Windows
Analysis Report
SO22050.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7420 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\S O22050.pdf " MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7592 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7804 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 16 --field -trial-han dle=1576,i ,439365727 3783783276 ,134652871 2770658831 8,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.195.76.153 | unknown | United States | 2914 | NTT-COMMUNICATIONS-2914US | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528364 |
Start date and time: | 2024-10-07 20:49:30 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 0s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SO22050.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/45@1/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.144.73.197, 34.193.227.236, 107.22.247.231, 18.207.85.246, 2.19.11.121, 2.19.11.122, 162.159.61.3, 172.64.41.3, 2.23.197.184, 2.16.100.168, 88.221.110.91, 2.19.126.149, 2.19.126.143
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: SO22050.pdf
Time | Type | Description |
---|---|---|
14:50:35 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.195.76.153 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
NTT-COMMUNICATIONS-2914US | Get hash | malicious | Mirai, Okiru | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.186416473800347 |
Encrypted: | false |
SSDEEP: | 6:ncu2Aq2Pwkn2nKuAl9OmbnIFUt8ZFZZmw+ZFzkwOwkn2nKuAl9OmbjLJ:nccvYfHAahFUt8x/+r5JfHAaSJ |
MD5: | B322369891DEAAA04A12B0A2BFE1399D |
SHA1: | 8B302C2AC7FC11EFAE0C886AA508BEB91626A2D9 |
SHA-256: | D2449F646F61D438CEA57BEEB89E6CF4240B0062A38BE1AA9358F8A207BC8926 |
SHA-512: | 1C21EFA3D6B3023E5976A21F93A431B5416987A1EE7A768AB45340EE5656B91929EEE227F64BDE64510A4B49310F49907613BFE4DBA5619B638416015E9F7B76 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.186416473800347 |
Encrypted: | false |
SSDEEP: | 6:ncu2Aq2Pwkn2nKuAl9OmbnIFUt8ZFZZmw+ZFzkwOwkn2nKuAl9OmbjLJ:nccvYfHAahFUt8x/+r5JfHAaSJ |
MD5: | B322369891DEAAA04A12B0A2BFE1399D |
SHA1: | 8B302C2AC7FC11EFAE0C886AA508BEB91626A2D9 |
SHA-256: | D2449F646F61D438CEA57BEEB89E6CF4240B0062A38BE1AA9358F8A207BC8926 |
SHA-512: | 1C21EFA3D6B3023E5976A21F93A431B5416987A1EE7A768AB45340EE5656B91929EEE227F64BDE64510A4B49310F49907613BFE4DBA5619B638416015E9F7B76 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.161620784389257 |
Encrypted: | false |
SSDEEP: | 6:D+q2Pwkn2nKuAl9Ombzo2jMGIFUt88Zmw+GAnVkwOwkn2nKuAl9Ombzo2jMmLJ:D+vYfHAa8uFUt88/+GAnV5JfHAa8RJ |
MD5: | 8F28FD7D67875FEF8D5DF2591CE86532 |
SHA1: | D16D2658C99782219B8127D991FB220554E73688 |
SHA-256: | E2474DD57A21FCBDB33EA76187A28524D2C92887CB2B053B2515C08CA96AF44E |
SHA-512: | CA70F052FF56B9CE0D2970366583C004A6A68C50245057684BF134D1C68B2512CBABEBF697E8CB051566CF44F5B86323D7925EB65ADCB607167E66597123168D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.161620784389257 |
Encrypted: | false |
SSDEEP: | 6:D+q2Pwkn2nKuAl9Ombzo2jMGIFUt88Zmw+GAnVkwOwkn2nKuAl9Ombzo2jMmLJ:D+vYfHAa8uFUt88/+GAnV5JfHAa8RJ |
MD5: | 8F28FD7D67875FEF8D5DF2591CE86532 |
SHA1: | D16D2658C99782219B8127D991FB220554E73688 |
SHA-256: | E2474DD57A21FCBDB33EA76187A28524D2C92887CB2B053B2515C08CA96AF44E |
SHA-512: | CA70F052FF56B9CE0D2970366583C004A6A68C50245057684BF134D1C68B2512CBABEBF697E8CB051566CF44F5B86323D7925EB65ADCB607167E66597123168D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.966895279106768 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqEEsBdOg2H7caq3QYiubInP7E4T3y:Y2sRdsJdMHC3QYhbG7nby |
MD5: | C3AB201C4D00642195D8AE9729A9AF46 |
SHA1: | 70BFD59BD366AF32BB9CF665C93D47F1EA088955 |
SHA-256: | 88FA6E8A688FA37485A59121E95F0A49E55E7CA119F70B190378A10274EA3508 |
SHA-512: | 585E4391D850CA7F6DC550E42B7FB2055C5C817EA307D01CAC9BEA4C98D665301816DDAFC320536D55F85A7BD9D3723FE01EB6C7456A35FDD4229BDEFCE6BED4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f56f97d9-4d95-4b9c-89c3-65a32da8a84e.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.966895279106768 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqEEsBdOg2H7caq3QYiubInP7E4T3y:Y2sRdsJdMHC3QYhbG7nby |
MD5: | C3AB201C4D00642195D8AE9729A9AF46 |
SHA1: | 70BFD59BD366AF32BB9CF665C93D47F1EA088955 |
SHA-256: | 88FA6E8A688FA37485A59121E95F0A49E55E7CA119F70B190378A10274EA3508 |
SHA-512: | 585E4391D850CA7F6DC550E42B7FB2055C5C817EA307D01CAC9BEA4C98D665301816DDAFC320536D55F85A7BD9D3723FE01EB6C7456A35FDD4229BDEFCE6BED4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.258932710055558 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7lmiMZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gom |
MD5: | 7E939939DEA66BEE14CF8C6770470DA8 |
SHA1: | F514F45743A48B3DC80CB20D58C21D8FCCFD4456 |
SHA-256: | 047FCBB03EE0807130E99EE552B95E9118CF4CC586C3B74DB10541E67EE2611E |
SHA-512: | BAE8E7AC0607CD9DB30A55F4F64FD9267D5681DF1D2FAF6A6875F384EC4B514D36EA2CF4DDD3A6237C474FE9CC976F10F533E0507581DC8F5B946A75A90970C3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.19356303264519 |
Encrypted: | false |
SSDEEP: | 6:S+q2Pwkn2nKuAl9OmbzNMxIFUt87NZmw+7UEVkwOwkn2nKuAl9OmbzNMFLJ:S+vYfHAa8jFUt87N/+7UEV5JfHAa84J |
MD5: | E3E9B295D99F0A1B947D6E5E2026E6C0 |
SHA1: | 1A45AB5FEFC7F041F3D46D7C5C0FDB78E2D46F6F |
SHA-256: | 27EBD53DF7E7758CE47D47B0743215F45A978D7047BB8BF46691EB3440D04F3C |
SHA-512: | 2EC27F06D9BF2FB450D9D2863F374E6DFB4C8C665383F1EF0FA8B2EEC7B98C812A754EC7D7261F5D81E87F804CB467658E78D021CD2FA235256572023EAB6FCA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.19356303264519 |
Encrypted: | false |
SSDEEP: | 6:S+q2Pwkn2nKuAl9OmbzNMxIFUt87NZmw+7UEVkwOwkn2nKuAl9OmbzNMFLJ:S+vYfHAa8jFUt87N/+7UEV5JfHAa84J |
MD5: | E3E9B295D99F0A1B947D6E5E2026E6C0 |
SHA1: | 1A45AB5FEFC7F041F3D46D7C5C0FDB78E2D46F6F |
SHA-256: | 27EBD53DF7E7758CE47D47B0743215F45A978D7047BB8BF46691EB3440D04F3C |
SHA-512: | 2EC27F06D9BF2FB450D9D2863F374E6DFB4C8C665383F1EF0FA8B2EEC7B98C812A754EC7D7261F5D81E87F804CB467658E78D021CD2FA235256572023EAB6FCA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007185027Z-153.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.795889615375272 |
Encrypted: | false |
SSDEEP: | 96:fgsjGxu2eBMJ9ctSFkC4u0WMMMMskrXMMJMM3vMNQRMdMMM7MM+BMnMM+2CWFNYk:IsjIJkhWFNYphe7zllBMgyQ8EwkAG |
MD5: | A710D7C5040CEA7B761FF92E1EDB3D30 |
SHA1: | 0FF887D8E30A0015E2FE4F10CC8F91F18044518F |
SHA-256: | 11A3C98B3BEF8610717E81C2687E1FD80100DDF0F5BE64644179DF6448211514 |
SHA-512: | 9B998F75B54FD76A50DA5448662CF97B843CFAF4000D6EEC732154297F03FCBE39FD0891C714868DE4065913C385850E9DDB47B36202770568A900774C8CA4BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445013763294882 |
Encrypted: | false |
SSDEEP: | 384:yezci5tWiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rZs3OazzU89UTTgUL |
MD5: | 2F768B62232B0080AB689B3DADA6A4CE |
SHA1: | 4521F33195F366D7C4F01E7B4C45B3D9981183D7 |
SHA-256: | BB23387340D0249B6A866EAFD63AF3F4180422017D2BC2D1F6DFE0CC3F688444 |
SHA-512: | 5E647CEE24373C979983725DE29017E78686708C1FE3B069F0519657C01808DE93814BD0FD941DA85B7E486FE7900FBFFA949CCD3813D0D5BB58004C602A4835 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7725746879881186 |
Encrypted: | false |
SSDEEP: | 48:7MEp/E2ioyVDRioy9oWoy1Cwoy18aKOioy1noy1AYoy1Wioy1hioybioyaOoy1n8:7rpjuFFMXKQcWb9IVXEBodRBkR |
MD5: | 44649097F43955BA693D505031DEFE44 |
SHA1: | FB8A21B0EC366374DCDEB5E1263957788B1385A3 |
SHA-256: | 13B96321CBD9A1A2DBCFDDDCEFB509C6E5CA4DE781F0761A0CCE7FF8EF158FF8 |
SHA-512: | 9CFC9F5ED722D93CBCF91EAD7C11DCD54CA02B5B5DB723C44B46D2A208F4FF7A40D4B64B81722E7C25C5609D2BB610CE7288A3A375B0EFC78CC4BAF30AB51524 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | 3:kkFklu99+EvfllXlE/HT8kiNZNNX8RolJuRdxLlGB9lQRYwpDdt:kK399+9T8VNMa8RdWBwRd |
MD5: | 6F15C2F21B82BB67F6C348518573A4D5 |
SHA1: | 343AAC09CA3FD64EB9AFFB4AD1977A92B7533255 |
SHA-256: | BCD41B552EE7652D45BBC2F4B162A796A53317BE19BB30FFB9602A30058DA8C7 |
SHA-512: | 07A146B95CEA05E39861688AC15DAAB69C736A452D79D6C412D3A4C92BF7532FC8290E8679BE268F296A45920534CB65E43F81F4517752FEDF7D77DB65512D6C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.150184159866505 |
Encrypted: | false |
SSDEEP: | 6:kKlZ9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:WDnLNkPlE99SNxAhUe/3 |
MD5: | 9566E46C03015EF43CE9FD3E62524D28 |
SHA1: | 45A169A233AC8DE18DB71100B2CFD70B0C8A5F38 |
SHA-256: | 394BAB834FD8459E0F1D6C8C77A58A9AE3E29CCFFABFEEF6B509CEACCF96FE49 |
SHA-512: | 2F71C9B41CEFCDEF81B044A7369A0E0AFC867E2CABAD3C3DF8A7CB8366BAD241F8984C61793B6EA71BF649F4130B7DD3239C6893D77D02A55EEDFBABF868FD0A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 247234 |
Entropy (8bit): | 3.3245480448633247 |
Encrypted: | false |
SSDEEP: | 1536:mKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqUrRo+RQn:TPClJ/3AYvYwglFo+RQn |
MD5: | F7B75939ED43CD13BC5FA5A7E72C9C16 |
SHA1: | 2FB9185CFEB8001598A301C83ECA9948420007ED |
SHA-256: | 2D50A4E5C21D7154373C0DF9DAF523FF54E48551510828BDD08D0E3B24125055 |
SHA-512: | E7AB73FFC3402C06D67410C52140A801A7FCBA9B8D248F6C6A069A31FB14437B347BB2973DE361B395E49E50A0A11E515F3E9EC1A73B568421B64E059B883758 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.368509096129614 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJM3g98kUwPeUkwRe9:YvXKXOBaWZc0vdWVGMbLUkee9 |
MD5: | 4DC82F56A03B17B637B031EE2A408506 |
SHA1: | 95CA40131DEA080418B2BE02CEF4D3F559371C05 |
SHA-256: | 29C508131D11A94175AB2752DD008B52FEFB821B2DC2A665900CE04E50FEA655 |
SHA-512: | 013E765593853644BCCF2FB3D4B7256F756D7BA531CDC413D0A04C9C4003C4E514B2DB8CC897D28AE97BF5A5708544C6C0F515D6030329EC3EAF20582F75AE2B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.317087322353942 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJfBoTfXpnrPeUkwRe9:YvXKXOBaWZc0vdWVGWTfXcUkee9 |
MD5: | E4E2714362A4D9E6A4B20681CD1F2762 |
SHA1: | 0C381F0DF2EB9B0F03D30C7E3295BD823DA76AA1 |
SHA-256: | 08381B5E9BCC80E35E35185FA906EB7E0333ABAAA24C0FBFB72F5CE9E07EE6B8 |
SHA-512: | CCAF3799496FB635A863AED1C936B6C35AD062816F53B1E65DC98A1D5CFB561E1B86E0B449A2BE8CE906180F30B177A653970267B494DD8CF60335AA7414F3BE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.295226237099209 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJfBD2G6UpnrPeUkwRe9:YvXKXOBaWZc0vdWVGR22cUkee9 |
MD5: | C8EDEA3A7B60D488278F015A21E715D2 |
SHA1: | 370F7F71A57756F4E9901ABD3F18CE84121C655C |
SHA-256: | 2C3031037A250E2E8D822A12BBF551101639D14C9C4BE55E6D3E7386929431C8 |
SHA-512: | 8AE21FF2595A4E64FEC336857C508AB0AB01C63BB6CABC589EAA0CAA744D248A128766DD0CD81EBBE6742D1864FE3CFD5E51545760EAA7CA35C53CAC2F563851 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.355700153546262 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJfPmwrPeUkwRe9:YvXKXOBaWZc0vdWVGH56Ukee9 |
MD5: | F18D2336EAEE1A049502029256DA409F |
SHA1: | 955DAA0F9A0187084FFE7751FEEE2737AC11CD31 |
SHA-256: | E0766C0357F4C5F4B774FBCE2745D62AA10B2FC39AAA0E934BF5114E98429B15 |
SHA-512: | B5C8112699C915E1A5FC53159B9FAF74C05ADAA8CFC39B39748A462BAC0CD71621DB393B16328731E754991592B0BD07C9ADFA641FBAB1BC4E118E4B4F8D4A8F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1091 |
Entropy (8bit): | 5.6906339954778815 |
Encrypted: | false |
SSDEEP: | 24:Yv6XOMWzvM6pLgE7cgD6SOGtnnl0RCmK8czOCYvSZ:Yvfphgs6SraAh8cvYKZ |
MD5: | D09D2B12B5BCD0C4C984E1CE5C9E7DE6 |
SHA1: | 8A3322FEB0F2E960AE3B1A177AAB71A55306A72A |
SHA-256: | 0395CE2773C7D91279174E2DBB750289C1AD9FFF4F0CFDD93BBCC6ACD163E777 |
SHA-512: | 2604FFCDCA9FD2162F51A8F3280294F9E3A4CAC5C41119F382F47ECD4D3F716A6746999D2FF3EE2DE2F2FEE354B6BBF3881977A289BBD573DBF2FB59BE91194A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.655721381992822 |
Encrypted: | false |
SSDEEP: | 24:Yv6XOMWzvMcVLgEF0c7sbnl0RCmK8czOCYHflEpwiVA:YvfFFg6sGAh8cvYHWpwZ |
MD5: | 997BB47E90CF2E0A296EC8FB089894A3 |
SHA1: | 1686D885ED4F90509FDC1E30B8CF3F578FE250EF |
SHA-256: | 74899B79D9E1829E33C0CBEC5DEE939121C8AEC214DC248A0B58C7B94FEFC8E8 |
SHA-512: | BCF49C2CF0F74DDF9497A71804C2171FF49F94411D7AE04A9FC789F409699159BB3699531B941C9966209DE18E005B3E4BCFD2E93D3992FDEFC1B2ADF32DA2F4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.305140177010225 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJfQ1rPeUkwRe9:YvXKXOBaWZc0vdWVGY16Ukee9 |
MD5: | B4D3506D9F16694C45793D3702711C40 |
SHA1: | 3F1253AAB6441D44216BA7FB61382B9D99566B13 |
SHA-256: | D8036A1743EAF615F838268E70029B130FD618915AC8322A076628EC7CD0CCE6 |
SHA-512: | DDC3CC04353B97C7C10D6CA2DEE766FFCBF6C03CDFE903BC2A1FB45C578B0EB6B1A05E8A975A5178BB8BE08F92AA5EED059E139B2E140F8DFC619C4B1B060FA2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1098 |
Entropy (8bit): | 5.691509485831851 |
Encrypted: | false |
SSDEEP: | 24:Yv6XOMWzvMB2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSZ:Yvfkogq2SrhAh8cvUgEmZ |
MD5: | F22E49B171D1EC4925AA8456E3C4A7A7 |
SHA1: | 209373D9CEC87F366648B8CB2E1ED18D58979F50 |
SHA-256: | 55D1E822780C9C4A0536D75FE1620483BCDEE796B5312615CEBC465F929418BE |
SHA-512: | 1C1428FA554A99344BF24C9734D79E67E58AB1CFF92C54424E8181937D60B0D716F4541A2B97805E4A7DF0A73BED4BC2921CB4347B04BB57BA6A73753CA22AF2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.702101869873709 |
Encrypted: | false |
SSDEEP: | 24:Yv6XOMWzvMBKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5A:Yvf0EgqprtrS5OZjSlwTmAfSKC |
MD5: | 968756136539E7D7E012AE94E7500708 |
SHA1: | 480457AFEEE9D844A46F36E0AC5B44112654659F |
SHA-256: | AF29585FD52E7A8294430ED791BF60C2B595F8AE2B20CBBBF937D1CDEEA1EC5D |
SHA-512: | 77AD494A52E7509E1D7C3D2C1A4BF2B8BCDEB280E47B3FC90BEA12B448C8B4105522FB6741F642E04D231A96F13F7605CB117302896A1A6178582DF601B4197F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3083097420073315 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJfYdPeUkwRe9:YvXKXOBaWZc0vdWVGg8Ukee9 |
MD5: | ED5B8FB3457551B5FBCDFD2EF9EB74CB |
SHA1: | 99FBCA711432CD72E79C7A8E961A055DFF4EF9C6 |
SHA-256: | C909F42EE85F48857905D624DA1657C98252A59DD1ADD3F95E531EC5D26609CB |
SHA-512: | 0E3763847DF68D555BF9AD4AD49E5A6523AC4AB16FA2DCF2014C4C21296AB52CE86ACC0C9447AA498A1E6A50F39905D31F985C31CDFF2D2572E0931905C34406 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.779065388093141 |
Encrypted: | false |
SSDEEP: | 24:Yv6XOMWzvMMrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNY:YvfbHgDv3W2aYQfgB5OUupHrQ9FJC |
MD5: | D872A80D91D7C7385A551A67B1E7FEF2 |
SHA1: | ADDE2DF9B0E1934AA3E6326FBBA624CEB33B09EC |
SHA-256: | 87490E00E1617AACF37059599323940C8D70CBF6420873DEE99247C4EBEFC5D6 |
SHA-512: | F8C046AF6C0680E9E7DCD56B3D77F6FE4EC411F8195C73B819DFB747729FC56C3ED7F7B6B4615885A6B1B3CE3AF289C710AD2270E719B0ADBA8412D639986614 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.291799728052279 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJfbPtdPeUkwRe9:YvXKXOBaWZc0vdWVGDV8Ukee9 |
MD5: | DB2E7F7BDD6A772D1AC9C682B902A562 |
SHA1: | BC90367E6EF9B4AE5925418A05AEEA29AE419E8F |
SHA-256: | 11F8DB2701371B3F8FF6E2EEEAE54752273AB4436E8A4D04036DB8CE0B9FF337 |
SHA-512: | 28EADB2C487785C27143CA102CEDDB5B11E009CECE67A7875968AE22601BC556C0DFE70CAFCB63176EE8302FFEF33ECB0978453ECF6734E170C7964DCBA39661 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.296251819316135 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJf21rPeUkwRe9:YvXKXOBaWZc0vdWVG+16Ukee9 |
MD5: | A2E64146840A28FCB30A54DE19A75420 |
SHA1: | D5668EDBC430C000EA11DE5C2097F7B29522D7EF |
SHA-256: | 3E34277C31E815802601E95A154A9B9BB49C552C316D3CE2032E6163C5402E82 |
SHA-512: | C50E193568D71EC2BE464AF85663831DF6338F292A6DB1503A06BDF3B4B32C66D2AAE68E65D48263C7E55DFC65F1514E578F974E55617D6E8A9F127322EBF933 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1054 |
Entropy (8bit): | 5.667694799928944 |
Encrypted: | false |
SSDEEP: | 24:Yv6XOMWzvMmamXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSZ:YvflBgSXQSrOAh8cv6mZ |
MD5: | D71069F299B05E785B749EB34FDB883C |
SHA1: | 48EFB824DB552E67DCCA7F8609A7EC2B76D11FF5 |
SHA-256: | E89EB73099052012CA51D8C2BF4B6E49EC35BC417B0D706FE366D0EA0A96C8A7 |
SHA-512: | F205D197A122E197345123B916747429314AAD8F33D60F86F8D564343C8E2CD354A5981D954732F6A596D722810732B62AB841D86F3D6175D3AFB431F9A74A14 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.2722368034238976 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJfshHHrPeUkwRe9:YvXKXOBaWZc0vdWVGUUUkee9 |
MD5: | 89F7F226766F183E864B9734736B2A0F |
SHA1: | 66C7BC9BB7509C3FC5FDBF91F76967FCC02F2EE5 |
SHA-256: | BE7F1343EF99D26DB5B66B7B7511EB650D3B011F5D67ADD14AE12053DD332975 |
SHA-512: | 382DFB5679804731F4B62EE6884A9E8375EB7937BAA5E9D383D2E8E2FD5CF0529EFEFDDCC46B76621DB8E7C2E85183F69EEC87065D4675CA89C0F935A05AD3B1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.367694692176242 |
Encrypted: | false |
SSDEEP: | 12:YvXKXOBaWZc0vdWVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWc:Yv6XOMWzvMx168CgEXX5kcIfANhZ |
MD5: | 6C3B2758C44BCED7830806FE73E3D29D |
SHA1: | 87CF1E93D6B4588AF25414C262426726CABF0F63 |
SHA-256: | 7C7A90C3C1A70D11B56AF836B8156616B13616A3CCDD70B9F3126C2463348A8A |
SHA-512: | C8DB58C5C97B2908E436046681E327FE11B2DEA82B73EECB347F3B8038EF0971DFDD4CAF3F01E36278B08FFA44DB644568236B9514FE00094983B63B520E8B27 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.118088084369581 |
Encrypted: | false |
SSDEEP: | 48:Y55YHYrE6MLogBGpoE+djR/MU8jLso92M:s5YfVU4GpoE+dZN8jzT |
MD5: | 3040E880FD678A318B539B35FF23813F |
SHA1: | FE3868ABD9AA744FEC4D37BB29B13E20F90C9938 |
SHA-256: | 8D350B54ED0CD007AA9651B5BDBC09C6DC8EBA411CB716271142BCA943F091B9 |
SHA-512: | 408B1999A9C311A3F9B7657BB37038A4765C3453FE87CECE4334ABFCDF0C1616F65AF617192E2A3AC86B94372005CC4727B7E22BF3FAFE4057EDE82BEE95F28B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1880621157658056 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUU3SvR9H9vxFGiDIAEkGVvpz:lNVmswUUUUUUUU3+FGSIt3 |
MD5: | AABD48EC55C23BCA8AAD81B2D5FDBE39 |
SHA1: | 6D595A2F267215A3925B957D9B2201AD4CC69DC9 |
SHA-256: | 7625CDD2178CE66B9BE23FE82CB3B270EEDBB1BF6647747931A2B13EDF8374A8 |
SHA-512: | 2AD64D3171F695ED5509FBEEF13835BF34118BC2F885C84DD074DBBB43095E8EBCE69931E7D62462F35DFAB6745F31C3BC45060191EC279ACADD12658A2307DF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6069724001635906 |
Encrypted: | false |
SSDEEP: | 48:7MCKUUUUUUUUUUrvR9H9vxFGiDIAEkGVv+qFl2GL7msc:7qUUUUUUUUUUbFGSItcKVmsc |
MD5: | 644C57BF5D3E4B2904E2176656CF08C0 |
SHA1: | 4ED076B152713A9219893C2543407EB4AB534B36 |
SHA-256: | 01A7CDE52BC4DEF65EFB1638BCF64A0268B0878D954EBE0398B90C1BFDF279B0 |
SHA-512: | 7973C7A2375C2E10F00757463032F9220B752A395F228B5254967F38B3841A351B12E4030E74C1F2C2473919F31CD2256F3F1F69AF5D27E95C84A2115EEBB453 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5162684137903053 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8yQRqR5wlYH:Qw946cPbiOxDlbYnuRKTUlYH |
MD5: | 28E493972F32B9A7E627D76A2E26E880 |
SHA1: | 1930FEFDAA9359120F44073741DB80505005EAE4 |
SHA-256: | 27D048EC3A491F0031AC7CEF543E2D694834F262C9D8A2A06C036FA32166256E |
SHA-512: | A8756B1C4FBD75AA53D5A53E21580D13AD3570EA3EE62A1C5A771FECC7A74359B31FE2B65FAC2F3569FC302E467B5F3FE0FC454EA5892F834912DB64FF202F07 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 14-50-25-155.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.343251858056941 |
Encrypted: | false |
SSDEEP: | 384:MZLIj1ObdWeGFTm8zp3ibJ1kY7KfzbHZml0aok6sueirdY/WmhrpgfgtVLN8WhRH:UHp |
MD5: | 212FB298A2DE43BCAF3A5D0B4F4D91B4 |
SHA1: | D25B65CFCBFFDD347124A1C7D9FE4EC296C9437B |
SHA-256: | 30EEF31C40FD3F566DFBDD62FC31CCBC8F2FB988AB25594E81C3F202E5A26938 |
SHA-512: | 43F50B177BBB0B8A7C71B1D5215EFE5F5355FBAB7BF44946141E3FCCEAFD7ACB96AF3EC04DFF2061BE7CB58BED466C48D2C135282FD754C64FD855BD40A8F08A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.381606929867603 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rl:5 |
MD5: | 8AC217302E0DB8804CF6FA5D715E46FC |
SHA1: | 4DC155C11576AD04C5EE1E3CD0DF37DB3B4FB0E2 |
SHA-256: | 591907CD2EB1A8F37279E99269A98C6D700960EF0749352CFF023FB6D87AD421 |
SHA-512: | B4406FACC72FFA5E9C30A99097E3F6A553B9DE8ED73F1C15A4B8654EE32222A1556DDE66B492FE0B4824E2C3191C44280943AAF3F55A7B2B931B4F1430B1292F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.960745153520967 |
TrID: |
|
File name: | SO22050.pdf |
File size: | 81'912 bytes |
MD5: | 6c6cb3ec51f88433fa4132bca9ae4774 |
SHA1: | 141459b3e3285f0a01532a6994779369692f6808 |
SHA256: | afc58e10864ca782457321dd6fbf55c21ad634669d28099703643931241073f1 |
SHA512: | 367218967bd0de5f7e1adc2beeb334d0eb63f11d331f3372bcc4927704d7521974a50a8b75b6a528a4ee443c0d5b35830ce0dda97753026b6128474db55c50f9 |
SSDEEP: | 1536:kyQ3xnYFDprKd2rMJMxjp28eqrwH5IYhqPrjJ3ODM43:XQUDprKdux128e2wHXYpODM43 |
TLSH: | A3830279B48F49BEC28547F7FF6170D79E6EF246018E8181B4AC0D0F88CCDA1795A52A |
File Content Preview: | %PDF-1.3..%..........1 0 obj..<<../Title (SIG_SalesOrderPrint)../Producer (ComponentOne C1Report)../CreationDate (D:20241007141642-04'00')../ModDate (D:20241007141642-04'00')..>>..endobj..2 0 obj..<<../Length 5000../Filter /FlateDecode..>>..stream..x.l... |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.3 |
Total Entropy: | 7.960745 |
Total Bytes: | 81912 |
Stream Entropy: | 7.969452 |
Stream Bytes: | 79011 |
Entropy outside Streams: | 5.347140 |
Bytes outside Streams: | 2901 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 23 |
endobj | 23 |
stream | 8 |
endstream | 7 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
15 | 2200232765a70510 | 5d74b054b0d9afc74f86f84be4a0ab7c |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 20:50:36.664822102 CEST | 49743 | 443 | 192.168.2.4 | 23.195.76.153 |
Oct 7, 2024 20:50:36.664859056 CEST | 443 | 49743 | 23.195.76.153 | 192.168.2.4 |
Oct 7, 2024 20:50:36.665338993 CEST | 49743 | 443 | 192.168.2.4 | 23.195.76.153 |
Oct 7, 2024 20:50:36.667402029 CEST | 49743 | 443 | 192.168.2.4 | 23.195.76.153 |
Oct 7, 2024 20:50:36.667413950 CEST | 443 | 49743 | 23.195.76.153 | 192.168.2.4 |
Oct 7, 2024 20:50:37.202195883 CEST | 443 | 49743 | 23.195.76.153 | 192.168.2.4 |
Oct 7, 2024 20:50:37.203336000 CEST | 49743 | 443 | 192.168.2.4 | 23.195.76.153 |
Oct 7, 2024 20:50:37.203345060 CEST | 443 | 49743 | 23.195.76.153 | 192.168.2.4 |
Oct 7, 2024 20:50:37.206890106 CEST | 443 | 49743 | 23.195.76.153 | 192.168.2.4 |
Oct 7, 2024 20:50:37.207406044 CEST | 49743 | 443 | 192.168.2.4 | 23.195.76.153 |
Oct 7, 2024 20:50:37.208971977 CEST | 49743 | 443 | 192.168.2.4 | 23.195.76.153 |
Oct 7, 2024 20:50:37.209141970 CEST | 443 | 49743 | 23.195.76.153 | 192.168.2.4 |
Oct 7, 2024 20:50:37.209497929 CEST | 49743 | 443 | 192.168.2.4 | 23.195.76.153 |
Oct 7, 2024 20:50:37.209505081 CEST | 443 | 49743 | 23.195.76.153 | 192.168.2.4 |
Oct 7, 2024 20:50:37.256467104 CEST | 49743 | 443 | 192.168.2.4 | 23.195.76.153 |
Oct 7, 2024 20:50:37.304637909 CEST | 443 | 49743 | 23.195.76.153 | 192.168.2.4 |
Oct 7, 2024 20:50:37.304920912 CEST | 443 | 49743 | 23.195.76.153 | 192.168.2.4 |
Oct 7, 2024 20:50:37.305100918 CEST | 49743 | 443 | 192.168.2.4 | 23.195.76.153 |
Oct 7, 2024 20:50:37.305310965 CEST | 49743 | 443 | 192.168.2.4 | 23.195.76.153 |
Oct 7, 2024 20:50:37.305310965 CEST | 49743 | 443 | 192.168.2.4 | 23.195.76.153 |
Oct 7, 2024 20:50:37.305330038 CEST | 443 | 49743 | 23.195.76.153 | 192.168.2.4 |
Oct 7, 2024 20:50:37.307406902 CEST | 49743 | 443 | 192.168.2.4 | 23.195.76.153 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 20:50:36.274343967 CEST | 61980 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 7, 2024 20:50:36.274343967 CEST | 192.168.2.4 | 1.1.1.1 | 0xfd54 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 7, 2024 20:50:36.284389019 CEST | 1.1.1.1 | 192.168.2.4 | 0xfd54 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49743 | 23.195.76.153 | 443 | 7804 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 18:50:37 UTC | 475 | OUT | |
2024-10-07 18:50:37 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:50:22 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 14:50:22 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 14:50:22 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |