Windows
Analysis Report
Workers Compensation Certificate (5).pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 3920 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\W orkers Com pensation Certificat e (5).pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 4308 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 4996 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 16 --field -trial-han dle=1648,i ,157575884 9615268873 6,15457399 8154570178 88,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
96.7.168.138 | unknown | United States | 262589 | INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1537105 |
Start date and time: | 2024-10-18 15:12:29 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Workers Compensation Certificate (5).pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/43@1/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 107.22.247.231, 34.193.227.236, 18.207.85.246, 54.144.73.197, 162.159.61.3, 172.64.41.3, 2.23.197.184, 88.221.168.141, 2.19.126.149, 2.19.126.143
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, otelrules.azureedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
- VT rate limit hit for: Workers Compensation Certificate (5).pdf
Time | Type | Description |
---|---|---|
09:13:52 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: claude-3-haiku-20240307 | ```json { "contains_trigger_text": true, "trigger_text": "My Amelia Inc DBA Inspected.Com", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false } |
URL: PDF document Model: claude-3-haiku-20240307 | ```json { "brands": [ "The Hartford" ] } |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
96.7.168.138 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher, Mamba2FA | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HtmlDropper | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher, Mamba2FA | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.195234902572385 |
Encrypted: | false |
SSDEEP: | 6:hnWeAVq2P92nKuAl9OmbnIFUt8WnWwAgZmw+WnWwAIkwO92nKuAl9OmbjLJ:hWeAVv4HAahFUt8WWwAg/+WWwAI5LHAR |
MD5: | AC3E33732D8749455AAF6C68CFC4D2E8 |
SHA1: | 6B6D1F9C0AD3ADBF6FB04D157EB889F8ABF4BC26 |
SHA-256: | 98D5FE71D080C5C5A4223B3A59C09A7DAEF945B4C6779093F0088AE71AD2DA86 |
SHA-512: | D118B7827F9EC8EC0CED5F7EBA87C142E9297E91CFFF577C64565691527272B4B4540BF70152F2A58FEB6B74DBA365FE8F8555D255D7CA3A91F553F3EAD6E641 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.195234902572385 |
Encrypted: | false |
SSDEEP: | 6:hnWeAVq2P92nKuAl9OmbnIFUt8WnWwAgZmw+WnWwAIkwO92nKuAl9OmbjLJ:hWeAVv4HAahFUt8WWwAg/+WWwAI5LHAR |
MD5: | AC3E33732D8749455AAF6C68CFC4D2E8 |
SHA1: | 6B6D1F9C0AD3ADBF6FB04D157EB889F8ABF4BC26 |
SHA-256: | 98D5FE71D080C5C5A4223B3A59C09A7DAEF945B4C6779093F0088AE71AD2DA86 |
SHA-512: | D118B7827F9EC8EC0CED5F7EBA87C142E9297E91CFFF577C64565691527272B4B4540BF70152F2A58FEB6B74DBA365FE8F8555D255D7CA3A91F553F3EAD6E641 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.202429119161845 |
Encrypted: | false |
SSDEEP: | 6:hnW/z+q2P92nKuAl9Ombzo2jMGIFUt8WnW/uRZmw+WnW/ulVkwO92nKuAl9Ombzz:hW/Kv4HAa8uFUt8WW/e/+WW/S5LHAa8z |
MD5: | 95DAE690F6FBAAD67B7DFA38BBE2106E |
SHA1: | 21F28FA21C47FE8538FAEF648342E2996D2854ED |
SHA-256: | 299E8FF83441FAA302E548287BED9E89795B62C537B42ECC6A0476A6DD30AE8D |
SHA-512: | CE0BB0996AE3F2D71CD86BB82EEA7550D2732C9D9C7F8CA9CF1686B5C568F052C4237ACEF5DD94F7D8FF7048A9973DBEB09F4D9FDE582D9258536AC1F38E061C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.202429119161845 |
Encrypted: | false |
SSDEEP: | 6:hnW/z+q2P92nKuAl9Ombzo2jMGIFUt8WnW/uRZmw+WnW/ulVkwO92nKuAl9Ombzz:hW/Kv4HAa8uFUt8WW/e/+WW/S5LHAa8z |
MD5: | 95DAE690F6FBAAD67B7DFA38BBE2106E |
SHA1: | 21F28FA21C47FE8538FAEF648342E2996D2854ED |
SHA-256: | 299E8FF83441FAA302E548287BED9E89795B62C537B42ECC6A0476A6DD30AE8D |
SHA-512: | CE0BB0996AE3F2D71CD86BB82EEA7550D2732C9D9C7F8CA9CF1686B5C568F052C4237ACEF5DD94F7D8FF7048A9973DBEB09F4D9FDE582D9258536AC1F38E061C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\92d714ba-0450-473c-88a3-617076293d41.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.052567248163298 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyVsBdOg2Hpmcaq3QYiubxnP7E4T3OF+:Y2sRds4dMHpZ3QYhbxP7nbI+ |
MD5: | 626959B7EF91FB28FD169385C5D9E4E4 |
SHA1: | F061E106050422675B70B9E3D14788A5753C0E56 |
SHA-256: | E58255C83FF9A8DFC2AEB653C2FF752FC312CBEAFB2661C6DB04F481CE513931 |
SHA-512: | DBC5CE8E911AE31D58E4E673222BD18296FAF9B6979EB663C900A336D8403D2F27FC56A634BB69C52D5A09288FF9E759DF5CE18EA28F896FFD211F85B2537774 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.052567248163298 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyVsBdOg2Hpmcaq3QYiubxnP7E4T3OF+:Y2sRds4dMHpZ3QYhbxP7nbI+ |
MD5: | 626959B7EF91FB28FD169385C5D9E4E4 |
SHA1: | F061E106050422675B70B9E3D14788A5753C0E56 |
SHA-256: | E58255C83FF9A8DFC2AEB653C2FF752FC312CBEAFB2661C6DB04F481CE513931 |
SHA-512: | DBC5CE8E911AE31D58E4E673222BD18296FAF9B6979EB663C900A336D8403D2F27FC56A634BB69C52D5A09288FF9E759DF5CE18EA28F896FFD211F85B2537774 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.2301928236040265 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUho2sLrlZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLL |
MD5: | 5DB6CD51634726DEFFF7B23B7ACD33DC |
SHA1: | 05269D6B4482BD4DA4506BFAE8DBBAD40C60617D |
SHA-256: | AC76B7BFB5F725D29AB875AA4CA415DF97C823D5CA6D0791CA1EAA695A8F897F |
SHA-512: | C6EFF65C3197A4C77E6660A63AB5B6D3DD4A21653A754B6CB9B18C3DB7DE8807A95BA5B6A5B15BB8361D794A0EB392EC21EE515D2445D27286C762B55A24C423 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.192489914752355 |
Encrypted: | false |
SSDEEP: | 6:hnW9s3+q2P92nKuAl9OmbzNMxIFUt8WnW92Zmw+WnW9yVkwO92nKuAl9OmbzNMFd:hW6Ov4HAa8jFUt8WWs/+WWM5LHAa84J |
MD5: | 2D05182194008AE2FA90240B92BB1ABF |
SHA1: | 81DAD687FBE8A69E4019BF440A86ACF809C3956E |
SHA-256: | 463F8C24336D6E724B225C55E3D80BB096FEF91AB3287118521451700ECC5D03 |
SHA-512: | F45CEC686FC3E0AE16B75E4A3E26EA4706A26ECA17991637A86D3D7949D392EBF16D4674C1C776D1C20C450FE09B9F7E857B574C3C9566481388D70EB24F4496 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.192489914752355 |
Encrypted: | false |
SSDEEP: | 6:hnW9s3+q2P92nKuAl9OmbzNMxIFUt8WnW92Zmw+WnW9yVkwO92nKuAl9OmbzNMFd:hW6Ov4HAa8jFUt8WWs/+WWM5LHAa84J |
MD5: | 2D05182194008AE2FA90240B92BB1ABF |
SHA1: | 81DAD687FBE8A69E4019BF440A86ACF809C3956E |
SHA-256: | 463F8C24336D6E724B225C55E3D80BB096FEF91AB3287118521451700ECC5D03 |
SHA-512: | F45CEC686FC3E0AE16B75E4A3E26EA4706A26ECA17991637A86D3D7949D392EBF16D4674C1C776D1C20C450FE09B9F7E857B574C3C9566481388D70EB24F4496 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241018131343Z-161.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 0.7088944921892296 |
Encrypted: | false |
SSDEEP: | 96:EbHNWHTptt0f8GJgCwuykj5P5lFA9nr8znzPZsWxMuGqHhIVgkAiH:gHNG6FVfVplMq8d9H |
MD5: | E10DEBA7AB010096B115184E6B477787 |
SHA1: | 17B4BECC5AD37505B85444C6A50F92A5456BF5DD |
SHA-256: | EF941E2B91AA0DAEC6DADE552C5CF23F3FEC1D0FCF9084CC16AC60EC4F93C38F |
SHA-512: | 8FF570D543F118820F511A99438A4A9FBB484353F4E4207965E5C9A78D088652CBB0D764E45889152A3380211B972AA6F96BDAA53A942E6892B21D6E4091FA72 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7460290111891994 |
Encrypted: | false |
SSDEEP: | 3:kkFklUgUfllXlE/HT8k8l/tNNX8RolJuRdxLlGB9lQRYwpDdt:kKNgtT8DTNMa8RdWBwRd |
MD5: | 7CABC9FEA3A5ABD28956B1607FAB00AE |
SHA1: | 6F7397D2DA3B842D027CF98EBB4EBD0982BE5658 |
SHA-256: | CE4CDDA4383E92CDC2DA7749C900F197BDA5D165556D96282CED9D1A9BC6A8A4 |
SHA-512: | 08D9982B9F198DCD60367598B4D36EBF039369D111BCC8DAA049405A748FD57C2A3A0391333B3D0E50C2DB63CA93E2B5135360CA432BD30250EB882493C60BE2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.332095038321482 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX45A9KHeW7+FIbRI6XVW7+0YAaYoeoAvJM3g98kUwPeUkwRe9:YvXKX4ZyYpW7AYoVGMbLUkee9 |
MD5: | 73C867BD28893C667317211621149029 |
SHA1: | D50B852FF41ACD69E4E6E130DB678F7ABC234C1C |
SHA-256: | 3EBECC5CB0B4B840C3F463161E3B32FB3E8C32C76CFA7F41F5DE00B9F92CDAB4 |
SHA-512: | E2CB335CEA9B59497F8D1C175BBE7A79B061661793205F597CC8DE5234D7D897355859AEE286904BA5BAC7542B056A59AFA0C0A003702DB958311804C5E32AA6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.271305563210523 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX45A9KHeW7+FIbRI6XVW7+0YAaYoeoAvJfBoTfXpnrPeUkwRe9:YvXKX4ZyYpW7AYoVGWTfXcUkee9 |
MD5: | B27E31091653EC6DC902D526AE9FE067 |
SHA1: | 5A4DCD84DA05B67A71E18B8ED836F2C775D3363A |
SHA-256: | 59CC8103CF20A9B2564D5F3920EA023B401F13DA815F6A03256A87E21C59B52B |
SHA-512: | 8A8DF44E96385BA33172E5972C164AEC85CA04F0AC42A300753BAFD8A3E4DD608785EA5FBB380A7EE65CC04637A2CDA86CABD490B63C1C40F803CA7D1B858829 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.249565058568329 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX45A9KHeW7+FIbRI6XVW7+0YAaYoeoAvJfBD2G6UpnrPeUkwRe9:YvXKX4ZyYpW7AYoVGR22cUkee9 |
MD5: | 71C8D8911EC7699B86E45C473E61A81A |
SHA1: | B4BF193517B1AAA0CFA89ACA18B3FD47A74CEF2E |
SHA-256: | D2C6D7BE1CBDA89BB5A56F6AA928310BBBD1226BAF0838415572D451DEFECA5D |
SHA-512: | 92286450A5C85174737059F212A3C720200DDD7B82167B0A9CA8C63DCAF1A81DAF609C4E774C3E124C41795DDB4B42C1A6E1F5CB54AF35CE279EAF2F50ED1618 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.309890780958024 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX45A9KHeW7+FIbRI6XVW7+0YAaYoeoAvJfPmwrPeUkwRe9:YvXKX4ZyYpW7AYoVGH56Ukee9 |
MD5: | 8E8622EBECFF5B1F2D16B1BC6B4A8E46 |
SHA1: | 01DAA969EB3CFBC93AE03872055B12D806907C01 |
SHA-256: | 5405AB0F5C16E3FBA0AA8C96419304B9FE207262C05CBC9002EBC9D01E04463C |
SHA-512: | F889F0F14574E1E86A3FBBCC5C2FA90478AF461D33521386703000A4F36AD707F1E9936FFE2EA17C30A3B5EC3CB55F068BFF2E33162B21DBECD967432AF93303 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1055 |
Entropy (8bit): | 5.655167250694829 |
Encrypted: | false |
SSDEEP: | 12:YvXKX4ZyYpW7AYoVGBS8Ukee1hSkLEJ1KUHXcLfeoPhSOPhnlbRKRCmK8dKzOCLO:Yv6XwiBpLgEscLf7nnl0RCmK8czOCCSa |
MD5: | C316105095858C112EF73A110A8490F9 |
SHA1: | 05DAF554BFA11810A938F1BE00061FD83EB15A4A |
SHA-256: | 02738D2E2583A701CDD4471A63B9797503E262243A8ED2F7CCA47876E3658C72 |
SHA-512: | 92750B38B822BEE05385FAD8F35F86DF574D7920C74EA8E2E4DCC2736470FA6635A7271B0CFA157A4F65208142B93FBADC550B15C386102899BEA1B45146DCF3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.648066968419953 |
Encrypted: | false |
SSDEEP: | 24:Yv6XwidVLgEF0c7sbnl0RCmK8czOCYHflEpwiVX:YvwdFg6sGAh8cvYHWpwa |
MD5: | CDB017B3F11AE9CFC9BFD8461F943933 |
SHA1: | C7BCBD667A252C79B53231BED13B07A219C21C60 |
SHA-256: | 5EB1B3EA3E724C04751A719396F9ACFA69D26DC5141972EFDE813D820BD01E15 |
SHA-512: | 070885B30D32BB9500EB811C67527A4AA48F8B7892A34918CB9CC56E945CE40CDCA214F393D6EDB59B9B98B73151B53B6481FCC64262D409DD3622119157C323 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.258629010838632 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX45A9KHeW7+FIbRI6XVW7+0YAaYoeoAvJfQ1rPeUkwRe9:YvXKX4ZyYpW7AYoVGY16Ukee9 |
MD5: | 724213664EADA4CBA5BE39E162A28980 |
SHA1: | 0942231BB45DDE2F1E6F10790BD91C0B8F54563D |
SHA-256: | 5486C68BFD162C2ABEA854ADEB815197FFCCA00693E836127D87065438D887B2 |
SHA-512: | 299C5B53DECE27AFA3EC039A401C0AB0F5E4454AC2A4ECE8D0DB260A1E2394E5834EFF5FCD6399FCB78DBD5BCEB6E73E054DB5EE1A2B0398D2F312C6D025B853 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.644654233463186 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xwic2LgEF7cciAXs0nl0RCmK8czOCAPtciBX:Yvwcogc8hAh8cvAJ |
MD5: | E63100D030ED5C9998C295E098D5CF0E |
SHA1: | 65F573F5E0BB8DCA90B5628E43D6D5BA43C4492F |
SHA-256: | 933F81F8A188B8DB4BC8B26856A2E0D912E298B3D7CD75BEECF169340FCA6434 |
SHA-512: | F6165910985FFCBF21673FA9B684B06E843BC7DEFC0C8FF7A99433C2F7740F8A3822A37252AC87C413D28BFF0245E2E1E3C24343B5F8208C60BBCBF8F6D90B00 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.697650330433588 |
Encrypted: | false |
SSDEEP: | 24:Yv6XwicKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5X:YvwcEgqprtrS5OZjSlwTmAfSKN |
MD5: | 613EADEEC9767175923542B723FB9A1A |
SHA1: | 30D066072D0DF9EF672867C59733486294ABB958 |
SHA-256: | CBD67D7210AA5EE7ABD31819529956A9172D42F04D5A8973EAEA3D5662F5608F |
SHA-512: | 9DBBD2BEAF1C026E8982B5D5246D860ECBFAD20A2E8F51654DB2AC8F743CC81BEA7B22855732EA0DC3D8F2FB8175746938E570A63B0A5C22F222297CE93CAA5F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.265500428558201 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX45A9KHeW7+FIbRI6XVW7+0YAaYoeoAvJfYdPeUkwRe9:YvXKX4ZyYpW7AYoVGg8Ukee9 |
MD5: | 658E2149EDF304595E4AEED6030088DA |
SHA1: | B82261E57A4DE0C1B4DD4DEE1BA2F1CA0E193DBD |
SHA-256: | 66D7B1AE462C9271B00630D2303AAC1375BB539F4FBC3FA63067DCF31A2084EA |
SHA-512: | D91F2CB2BBE696A823DDF9C22BA17A70C0FDA704A42C20E6742F575CB11F9EC8CBA3DEC44AA0FE5A2EA72B5B41C33BF87F79006215ADC76E33FB026D8F84C732 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.772931285808489 |
Encrypted: | false |
SSDEEP: | 24:Yv6XwiTrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNP:YvwTHgDv3W2aYQfgB5OUupHrQ9FJN |
MD5: | 2B6EC424097D13FC6C4191FD9E8BBEB3 |
SHA1: | F570D90AA133D3EF580328051763F67AE87E25A5 |
SHA-256: | BC21321547C8ECC9351E5F79C9C669A29D47824E05DD045045689088B47ECAF5 |
SHA-512: | 79788B572756234D98FB5C0905B28D74356C2F581D3448561F1C770DD6BADAE081BB97421331A6652DD1EF62D91E084E0F034938E616A2102223968F29DD2E61 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.249284636688709 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX45A9KHeW7+FIbRI6XVW7+0YAaYoeoAvJfbPtdPeUkwRe9:YvXKX4ZyYpW7AYoVGDV8Ukee9 |
MD5: | 09F46A5F1AE0A977A982E546DE49F4D6 |
SHA1: | 6E80F970FB17E5989A5164AC71821409CB128AC0 |
SHA-256: | 5B4F228A1A2E1DE93FBD81741EA3970DE387FAB4071D2BB8B1607C4340F0BCDE |
SHA-512: | E55DF3B7A697C6CF8AFE769E28BDF07CE03A1F4E7835B6CDD859B02FDCC7B037B050235B705A78E08A6CB013215E3DD27DEDDE220DCA83F952334EEE0DFFBDDF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.25016594977233 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX45A9KHeW7+FIbRI6XVW7+0YAaYoeoAvJf21rPeUkwRe9:YvXKX4ZyYpW7AYoVG+16Ukee9 |
MD5: | 7C63E50BC1101C8E1BA144EB405AE28A |
SHA1: | 5127B6FDFB027807D3531FBE9534E395DF61A7CA |
SHA-256: | B48A1DAAF6FE320F691D68AE72A169C9406FB30593C9EE263237BA49A0DA2A60 |
SHA-512: | 558543B9C08AA8B3975FE382E22CBA1EF41AC41BB3D021DE02DB6B8D3B040C824D4ED3C1CD381391F71CACEBBD6CA60AFF945FAFDB68BFFD6D802BFAF1D91A4E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 5.62542617027881 |
Encrypted: | false |
SSDEEP: | 24:Yv6XwiBamXayLgE7cMCBNaqnl0RCmK8czOC/BSa:YvwNBgACBOAh8cvMa |
MD5: | 4AB876136E3683CC02B00F75F55237BB |
SHA1: | BB4342C7DDD6579DB49FFA98734FE77C13448915 |
SHA-256: | B82E6B91B7C17C4AD70AA1264A00428C8FF270320D3778B265784EDDB091B989 |
SHA-512: | 4429B35681394DA17DCFA542F8740A07053B2CCE1BBA43260E3C44E67D6133B304C924BBA1683175402271E990973A92E45EA08C04FEC462FFC6F5D9386F9510 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.225692894394099 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX45A9KHeW7+FIbRI6XVW7+0YAaYoeoAvJfshHHrPeUkwRe9:YvXKX4ZyYpW7AYoVGUUUkee9 |
MD5: | 2B0D21B601C7DAC6CE1D416AB9485382 |
SHA1: | B43969CF7F2A862BB59290369C6DA4DFB0F235D4 |
SHA-256: | 18C590316DF899BF39C8C9DB77C15C6D644D9595C6810E56CBA2B3F59F92F0EF |
SHA-512: | AB6023A2AE58E6966D001EE51BF857E86C11B24DB6E193E8A48676D645582F9E9185BE393C37211A3A3DC01E76494743FD3ACBC02C59B66E324AB99233A7CE4F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.362904372918889 |
Encrypted: | false |
SSDEEP: | 12:YvXKX4ZyYpW7AYoVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWiY:Yv6Xwiq168CgEXX5kcIfANha |
MD5: | 93D2DB27E6C168FCEAA84D408BDA8686 |
SHA1: | 8D48EA65E1F7EA3ACE297BF7ACEBBD580ECA9E93 |
SHA-256: | 670691156F87E357A53C8A853C8B7393F3415E06303D3C2FC52A82B842DCD4D5 |
SHA-512: | 5833AE9F59C7042E0896BFDC8D628F4A040B0E59E8DE598EC86EDD6F502F11096B3F36D76BBBEC45152927F4AB1A06DB4DC29CCB3E5EED0CBAF79617AD8CB03B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.128807004215203 |
Encrypted: | false |
SSDEEP: | 48:YoFaBUWA61U1ZePWre6x3EbXP1PpmSx9e:oyWA6/Wre6xUbNRmCe |
MD5: | E94CB7FC12FC7954C86C3D83DC4F714D |
SHA1: | 2DE0A3993758F18CE48DE05370D856EF5F2D82B1 |
SHA-256: | 5E9D8AE72B2C151289E0145199E92A65B1764DAB103706DB9235AB7B300C6800 |
SHA-512: | A470B0170927A0C0A33B5FDDBEDD76D55015B5BDB998FB7E86510E10B4321F0983238A8B2DDFFABCF00E9105F8C091635D8308683F3FC3C69243472A039D0BE7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9845220717176244 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpnT3j4zJwtNBwtNbRZ6bRZ4KT3jF:TVl2GL7ms6ggOVpnQzutYtp6PZt |
MD5: | DBEAD7514C13BF0217F4AB4341910B55 |
SHA1: | C539745D08D569F7200FDE69B1D998FAD8B7EF70 |
SHA-256: | E71760CE525756315A64DD4A9FEF6A5CA583658CC3AA5F8FDF2AE365E761216A |
SHA-512: | D1055A5805512C6EE5F615E8864FFCF265991CF941C2C0FBB022CC7E7E6EAB9F4693B1BF5616B6767A3F5ED4B298D2BFD959D4C7508A04DAAC51C6DD2C871525 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3386523200132041 |
Encrypted: | false |
SSDEEP: | 24:7+tXAD1RZKHs/Ds/SpnT3jPzJwtNBwtNbRZ6bRZWf1RZKqqLBx/XYKQvGJF7ursW:7MXGgOVpnXzutYtp6PM/qll2GL7msWn |
MD5: | D2CD20B072427274E233E29CDA02FFC6 |
SHA1: | 14E7672EC687ACCAE543BA871EBEB91200F212B3 |
SHA-256: | ACE291D7DFD6BB36D763E461BA0B9F3BE85696480AED0C3D620F2CAA1AD2A56F |
SHA-512: | FACCF0CDBAC2F8243141B67BD59823FC3083B0EBF8A586A4B537AA85A733276D75890469D8DA7E608BF42F308D1446164B258CE7915319ABFBB036D8F15D83E6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.529459928009153 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKRaM:Qw946cPbiOxDlbYnuRKS9 |
MD5: | 06BB43B2076F66B1C9EEC4C316B7373C |
SHA1: | C642D32E9D5A569F4A62B57FFA235407D4C85B22 |
SHA-256: | F1A2E7AD56B650A188CC77AC2211BCD11DE385E130460E4A7FDD3EC4D059DEAC |
SHA-512: | 4AB9A236A6A2491B7315D561AF379D90D7278E7DDD61337B2930CE3F6A2400147E3E7AA06314CF2E588376E8405CC537E008C8C3F525830F519718878743C8FC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-18 09-13-41-422.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15113 |
Entropy (8bit): | 5.358161121590315 |
Encrypted: | false |
SSDEEP: | 384:za2Lu63+bLUEIRjLoLAzy43mmVqWZw0KDYp9rfr6Dd4TkyXlHOWT0J0JMWkD1Es9:cke |
MD5: | CA9F4D058EE3200F7DDD3734EC620FDA |
SHA1: | 4D15F4CB7E1474CACD5C050B26A2266E0E9DB808 |
SHA-256: | 181C3BC24D39A941F5F9715211A5BC0CF23716987A7F4FA05BD832503A59A221 |
SHA-512: | 50CF3539AFA09B974D628C6EE4745E4A1B55357FEF4510B66EFADE8C8D5A3D2755EBB25F44ACC2E56F2A82385C967D78F4EE553008897A79176716B68BF07851 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.3994610449829965 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbx:N |
MD5: | 3E50186A1DFDF6F4FE8EA1012DCDBEFB |
SHA1: | 5911BA0FD802C034F4EFF0C564695777EA4CA554 |
SHA-256: | FBD41E34183E0C8BDD7B17BA13A6D302004C82B65160A4E9FA7C46353E58CBAE |
SHA-512: | 8A94F37A9A1D5228F3F6DE88DF8EB408CE44A6466156174597E89D1128C6647609B1211D5B767D7A33EA01F3120ADC634AFC79AEEA10C619574A09D7B284E54E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.244777509099403 |
TrID: |
|
File name: | Workers Compensation Certificate (5).pdf |
File size: | 449'068 bytes |
MD5: | 18232711d79c104bc7060aa8ad15dbdf |
SHA1: | 23ed41606083760a7caba018c0abd0f9f15a9681 |
SHA256: | 9051431b0c4618b2a6b855ecf06f18cbeab60fb683f81e0a2ffa9467c44d4335 |
SHA512: | 4817b0518bd8db29833e6aa66b1183474256548972c675094cf5a52c2f1bcfae8668b9dda2daff61b9b8f6b0148cf2de7b4ff689fb01d2757f9be3dd3cf71db9 |
SSDEEP: | 6144:3k5fBPurbpcFk9xt7iHnxsbB23mFzKDRVv5VW6IQkDLUm:3kMpcFk9xQxEk3jDbvjUQkUm |
TLSH: | 23A455B65971A764DB61CB2C0F9077AEC10C271F5AE0431A388DC977774A85AF28F4E2 |
File Content Preview: | %PDF-1.5.%.....1 0 obj.<</Type/Page/Parent 7 0 R /MediaBox[ 0 0 612 792]/Contents 8 0 R /Resources<</XObject<</img1031917 6 0 R /img1031916 3 0 R >>/Font<</F2 2 0 R /F4 4 0 R >>>>>>.endobj.3 0 obj.<</Width 950/Filter/DCTDecode/Type/XObject/Length 182011/B |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.5 |
Total Entropy: | 7.244778 |
Total Bytes: | 449068 |
Stream Entropy: | 7.242200 |
Stream Bytes: | 444816 |
Entropy outside Streams: | 5.143916 |
Bytes outside Streams: | 4252 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 21 |
endobj | 21 |
stream | 10 |
endstream | 10 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 2 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
3 | 0c25030303230333 | b0e8c4b9448afff78374144d51dae273 | |
5 | 0000000000000000 | cb73ee2b90885d25cee67421f4602000 | |
6 | 001329212921292f | 4105b4ce756168fa2df02dae8b5565af | |
10 | 230b1847474a7e30 | db4b37c00d0c6fb4765214705d1755d3 | |
12 | 004cced665658048 | 55ddbf67f37f2bd609f8b3f280b3909e |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 18, 2024 15:13:54.268090010 CEST | 61515 | 443 | 192.168.2.5 | 96.7.168.138 |
Oct 18, 2024 15:13:54.268131971 CEST | 443 | 61515 | 96.7.168.138 | 192.168.2.5 |
Oct 18, 2024 15:13:54.268209934 CEST | 61515 | 443 | 192.168.2.5 | 96.7.168.138 |
Oct 18, 2024 15:13:54.268503904 CEST | 61515 | 443 | 192.168.2.5 | 96.7.168.138 |
Oct 18, 2024 15:13:54.268517971 CEST | 443 | 61515 | 96.7.168.138 | 192.168.2.5 |
Oct 18, 2024 15:13:55.014413118 CEST | 443 | 61515 | 96.7.168.138 | 192.168.2.5 |
Oct 18, 2024 15:13:55.014799118 CEST | 61515 | 443 | 192.168.2.5 | 96.7.168.138 |
Oct 18, 2024 15:13:55.014821053 CEST | 443 | 61515 | 96.7.168.138 | 192.168.2.5 |
Oct 18, 2024 15:13:55.015919924 CEST | 443 | 61515 | 96.7.168.138 | 192.168.2.5 |
Oct 18, 2024 15:13:55.015990019 CEST | 61515 | 443 | 192.168.2.5 | 96.7.168.138 |
Oct 18, 2024 15:13:55.066869020 CEST | 61515 | 443 | 192.168.2.5 | 96.7.168.138 |
Oct 18, 2024 15:13:55.067065954 CEST | 443 | 61515 | 96.7.168.138 | 192.168.2.5 |
Oct 18, 2024 15:13:55.067193031 CEST | 61515 | 443 | 192.168.2.5 | 96.7.168.138 |
Oct 18, 2024 15:13:55.067213058 CEST | 443 | 61515 | 96.7.168.138 | 192.168.2.5 |
Oct 18, 2024 15:13:55.121535063 CEST | 61515 | 443 | 192.168.2.5 | 96.7.168.138 |
Oct 18, 2024 15:13:55.197705030 CEST | 443 | 61515 | 96.7.168.138 | 192.168.2.5 |
Oct 18, 2024 15:13:55.197864056 CEST | 443 | 61515 | 96.7.168.138 | 192.168.2.5 |
Oct 18, 2024 15:13:55.197936058 CEST | 61515 | 443 | 192.168.2.5 | 96.7.168.138 |
Oct 18, 2024 15:13:55.198576927 CEST | 61515 | 443 | 192.168.2.5 | 96.7.168.138 |
Oct 18, 2024 15:13:55.198601961 CEST | 443 | 61515 | 96.7.168.138 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 18, 2024 15:13:52.274574041 CEST | 62790 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 18, 2024 15:13:53.660557985 CEST | 53 | 56327 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 18, 2024 15:13:52.274574041 CEST | 192.168.2.5 | 1.1.1.1 | 0xb723 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 18, 2024 15:13:52.283121109 CEST | 1.1.1.1 | 192.168.2.5 | 0xb723 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 61515 | 96.7.168.138 | 443 | 4996 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-18 13:13:55 UTC | 475 | OUT | |
2024-10-18 13:13:55 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:13:38 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 09:13:38 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 09:13:39 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |