Windows
Analysis Report
nference.pdf
Overview
General Information
Sample name: | nference.pdfrenamed because original name is a hash value |
Original sample name: | 9th Annual European Medical Device and Diagnostic Sales Training and Clinical Education Conference.pdf |
Analysis ID: | 1524028 |
MD5: | c29f553dab871caf1c324a362b9e9496 |
SHA1: | 50a9a32815e697ee4d5b05b2487ca5b0beff7ec4 |
SHA256: | 5d491cd99ea9efbda91c8f304ae498f7aeef140aef81f7ac77851fc67f64a9d5 |
Infos: | |
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 5724 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\n ference.pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 4904 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7272 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 04 --field -trial-han dle=1748,i ,178029594 2258026674 2,13211954 8152948761 57,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524028 |
Start date and time: | 2024-10-02 12:20:45 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | nference.pdfrenamed because original name is a hash value |
Original Sample Name: | 9th Annual European Medical Device and Diagnostic Sales Training and Clinical Education Conference.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/44@3/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.227.187.23, 52.5.13.197, 23.22.254.206, 52.202.204.11, 2.19.126.143, 2.19.126.149, 172.64.41.3, 162.159.61.3, 2.23.197.184, 88.221.124.138
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
06:21:59 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "Status":"Unavailable"} |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.179961305290669 |
Encrypted: | false |
SSDEEP: | 6:WwunQyq2Pwkn2nKuAl9OmbnIFUt8BwW4G1Zmw+BwzSQRkwOwkn2nKuAl9OmbjLJ:JsQyvYfHAahFUt8CW4g/+CzSQR5JfHAR |
MD5: | 4237B2ECF28C68ED9222A706B86FA76B |
SHA1: | E11A8A7BE5367836BD4557826323CCF53A168B2F |
SHA-256: | 0F3E3F308CA49F232DDB3E44FB36DB2C0B043DE7E3C11A97889AFD7276EDA69B |
SHA-512: | 5EACFA27061FCD97CC23E8E62A9EE16A865A84723F65E26A318A540CF2E04CC9BB10B4796725131426DA7276FB8D1FC9CD6F87EC5DDC59EF00DA27267F30176E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.179961305290669 |
Encrypted: | false |
SSDEEP: | 6:WwunQyq2Pwkn2nKuAl9OmbnIFUt8BwW4G1Zmw+BwzSQRkwOwkn2nKuAl9OmbjLJ:JsQyvYfHAahFUt8CW4g/+CzSQR5JfHAR |
MD5: | 4237B2ECF28C68ED9222A706B86FA76B |
SHA1: | E11A8A7BE5367836BD4557826323CCF53A168B2F |
SHA-256: | 0F3E3F308CA49F232DDB3E44FB36DB2C0B043DE7E3C11A97889AFD7276EDA69B |
SHA-512: | 5EACFA27061FCD97CC23E8E62A9EE16A865A84723F65E26A318A540CF2E04CC9BB10B4796725131426DA7276FB8D1FC9CD6F87EC5DDC59EF00DA27267F30176E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.1731106786760055 |
Encrypted: | false |
SSDEEP: | 6:WwfM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8BwrMKmZmw+BwrMKpMVkwOwkn2nKuAl97:JfM+vYfHAa8uFUt8Cr9m/+Cr9pMV5Jfg |
MD5: | 57E70970C8C55A53FB18A8C2AD082E4F |
SHA1: | 2AB60BB9E33AD44BFF07CDF827DECBD114DD5501 |
SHA-256: | DE8714BDB520642A0F34F0DBAFE935CC098D8178C93CBB61426710E7870EA60F |
SHA-512: | DEB5379A51C13EA3B031967C39B355281F52D8C98A8402EF8A8A5B18B505A326BD87F0A37664D6266E994E6DE782D6F583D7663FF6037E5A7E3547DB11CD22A7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.1731106786760055 |
Encrypted: | false |
SSDEEP: | 6:WwfM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8BwrMKmZmw+BwrMKpMVkwOwkn2nKuAl97:JfM+vYfHAa8uFUt8Cr9m/+Cr9pMV5Jfg |
MD5: | 57E70970C8C55A53FB18A8C2AD082E4F |
SHA1: | 2AB60BB9E33AD44BFF07CDF827DECBD114DD5501 |
SHA-256: | DE8714BDB520642A0F34F0DBAFE935CC098D8178C93CBB61426710E7870EA60F |
SHA-512: | DEB5379A51C13EA3B031967C39B355281F52D8C98A8402EF8A8A5B18B505A326BD87F0A37664D6266E994E6DE782D6F583D7663FF6037E5A7E3547DB11CD22A7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.95774050953709 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqtVWsBdOg2HMZcaq3QYiubInP7E4T3y:Y2sRds27dMHMg3QYhbG7nby |
MD5: | 28684C3CDEF4EF4BEF2C5B5183CEFBC3 |
SHA1: | 5CCF09F07D16CD1296F8DA19BC25429EC38ACA84 |
SHA-256: | 10DCEBAC75A33DAD38FFFBB7376D1A54E3307D127B21EA253269B7AE9502B0FD |
SHA-512: | 004C4BCA56AADCBF0975E3E26A3C3722B39888435611A7379687E27A8B768FE98E33CD406F52238FF25B5416C19A5DFE1FE82ADFA510095876F42EAF882A5BC7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ee492608-dd81-423d-aab2-caf9b4444d8e.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.95774050953709 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqtVWsBdOg2HMZcaq3QYiubInP7E4T3y:Y2sRds27dMHMg3QYhbG7nby |
MD5: | 28684C3CDEF4EF4BEF2C5B5183CEFBC3 |
SHA1: | 5CCF09F07D16CD1296F8DA19BC25429EC38ACA84 |
SHA-256: | 10DCEBAC75A33DAD38FFFBB7376D1A54E3307D127B21EA253269B7AE9502B0FD |
SHA-512: | 004C4BCA56AADCBF0975E3E26A3C3722B39888435611A7379687E27A8B768FE98E33CD406F52238FF25B5416C19A5DFE1FE82ADFA510095876F42EAF882A5BC7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.255060262379189 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo74wG4xZ:etJCV4FiN/jTN/2r8Mta02fEhgO73god |
MD5: | D0C4D276466E584ECE5D287B2A4247EE |
SHA1: | 4A67F7614BBE87008B93A7543FEE140F757F54A4 |
SHA-256: | A8A09C05D430B97D93AE5D659243502FD4EE4A35318DC197F652AA8FD00ACD1A |
SHA-512: | 69B114AE163FC4D0F4A5864C918BAE026BBA816DD9C74C819C6767E24D384EDE930050B138B8F4CA99391DAF0E231E6AF6AC1329E270B902A21FFCF22BD64528 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.14976657153532 |
Encrypted: | false |
SSDEEP: | 6:WwlM+q2Pwkn2nKuAl9OmbzNMxIFUt8BwyFYZmw+Bw1bMVkwOwkn2nKuAl9OmbzNq:JlM+vYfHAa8jFUt8CWY/+CVMV5JfHAab |
MD5: | 511E6B09E44891045B83DC7B60B7EE59 |
SHA1: | AA629774168098D91450D81C5394AD6F1AC5DB7A |
SHA-256: | 3F51EAFC7A34D9F128812706D30D760C29FBA500D3CA12BB116680FB102DCB66 |
SHA-512: | 9D5F23F6D9E9EEA38CEC2EE7D32933304B96117CB69733D6C21CED078ADCB91186EE7736781756B3FEB3AA3778E9D8FAF54E53095613A5919DD4A7D57962F14B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.14976657153532 |
Encrypted: | false |
SSDEEP: | 6:WwlM+q2Pwkn2nKuAl9OmbzNMxIFUt8BwyFYZmw+Bw1bMVkwOwkn2nKuAl9OmbzNq:JlM+vYfHAa8jFUt8CWY/+CVMV5JfHAab |
MD5: | 511E6B09E44891045B83DC7B60B7EE59 |
SHA1: | AA629774168098D91450D81C5394AD6F1AC5DB7A |
SHA-256: | 3F51EAFC7A34D9F128812706D30D760C29FBA500D3CA12BB116680FB102DCB66 |
SHA-512: | 9D5F23F6D9E9EEA38CEC2EE7D32933304B96117CB69733D6C21CED078ADCB91186EE7736781756B3FEB3AA3778E9D8FAF54E53095613A5919DD4A7D57962F14B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241002102151Z-155.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 76150 |
Entropy (8bit): | 3.373829615489924 |
Encrypted: | false |
SSDEEP: | 768:Ahc3zJDzHI+DLeBkyyBZiHz11gBWtaOcP4YMa73Ps1DS:ac3zJDzo+DLeBkyyBZiHz11gBWtaO+d |
MD5: | B6650A80E357B9E75665798727AB6157 |
SHA1: | B7E3AB87F6DB1DA1C68F04A422C4D112FD1429EE |
SHA-256: | 7AC578FF3700A3F92C6E22EE7193330C49AD7E689A162F97558D08A9AB3E6A17 |
SHA-512: | BB71D404F01D9123537CCD62E8208A0AF699F55FA83035244678B2D4080089663AD5A76F738AA9F7CA11A05D8866E23B34164FD20D0C5B5E4FCEE6DBC19C890B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444974597873706 |
Encrypted: | false |
SSDEEP: | 384:yezci5tmiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rps3OazzU89UTTgUL |
MD5: | B6A6A0BD9F449BE4255F5FC6D06EB946 |
SHA1: | AED8EC2A2AF7FE424D9C146B1A1535DFEFFD7FE4 |
SHA-256: | 5C346A89179B86EE8985622104F92923C6BACCF183A271F051ECCC0A692F1BDC |
SHA-512: | 4893C9C0BE4690951C92FED008FB3FC22E71ADB88270223D8194003B22185BFED86A5D1C32D216E4A60DB148007A96C7294883F4043CB6BF049CB876A6A51F71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7705008396095674 |
Encrypted: | false |
SSDEEP: | 48:7M3p/E2ioyV1ioy9oWoy1Cwoy11KOioy1noy1AYoy1Wioy1hioybioy9oy1noy15:7Upju1FwXKQs3b9IVXEBodRBkB |
MD5: | 8DE6594BDBC519F0F0BB52B6BA2EFD4F |
SHA1: | A914ABD344EB19F89108652F1A4774A25421CD48 |
SHA-256: | 58FB2FEFFB0C6973B124F1E6794A4D6228C7CB89A3FE7AFA58483D046ACA6A1F |
SHA-512: | 3ADB2E1308B3D5998E392AF71E6CF678409302C15035F38CDA44AA9E8493A021F44D9D27460A9D5602CAB7DF7ED0C30DEBD043578D3D065677FFA7ED9CF0849F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.779094196322516 |
Encrypted: | false |
SSDEEP: | 3:kkFkl4fDX+El1fllXlE/HT8kxd/XNNX8RolJuRdxLlGB9lQRYwpDdt:kKhfDX+El2T84ldNMa8RdWBwRd |
MD5: | 8DAD6B01652C1762C5FD9351F9FAF934 |
SHA1: | B4BB4621DCDD2173641306D7F55F4D96F6B0A60C |
SHA-256: | 2356192211E32F2812D26A31F92F2D73598651C9DB45C9CB47334DBAC160761A |
SHA-512: | 0CAFD795070956FEB69F4C9BC9B520E9D8F618EA8EF9236146EE1BE9677166F06B00B8ED6DCC4351D1FB1B0F435294708FD4E1741369DB56BEBC2795BD4B901F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.370208878237962 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJM3g98kUwPeUkwRe9:YvXKXOQDOaAZc0vl2GMbLUkee9 |
MD5: | 576CE44A1F5FA5BCD4FEADE0DADD0257 |
SHA1: | 42D108CF4544C9F56413890CCAF38EABF3280258 |
SHA-256: | F3F16C1D7A952DE603420183A81D394AFF013ED02C3279437D7623C11577F0F5 |
SHA-512: | B7952E233D18FAFC56B4C63333387B3C649AE21D384CA7D93DFDDA0BCB245893AFDC26D828106600CD6C88CD00B1BD3C984A1E95764F7BC8BEDC53583F71224E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.317008127981172 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJfBoTfXpnrPeUkwRe9:YvXKXOQDOaAZc0vl2GWTfXcUkee9 |
MD5: | 1F54B9A87E6700FAECEB78A805DDB4D4 |
SHA1: | C11477BCB5C4C06F08E45CAB9DFF25764302C0C4 |
SHA-256: | ED0E6F518C58BF80E35B343D330DDF9CD3E5DA741174E1C520ECAE1A82C77BC6 |
SHA-512: | 36F7AAB5E089D0324E66FCC4028A160498EB2E4C16A2B6A11F219F44217880DEFE5A9E36BAEA6EC5C9AEAC67B9753C8A6FAF5DCFA9489F025F22EAA03428BE0E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2952676233389795 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJfBD2G6UpnrPeUkwRe9:YvXKXOQDOaAZc0vl2GR22cUkee9 |
MD5: | 485DF39FBFE7B92E6FF8DB1AE38BC2CD |
SHA1: | BBEB20BC54C818E71B98A0C0DF84A024B67CAAC4 |
SHA-256: | EF47DC950048CBDD1A24BF52A4D957175F0A9C8B06A83611F95B176E1EFA3DEF |
SHA-512: | 5201CC6DCA9918E5120E546F8305704B4C27095C9D00C4265E786544056D13466BD05522DBA8E2B0D61C0798B4B19110776F5B9363FEE851FFCE5CE680E60EF3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.357459577132096 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJfPmwrPeUkwRe9:YvXKXOQDOaAZc0vl2GH56Ukee9 |
MD5: | F2C39B9807E73832C2E2571FE8E19A0D |
SHA1: | 5ECB3F6833008359A41EED9B11831766BC1067C3 |
SHA-256: | 175FEE9F86A96BF2DD1E04EDF3899FF9CFBB8AEFA3675495EC2A12A78CF11BFA |
SHA-512: | 22471B3E0BED2CEF4BBF033B0370816A59645C544D15B909991ABDBFBFE632EE942E045F89053651B82F9A672888D3F94AFE605B693CC75477F4C609C325292B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.66908687491833 |
Encrypted: | false |
SSDEEP: | 24:Yv6XOQDCzvhpLgEFqciGennl0RCmK8czOCY4w2un:YvYD6JhgLtaAh8cvYvB |
MD5: | E018BC49A7950D7B51D1A8CF97203968 |
SHA1: | EF2193920F0B83569BF2BA4DDDA33F19F48AEEAA |
SHA-256: | 566F508B358C1920E06172B299BEC437D802035A5F0704D6FE2F2F6CEBF6E093 |
SHA-512: | E23CB12E292A7F9B89DDA0E5191222802228A80743D79CDD22AAF8ECD52451CEBFB8143C4ABA2640D15C0F699158A6589B1AC77CAE78ACB8FB2B56FC192E9A81 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.659144450266356 |
Encrypted: | false |
SSDEEP: | 24:Yv6XOQDCzv9VLgEF0c7sbnl0RCmK8czOCYHflEpwiVun:YvYD6lFg6sGAh8cvYHWpw7 |
MD5: | AB941D1A945592CD00724818A0B41B27 |
SHA1: | 1D38BDD16FBCD1081CC770C874A93B317544D77A |
SHA-256: | 3AB364434AF86329620C67D26D4AF7211BFD080DAFA081DA439700E015DA1704 |
SHA-512: | 9F7FD41FED1632BDF5177E7CC7092B216DF5D71B28261EB7F390B383E28B48FCE8D4475F537F3A4644B46A6920486DD48FC4A0DF7C7F936BFABCCAFE809C0DFE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.309508591932325 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJfQ1rPeUkwRe9:YvXKXOQDOaAZc0vl2GY16Ukee9 |
MD5: | 7044D1E8419E375929F032E8042790DE |
SHA1: | 9461BA3D92007A30CC3914C19665DB1A88405CDE |
SHA-256: | D4B562B781C52BEF7896C65DE235B830E94EDF518F4D116CB79FC5E544154BD0 |
SHA-512: | CEC7630D36D0739A546BE153EC3A438EFC45900258478F34F6165507C167F4A1039A5C5F7210CB02A591C3542F1374487337944F0B0B6E716A5F23593EF01D70 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.65262247950885 |
Encrypted: | false |
SSDEEP: | 24:Yv6XOQDCzv82LgEF7cciAXs0nl0RCmK8czOCAPtciBun:YvYD6Eogc8hAh8cvAA |
MD5: | 95CEF73789FAEB926F9B7149838525E0 |
SHA1: | 43B64AA7A13D4F2333FDCD1786B9DB37736D7224 |
SHA-256: | 359D9C4D77FC57EB92784ADF9CB571A5308666E86D2C68D299ECCEA99B87B4A1 |
SHA-512: | 8070A81C69C42FCA5617AD12C4A18D23DF5A470E5AC74445EA21FE22FE565CDB2D27042F57F188CA0525196561BB7E00E929534289DA90B5A043E8DD85E48877 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.705455314645634 |
Encrypted: | false |
SSDEEP: | 24:Yv6XOQDCzv8KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5un:YvYD6UEgqprtrS5OZjSlwTmAfSK0 |
MD5: | 968967483E3A5016EBFB84ABDF901023 |
SHA1: | 63340D9DCE4714A294F8F372D9ACF7D0EABEC1B0 |
SHA-256: | A3B511E47C6E2B723D1680D30D095668F35CE7EFA41D9A91F6DA9BA4F2BFF68B |
SHA-512: | 0694FCE0BDDA28606691F2B418EC1A94F5E54A274A29DA8A2D0B62612985270D3B2740E1E570A8E0C2F288778A7BDF1B80A154A993C6C900F5F131F1CA7502D1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.311956851261181 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJfYdPeUkwRe9:YvXKXOQDOaAZc0vl2Gg8Ukee9 |
MD5: | 213C3DDA86E07AA8C9F8AF7B31B6CBE8 |
SHA1: | E8133DF1E75A06798C46A43022D60118D740590F |
SHA-256: | 1D6A9DC1C661EB9C71F50063A5F173B4E8B612D3109949AEDC8B55FA3A73AD12 |
SHA-512: | 43A33C2AB5EB812F4AAD63A95C2A491B51409C9057AECCEDD2253177EACD13738D70F30FEA7A4A1A70D53894096F031066BF533ED9B85A6DE0763D3B864AA50D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.78235512671414 |
Encrypted: | false |
SSDEEP: | 24:Yv6XOQDCzvzrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNWn:YvYD67HgDv3W2aYQfgB5OUupHrQ9FJ0 |
MD5: | E5EBDB72DCF4AFC4BCADB1EFBD1127CB |
SHA1: | 47D94575D2400F7497619D9A4D976BD5CFA5FD6E |
SHA-256: | 505619A40CB3DE75BDEEE2D63EA9BB75E5CACE9CE4E72E594019B7D77667C5CC |
SHA-512: | DE39A0F74044A607EFFFCB53BA2DF0728E7EA03CC24DFC6441E9B81585CEB3DA53082B078EB40EBC16396DB517F721874A274CF997481CFD05C2FD819101D501 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.295421771263146 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJfbPtdPeUkwRe9:YvXKXOQDOaAZc0vl2GDV8Ukee9 |
MD5: | 4F6ACB32C1AB43EDC69B0F2B803C3DD6 |
SHA1: | 2F80B96384330C256A6FD140EAF7AC6D997B88DA |
SHA-256: | F41D270E898762DE5E6E8707213AB6FB990D5F586383675B1348393279EA38C2 |
SHA-512: | DC0C1A8B0BDF73190A877147B22F597056DC70BC4DBBACD10BAACEEE9EA935F0D1F4F9D57CD35216B0A68D35706ACBA103CEC0F8D4399535ECCE44305085A9A1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.300238724576573 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJf21rPeUkwRe9:YvXKXOQDOaAZc0vl2G+16Ukee9 |
MD5: | 5D7ADC3CDBFB9A09164E8A85C1F3EEEB |
SHA1: | AF22991DE875BDCAA9594C2E1055419EF1F2493A |
SHA-256: | 33A4BDB82524F89C1F13776162B55656154E45B56B2B2214CD938424B793D5EE |
SHA-512: | DBBB2F528353542DE6F99F75D8FC2BEB3474C409EFD44FE34B158B7DBE05BD51281DB073921C6E19B6ED952DAFFFEC7C98F9A1DF1E3F30D436F66CB6ABA536E2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.659348668113799 |
Encrypted: | false |
SSDEEP: | 24:Yv6XOQDCzvhamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8Bun:YvYD6FBguOAh8cv+NK5 |
MD5: | DA5B6BDC5D6915EB0FDDF3B195B7F29F |
SHA1: | 766C0E2A0FD31B1748B57E1348256503BEF105F4 |
SHA-256: | 81AF9694F4C94AC3FED17293F70F5A62E1846615B71471544F8AC93FEA7B114E |
SHA-512: | F16416B8C93A5540D67AB28A6FD5D01177605A31751482B42D987CB84983DD5AC06A431FD802AABA707D913AC479665424EB4E6092D9D71076036154C4934890 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.276640982467133 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJfshHHrPeUkwRe9:YvXKXOQDOaAZc0vl2GUUUkee9 |
MD5: | 458F0F4F833A1E8E03078337D98B880F |
SHA1: | 69D04AF97E6367A7E68E6A97140AF59DEE339BA1 |
SHA-256: | AE11C81D9C92F3C0148C5FC7FB2B0DDF36895B4D3E5101F05F1A0B52AF96DA8F |
SHA-512: | EBAEE8D1D7E099D49CBEF09C9D3B620F1FF5D1689F1512111D10A2C9BA80836876037F81BDDA7B3FCAC8C7FF49E56EBD946E2391DEF3D5F7EA7593A9CE1AC90C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.374348724217098 |
Encrypted: | false |
SSDEEP: | 12:YvXKXOQDOaAZc0vl2GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWern:Yv6XOQDCzvK168CgEXX5kcIfANh7n |
MD5: | 96B40DD95BA9C908FE6BA4B82CBDEC59 |
SHA1: | 03F914B7D2C6499DE1322119337BCA096E6DC721 |
SHA-256: | 5E053A24380D180210E73D4DBABFA0335D72EEB34FC2DA439D1BEC570DBF3F79 |
SHA-512: | E932486B48855A982937386A0F94C6D47EA0B189D011D9C4413AA1506F88999000C832A00C7D94AEEEF07A5A0E4A5CBCEAE0DB32136682311D527487814C0D1C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.144146969539416 |
Encrypted: | false |
SSDEEP: | 24:Ylf1/9qBa/GS3ayzrkcCt2xtJigXMqUh2ajWx8j0SyL9y62hvZ12LSccv55BUW9M:Ylfp9FH7aaOkO0vAL2cv5XUW9WPt |
MD5: | D43CD08723A6FF932C25A25327DD3FF8 |
SHA1: | 33B5467B53E6299860BCC0B13738C476BBD5018C |
SHA-256: | 620F25BA0B1A4D7532BC52D486786BF4B32FA40C1972CCB169EBCF9E00348FBB |
SHA-512: | 7047014EE44E993B39E25795E637689B3B069FB10B93BD4A459B2CA85D0045642FD2F1A0C290F64E73AEB17F9A661C4F0C2581F4192510AFBCE2DD307AE5590C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1876540872552577 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUaGSvR9H9vxFGiDIAEkGVvpGg:lNVmswUUUUUUUUaG+FGSItag |
MD5: | 5E80C1A6AECAFB514C0282237439D176 |
SHA1: | 9245EA9E1B68E2A6D11768BAE578A9CEE07CA2D8 |
SHA-256: | B646EAEFACF20DD3370E00B1732E5AB0EBFBF5B9EB57C500E2CFFD196622D101 |
SHA-512: | 7EC3862E308962E16AD95BEC63EF18F05C67599C0D991E3F4AEE0FCD00A76F019D5B373DB15914492EB77DD792187FC9A5954777F4A17CB04E11B6BDD86A3984 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6074825162296704 |
Encrypted: | false |
SSDEEP: | 48:7MTKUUUUUUUUUUaEvR9H9vxFGiDIAEkGVvLfqFl2GL7ms5:7VUUUUUUUUUUaUFGSIt9fKVms5 |
MD5: | 2169AF5E21E23CACA8617FE28AC85E3C |
SHA1: | 2336B37512F6AD1CCDE6DC8A7849A3C19F3D25B5 |
SHA-256: | EA31BA0088E3EC17C5911D640287035FA4CD131A1E50C6B2B2D23F08F5F70B9E |
SHA-512: | F303966E62C9B439AF14B091DA8E13ADE817191C3EB03297ABAC9A15601092D72AF719FC9BDC85DA7CCE96FF4FDFEFA5E9B7C1096E6CFBCC7825F8A830BA8597 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.511206980872271 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8gjas9:Qw946cPbiOxDlbYnuRKLp9 |
MD5: | 7478038AB631BD59BD70B5A96F32E86F |
SHA1: | C731FBBA98C19A5AF247DC1B23E76D52AF87E9A4 |
SHA-256: | EB7595B069832557C009E0FCE9FAB9F49C03310EDAFA9DE57523CFAF20F73831 |
SHA-512: | 0BA165046B9D3D53DA226C503E2C2E17031E99EEAD0C7F58218796EB1D1BF3E56590755548F1A927D7BD9B95E17D14D6B6938765AF60668EE34544413238E0D2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 06-21-49-223.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.349341736967668 |
Encrypted: | false |
SSDEEP: | 384:ap1sNRoiAETHzTLMHZPcWkZQ4bEyCTeDsDKDq3rZ9ZMZhwMKYIdVCVAzEziHuQtB:1fs |
MD5: | 1603DA1E1958467146595B21C20A00E7 |
SHA1: | 7C158BC78AD7771E6C99C4ABB875520C7F4608CF |
SHA-256: | 01A7B0B424A6A3B78042C61DC6E164CCBB62AC04F399620D90D3C1C1D9B377C0 |
SHA-512: | 989569DD46D902D60F81F283624F0550B552F1FB1F1DB16BA9B0D4637FD35A1ED3328AC46B243E16001C184632EC11603C718CBD32FE24D1A51C4B492F84BD34 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.391190501160992 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rU:w |
MD5: | 65582042C4EB263F094A881D4095200C |
SHA1: | BCB5A35DE3900A49F662606F9BEA2B59480DE3A1 |
SHA-256: | 556A7A8DCC966DD0F97B78BC98A4E83EFBD8EC095CED922C6A43383DF76EB229 |
SHA-512: | 2BDE082F6787105EAD8854C078B647C8F2D5DFBE34EA647437DA8196CA1C138E6F36459E7912CC27B870172A682AA06964503372F76B5B0319D1C70ECAD19D29 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.953442076359946 |
TrID: |
|
File name: | nference.pdf |
File size: | 1'965'683 bytes |
MD5: | c29f553dab871caf1c324a362b9e9496 |
SHA1: | 50a9a32815e697ee4d5b05b2487ca5b0beff7ec4 |
SHA256: | 5d491cd99ea9efbda91c8f304ae498f7aeef140aef81f7ac77851fc67f64a9d5 |
SHA512: | a51e34b6bd2f61dc3d325a3f2a7f9ae0debf6c5d2e17caab893da2f35da0464379b7ed047921b7746f470978a9a24d6d22a236c24a43b58e7385b10c1ffdfdf9 |
SSDEEP: | 49152:mgti8FC+xnIbyY1GJojrQIEBX6CALN7aPkTT/CeiJsLV28F:W2IbyYZxEBXALNzTqDkd |
TLSH: | 8295123482B2AD9DC05C41B6571B2ACF0DDF3593858631CB7BEEAA46A700FC590DB693 |
File Content Preview: | %PDF-1.6.%......339 0 obj.<</Linearized 1/L 1965683/O 341/E 38831/N 19/T 1958782/H [ 856 870]>>.endobj. ..xref..339 28..0000000016 00000 n..0000001726 00000 n..0000001792 00000 n..0000002306 00000 n..0000002741 00000 n..0000003287 00000 n..00000 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.953442 |
Total Bytes: | 1965683 |
Stream Entropy: | 7.968178 |
Stream Bytes: | 1905305 |
Entropy outside Streams: | 5.237577 |
Bytes outside Streams: | 60378 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 366 |
endobj | 366 |
stream | 192 |
endstream | 192 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 19 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
358 | 0000000000000000 | 6ac12f95cd9746f4ba25137fc543487a | |
363 | 0000000000000000 | 817220fb094437ac3890a8f7a1709a80 | |
6 | 0000000000000000 | b09402c87f3df2d11ef07e040f2344cd | |
7 | 0000000000000000 | f69931ba7c89a2af59349d29afa284fa | |
8 | 0000000000000000 | d9c80f0f4dd70d87572ca67d882d8bb0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 12:21:59.775062084 CEST | 58225 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 12:22:12.317990065 CEST | 57587 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 12:22:27.802381039 CEST | 62625 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 2, 2024 12:21:59.775062084 CEST | 192.168.2.4 | 1.1.1.1 | 0x4c8a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 12:22:12.317990065 CEST | 192.168.2.4 | 1.1.1.1 | 0xeea0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 12:22:27.802381039 CEST | 192.168.2.4 | 1.1.1.1 | 0x1539 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 2, 2024 12:21:59.782891989 CEST | 1.1.1.1 | 192.168.2.4 | 0x4c8a | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 12:22:12.325088024 CEST | 1.1.1.1 | 192.168.2.4 | 0xeea0 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 12:22:27.810173035 CEST | 1.1.1.1 | 192.168.2.4 | 0x1539 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 06:21:46 |
Start date: | 02/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 06:21:46 |
Start date: | 02/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 06:21:46 |
Start date: | 02/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |