Windows
Analysis Report
0260719760_9057987504_20241014041558.PDF
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 5264 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\0 260719760_ 9057987504 _202410140 41558.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 404 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7248 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 24 --field -trial-han dle=1536,i ,838945940 0494429931 ,133375193 5296613662 9,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.77.220.172 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1533058 |
Start date and time: | 2024-10-14 11:32:58 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 0260719760_9057987504_20241014041558.PDF |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/45@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.143, 2.19.126.149, 18.207.85.246, 107.22.247.231, 54.144.73.197, 34.193.227.236, 172.64.41.3, 162.159.61.3, 2.23.197.184
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
05:34:10 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brands":["HP"], "text":"Invoice Copy of original", "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":true, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.77.220.172 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.180150354115958 |
Encrypted: | false |
SSDEEP: | 6:LQHQRFIq2Pwkn2nKuAl9OmbnIFUt8iQHQoXZmw+iQHQoFkwOwkn2nKuAl9OmbjLJ:kSFIvYfHAahFUt8zt/+zf5JfHAaSJ |
MD5: | 0EA6CCFC82DFC6CAA134AA1D27B87CA5 |
SHA1: | 2FB4254896E78E768829421987D2D4CBA32A3CFD |
SHA-256: | C33DD14B4D36F7809541A6BB33C84E3DB42DF8F9FF37FE3ABC3FA44301EAC404 |
SHA-512: | AE40491917893CCB84D9FEBA8527BF7F6D4DD5C315CC922C15B2FFC4E4462A53EB0FA58071E94EBB9CBEE9ADD98D4CB6C43F142AC49C1A5709E2B17A322C5277 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.180150354115958 |
Encrypted: | false |
SSDEEP: | 6:LQHQRFIq2Pwkn2nKuAl9OmbnIFUt8iQHQoXZmw+iQHQoFkwOwkn2nKuAl9OmbjLJ:kSFIvYfHAahFUt8zt/+zf5JfHAaSJ |
MD5: | 0EA6CCFC82DFC6CAA134AA1D27B87CA5 |
SHA1: | 2FB4254896E78E768829421987D2D4CBA32A3CFD |
SHA-256: | C33DD14B4D36F7809541A6BB33C84E3DB42DF8F9FF37FE3ABC3FA44301EAC404 |
SHA-512: | AE40491917893CCB84D9FEBA8527BF7F6D4DD5C315CC922C15B2FFC4E4462A53EB0FA58071E94EBB9CBEE9ADD98D4CB6C43F142AC49C1A5709E2B17A322C5277 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.16347452127232 |
Encrypted: | false |
SSDEEP: | 6:LQH5Rq2Pwkn2nKuAl9Ombzo2jMGIFUt8iQHvuQvZZmw+iQHQkwOwkn2nKuAl9OmT:k7vYfHAa8uFUt8z2gZ/+zw5JfHAa8RJ |
MD5: | B71F982FD8A804ECD0670BB3808D393B |
SHA1: | 5CFA302F68EDAAFA5EE1E5FE168D75CD84333694 |
SHA-256: | 517F4A961346800417178C2F81C239C676B3EEBE7A5B8971105AD094BA0D2835 |
SHA-512: | 1AC2E1183C412135E689F7A8F5BB1DC99C72705C5E370226C212E537CB52612F5742D239C7EB9030D0DC5D1D19D02880CC8A1809A17CEA6D74CC2A05C064260A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.16347452127232 |
Encrypted: | false |
SSDEEP: | 6:LQH5Rq2Pwkn2nKuAl9Ombzo2jMGIFUt8iQHvuQvZZmw+iQHQkwOwkn2nKuAl9OmT:k7vYfHAa8uFUt8z2gZ/+zw5JfHAa8RJ |
MD5: | B71F982FD8A804ECD0670BB3808D393B |
SHA1: | 5CFA302F68EDAAFA5EE1E5FE168D75CD84333694 |
SHA-256: | 517F4A961346800417178C2F81C239C676B3EEBE7A5B8971105AD094BA0D2835 |
SHA-512: | 1AC2E1183C412135E689F7A8F5BB1DC99C72705C5E370226C212E537CB52612F5742D239C7EB9030D0DC5D1D19D02880CC8A1809A17CEA6D74CC2A05C064260A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1048533b-f509-4d56-a6fe-d5e01c38f8b1.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.95774050953709 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyHsBdOg2Hccaq3QYiubInP7E4T3y:Y2sRdsWdMHf3QYhbG7nby |
MD5: | C5EB356AF4D7BD50BADD50EF33C520A1 |
SHA1: | 0EFD0B7AE77385927526E3BDF8E7BD00394C55B0 |
SHA-256: | 89EABD79394EA3214B7DD092CAF5B3167E82FEC285F0665BE2198714763ABEDB |
SHA-512: | D7F346A4C702A8E27BFF9664FEADBB681C73E1B7E1A2E503ABE6997B1649E413B9B7A8D4820A467BC696D46B177EECA573FBF164B5B8C1FEB1B025B649CD2D89 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.95774050953709 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyHsBdOg2Hccaq3QYiubInP7E4T3y:Y2sRdsWdMHf3QYhbG7nby |
MD5: | C5EB356AF4D7BD50BADD50EF33C520A1 |
SHA1: | 0EFD0B7AE77385927526E3BDF8E7BD00394C55B0 |
SHA-256: | 89EABD79394EA3214B7DD092CAF5B3167E82FEC285F0665BE2198714763ABEDB |
SHA-512: | D7F346A4C702A8E27BFF9664FEADBB681C73E1B7E1A2E503ABE6997B1649E413B9B7A8D4820A467BC696D46B177EECA573FBF164B5B8C1FEB1B025B649CD2D89 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.251898506493011 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7a4ukpvZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goX |
MD5: | D8A5D5AD260D0FFDFFAF5387768BABB6 |
SHA1: | A71D2B0291F8FB02C650EE40F35B3E53D88C811A |
SHA-256: | 378E24276FA90E327B5BFBE14DC21BE81DAD59811BDB637B6812C7CA576EC1F1 |
SHA-512: | C11B070BC887A2C0E40C0B82FF51372FD7FA3A3A4FADA39F50BF341B7FA51433D17265ABFD982B5AB3B6D74C0806E8171E770ED7BBD2F654284E5FEE87915946 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.222569473134444 |
Encrypted: | false |
SSDEEP: | 6:LQSk0Iq2Pwkn2nKuAl9OmbzNMxIFUt8iQSfugZZmw+iQSrbkwOwkn2nKuAl9Ombg:kzvYfHAa8jFUt8zzgZ/+zgb5JfHAa84J |
MD5: | 57E6D253490EFFAD35745568AE0DFBEA |
SHA1: | D7CE92FACF8B2A9F3AF5DC12E08F54EBCA2F04C1 |
SHA-256: | 9F91731695CCCF628E2B3E63ADBA048101034BF7F67AB6970593C9630033088B |
SHA-512: | 7A23980DD25F4837E000540D7556AB6916F114351CB15DDDC34899A2746D59709B3F7963527E67E12F49C795718019A432C86402B4413B43DD2B1548CE8A4D82 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.222569473134444 |
Encrypted: | false |
SSDEEP: | 6:LQSk0Iq2Pwkn2nKuAl9OmbzNMxIFUt8iQSfugZZmw+iQSrbkwOwkn2nKuAl9Ombg:kzvYfHAa8jFUt8zzgZ/+zgb5JfHAa84J |
MD5: | 57E6D253490EFFAD35745568AE0DFBEA |
SHA1: | D7CE92FACF8B2A9F3AF5DC12E08F54EBCA2F04C1 |
SHA-256: | 9F91731695CCCF628E2B3E63ADBA048101034BF7F67AB6970593C9630033088B |
SHA-512: | 7A23980DD25F4837E000540D7556AB6916F114351CB15DDDC34899A2746D59709B3F7963527E67E12F49C795718019A432C86402B4413B43DD2B1548CE8A4D82 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241014093400Z-165.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 0.9098239416016416 |
Encrypted: | false |
SSDEEP: | 48:D7dowEj5WE9LEksdf399ecEkSu1qOtM5RFV5yR1TtspNKZe/nMtkMMtNritFthM4:DxrEoHJeOTyM2MMeHTMMdMMM4m8 |
MD5: | 69E1571B9E1852E3B7EECA46FDE63BD5 |
SHA1: | D58F1A075265DAC6C933E847BB9BC72F1A995334 |
SHA-256: | DD9BC66C59F3E6A03434A27EC7A4260B05B555B1412ACDE94595BCA751CC0F2C |
SHA-512: | 2008DF91716F000D6A16F8B0E0A0FAA1D191845A34B8C37442DE1E0133395C5D643F3D25ADF6367F6296DA12A8350A30DFAEF1636723C4E10E93CDE08ECAAD66 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445152927795014 |
Encrypted: | false |
SSDEEP: | 384:yezci5tsiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rLs3OazzU89UTTgUL |
MD5: | E911AB6384A275050E01CE9678E66865 |
SHA1: | 55051C3B73D5A41C792EA9B731CDC73AC9C647C3 |
SHA-256: | 56D171B5518DD17BD8F13AFF027792977079EE323AAB0FEE0A52740BAEB99B5A |
SHA-512: | 9FE17C2A08DFC8AC51F7254275A89BF463D059EB3444FB30C4595059499A41FCB3FD716CD24A0E731FE82B1DDBFDBC770EFCD2BB12E3E4E551C1B2BC14B3187F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7734506764900058 |
Encrypted: | false |
SSDEEP: | 48:7M3p/E2ioyVMioy9oWoy1Cwoy1gKOioy1noy1AYoy1Wioy1hioybioyqoy1noy1R:78pjuMFfXKQXGb9IVXEBodRBkG |
MD5: | 7F313771A09068976F92FF260F0A3946 |
SHA1: | 46210AC172345F4409B9DF66D8504B68A636B0DF |
SHA-256: | 25378D61ECDB322C44B7E036DA1C92CB857B9D3FAF4B7E3216F0239BD6BFFA04 |
SHA-512: | C29782DD6D525B1DE372A64B2E281FD01750FB3F74351FC927CBC30FF32D943F001594BA804564174F7C622DC2C1EA09F148FDD6B68DCFF7403015092F9147B3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.779094196322516 |
Encrypted: | false |
SSDEEP: | 3:kkFklwtDNl1fllXlE/HT8kkkhvNNX8RolJuRdxLlGB9lQRYwpDdt:kKpXl2T8QhVNMa8RdWBwRd |
MD5: | DA6DCF4AA849EEB0C909CE49608F0756 |
SHA1: | D957E493611D50CAE8548B169F5142D567043149 |
SHA-256: | 219AEC938CA4D4372117465F48937318698F5E8CD9E1C64627CA519087867AB8 |
SHA-512: | 486C9347CD2A8CF18490AF11BAE142AE9A8926B01848EF3D09B89FF76F7A200F6B00E7E6D659DA446307551A0B0B055740D2FFBD6E02DB3A8A9E591B457418AA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.360577286967606 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXlPQnHgjzHb1VoZcg1vRcR0YTEeoAvJM3g98kUwPeUkwRe9:YvXKXl4Hg4Zc0vHGMbLUkee9 |
MD5: | 47C23A19FF3DADF1EEFA4F1D2F59AA49 |
SHA1: | 883C2E8FDD2741C11B0B5C6DD01ED234A4408DCD |
SHA-256: | DAEE8E6232BF2337C78FB308EC5DE413BC820114AB9A8245651B2CBDD28EE49F |
SHA-512: | 999C7044917C9BE3B81642D3878C7534E314827E923EEE3DE4F8512C995F2BED2F53831D580922F9A66D631E020EF254F5B4C69A88C5F9035ACC499D92DCDFDB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.311273841070856 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXlPQnHgjzHb1VoZcg1vRcR0YTEeoAvJfBoTfXpnrPeUkwRe9:YvXKXl4Hg4Zc0vHGWTfXcUkee9 |
MD5: | C05A45EB9DE9EF1607518BC411A806DE |
SHA1: | 334804B018671524C31C6C2F345269D56A0889E5 |
SHA-256: | 349A2B1850D66C3A54D207766BC5B9336AB8CAEAA1AF99C8C9E8B2CB8BA3A49A |
SHA-512: | 92B33CDE68BFBF79BAFD884AB519D6E0A55D9F3915A186F1189C1562EA86D7436ECF2D2F777BCD00D12B9DB40E525BF2A462F0DB41E7D134438A090B4025E043 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.290760410208258 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXlPQnHgjzHb1VoZcg1vRcR0YTEeoAvJfBD2G6UpnrPeUkwRe9:YvXKXl4Hg4Zc0vHGR22cUkee9 |
MD5: | 9B3FF898957AB6E6673AE2ABB396E7A5 |
SHA1: | BB1433B5EBD50350549D4C07A6573751DCADAB95 |
SHA-256: | 3A3039E4A761C4962CB99E228EFE7AAD1694601858418751C4DE1A1EBB517C20 |
SHA-512: | D14A25B7E50A7AF0EE08841AA5E6BC3A13FFF8E958AEE66FC3419B66FF2AAD06D49CD89EAED88F345B6093EBBAC8858227DA1C21ED1F7101F99844E0855335E2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.347490035290851 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXlPQnHgjzHb1VoZcg1vRcR0YTEeoAvJfPmwrPeUkwRe9:YvXKXl4Hg4Zc0vHGH56Ukee9 |
MD5: | DF1A1636C6685C56E50450BA3308F47F |
SHA1: | F92AF7A3AD96E011E4AB67C9DE38027232A64347 |
SHA-256: | AC8849922C9635320E15AC2F707DD46980A7EB16E57469CAC221FD5CCF6A3940 |
SHA-512: | 9BE6108233EFCF3339C69B88F94A7195BF2638F4F86D3709BD2F0E8B46B4129053EF0371BC19841BCAA4369049DC6494681447E49F792F863A339E821D453A7F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1091 |
Entropy (8bit): | 5.694381466759124 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xl4A4zvMpLgE7cgD6SOGtnnl0RCmK8czOCYvSL:YvqGEhgs6SraAh8cvYKL |
MD5: | 29530580A9518AADAA6B8DD05CB4E11D |
SHA1: | 9089A7E4D0359E62B95A55673C984EE31C901AFE |
SHA-256: | 69BF174A5DEE9D182D72ED85554777F53CF1C6D358530E38D22B2ADF5AF1BA85 |
SHA-512: | 25D3A1E1EEA96FA32856EB299178D2E3FD92C5588EE362411CDA07335640D5417AE463A6E933913165DF07484CAFECFC9CD72B476706E384D440A10268262BED |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.655179419689647 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xl4A4zvmVLgEF0c7sbnl0RCmK8czOCYHflEpwiVS:YvqGeFg6sGAh8cvYHWpwL |
MD5: | F7BCCD9F7A415FE4CE6AEDFDBCD6C7C2 |
SHA1: | 8900462ACAB3F67F9B1206B5FF7CF38EC7455F6D |
SHA-256: | 3A1AB6EF3CF5FE06F18A5ED3A5EE4EC258227FB9AAACB40E289A9770F516AFD2 |
SHA-512: | CB6BD43694658CF1D6BA7B32CE71C349427D1D6FFF6D760365C5A56B7686E45B2782932C12685933CF3C6DF143E82335CB07D27BEEC234F118C6549FC0C3B02D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.301219270912943 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXlPQnHgjzHb1VoZcg1vRcR0YTEeoAvJfQ1rPeUkwRe9:YvXKXl4Hg4Zc0vHGY16Ukee9 |
MD5: | 1BEB333CB3E03A9B1FD7AB49EC2B178B |
SHA1: | 8188376D9A219630AA35F338A7D3A4F69E113310 |
SHA-256: | 2C43F4DDBF542756C7269541BE6D9E5A0B6554A590F2221EA04C9B7029D89FC2 |
SHA-512: | F523DB3FE292D8172A776AFE8604C4B369C38454C0EB0A59D489D1BF4259CEB03FE9CB22C2C742801D87AEF7E63CC30E5307AB49910910455DF65EB187A28FDB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1098 |
Entropy (8bit): | 5.692520626275647 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xl4A4zvT2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSL:YvqGrogq2SrhAh8cvUgEmL |
MD5: | 168963991A62F0257C6923DA2B53AF75 |
SHA1: | 330C33ECFEEC682CA9D9118B70482C9CF39866C2 |
SHA-256: | 76F8A9E86C00437CD31059F6DB5E97CCC0E44A420C9B34D785ED0AC9411331A4 |
SHA-512: | E0FE9C906E25192F50711DA6265EA2B47B37A283979832D495756A8E7E48794CC3DAF262D14789E28219E9AA2FF9CE5AED8A2626BBCCD1478E181425F7B81BD9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.701495000822059 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xl4A4zvfKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5S:YvqGnEgqprtrS5OZjSlwTmAfSKQ |
MD5: | E2A6D96694A190513AECD0F4DDDF063A |
SHA1: | F5600D55927C0B0D3FC592DBEB8FB23AB3116753 |
SHA-256: | 4A004D5ED6B7D43797C2792C10EBAA641D3F4A6C44A31EC9C29CF96D099BA6B6 |
SHA-512: | 5E4A6ECA56EEA038764503738C8318F0D896502FC1902F307193452A0F8830D879E7F6D9D4B19AEFEE6BEB50B7C2422AD6AD38A2D75E4E92709758B06924386D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.302525627798151 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXlPQnHgjzHb1VoZcg1vRcR0YTEeoAvJfYdPeUkwRe9:YvXKXl4Hg4Zc0vHGg8Ukee9 |
MD5: | EB470EFB97715092DE1F121FF2071534 |
SHA1: | E9798E2DE7C6A58BEAE48B6DC53777947856A69C |
SHA-256: | 5ADC424236377B90EE88888BDF948F5A8FF3B6FAF200EE748FDD69049812137D |
SHA-512: | 1DDA04AA1DC1BB0914DF5D327668D6214F23EE77B294CA6F89CC2F5BA24323CEE0BE05BACDB532018D0E7F5091DBDEA8C07F50E90B9EEC8286F0EDEF4D7B4ED9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.781401910590408 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xl4A4zvirLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN6:YvqG6HgDv3W2aYQfgB5OUupHrQ9FJQ |
MD5: | 8BE8696D8D24E44EEA94355F2F8F983C |
SHA1: | 3677EF8DDDA41EC27494473414FE08EEA9ECE4FA |
SHA-256: | A1FF1082823D2CABF32E7740F671A93BB5F94DD26B5A59D388B4DD743A5E7E45 |
SHA-512: | FF5DEE06376373702BFB2AEA370EBDE6DAA96E79BA1CC33132BFF075700049ECDA2495952321D128C4E3C5A1DCB267D539A22E9431E5547C57316C788D1090E6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.2860553672053605 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXlPQnHgjzHb1VoZcg1vRcR0YTEeoAvJfbPtdPeUkwRe9:YvXKXl4Hg4Zc0vHGDV8Ukee9 |
MD5: | 66BB0958B6AEC6BB93DADE6E34D06E6A |
SHA1: | 0939979970081F334A7B3E8841E9FF32A77C0144 |
SHA-256: | 562884D8C8904B0EF74DD398097F8C5A49030465328EB72DEFFFA948DD6F2779 |
SHA-512: | A1B46707CD6C1595BC4966BE407B7692CD3FD4C0936722C125E8EF9918E5E598986579AFDA524FD5A88BDD482B3FFA5DFF17BF62BBF7CAF345D113D4A5F3D687 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.290741778301954 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXlPQnHgjzHb1VoZcg1vRcR0YTEeoAvJf21rPeUkwRe9:YvXKXl4Hg4Zc0vHG+16Ukee9 |
MD5: | 81DB483C2C0F6F888D80002F72E21D51 |
SHA1: | 31505DF241D88E885C236B7AD72175322817E7EC |
SHA-256: | 1F30244611970A765E613C7339AD38533451F866F2B804BEB71F391F2750A412 |
SHA-512: | C64EC63A1C1B954641FC90C00617C484EB7FD42597EEB0AB1C6383DFC1855BC85AE2C0F8DFB090806A6714E9B356E7DC61D866B073F60FAD5A53BC916C8E692D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1054 |
Entropy (8bit): | 5.6707566031958105 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xl4A4zv4amXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSL:YvqGmBgSXQSrOAh8cv6mL |
MD5: | C81ECB2E1ADAE7031F63566CE773F2E5 |
SHA1: | 9D82AB0D26AF0246CBDF4356254989DE8560BD4B |
SHA-256: | 9BDD7F11C8515F77B424B5FA4B55BDE9763743809C0734A40E88FBEE71C5F0CE |
SHA-512: | C1D0799214861BE41BA4E63D9ED87937FD21C8B52A2594BBC0EA01F41791BAA39DDEF8BA6CEDAC08A05B8579BAA3F087E0309C6A7384CD0C011B8533E2F71E4A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.268682303513408 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXlPQnHgjzHb1VoZcg1vRcR0YTEeoAvJfshHHrPeUkwRe9:YvXKXl4Hg4Zc0vHGUUUkee9 |
MD5: | 2ADA1DAFDE7D5F3EF9042C085A241100 |
SHA1: | 41310BF876FF71CD48BDE0860E3636C2FEB03067 |
SHA-256: | FB7D103702360D2E78E02DABC9681CD39768480FC80FBF2C80E0944125C05D9B |
SHA-512: | 0192F3766B2BE7E14087113C3D6CFD8096D5FF586B7E3E4423644329C6F95C2DC135E31233A0828E4AB701EB2FCB388053DD2C258829CA8A632BC792E399AF22 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.377197600956636 |
Encrypted: | false |
SSDEEP: | 12:YvXKXl4Hg4Zc0vHGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWG:Yv6Xl4A4zvH168CgEXX5kcIfANhL |
MD5: | C5D0442B2710F4878FA2806B8B6B3AA3 |
SHA1: | 1748AC297D32398E9DF2B4880993372C49B01BFE |
SHA-256: | CB6FDD9ECFD479059CF6AB66AAA657842E2F6245D8B3B2E8BBF5E057048D98D7 |
SHA-512: | 412FFC151998AC35339736112A7AE8695503C2931CFDA2000E187E63BB13CB0FBE6A2DB0CBA742C0DFA6516FE8C576AD901591C18814F03405C7C439DF793EBA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.127441407038573 |
Encrypted: | false |
SSDEEP: | 24:YuvkyoOaG22Caykft8VCouFUQEfbWVUO6g1BVY4fjHDezgj0SxhJ12H2LSTu6i5f:YA/P2LtuFUbu6kQoHDeO/GNu6iC49Fz |
MD5: | 96C163C277220FE2995CBD98AB3E66F8 |
SHA1: | 6684410C4B44F876F4DC9B802DAF3E9595E09373 |
SHA-256: | BEFCA691110140774247DD94CC57A4F2DCEBC61C8459B22187DF14B93CD63093 |
SHA-512: | 2419495918B36CF55FB33EABC763CC93F4AE92A8C3BF4A6E06384C0DCF5CCBA9849BF746D5E410D5BF05FCB30B1E01B4B921BA6E75174A459B5AD70B58FE830B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1886294939331588 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUFSvR9H9vxFGiDIAEkGVvp9:lNVmswUUUUUUUUF+FGSItx |
MD5: | 1297DB09A5BDD7ADF55D72750B3D555A |
SHA1: | 5BA4692A26A2BC4663BFB42147DC658DBA77C3F0 |
SHA-256: | 76018E43C1A08F6CF5B9BC358D99CE7A895DA99F1D10925BEA48F5DA89475C29 |
SHA-512: | 5167218B68CB0966D13987048D6693CF7584FFD389068E1A89409AAD0CB47D17307C33F133BCDEB677B7A19F52887039C94503F3E2877C34BC15A4AD47EA6822 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6090575944838563 |
Encrypted: | false |
SSDEEP: | 48:7MVKUUUUUUUUUUdvR9H9vxFGiDIAEkGVvpqFl2GL7msQ:7DUUUUUUUUUUZFGSItTKVmsQ |
MD5: | 72A7B9023552B3C69344C502D3C086E0 |
SHA1: | D7A58B609BD832389CA00DE73238920D175D4681 |
SHA-256: | 0DBF3680907B5E042F18AEDA1AAC0DE74C06C6A209EBC90391E32A156CD6D351 |
SHA-512: | 9D5EB8D1A060BE04BDCD3FB206A2C8288CB6718A441922422C3FA195656BA029BF3F231FE315B61868D62024806E2D9AE04BFF4A597DA6B457615DDA24481D1A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5197430193686525 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K84CWfWREwCH:Qw946cPbiOxDlbYnuRKpW+l |
MD5: | 368B69CD3A99E4AE9C1D82CC1A436105 |
SHA1: | 1CCA210C7EA35CF007A92566F07063B8BD505C88 |
SHA-256: | DDEC6F8C4EBCFA8030568194574C4679381F9A0E00C3D0E5CFBF134B4D51EBF3 |
SHA-512: | 25BADF565385216860112D5278AF70F8A71D01B35FDD312F939D7D274387F195EECA243B3D5F6986676A43AD33AED5822786C037AEBD3FE450F121E435AF276F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-14 05-33-58-650.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.366265690073228 |
Encrypted: | false |
SSDEEP: | 384:tg2RO0LD0Te4urclDYaCmQLKGpgHGOKeh2ACkwi8mvWB/OWDrY/0FWFsdEyjJOe/:5vJ |
MD5: | E1B89BCCE9D40DD42E242B58BF694886 |
SHA1: | 2B4743EEB1ABE8289E41638DF19319678C41790D |
SHA-256: | AB727CD62B7C1050FD2DD295BB397B391F1C356767569394A993C2AFE691A35C |
SHA-512: | 0E1727FB3F67E0F0DDB602D9D2B0349E20B808F20661C180226D89DFC4EABCF43422F20B6078A8AB20EE2C958CE79832542EC07B754B932AF5D725094AFBEAD8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.391507548832574 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rB:1 |
MD5: | 925506B218D4DF3BAABD4141933DF5FF |
SHA1: | 7A8DDC99903AF309EB2E0B4D6C8A636BE5E18BB1 |
SHA-256: | 2F8B3F2F2EC8039E288371F5B21F0C9374EAF5DB76C36CF594331305EADC6CE6 |
SHA-512: | 527E4C49FE223CC0669ED16733FAE42DB5759EEF72E06FAC9C422D264D65F01EE621ABB86753AB61331EA170F44ACACC0491BE9DF70C0C4BD76E40030D13B001 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje |
MD5: | 716C2C392DCD15C95BBD760EEBABFCD0 |
SHA1: | 4B4CE9C6AED6A7F809236B2DAFA9987CA886E603 |
SHA-256: | DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8 |
SHA-512: | E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.8389271656471 |
TrID: |
|
File name: | 0260719760_9057987504_20241014041558.PDF |
File size: | 57'344 bytes |
MD5: | 91f21cd7cf5808b061c4dc014e1ebec1 |
SHA1: | 5d494095492db13c0bc90dfbe91fe2ee848d2b33 |
SHA256: | dec493278736e87e3d6a2acd329b86f79c7a7f92b63480abf0bed4baddba47d6 |
SHA512: | ec434545207d23dd1580a2f5a668bf9b1b82750f9ec29da5db8a4c24fa59b3c97376842ec168db0fe6eabbfa3e8a8df4c4e8323c99ac758d382e1ba915d2fedb |
SSDEEP: | 1536:iD25BmjN2oeTDcyOmNd6tcNxg98lCKsG4+FXVFtr:h5Bmyzd6mNxgRuFZ |
TLSH: | 8643E149DD01BC29C852757BE84979914AA395AE48DC2C117EAC4ECF2741E8330CAEFE |
File Content Preview: | %PDF-1.6.%......610 0 obj.<</Filter/FlateDecode/First 1728/Length 2812/N 200/Type/ObjStm>>stream..h..Y.n.7...>:..u.N .0.....V.{.m,.Zg.. [.=^$..sH...i......U.S..ENP..*.......6.D..^.Vf.J....3....QV...Z..)........\...(?.i....).5.^.|.CP..X.*$....vxj.=.E....Q% |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.838927 |
Total Bytes: | 57344 |
Stream Entropy: | 7.876421 |
Stream Bytes: | 52545 |
Entropy outside Streams: | 5.417217 |
Bytes outside Streams: | 4799 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 33 |
endobj | 33 |
stream | 16 |
endstream | 16 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 6 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
588 | 0000000000000000 | e8a2862558d287ea1126ebb98a66f337 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2024 11:34:09.498008013 CEST | 49747 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 11:34:09.498073101 CEST | 443 | 49747 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 11:34:09.498148918 CEST | 49747 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 11:34:09.498358965 CEST | 49747 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 11:34:09.498389959 CEST | 443 | 49747 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 11:34:11.013309956 CEST | 443 | 49747 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 11:34:11.013564110 CEST | 49747 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 11:34:11.013624907 CEST | 443 | 49747 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 11:34:11.015086889 CEST | 443 | 49747 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 11:34:11.015147924 CEST | 49747 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 11:34:11.055035114 CEST | 49747 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 11:34:11.055155039 CEST | 443 | 49747 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 11:34:11.055248022 CEST | 49747 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 11:34:11.055280924 CEST | 443 | 49747 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 11:34:11.106137037 CEST | 49747 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 11:34:11.403918982 CEST | 443 | 49747 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 11:34:11.404084921 CEST | 443 | 49747 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 11:34:11.404151917 CEST | 49747 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 11:34:11.404769897 CEST | 49747 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 11:34:11.404808998 CEST | 443 | 49747 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 11:34:11.404834032 CEST | 49747 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 11:34:11.404855013 CEST | 49747 | 443 | 192.168.2.4 | 104.77.220.172 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2024 11:34:09.065536976 CEST | 59694 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 14, 2024 11:34:09.065536976 CEST | 192.168.2.4 | 1.1.1.1 | 0x140f | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 14, 2024 11:34:09.072755098 CEST | 1.1.1.1 | 192.168.2.4 | 0x140f | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49747 | 104.77.220.172 | 443 | 7248 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-14 09:34:11 UTC | 475 | OUT | |
2024-10-14 09:34:11 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:33:55 |
Start date: | 14/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 05:33:56 |
Start date: | 14/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 05:33:56 |
Start date: | 14/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |