR:V3fOCIdJDefny |
MD5: | 973F41B2BFC60ACD6E431AF7CC43949A |
SHA1: | 6752EAB54BBB7D6921F92B5D4D92C45847A77EE9 |
SHA-256: | 11DEE37CD3706C812F93F4CEE065CF11BF0A91688CA271D3E79885A6232D39AD |
SHA-512: | 33964EB6F8F781C27C64ECF75085ADBA19FC890E44228BB83040180F97A575E7C88B0768F46E6BF2180F53DF41D0A9B7E4B8A3361330798C6D9D8532A69B51B5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/x37oDWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JkDWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 64F4CE3F02E7D9C6A2EA28642A49564F |
SHA1: | 990139663E51A87FF5087CFD8CA7AE7C436CB4B2 |
SHA-256: | 8D8754A28E3EFBC8D6F1B73AFA3C0ABA5E826FAAEAA5B3189988EFCB02E78267 |
SHA-512: | 95BA0C22893B942BDE9978593B6A7C79F48979CDA3EC8F5C397FA190E5F8F763682503E38BDA1DDAF7146EDE67011CF4AEF7BEC668FF79A10ED6164BC9F6A449 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.905942968169091 |
TrID: |
|
File name: | Invoice #23078.pdf |
File size: | 3'069'882 bytes |
MD5: | e6a802cadca027e2f12a8b5202dc4bab |
SHA1: | 50f4c162c3684c3f9ba7291eb6c82d4fad00e722 |
SHA256: | d6fcaff13c2becc0282e7e051e9c25fbb9a91fcc6b13cecc811b4e31cdc81886 |
SHA512: | 44ffcaf3754d3434bddade994bad4056daf296df2c9d0bbcca9753862407fa208fec667d65270b6131a37b3df0e7086b965aeee87a3817d0f1f1432f6774c2ec |
SSDEEP: | 49152:NgWR0jL0b0H0n0O0Hp5c6Y9+v0hdGjVjIJkJJUzsCyqBpc:jMLOuUbgp5y8vJh4kJSzaKpc |
TLSH: | F0E5D03CBF55AD0EE94780B1E724E4934F8E9276316974907D1C491B08E6DC0FAAB39E |
File Content Preview: | %PDF-1.7.%......4 0 obj.<</Filter /FlateDecode /Length 25032 >>.stream.x...Y.%..&Z.......0O.L..........r+-.jI$...~(.)..d.UU.Z.....,......^.y1 Hf.<.;..n...f...........'..+......W1../.y~.J]}.........+.........=..........U..Z........O~........|......\.4Y.i.. |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.905943 |
Total Bytes: | 3069882 |
Stream Entropy: | 7.983857 |
Stream Bytes: | 2717301 |
Entropy outside Streams: | 4.986466 |
Bytes outside Streams: | 352581 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 2069 |
endobj | 2069 |
stream | 811 |
endstream | 811 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 2 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 1, 2024 20:56:57.165914059 CEST | 49728 | 443 | 192.168.2.6 | 23.195.76.153 |
Oct 1, 2024 20:56:57.165950060 CEST | 443 | 49728 | 23.195.76.153 | 192.168.2.6 |
Oct 1, 2024 20:56:57.166014910 CEST | 49728 | 443 | 192.168.2.6 | 23.195.76.153 |
Oct 1, 2024 20:56:57.166227102 CEST | 49728 | 443 | 192.168.2.6 | 23.195.76.153 |
Oct 1, 2024 20:56:57.166240931 CEST | 443 | 49728 | 23.195.76.153 | 192.168.2.6 |
Oct 1, 2024 20:56:57.727742910 CEST | 443 | 49728 | 23.195.76.153 | 192.168.2.6 |
Oct 1, 2024 20:56:57.727994919 CEST | 49728 | 443 | 192.168.2.6 | 23.195.76.153 |
Oct 1, 2024 20:56:57.728005886 CEST | 443 | 49728 | 23.195.76.153 | 192.168.2.6 |
Oct 1, 2024 20:56:57.728893042 CEST | 443 | 49728 | 23.195.76.153 | 192.168.2.6 |
Oct 1, 2024 20:56:57.728950977 CEST | 49728 | 443 | 192.168.2.6 | 23.195.76.153 |
Oct 1, 2024 20:56:57.734610081 CEST | 49728 | 443 | 192.168.2.6 | 23.195.76.153 |
Oct 1, 2024 20:56:57.734662056 CEST | 443 | 49728 | 23.195.76.153 | 192.168.2.6 |
Oct 1, 2024 20:56:57.734921932 CEST | 49728 | 443 | 192.168.2.6 | 23.195.76.153 |
Oct 1, 2024 20:56:57.734927893 CEST | 443 | 49728 | 23.195.76.153 | 192.168.2.6 |
Oct 1, 2024 20:56:57.776640892 CEST | 49728 | 443 | 192.168.2.6 | 23.195.76.153 |
Oct 1, 2024 20:56:57.834007978 CEST | 443 | 49728 | 23.195.76.153 | 192.168.2.6 |
Oct 1, 2024 20:56:57.835057974 CEST | 443 | 49728 | 23.195.76.153 | 192.168.2.6 |
Oct 1, 2024 20:56:57.835107088 CEST | 49728 | 443 | 192.168.2.6 | 23.195.76.153 |
Oct 1, 2024 20:56:57.835407019 CEST | 49728 | 443 | 192.168.2.6 | 23.195.76.153 |
Oct 1, 2024 20:56:57.835407972 CEST | 49728 | 443 | 192.168.2.6 | 23.195.76.153 |
Oct 1, 2024 20:56:57.835422993 CEST | 443 | 49728 | 23.195.76.153 | 192.168.2.6 |
Oct 1, 2024 20:56:57.835465908 CEST | 49728 | 443 | 192.168.2.6 | 23.195.76.153 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 1, 2024 20:56:56.736345053 CEST | 64237 | 53 | 192.168.2.6 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 1, 2024 20:56:56.736345053 CEST | 192.168.2.6 | 1.1.1.1 | 0x3e57 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 1, 2024 20:56:56.758452892 CEST | 1.1.1.1 | 192.168.2.6 | 0x3e57 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49728 | 23.195.76.153 | 443 | 4512 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-01 18:56:57 UTC | 475 | OUT | |
2024-10-01 18:56:57 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:56:42 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff651090000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 14:56:43 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 14:56:43 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |