Windows
Analysis Report
0260719760_9058015611_20241014041558.PDF
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 4600 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\0 260719760_ 9058015611 _202410140 41558.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 3360 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5808 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 84 --field -trial-han dle=1708,i ,336233365 1007568355 ,883041331 55021981,1 31072 --di sable-feat ures=BackF orwardCach e,Calculat eNativeWin Occlusion, WinUseBrow serSpellCh ecker /pre fetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.77.220.172 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1533067 |
Start date and time: | 2024-10-14 11:45:15 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 0260719760_9058015611_20241014041558.PDF |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/45@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.202.204.11, 52.5.13.197, 54.227.187.23, 23.22.254.206, 172.64.41.3, 162.159.61.3, 2.19.126.143, 2.19.126.149, 2.23.197.184
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, otelrules.azureedge.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
Time | Type | Description |
---|---|---|
05:46:28 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brands":["HP"], "text":"Invoice Copy of original", "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":true, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.77.220.172 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.19478768444917 |
Encrypted: | false |
SSDEEP: | 6:hHIq2PN72nKuAl9OmbnIFUt8i7Zmw+i07kwON72nKuAl9OmbjLJ:ivVaHAahFUt8A/+h75OaHAaSJ |
MD5: | 6C9F0B696ED0657F13A0C7D88942C8C5 |
SHA1: | 237BCC01AD50ACAE32BE8A13B6C4705F9DB0EB4A |
SHA-256: | 9E52035667B8E751C686D74EF5952822A0A20560F84BCC14A716EF93BF522FB7 |
SHA-512: | 78836BB34AEDBE41D6985575E1D434CC49BFA9F762697656999E1E80E9CEE20B7920A9BC5F8322B8DC8072D2FDA3E4E79F750822FE086EF596B820A0AF2C14B5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.19478768444917 |
Encrypted: | false |
SSDEEP: | 6:hHIq2PN72nKuAl9OmbnIFUt8i7Zmw+i07kwON72nKuAl9OmbjLJ:ivVaHAahFUt8A/+h75OaHAaSJ |
MD5: | 6C9F0B696ED0657F13A0C7D88942C8C5 |
SHA1: | 237BCC01AD50ACAE32BE8A13B6C4705F9DB0EB4A |
SHA-256: | 9E52035667B8E751C686D74EF5952822A0A20560F84BCC14A716EF93BF522FB7 |
SHA-512: | 78836BB34AEDBE41D6985575E1D434CC49BFA9F762697656999E1E80E9CEE20B7920A9BC5F8322B8DC8072D2FDA3E4E79F750822FE086EF596B820A0AF2C14B5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 342 |
Entropy (8bit): | 5.164563140995914 |
Encrypted: | false |
SSDEEP: | 6:hP+q2PN72nKuAl9Ombzo2jMGIFUt8i1Zmw+i8VkwON72nKuAl9Ombzo2jMmLJ:YvVaHAa8uFUt8A/+L5OaHAa8RJ |
MD5: | E03FBEF0E6796104434B11D8B75A0A81 |
SHA1: | 6036FC8EC22D4E042CC2F21CFBE7857E19531E28 |
SHA-256: | 6600FB647D3949766E463DCCCFC51DC74FD526BF9FFF02696AA01B60A748C90B |
SHA-512: | C206B1593152998942DA652726512D8E6633BBA5C29E6C683682CE2B033A3FED44AF5150EAA24FC20F098C8F96038722568EA550B353468182EC4EEDA37D8246 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 342 |
Entropy (8bit): | 5.164563140995914 |
Encrypted: | false |
SSDEEP: | 6:hP+q2PN72nKuAl9Ombzo2jMGIFUt8i1Zmw+i8VkwON72nKuAl9Ombzo2jMmLJ:YvVaHAa8uFUt8A/+L5OaHAa8RJ |
MD5: | E03FBEF0E6796104434B11D8B75A0A81 |
SHA1: | 6036FC8EC22D4E042CC2F21CFBE7857E19531E28 |
SHA-256: | 6600FB647D3949766E463DCCCFC51DC74FD526BF9FFF02696AA01B60A748C90B |
SHA-512: | C206B1593152998942DA652726512D8E6633BBA5C29E6C683682CE2B033A3FED44AF5150EAA24FC20F098C8F96038722568EA550B353468182EC4EEDA37D8246 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\26a2f47d-266e-407b-a7eb-5b2a27aa8190.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.97540442432775 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyJmsBdOg2HCpcaq3QYiubcP7E4T3y:Y2sRdszdMHx3QYhbA7nby |
MD5: | 19480DA7DEDFA1FCBE07075613699384 |
SHA1: | D8AFDFA6AED251800C54E3B8B8B4AF3D796988CD |
SHA-256: | 3381A33EE9D86BF39C45C7F6A6F126F4B1C73C33A92F49FB9B42A83D6CFEF6D8 |
SHA-512: | 3E2B882C7A9338560FCA8DFFAA0870EB6693763970C80F50A1526DDE23D31D322702AEA69F7C6BACB404D0A8B7D779A5D67107B6AD76DB925676110F4D50D19B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.97540442432775 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyJmsBdOg2HCpcaq3QYiubcP7E4T3y:Y2sRdszdMHx3QYhbA7nby |
MD5: | 19480DA7DEDFA1FCBE07075613699384 |
SHA1: | D8AFDFA6AED251800C54E3B8B8B4AF3D796988CD |
SHA-256: | 3381A33EE9D86BF39C45C7F6A6F126F4B1C73C33A92F49FB9B42A83D6CFEF6D8 |
SHA-512: | 3E2B882C7A9338560FCA8DFFAA0870EB6693763970C80F50A1526DDE23D31D322702AEA69F7C6BACB404D0A8B7D779A5D67107B6AD76DB925676110F4D50D19B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5859 |
Entropy (8bit): | 5.2492813287510565 |
Encrypted: | false |
SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE75Ne+E:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhy |
MD5: | 51066DB658BD5924B730F8F4223DCFBC |
SHA1: | 57792F72B08109FE783588884A7739F631EEE16C |
SHA-256: | C99ABBFE56F99E67215F8E8FCEDBD38B7B00ADCCDC7DA8D75D4DF55DC02F8175 |
SHA-512: | 89472BFAE3F2F86566B834275B348E84F66D5E5098DA7D32FEB7CEE30BF43F0B222C4101F09FCC36901E806D3E609CB7D543CD8CDA1784118E0031079E93677A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 5.176085122895678 |
Encrypted: | false |
SSDEEP: | 6:VMN+q2PN72nKuAl9OmbzNMxIFUt8OKHZZmw+OKHNVkwON72nKuAl9OmbzNMFLJ:7vVaHAa8jFUt8T/+J5OaHAa84J |
MD5: | 3CA1D24DDF7A3779D0156F47DFDCD0D9 |
SHA1: | 174413CDE7B36ED3286B2EBCFD2CB2D984FDF8CA |
SHA-256: | 2261EA5D28C131F6B6008FDA97103A104C25D00C694A253DBC3EE2C2FE02F836 |
SHA-512: | 38F94E2539D3516F889D6695654BA390FAC730AEB6175342D2DFC4EECB6A492275ED57FADA8C28E8973758C62BBDF31AD82B8074A77CFF6A423E3548329DC61A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 5.176085122895678 |
Encrypted: | false |
SSDEEP: | 6:VMN+q2PN72nKuAl9OmbzNMxIFUt8OKHZZmw+OKHNVkwON72nKuAl9OmbzNMFLJ:7vVaHAa8jFUt8T/+J5OaHAa84J |
MD5: | 3CA1D24DDF7A3779D0156F47DFDCD0D9 |
SHA1: | 174413CDE7B36ED3286B2EBCFD2CB2D984FDF8CA |
SHA-256: | 2261EA5D28C131F6B6008FDA97103A104C25D00C694A253DBC3EE2C2FE02F836 |
SHA-512: | 38F94E2539D3516F889D6695654BA390FAC730AEB6175342D2DFC4EECB6A492275ED57FADA8C28E8973758C62BBDF31AD82B8074A77CFF6A423E3548329DC61A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241014094620Z-176.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 0.9069692077737415 |
Encrypted: | false |
SSDEEP: | 48:D7dowEj5WE9LEkszg98cEkSu/nHz5REb0t7s7FtUHYbRNKZe/nMtkMMtNritFthz:DxrEoEE0OBRM2MMeHTMMdMMM4m8 |
MD5: | 9ED234473B915613895EF5B48CCD88D2 |
SHA1: | A5547A8E0CF2061B4306B0A72E920EDDA6A7DECB |
SHA-256: | 3C07579B6AA4D9C33890AC4140E97F292C28438FF9941C692421444F3FE736DA |
SHA-512: | A045241FC22C7B3083B5C3CEABC465878BE843E651D4DEF693658446656AEBED97717FC9824B23E3D4498A84CDD03F92992A861918263289380AC563D2F57520 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444935276033264 |
Encrypted: | false |
SSDEEP: | 384:ye6ci5tdiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:m2s3OazzU89UTTgUL |
MD5: | 8E0C9B82B0CEB912ECF7E7B723518E1B |
SHA1: | 2AB5E9E92D53D792361B1D9FBE8319D667C4B259 |
SHA-256: | C1FA705BA7FF1B1622E5A94AEF8FF90CFE598043C24DCCBB2A98C4DB713ED7DD |
SHA-512: | E425E5C8C6E13EB8FFF2CE065E3293AA927C96BF39B151B7AE809A13B297C1485AE0A61F03741938CAA3C7FB377468C93C78BDB31DC1A87EAA89DF385FBBCFFD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7670497619790475 |
Encrypted: | false |
SSDEEP: | 48:7My7JioyVkaSioyHajoy1C7oy16oy1VanKOioy1noy1AYoy1Wioy1oioykioyBoT:7n7JukaSwaMWaNXjBixb9IVXEBodRBkC |
MD5: | D67A8149EF3D182979634FFD408B252D |
SHA1: | E184261C45AC8AFB64853724AC10A3FE0EAEBCD5 |
SHA-256: | 7BB7306F390E259C1B7B87E0E9B698C8ED1BEFEC5ABA73FB033652AFBCDEB865 |
SHA-512: | E66EBF351B4B7F94E9210B6BD027FC625F8A40C66982E32A2084A3E6ADB2116120EEFE43CA6A00AE3FD8A4FC6344D7836DF2A8CC0E211DD58F4A0349049F6385 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.779094196322516 |
Encrypted: | false |
SSDEEP: | 3:kkFklb35fllXlE/HT8k6NNX8RolJuRdxLlGB9lQRYwpDdt:kKJT8ZNMa8RdWBwRd |
MD5: | B6E7E694DABF22F4B64F4EBC32725C0B |
SHA1: | 41A73D590B9AA29373784613A8F90B66E473187E |
SHA-256: | ADD5E8666447994661B1CF510B7AF7395D908FEAB5D468DDDAED768127BEB2FB |
SHA-512: | 38B259DF20477BAB2795295B61591899BBAF9BBE55E80FBF3FCA3DDA069D56753758927FFECE523DBEF4456327E140913809BA34D0B4E3A49BB4197BAA63915A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn |
MD5: | 265E3E1166312A864FB63291EA661C6A |
SHA1: | 80DFF3187FF929596EB22E1DB9021BAD6F97178C |
SHA-256: | C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728 |
SHA-512: | 48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.359730814812048 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDjt7XiN4vnZiQ0YNxoAvJM3g98kUwPeUkwRe9:YvXKXXliwc0OGMbLUkee9 |
MD5: | 984989BF557C11D2F11AE9A60C817810 |
SHA1: | 3C62B12BE2228049FDA95966F7C171D6C66FE4D9 |
SHA-256: | B7BDB8014A556BE9565EE0D993A4D98B469B4294D7EFD6A53450BA8A175ECA5C |
SHA-512: | 358C8A6A1B56736B278DD224394B82E1A52140E86E071CA0FC3FDF46876C9A52419DE460490F4C4A99E40837F7976237E6F50835A93459833C39D77B68F4AEC2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.309944361301957 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDjt7XiN4vnZiQ0YNxoAvJfBoTfXpnrPeUkwRe9:YvXKXXliwc0OGWTfXcUkee9 |
MD5: | 56399CD52EFB4A7AD4D2461B14D0AF43 |
SHA1: | 7C3AFB7BCDD5F987B48635F146325F2216C4D01C |
SHA-256: | C5B174677D64720953F4D838FE04150C1C48BBE8ACBF32F74DAF88AC6D30A1AC |
SHA-512: | BB283A28DF78FB4AF92AE7E00FB3FF597B8D74E5E31CF94C3EE448AA58F58A2A2EA1274C6D92AFBA7673DC14EC9733A465AE289619A3919C6F5DD8678FD075F3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.28947054437599 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDjt7XiN4vnZiQ0YNxoAvJfBD2G6UpnrPeUkwRe9:YvXKXXliwc0OGR22cUkee9 |
MD5: | 929E8F76164A5CD4E05C1906DC550B81 |
SHA1: | 1FAB9B0649A8C94E1C130B9EE248BA7693B2DF17 |
SHA-256: | 80A9D8EB15813E6602411252124CDB9CA717E0037B93DCF3C2409B2C624F2D35 |
SHA-512: | 1F29C1EB0C80B0DD543469A10F697CB3714B19223F40F0E9CFBD5D597C7B110FC0149700B30BC1FC766D5F539D2C5E6FBEF9CC51E9217BF2E4FD2353C1C934BA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.339625931826681 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDjt7XiN4vnZiQ0YNxoAvJfPmwrPeUkwRe9:YvXKXXliwc0OGH56Ukee9 |
MD5: | 13C082A9BB6677E8C0DC9186C574E663 |
SHA1: | 8AB4CF84CBDBEE84030BEFC5DDEB820CFE5B684E |
SHA-256: | 5FF4454E069461452766BCB173CD31EAC07E0D12F8D202A51799D0E8D23093AE |
SHA-512: | 46B7294B9E3E635EA57E5F82C1256DED368244FEF34992E0CEFA620BAB76DEA1EBCC8295571DDB37D11F9C323867343FB1A9957D781DD9484A72B8C903C4657F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1091 |
Entropy (8bit): | 5.687263873127209 |
Encrypted: | false |
SSDEEP: | 24:Yv6XglopLgE7cgD6SOGtnnl0RCmK8czOCYvSj:YvBShgs6SraAh8cvYKj |
MD5: | 215F33D6DAD6FC5AEF7EEEE61D8ACB6C |
SHA1: | BE66537FA1AA225F04592C427F33F5D025DDFACE |
SHA-256: | 1877852ABEB707BDA41AF80798DE3ED424FC35E442AD95D47920442A9D1E93AB |
SHA-512: | A5C10C476F0297A0AEA4786501BAC9F29297439629D97D9BFB523C31C5F3CE844382A4D61CEA305820B206FD278517844D60937DC2E2E8394D4A2E1B7BD37CFE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.651142546256593 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xgl6VLgEF0c7sbnl0RCmK8czOCYHflEpwiV2:YvBUFg6sGAh8cvYHWpwj |
MD5: | DFE3453CF1F7BEC7ADE18DF2829E0A57 |
SHA1: | B27EC5B67E6388364456EE28F04016D053540FC3 |
SHA-256: | E6AC87556EF92B4C31743223DAC357854349D971F684D129DFA76932C21C7416 |
SHA-512: | B878209EEDDD3B3AD9A585D3310D1E1D07F736D51B953595EA25CE9E4A4B0621C2C318AE462596614D32B80C71538D4C07F96548D1E53CD01766B60AC5FFAFD7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.289929660093858 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDjt7XiN4vnZiQ0YNxoAvJfQ1rPeUkwRe9:YvXKXXliwc0OGY16Ukee9 |
MD5: | 71F0A87E118E39754E22B38FE3B10ECA |
SHA1: | ED2FBC9D38880F2BBE420F1CBD2410C4D761880E |
SHA-256: | F88515AE8A56C1739AB70CC2CF82AF3E68402319F8B320B0A61582E23B8B4071 |
SHA-512: | 955432E44B7BB2455B7A01B0D0140BF6337E27FAD088CFF78CF3A9E047B4B96E112A863AC9F6C8789E9D70E7DF1061434477900095AD4CB4504E03C0684E7F53 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1098 |
Entropy (8bit): | 5.6857889540818265 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xgln2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSj:YvB5ogq2SrhAh8cvUgEmj |
MD5: | 406D870966B4EA51D57B1FC102226681 |
SHA1: | B08EA9525E754082E58AE92853F10FDB0409442C |
SHA-256: | 0DA525B286A9CB4526B6A8DFFB1A069B89414F0F712BB735ED998BEC0B73E997 |
SHA-512: | D5F669A6887362FE425F84F7CEA923B68362A105AA57F290E233738E9FDF418A9BF0AB91F485925F19B021039502B40B3C7FF43730A7645D51A190ABF874176E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.698380825542837 |
Encrypted: | false |
SSDEEP: | 24:Yv6XglLKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK52:YvBJEgqprtrS5OZjSlwTmAfSKA |
MD5: | E9336DAE81370560B1EB5E5374843DC4 |
SHA1: | E6AC640CDD3AD422182EA3EC17416D394B93FE2F |
SHA-256: | A78B9AFF4E5CAAE53CB349F6578F0845248C344CDF0F461E111CF0E634121F9A |
SHA-512: | E51E0F4489CF5447856F469EDD1C15F474AB869C6BA18034335DC2576D3340C0164DA68977A574BE9620CA42ED5ED0F20E6242ADE97088D277B092874C2507E5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2944296422134425 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDjt7XiN4vnZiQ0YNxoAvJfYdPeUkwRe9:YvXKXXliwc0OGg8Ukee9 |
MD5: | 99500BD043D2DBA0E828694A20206645 |
SHA1: | 0095CCE9078454EB33064A02AA1B31B0694EA049 |
SHA-256: | E2723EB441441A976EDE1EFE20EEFD60F0C3329AF962C5A9432D69EFF8404DFF |
SHA-512: | D46083F44D018DC11CF3803F2DEB56C09DECB956E5618600B2D0150985BE02506442E2CBE80E304BF172BE05FBFECF8C0683CE5F76DE074C36DEAB55D3E5D48B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.774954390312212 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xgl2rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNO:YvBkHgDv3W2aYQfgB5OUupHrQ9FJA |
MD5: | 7DFAFA37EFE5CB34F31639119CDABF6F |
SHA1: | 9C25149FAA438FD0A2D09F108AFA7E45F3FB36DA |
SHA-256: | 9C47C282E2293A2578F88FD716414D59709941AD5C90775183105E8273CBCD7B |
SHA-512: | 16E37088ED4758673259BFFFE6B2177FA9050C6EBA44610012267F4C28AC693E7F69607F08C91E7C40AE2D72C5B268449DB112F1CC4A695A204D458548FBFDC8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.2780150241332615 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDjt7XiN4vnZiQ0YNxoAvJfbPtdPeUkwRe9:YvXKXXliwc0OGDV8Ukee9 |
MD5: | EF2AF10FA23E3807337556B970B2312E |
SHA1: | 410CF3B0157D7E433920F71E93293F9B783DE053 |
SHA-256: | 8557ACCEF90835354555593A9CBE085B91197B25D2AE8057A18CAEB6EE4386DA |
SHA-512: | AEE3F775CB092AFF9524FE5817245D2414184C76425099EE3522C3442858B5FDD3A5797FC9C951524434125CFAB090E065573414F926F0F06CE31BDC9C6FF7E2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.281004861765494 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDjt7XiN4vnZiQ0YNxoAvJf21rPeUkwRe9:YvXKXXliwc0OG+16Ukee9 |
MD5: | 3C7BE1C0142FFC2FB939D9FB9E65CEDB |
SHA1: | ECBA0F7F1192359429C35ECECD01743696AFC03F |
SHA-256: | 33556D66AA32F9888EA1079C89B68989E274A1362C6B298DCEE93C5B28428045 |
SHA-512: | 7D8F6F0D16F8BCAE8E87F7CA069AA1A6EC80EEEE24206A58210E1228B56478C29290FF686E3AC68EE4BB3E491DD2D6A8EE32FC294A8E21DB8F35228945141199 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1054 |
Entropy (8bit): | 5.665433934018658 |
Encrypted: | false |
SSDEEP: | 24:Yv6XglcamXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSj:YvBQBgSXQSrOAh8cv6mj |
MD5: | F054D641C0BB90094F87EFDB0FB30510 |
SHA1: | DB3A6E5276AD91F406D861ECA24609D2A2903ABE |
SHA-256: | 31A562C68A62FFAFEE1EDB7CB8C6D3BC2DE9B90003F05CAEABC43080B67164EE |
SHA-512: | 31D3314FADFAF818B19B13AB6FF2F7E45E8D8F704686BBE5782B923142897E6F5EF6B6BA7AB53E66A5E94AC8EA302C8CA4BA11B48645A785CC4609EF2357C147 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.2587571131343145 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDjt7XiN4vnZiQ0YNxoAvJfshHHrPeUkwRe9:YvXKXXliwc0OGUUUkee9 |
MD5: | B2CFE44F64696AFF877B01566989D5C3 |
SHA1: | 3DF4377BC9893CC31AE2D59F6E320749AC08C509 |
SHA-256: | 01C63E1CEC59332DC91ED466E69842245E99B235AC5A9160C8286C9028EDB1F7 |
SHA-512: | 416C92E53156FE7C0CF73C8D69F8D63FD2C39D3075F29F45081AC0D833BE19FACF746E51F17F2A9A963A17814171C9AC8516ACCB59AADF23829BC84B40077837 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.3609988829294775 |
Encrypted: | false |
SSDEEP: | 12:YvXKXXliwc0OGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWC:Yv6XglD168CgEXX5kcIfANhj |
MD5: | ABE41E22B538D0CBF5161D29CCDD8141 |
SHA1: | 4CECB53AC403097E1B22051CA3660BD0BD272AFA |
SHA-256: | A4B1502D34F1659125F97E9F23C2F1C0E8005ECE4F3E11AE41CCD454A60B150B |
SHA-512: | 6314F0D7947A79ED7FE473F91C7F54C364597EB369053BF1CF26ADC50C324857C96A5F73810DED3047C623E17EBD1D7226DF4BFDFAD260550CA7FCD69EE5FD9E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.121488805097114 |
Encrypted: | false |
SSDEEP: | 48:YT3gQsO4veNImvGQTEoc75pD0bS71MVu9rTLy:k3TNIm+QTQPvhMmrHy |
MD5: | 693B43016AC3661D057C66638DB7B209 |
SHA1: | 932406D965E86E0A1E5840EF644A3BBE20284E32 |
SHA-256: | CB860E09FA43099EDB624B28B7CB07865AACE24D8E8847D321C18DAB7BE3FD0B |
SHA-512: | 8C90C082C1BD7AFBF1EB06230686A719F4E2631AE2A5D56FAC646F211082654D74FEEC0925A83867D584F525F73B744B96A3094E6D8FAA9DD6552EA05FD0D27C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1442930417464865 |
Encrypted: | false |
SSDEEP: | 24:TLhx/XYKQvGJF7urskLnRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUud0:TFl2GL7mskPXc+XcGNFlRYIX2v3kFh |
MD5: | C28C18D98636FC3AC08E34A0683945E3 |
SHA1: | 8D9360E25AA0C8091BA9B9D56BAA121B1ECDF491 |
SHA-256: | 2DB7835660B79CB6A5E579E1716115A75507891B020B50F66453D3C614A53B20 |
SHA-512: | F7FE4509F61E872E15588D9584F7FB04619CAEC1610E393E45D4D7DDC5705F9B199F8218AA1E55C207B59BB3E69E2747C0DED7ADD1A0E6EF362B2FD29AD96D4B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.5506741486642162 |
Encrypted: | false |
SSDEEP: | 24:7+tsLnUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxCqLxx/XY7:7Ms4Xc+XcGNFlRYIX2vDqVl2GL7msi |
MD5: | CF616082E8DDC34280D37862835AE8BF |
SHA1: | 0750843E700679D3B6E3A9E22170DFB9BDD57BB9 |
SHA-256: | 54D961618491047198842F906B74E7D44CB9F07F7634DCE61F9C225AA250F50C |
SHA-512: | 5AC92B1C86AC09E625E51A97D939E866A06FA01D414F4EA0A28EA0C05C86240F77668BDBA19E07DFFD1787799E207C35DA40D558FFE03D3C3B7472F76B4912F7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.513199765407527 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K84CWfDhH:Qw946cPbiOxDlbYnuRKpNH |
MD5: | D922875963487A2CA1A2E2045ACB68C7 |
SHA1: | 57661B6818A43B140286649816C2F70137D8186C |
SHA-256: | C241049A2E52178B34CF5DF317B3E62E6CFDA26A132B27ACFEB24CF4BE443A12 |
SHA-512: | 832831287E30FE7B33FA0468F8AB9AA6D528A3B63570C68C10416B245A06347F4D053941E92F5D7C74B1792931BCD4C5DC1BCB4219CF348575E783A421D935DA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-14 05-46-17-434.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.338264912747007 |
Encrypted: | false |
SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
MD5: | 128A51060103D95314048C2F32A15C66 |
SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.327381135327779 |
Encrypted: | false |
SSDEEP: | 384:tQC9qULfv813kuwTLvgXTAstBWnLwlpa83r3d5dAtjxOcIJeUFe4cRch0zpECv/q:ZN6p |
MD5: | 8C359C7B927F625EEABA229F47B06440 |
SHA1: | 3BAC475AD028758A8730426DAEF574EB3638EA99 |
SHA-256: | EDDD05666B33700EAD0D3AA73B7F19D2DB0C2D25D1408B2A625A7514E54F7C3B |
SHA-512: | C432102C7CC5E153A0AD14323BBC8538A58DF19649A3C5F33E99A390BB9E0AE02EFB364E96499734D1816C5C2AE8F9D5D757DA5F79E8B924E7A010655BF15C4C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.401371923594525 |
Encrypted: | false |
SSDEEP: | 768:FcQ4OOSFi3CPTgp4fCp4CTq1SCambQPp4sWfHlxRq1UCUp4am/:Fcf |
MD5: | 878B180B921897467C4364B6469025F2 |
SHA1: | 0019FBA8925C0BA6211A39F7902A80FC27761203 |
SHA-256: | 63619A3698739D028E986B65141705031D456FD6D0C7C7F692F040BDF4986239 |
SHA-512: | D2DA38116DD295EDC0988F1D91FF59D42DCDE2A5C637AD4789C0108638C3C94B45EF2D7DAE02929672D7ED2472E22BABB72A5EA2AB2FB73A1E19CCEC936DFDE3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xaWL07oywYIGNPUGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JaWLxywZG6GZn3mlind9i4ufFXpAXkru |
MD5: | FFA982D6F2F9B46A1DECDD28BF3EF0E1 |
SHA1: | B1D05ED9BD6A80BD0E3377E9F62B47EF83FCC0C8 |
SHA-256: | 93D954FA4BBEDCDFBC7BF14FA1BB3986056261F4A5035C3CFF229FF16D12B78B |
SHA-512: | BF2931508F2039FFF4A74EC9B2FF2706FCF05DC5D56E22CA9C74B7C4AF9E8B4173419791DE648FD77AE7C4B441734E7C70C964A2B91C816FC98C9BA78BEB7879 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.836529599424515 |
TrID: |
|
File name: | 0260719760_9058015611_20241014041558.PDF |
File size: | 57'344 bytes |
MD5: | a8759e267b52784c9a1a90e105eb70b8 |
SHA1: | 3f71779426680e053bdb0ccd2c1d56634f9b9380 |
SHA256: | 088147992185c792908c2ecdfe74ef5d2e3d33492fa4fa4a3dda8c76c8e527a8 |
SHA512: | af0b1a58caba3ebf5e3e83b53bbe205ae3af0fb56fdad94c8d0ab5a74a6ecab109f0945e6a77a4cf69cc51e5a5a788d89bd448fe0890604c52e495bd87b37537 |
SSDEEP: | 1536:iD25BmjNsLfUHhmNcWew1k8F531GipyM6a6+Yxnqm4NNEV1:h5BmPCcW13FPDL65 |
TLSH: | 4543E1466A297552C8F55B39D80DBE918D93409599C81CA33E3C8F4B2F80F81B6F58FB |
File Content Preview: | %PDF-1.6.%......610 0 obj.<</Filter/FlateDecode/First 1728/Length 2812/N 200/Type/ObjStm>>stream..h..Y.n.7...>:..u.N .0.....V.{.m,.Zg.. [.=^$..sH...i......U.S..ENP..*.......6.D..^.Vf.J....3....QV...Z..)........\...(?.i....).5.^.|.CP..X.*$....vxj.=.E....Q% |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.836530 |
Total Bytes: | 57344 |
Stream Entropy: | 7.875950 |
Stream Bytes: | 52480 |
Entropy outside Streams: | 5.391803 |
Bytes outside Streams: | 4864 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 33 |
endobj | 33 |
stream | 16 |
endstream | 16 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 6 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
588 | 0000000000000000 | e8a2862558d287ea1126ebb98a66f337 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2024 11:46:28.510222912 CEST | 49803 | 443 | 192.168.2.6 | 104.77.220.172 |
Oct 14, 2024 11:46:28.510242939 CEST | 443 | 49803 | 104.77.220.172 | 192.168.2.6 |
Oct 14, 2024 11:46:28.510308981 CEST | 49803 | 443 | 192.168.2.6 | 104.77.220.172 |
Oct 14, 2024 11:46:28.510493040 CEST | 49803 | 443 | 192.168.2.6 | 104.77.220.172 |
Oct 14, 2024 11:46:28.510500908 CEST | 443 | 49803 | 104.77.220.172 | 192.168.2.6 |
Oct 14, 2024 11:46:29.082226992 CEST | 443 | 49803 | 104.77.220.172 | 192.168.2.6 |
Oct 14, 2024 11:46:29.082550049 CEST | 49803 | 443 | 192.168.2.6 | 104.77.220.172 |
Oct 14, 2024 11:46:29.082571030 CEST | 443 | 49803 | 104.77.220.172 | 192.168.2.6 |
Oct 14, 2024 11:46:29.083594084 CEST | 443 | 49803 | 104.77.220.172 | 192.168.2.6 |
Oct 14, 2024 11:46:29.083668947 CEST | 49803 | 443 | 192.168.2.6 | 104.77.220.172 |
Oct 14, 2024 11:46:29.112498999 CEST | 49803 | 443 | 192.168.2.6 | 104.77.220.172 |
Oct 14, 2024 11:46:29.112618923 CEST | 443 | 49803 | 104.77.220.172 | 192.168.2.6 |
Oct 14, 2024 11:46:29.112715960 CEST | 49803 | 443 | 192.168.2.6 | 104.77.220.172 |
Oct 14, 2024 11:46:29.112730980 CEST | 443 | 49803 | 104.77.220.172 | 192.168.2.6 |
Oct 14, 2024 11:46:29.154721022 CEST | 49803 | 443 | 192.168.2.6 | 104.77.220.172 |
Oct 14, 2024 11:46:29.223828077 CEST | 443 | 49803 | 104.77.220.172 | 192.168.2.6 |
Oct 14, 2024 11:46:29.223886967 CEST | 443 | 49803 | 104.77.220.172 | 192.168.2.6 |
Oct 14, 2024 11:46:29.223978996 CEST | 49803 | 443 | 192.168.2.6 | 104.77.220.172 |
Oct 14, 2024 11:46:29.225322008 CEST | 49803 | 443 | 192.168.2.6 | 104.77.220.172 |
Oct 14, 2024 11:46:29.225348949 CEST | 443 | 49803 | 104.77.220.172 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2024 11:46:28.100130081 CEST | 54832 | 53 | 192.168.2.6 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 14, 2024 11:46:28.100130081 CEST | 192.168.2.6 | 1.1.1.1 | 0x902c | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 14, 2024 11:46:28.107208967 CEST | 1.1.1.1 | 192.168.2.6 | 0x902c | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49803 | 104.77.220.172 | 443 | 5808 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-14 09:46:29 UTC | 475 | OUT | |
2024-10-14 09:46:29 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:46:14 |
Start date: | 14/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff651090000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 05:46:14 |
Start date: | 14/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 05:46:15 |
Start date: | 14/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |