Windows
Analysis Report
maddenkaren.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6328 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\m addenkaren .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 1608 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7180 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 20 --field -trial-han dle=1540,i ,145585150 2129788501 1,19166204 8057153801 6,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.41.168.139 | unknown | United States | 6461 | ZAYO-6461US | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1529320 |
Start date and time: | 2024-10-08 21:02:24 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | maddenkaren.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/46@1/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.149, 2.19.126.143, 172.64.41.3, 162.159.61.3, 54.227.187.23, 52.5.13.197, 52.202.204.11, 23.22.254.206, 2.23.197.184, 199.232.214.172
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: maddenkaren.pdf
Time | Type | Description |
---|---|---|
15:03:35 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.41.168.139 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Azorult | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | LonePage | Browse | |||
Get hash | malicious | LonePage | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | RHADAMANTHYS | Browse |
| |
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ZAYO-6461US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Azorult | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LonePage | Browse |
| ||
Get hash | malicious | LonePage | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.209762513018561 |
Encrypted: | false |
SSDEEP: | 6:c+9W4RoaL+q2Pwkn2nKuAl9OmbnIFUt8L+9W4RSbL1Zmw+L+9W4RSbdLVkwOwknf:c+04RzL+vYfHAahFUt8L+04RSbB/+L+p |
MD5: | 9281496CFA039D3FD841773FF81A1498 |
SHA1: | C8B6A3925D99786C498D13DACB1B9F2889EC2608 |
SHA-256: | 9FF2EE30F2B1BD0B864B6D916DD0C9D696AFA20CBBBCF93F43F57484F9C618F1 |
SHA-512: | C2A0500D6A20B5C35D850D4B19B8B2C4E576D4509BC0B7EB50667BCCB3858B50988E150A71522334F6F772E5F4E06FE21A64AF4FE7F8A98FB7906D654BDCC516 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.209762513018561 |
Encrypted: | false |
SSDEEP: | 6:c+9W4RoaL+q2Pwkn2nKuAl9OmbnIFUt8L+9W4RSbL1Zmw+L+9W4RSbdLVkwOwknf:c+04RzL+vYfHAahFUt8L+04RSbB/+L+p |
MD5: | 9281496CFA039D3FD841773FF81A1498 |
SHA1: | C8B6A3925D99786C498D13DACB1B9F2889EC2608 |
SHA-256: | 9FF2EE30F2B1BD0B864B6D916DD0C9D696AFA20CBBBCF93F43F57484F9C618F1 |
SHA-512: | C2A0500D6A20B5C35D850D4B19B8B2C4E576D4509BC0B7EB50667BCCB3858B50988E150A71522334F6F772E5F4E06FE21A64AF4FE7F8A98FB7906D654BDCC516 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.1987388384704865 |
Encrypted: | false |
SSDEEP: | 6:c+9Wk934q2Pwkn2nKuAl9Ombzo2jMGIFUt8L+9WBRRNJZmw+L+9WAEDkwOwkn2ng:c+0tvYfHAa8uFUt8L+0BH/+L+0Z5JfHA |
MD5: | 166DEE70E521626AB0A8295AF76E4B31 |
SHA1: | BC9A0B78E2EE3DACBC3C5B906C63D4E6C90FEF89 |
SHA-256: | B471B25FADBC848732A68A66A20D98C799ADF43BD97BBBF3FF855506112534AB |
SHA-512: | 8C508C61EC97731B028970BAC9E8D3DBA18C40E0C184B001C6E980056F4EB8E622E012110E80F0FF26DB77C72067E14D4583C5827C1E4A5CF1FB47FBC3F65C71 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.1987388384704865 |
Encrypted: | false |
SSDEEP: | 6:c+9Wk934q2Pwkn2nKuAl9Ombzo2jMGIFUt8L+9WBRRNJZmw+L+9WAEDkwOwkn2ng:c+0tvYfHAa8uFUt8L+0BH/+L+0Z5JfHA |
MD5: | 166DEE70E521626AB0A8295AF76E4B31 |
SHA1: | BC9A0B78E2EE3DACBC3C5B906C63D4E6C90FEF89 |
SHA-256: | B471B25FADBC848732A68A66A20D98C799ADF43BD97BBBF3FF855506112534AB |
SHA-512: | 8C508C61EC97731B028970BAC9E8D3DBA18C40E0C184B001C6E980056F4EB8E622E012110E80F0FF26DB77C72067E14D4583C5827C1E4A5CF1FB47FBC3F65C71 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\60e0b8b9-29ea-483b-8396-e6e4d341b611.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.9676289960448665 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyJgxsBdOg2Hqegcaq3QYiubInP7E4T3y:Y2sRdseidMHqeL3QYhbG7nby |
MD5: | 69E4FA4FE50488F4AE541A79E7D7DF3C |
SHA1: | 579CB4BF8E555BE911564984B1B6D6341A5D4933 |
SHA-256: | 473C39367585A69FA8A0A0984CA7913B7A5E244D37C207FC210621C65B3E2752 |
SHA-512: | DA9022651A1E905B384181D6332E8EB7CDB3F1248D1C3FFDEBBBD288C1483F6802B08647F4519C6C113F237CCC81B63A816EB762302E84E78EFF2B8E8E64CB98 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.9676289960448665 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyJgxsBdOg2Hqegcaq3QYiubInP7E4T3y:Y2sRdseidMHqeL3QYhbG7nby |
MD5: | 69E4FA4FE50488F4AE541A79E7D7DF3C |
SHA1: | 579CB4BF8E555BE911564984B1B6D6341A5D4933 |
SHA-256: | 473C39367585A69FA8A0A0984CA7913B7A5E244D37C207FC210621C65B3E2752 |
SHA-512: | DA9022651A1E905B384181D6332E8EB7CDB3F1248D1C3FFDEBBBD288C1483F6802B08647F4519C6C113F237CCC81B63A816EB762302E84E78EFF2B8E8E64CB98 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.252606435780947 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7SLrJLWZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go/ |
MD5: | 8FE8CB66ADA44280F7F6ECDEB6A9ACBA |
SHA1: | FE9385B4A023B0029A25936802989F637E0FCB18 |
SHA-256: | 1EE948A069E46109D895A8482B694C70A4922DF3BAADB768680F7FE8755A5E27 |
SHA-512: | AE0C804C6A030D9CDB15C65BDD452DBBACDB042951E0E4C8EF6C24716E26749EA277D0607BE9B0F1C726A208FB85E8821DBECFA7422169A240D84C6EFF10DC6E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.177638919912808 |
Encrypted: | false |
SSDEEP: | 6:c+9WVhq4q2Pwkn2nKuAl9OmbzNMxIFUt8L+9WVhXj3JZmw+L+9WVhuRLDkwOwknS:c+0VvYfHAa8jFUt8L+07jZ/+L+0SRP51 |
MD5: | 3B31A14A1B0D5E43B7E2CC2E29FAC406 |
SHA1: | 72C3F7B17F77ABF48E75316F228E427890A07963 |
SHA-256: | 13DEF52B47DFA5413F38C737A88C136D2BEA9F31BC248566C64389BFF6494E40 |
SHA-512: | 34E23A049256FD799E2454450F09480A8007BE31D87896842F82F6764C128C91B07BBEBDE81CFD09E0DDB4513719580BBB49022AE1915B8E7B42313840022456 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.177638919912808 |
Encrypted: | false |
SSDEEP: | 6:c+9WVhq4q2Pwkn2nKuAl9OmbzNMxIFUt8L+9WVhXj3JZmw+L+9WVhuRLDkwOwknS:c+0VvYfHAa8jFUt8L+07jZ/+L+0SRP51 |
MD5: | 3B31A14A1B0D5E43B7E2CC2E29FAC406 |
SHA1: | 72C3F7B17F77ABF48E75316F228E427890A07963 |
SHA-256: | 13DEF52B47DFA5413F38C737A88C136D2BEA9F31BC248566C64389BFF6494E40 |
SHA-512: | 34E23A049256FD799E2454450F09480A8007BE31D87896842F82F6764C128C91B07BBEBDE81CFD09E0DDB4513719580BBB49022AE1915B8E7B42313840022456 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241008190333Z-191.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 2.5354647276408375 |
Encrypted: | false |
SSDEEP: | 384:nbe5xaclzsSAas6oTXuP2XYp8mn92b6QUaYF4WTqF:be/aqASAas6oTXuOX1M92bDxYF7k |
MD5: | EFCFC3658B8A92AF8E682C9A58326A8F |
SHA1: | 1DF36F121AB41531C6A65CB8E4D3317DB4CBB040 |
SHA-256: | EF1FF3A012CB1BF7DE0CD452360C30F8D8AEC2542583C2CA926E95180AAB9DA9 |
SHA-512: | B6556ABE73E3DB847D0AD43E2C0319F61D429F17812ED5D3E9E3F5557C81D2659D19E10839786E009D19B38048F38CF9AB597C100E07C3A171750A50C5A03E03 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445069632213932 |
Encrypted: | false |
SSDEEP: | 384:yezci5tIiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rvs3OazzU89UTTgUL |
MD5: | BD5AC1999D756D905FC3D35A7EB04E6E |
SHA1: | AB2D57AB2BA3409001EC9BCC000114688478846A |
SHA-256: | C4E5923F626414E9507270F68B7C96860608B8FEABE767381EAD41152CBF20A0 |
SHA-512: | 74B1F66CF02D66037CAA8552BF8825E0F3B96A4F2A549FE1800E9A86582DC3612F5CD8EC4C91CD111A74BA1DB33ED7895434BB5BD7115BE903F2257E622591A7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7745462683527142 |
Encrypted: | false |
SSDEEP: | 48:7MMp/E2ioyVAioy9oWoy1Cwoy1UKOioy1noy1AYoy1Wioy1hioybioyCoy1noy1v:7npjuAFPXKQDsb9IVXEBodRBky |
MD5: | FAD03D6F068876362D35FA5785A78243 |
SHA1: | 28881C73CD1794FEB4B1589C088E4476673D14C8 |
SHA-256: | FE377D54D182F125C570E3A6A80F4353C67595F23BFC59BAF9BD77578B2B5FC8 |
SHA-512: | 62D33AFB976254B9986F94E50C292FB069AC1D1795E59B8CEF23E131DEE0992DBBC3727639927A3699CA31B2D4F16CC1439A9C30ED257054152D27AEF846D62B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.768677529655849 |
Encrypted: | false |
SSDEEP: | 3:kkFklh6hu31fllXlE/HT8kINNX8RolJuRdxLlGB9lQRYwpDdt:kK302T8TNMa8RdWBwRd |
MD5: | 226F7AD120BB42D5A72D7165A6111A6E |
SHA1: | F6FEECC5AC45096BD801E74C7150B9605AD061EF |
SHA-256: | E71019FFFDE4E85A1E065F98189D865AEA6C224D4D375E54FA4E257E826753F8 |
SHA-512: | D7EE6BAD932FC95972EAC6694BE0796A8AA68FB7D3329282E0585961287827DD57CF0E37227551702DA4558375087933426A9C5D2B0E9478F7BFEF962B2AAD93 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.2455963809668185 |
Encrypted: | false |
SSDEEP: | 6:kKHP9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:veDImsLNkPlE99SNxAhUe/3 |
MD5: | C1EDFAEC0A1882BB9919B4985118F08D |
SHA1: | 69B16469AB20A584312F085582940AA9023818DC |
SHA-256: | B1D645201F5946E7D3CEB08B1AEEC170FC6AB2227FA984CA6D4527928EF9F42C |
SHA-512: | 17D03BF96C5D6717C85026A8CF21EC474640A33B1F6C316D4A9960DBEFCFF661FAF2C283C7546124A0F301AA679FB1C0B3BBAE5A402306306E48FFC7D956F49B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.352400123063201 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX/ASrhm9VoZcg1vRcR0YGDoAvJM3g98kUwPeUkwRe9:YvXKX/AchmEZc0vIGMbLUkee9 |
MD5: | C9B139DB0F832E3049E352EB59E2EBD5 |
SHA1: | F2DE8752663D968E4F8C0A3C9809D7A984B8F302 |
SHA-256: | AC5002077C7DA2D721B3A77A2C418CC3965E5F50088728274A59EA5070F1B631 |
SHA-512: | 5886A7CC626748E9D18EC0D57FF3F9CE1A1890E6004319704B55AEBC774F60B1942BD2BFEE88579865446D3EA67E7822D84BE4919852BC7266A307D96E50B76E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.3004526811211905 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX/ASrhm9VoZcg1vRcR0YGDoAvJfBoTfXpnrPeUkwRe9:YvXKX/AchmEZc0vIGWTfXcUkee9 |
MD5: | EEDB7B77AFA022BE9269EEDF74328F5E |
SHA1: | DC73D34C06335C53378AFD6E2F7588814FB6A107 |
SHA-256: | 2535097A5D59DCFF07B4465137B2364EDD5C7C8FAB8B4ABF166CFB3C7FDC0D9C |
SHA-512: | 7838A2C3B0C5EE4138705231C47C0B3EE9C86031312EADF1C1C6C0C317217CC346D093FB6765D7A2E29ADF42134147A0CB60CD1F4EA5C7A7C999D55DCA565697 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.27830277469826 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX/ASrhm9VoZcg1vRcR0YGDoAvJfBD2G6UpnrPeUkwRe9:YvXKX/AchmEZc0vIGR22cUkee9 |
MD5: | D02EBF5BC7D55EFDF01B06D2E8F6E3D3 |
SHA1: | 6E7191D0F5E4EA27D3FBBDFCDEB441F9003539CC |
SHA-256: | 951965E26B6A0CAC0F8CCFBA28EA9AB3891AF37AF16841DE2F4C3C7D42321DB0 |
SHA-512: | 56564BD1B099201EB9C44A816B7C740BC60BC399D19EB516D681901FD9BC1BE6BB17E5A7BF5D46CA5A9B96A993ADB71C5C79B654B5911D6A61AA179959DC5CBB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.339025953354711 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX/ASrhm9VoZcg1vRcR0YGDoAvJfPmwrPeUkwRe9:YvXKX/AchmEZc0vIGH56Ukee9 |
MD5: | D74D659D51A5D2DAED50493DA8426C5A |
SHA1: | E9656AC6EC79331AF148B91E4A66B3173D26100A |
SHA-256: | B264D6CC80CD0F01F65CC977A373D25195A93F36DBBBD439691B584CE54BCAB0 |
SHA-512: | EBC85B74B0536BBE0DEBF4E1D6E1C5CC7E1B344F755CB4C1ACE830ECB1AA98199FEF912554630478FE7FF4E1C7A612DB840B6059956FD03ED23BA2488E7BBE3B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1091 |
Entropy (8bit): | 5.689543003473167 |
Encrypted: | false |
SSDEEP: | 24:Yv6X/TzvFpLgE7cgD6SOGtnnl0RCmK8czOCYvSc:Yvgthgs6SraAh8cvYKc |
MD5: | A158A12AEC38F628CBE9BBABB1581615 |
SHA1: | 7D5113447F69CAC52CB007BAA9235B57619D1212 |
SHA-256: | 1CB1F6A16B5969B41BC285130990ABD73A9F724B047A0323D5AFE9B082518990 |
SHA-512: | 7D9259A963F5657411D1342F3CDA8A244C8577111EB43C194ACEA1879BAD0A18D1CC99DC2A1E5525886D57A6C5EDC4E9BA064E98FFD766C512BDFAE498F66162 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.654772783683844 |
Encrypted: | false |
SSDEEP: | 24:Yv6X/TzvJVLgEF0c7sbnl0RCmK8czOCYHflEpwiVB:YvgxFg6sGAh8cvYHWpwc |
MD5: | 670D0301F7EA3ADA0B81DFCCB7DB82CB |
SHA1: | DFB11B6C173BB4C1E61CD7F52DA5B69CA5CB4728 |
SHA-256: | 8C8754DCFB1ADA2BCB7139C3B5E20B0A7EA984BC5C82048E7944AFD3034F9EC6 |
SHA-512: | 35353CA56A4B795E7AA4C2C4A0DA07652E7C79703BBA6A37E39F0012DA48F3A994AA6798938F49BC83A588B3DFB52A6CB73A0D86ACDF24644CC439DB1D86822F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.290467294730629 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX/ASrhm9VoZcg1vRcR0YGDoAvJfQ1rPeUkwRe9:YvXKX/AchmEZc0vIGY16Ukee9 |
MD5: | A7746CBE94E0A190CC461F861CC80D8B |
SHA1: | 9947AE9BABD621F1D5A611526C8EF60D48DE5447 |
SHA-256: | 8A47B79E73B48E3BAE8718F82A1205F09420997B3B9937C3E334FA589DC96FD2 |
SHA-512: | 940B49F50E8C0B0153B2D9F069FEE7236F55C614C6CAF7F1D26CAA126DAA922ABA9FFBAA096EFF3940E08BB95E956642772AE8F4BD933E7B60AB0C760D748154 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1098 |
Entropy (8bit): | 5.6885424313369315 |
Encrypted: | false |
SSDEEP: | 24:Yv6X/Tzv42LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSc:Yvggogq2SrhAh8cvUgEmc |
MD5: | 58FE027DFB442482A887295E1D95207F |
SHA1: | 9687D4E43DFF67A624FADD2ABF7B041479197AD1 |
SHA-256: | 6FE3B7765D9224740C8255A529500C74D3DA60E3FE3263B7851BBA392EF0E7CF |
SHA-512: | BBFE45E4A20B113CA6166CB70CFC16138C3D7B227F9708A67F478C18651CBEC22106C9BC2F412FD4997D8CFF4DFD5C5BD40FEFEE33734EE2EE4E3444C4BB68CF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.698953608582198 |
Encrypted: | false |
SSDEEP: | 24:Yv6X/TzvwKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5B:YvgoEgqprtrS5OZjSlwTmAfSKD |
MD5: | F14C6C6213EA488A6C58DB7C96E8C290 |
SHA1: | 6539669402967A942E07A8121ADCE5A053680671 |
SHA-256: | 472F557E293D699DCB8E211E3024E164EE500A0CCADA9666E1D1859BCCB47F78 |
SHA-512: | D715B2D4DA70671F7510820FD506AFB2B6FDD6326EFEF5FDC6CB5DBCCA6592EB1037B3AA9F124CAE720882847FF0293897406326D2806F1FE2B387F457A8E832 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2926010455047825 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX/ASrhm9VoZcg1vRcR0YGDoAvJfYdPeUkwRe9:YvXKX/AchmEZc0vIGg8Ukee9 |
MD5: | 546BC3818098027F0A732D4F6382A035 |
SHA1: | 457B71B3BC664FE516E9DCB6E65FDD47A6D52FE5 |
SHA-256: | D4C83418D95A7E6D0B62C84BE6D7522EA878F81DAF437D820EEEE422B578B5B1 |
SHA-512: | 6A4986367B43162DA0E1734392491671C3FA43BDA80E124197BC5558478FA15DD4254E2A81DB2696763DD6F414713DF288FFC7A3384E696AB6CF10291EC1F2F6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.782250322619763 |
Encrypted: | false |
SSDEEP: | 24:Yv6X/Tzv/rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN4:YvgHHgDv3W2aYQfgB5OUupHrQ9FJS |
MD5: | 5C07533A947BF5B5A88BA4448383822E |
SHA1: | 78E5E75300651B161D1EDDD9C21F6DD1FF14D44E |
SHA-256: | 4C4B35C8612C3E3EC631D18C19135655D593F2B009DD3B69DC8E9E89733E68C0 |
SHA-512: | FD39CC30F89DEE3A060603D03435FF71138ADE231633397B68CEF8302ECB243F2FBC05D0F8A7B4131C90C7CF077FEE30A8A9E73936E904CC657A52245FBEC04F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.276198995099576 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX/ASrhm9VoZcg1vRcR0YGDoAvJfbPtdPeUkwRe9:YvXKX/AchmEZc0vIGDV8Ukee9 |
MD5: | 0EB2E77B39D7A24C3E130D881DAA6BE4 |
SHA1: | F76561FF6F02059CEE1C017C7131DC113538ED9B |
SHA-256: | 79BC2FF1F9E7C43E0494163A0A50A634AEBB7834B509F167A355654E1C29343A |
SHA-512: | 6B20BB8BED102166C943879D7109F72812149E6BCC8CD829213F311E34011BEBDDB12FA953E344129F4E1E7A8B2D4322F923659F4C2AD3CDCC1B62D1C83CD673 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.281323311909716 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX/ASrhm9VoZcg1vRcR0YGDoAvJf21rPeUkwRe9:YvXKX/AchmEZc0vIG+16Ukee9 |
MD5: | 6E24322A0FB7F1D96CD844AB61248E02 |
SHA1: | 337DF53E047ED9215BB50424B7F3C4B67BBB54E4 |
SHA-256: | 0E8A6571A40FDE801EA5D7321D2BADDA11645FA1588B71BF9C8891DD788182AB |
SHA-512: | 7B9AF0F6D849F1C059488C3DEB90A5E6FD8DD409BA70C8730377AA9B2A5E3C7AB2875DB0F8B536D859EAE160E416251D5AEB4F9FCC55ABBA61E8CD2B19F60D2D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1054 |
Entropy (8bit): | 5.6673950316138235 |
Encrypted: | false |
SSDEEP: | 24:Yv6X/TzvdamXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSc:YvgJBgSXQSrOAh8cv6mc |
MD5: | 136D687B94B87213CA32362A2E81AB36 |
SHA1: | BD09A73BBA48BC8C10CA033F73A79503E33DCED2 |
SHA-256: | 51E70F28BEC0E4C751538284CC1379A2CEA061F966C65E12B178DAE02F2708FA |
SHA-512: | B0D8CA54F6DC315F6271285B2F3DCFABC1892CDD18083C340FC5FC36897EDF85292D1C67BF19F35A5EF25374CCE05323D5450912BE5C7BDDE4D2BD7611898A2F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.257082143783221 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX/ASrhm9VoZcg1vRcR0YGDoAvJfshHHrPeUkwRe9:YvXKX/AchmEZc0vIGUUUkee9 |
MD5: | E2AACED5F35AAB2F8F1AA1CD666D49AD |
SHA1: | 3EF6FB71F72D865E5D98C3B828CD4FA6B068CABF |
SHA-256: | 8E50868B08D5ACDB739FC05EF531D039E6800BFBA445B907850A7CE929A3251E |
SHA-512: | E0071442B60A64F6D0076F1F171177859504D3DBFCBBBF15D08EFFA98484C4C7BDDD90C6A075D6FCC61CC3BDFA333883D32799A94EFDEFC25741E3B8BD09C966 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.370963709836417 |
Encrypted: | false |
SSDEEP: | 12:YvXKX/AchmEZc0vIGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWt:Yv6X/Tzvu168CgEXX5kcIfANhc |
MD5: | 6AE850312B884E23271251D85A9D54DA |
SHA1: | 46D6D31437C26C2BE6D2D1E6707DD7852840AC92 |
SHA-256: | ED87B5050E069888DDE70CA4BCEC5A67B70EEE30311837C5BD256908235A904A |
SHA-512: | 22ED0598311E4A2FB4DF7561EF56A07AE3530FC5D0338F43F40AE27236FFBB70B60FEAD5A8943E8A98CC31DF1FAB2DDE49632343C4E3759F2CD285CC186EC1E7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.136539207530262 |
Encrypted: | false |
SSDEEP: | 24:YXQVXCajmqWaySNA5C5cUbjh/JlEHyDIrs5TjSyj0S2jUe2b92LSALkV5LI9Lpkp:YXkJH6UcU9bESjJyk9aYVe9Lpw |
MD5: | 9BDC4D942B3D53E48F7563D94A2BCF4F |
SHA1: | C59C55E42848865EFA7318EE0F95B62B3D8AD534 |
SHA-256: | 22CD0CD1BAF70AA8C7295B3CB4DE3425624732EF3DF058A222B628CFB9195E32 |
SHA-512: | AEA61F83B8BF6C243A63F57B6CA29314B40B6C8A237BF761C62828AA0787F3D283E7BE73D3FC5F9F3AC11C724E92B3572978C832A662B179EB593BF3B745F425 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1879497542887214 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUZXSvR9H9vxFGiDIAEkGVvp1X:lNVmswUUUUUUUUR+FGSItV |
MD5: | 3279B028A23E27CEDD863A9A88B59EBD |
SHA1: | 86BDFA698AFE12A425D9CE5EA752C9009629F2D9 |
SHA-256: | 0A32624280957B12153CDD4A1630CD734B78374046FA9C07B5C23D385FB083AA |
SHA-512: | 0F5209D6B52CDEF97D0227821196839AFC8850DCEA86761975CCAE7F645FF0BFD6579B6B85D2BA8E830D9D8DA0120C2B712BCB1433710055A2D7E38D7C7ED81D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6069962662875696 |
Encrypted: | false |
SSDEEP: | 48:7M5KUUUUUUUUUUZLvR9H9vxFGiDIAEkGVv1qFl2GL7msb:7vUUUUUUUUUU9FGSIt7KVmsb |
MD5: | 93D83D544A6E17548656FEF590A6F8D4 |
SHA1: | A7B28CD70AFCBB9CB25F76BCB1FDCB020138325D |
SHA-256: | 5BBD60BA06A645E3FCA7F40108DB87B933CD8159A1C7F087BCD832D809F8242D |
SHA-512: | 2E1999DAE995AC9E7A8E4E8AA7A55A2518EB264A3E745C37E85D133E13345D02419DB97FDFE771FA4B5BE3EC2110FE99BFB029616B7F3FB40471EDB856CFCEE7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5309417490522437 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ejqwiRH:Qw946cPbiOxDlbYnuRKkR |
MD5: | 57A2AA6AF4069D02694DF4B5EF523919 |
SHA1: | 1755FD18C9F1C62448E53AAC1B838EADE7B46687 |
SHA-256: | 00527BAFE8F3FC67694835640F8C5D3663C7312864A7DA88A86B4E22A742C134 |
SHA-512: | AA9067DA25A63B4FF60817E1BDCFF594B95DF644791238FD372C2646B6F42994D66D43815056AE7F5721A1E96AD0FB0B33A41DA7043B741D9033225DAD4578D1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.0721530724688675 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOCuiQEo7KiQEuTCSyAAO:IngVMre9T0HQIDmy9g06JXHLE5LEAlX |
MD5: | 23C8BB526FA769F029119AA93F9C1331 |
SHA1: | EB6A07C781B80BC17614F1949896DEA2826C5A91 |
SHA-256: | 3BA3FD18EF46F60BC4B7CFDE2372A425835BAFC6E761BDB0E303EE6C689BFD26 |
SHA-512: | BC815B6E795E94D31B0868F6E1E732FE90FCFB81AF98FF5A5D731760C612BED319B18A2E49C60F0F3A64BE6456E33EB778945E50C61E119312996DD4468A2E67 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-08 15-03-30-191.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.315619886872456 |
Encrypted: | false |
SSDEEP: | 384:RRXcfBxJs5DnzgBj8K+zU2imK9clDU0q4vzfhJ5IRHp2iEm82z6WuHuHG3N7T+WO:aQC |
MD5: | 7054185BCCB43F13F6C257C44AD635DA |
SHA1: | D4FB9E11DF1B25298FF1757B9595DB99B0E4D0BE |
SHA-256: | 5956C701A9FEAA939389798B1C1C6AA31BE34669C892919FC7B194BAB001B124 |
SHA-512: | C9B312A123D6623AD4D2FF2539F7AF4B4CC356C5FBA59B4C420A2F2DF8BE01AD0E147C8CAFDD50182B2409AAA652D76379A05CD010CDDAA901B3EE6C107DF3AC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.38353635681578 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rD:m4 |
MD5: | 2B71954F0A4D29F52F7EFB49597942A4 |
SHA1: | C2C98AA9D34687BD9E1EB58441A25B11801950AC |
SHA-256: | 21BF4F20DFF6786D534C3F0B662D3E0E3246B5827BAD6A28BEFF8B57F400C531 |
SHA-512: | 0817ABD39B58784103D49656B4D42B682D4AD56CFFAB2D618106AAEFF38A2C0D5B5D4547BE9C94B4D52D93F7BCE992F2B7F4E89988A2D7B6F1046D5A67C0ABA3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/rwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TwZG6bWLxBGZN3mlind9i4ufFXpAXkru |
MD5: | 95F182500FC92778102336D2D5AADCC8 |
SHA1: | BEC510B6B3D595833AF46B04C5843B95D2A0A6C9 |
SHA-256: | 9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9 |
SHA-512: | D7C022459486D124CC6CDACEAD8D46E16EDC472F4780A27C29D98B35AD01A9BA95F62155433264CC12C32BFF384C7ECAFCE0AC45853326CBC622AE65EE0D90BA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/nZXYIGNP0dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07teWL07oYGZd:fZXZGa3mlind9i4ufFXpAXkrfUs0MWLH |
MD5: | 610F67CA7BF7414A832DADE2BC59812B |
SHA1: | A48604555055D42843FFF3F89D31DDAA44EC5AC8 |
SHA-256: | 28BDAA6B112AE9DF7AB1E30FBC6AF46E49C2EA5C92C4A177AB08A230180BF1B6 |
SHA-512: | 09271ABBF9CADA9078959240771DF303F8FF0796472399825F0D576FC31DB2C90C21DB99F7F7E27E4C33A32C2609245AA3E7AA7BF7F89DCAD3F4848819F3338A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.896132916833447 |
TrID: |
|
File name: | maddenkaren.pdf |
File size: | 45'836 bytes |
MD5: | 35b6cfe3b13a2bd85e65eabe3ddc2fc9 |
SHA1: | b5f9c1a46dd94f6d3131103fd98dd0a8bf0023be |
SHA256: | 7ec25e118a44d3cda260ab58b6f3ea582f299abec8d8e04f740a4d8273ddb1b0 |
SHA512: | a50e5f6a9585da55da9d0023a815158a13d1508b346bb49821506ae54d661c931295401ba64c06d48fd647010fccde2b12f6e5af4a2207c42a9a424bac312df4 |
SSDEEP: | 768:7P1HCYPoWAgwjtUjVM/KGExYRWEsY7nIYVZlNy2w+pJBsLwWH8+IFnfVCBlbz2Y2:ThPoWAgwjtUjVMCJuQlIIYZZpJCwWhI1 |
TLSH: | 8023E17AE699BC4CF0E2CBD640B1FCDA567CF1658BC4A86230380751FC51A8466519FE |
File Content Preview: | %PDF-1.4.1 0 obj.<<./Title (..)./Creator (..)./Producer (...Q.t. .5...5...1)./CreationDate (D:20241004184248).>>.endobj.2 0 obj.<<./Type /Catalog./Pages 3 0 R.>>.endobj.4 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None> |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.896133 |
Total Bytes: | 45836 |
Stream Entropy: | 7.953813 |
Stream Bytes: | 41711 |
Entropy outside Streams: | 5.090637 |
Bytes outside Streams: | 4125 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 29 |
endobj | 29 |
stream | 7 |
endstream | 7 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 2 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
14 | 6f1f0cecf0d88b8b | eab3eb83b935c0d2b413c97768df8f08 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 21:03:40.481887102 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 8, 2024 21:03:40.481969118 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Oct 8, 2024 21:03:40.482038975 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 8, 2024 21:03:40.482220888 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 8, 2024 21:03:40.482240915 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Oct 8, 2024 21:03:41.090874910 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Oct 8, 2024 21:03:41.091217995 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 8, 2024 21:03:41.091312885 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Oct 8, 2024 21:03:41.094913006 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Oct 8, 2024 21:03:41.095046043 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 8, 2024 21:03:41.136354923 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 8, 2024 21:03:41.136356115 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 8, 2024 21:03:41.136464119 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Oct 8, 2024 21:03:41.136640072 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Oct 8, 2024 21:03:41.179168940 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 8, 2024 21:03:41.179249048 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Oct 8, 2024 21:03:41.226078987 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 8, 2024 21:03:41.233279943 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Oct 8, 2024 21:03:41.233654976 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Oct 8, 2024 21:03:41.234379053 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 8, 2024 21:03:41.234425068 CEST | 443 | 49748 | 23.41.168.139 | 192.168.2.4 |
Oct 8, 2024 21:03:41.234467983 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Oct 8, 2024 21:03:41.236372948 CEST | 49748 | 443 | 192.168.2.4 | 23.41.168.139 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 21:03:35.392400980 CEST | 52721 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 8, 2024 21:03:35.392400980 CEST | 192.168.2.4 | 1.1.1.1 | 0xe0f6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 8, 2024 21:03:35.400127888 CEST | 1.1.1.1 | 192.168.2.4 | 0xe0f6 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 8, 2024 21:03:36.135051012 CEST | 1.1.1.1 | 192.168.2.4 | 0x9999 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 21:03:36.135051012 CEST | 1.1.1.1 | 192.168.2.4 | 0x9999 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49748 | 23.41.168.139 | 443 | 7180 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-08 19:03:41 UTC | 475 | OUT | |
2024-10-08 19:03:41 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:03:26 |
Start date: | 08/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:03:27 |
Start date: | 08/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 15:03:27 |
Start date: | 08/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |