Edit tour
Windows
Analysis Report
Scan 7820126fdp.pdf
Overview
General Information
| Sample name: | Scan 7820126fdp.pdf |
| Analysis ID: | 1546091 |
| MD5: | 78951686980095ae33f017a8d267e7d3 |
| SHA1: | c58431ecf229382880f143208992384065a86532 |
| SHA256: | 47930e997509ae9efa420f64d0bf2aee3f1082812e4a82b6f7b697cb3da848c6 |
| Infos: | |
 | |
Detection
| Score: | 21 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
AI detected landing page (webpage, office document or email)
Potential document exploit detected (performs DNS queries)
Suricata IDS alerts with low severity for network traffic
Classification
- System is w10x64
Acrobat.exe (PID: 6472 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\S can 782012 6fdp.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 5660 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5484 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 28 --field -trial-han dle=1636,i ,160926041 0311909206 7,68829325 6635885764 9,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-31T13:54:02.006619+0100 | 2022930 | 1 | A Network Trojan was detected | 20.12.23.50 | 443 | 192.168.2.5 | 49717 | TCP |
| 2024-10-31T13:54:14.269507+0100 | 2022930 | 1 | A Network Trojan was detected | 20.12.23.50 | 443 | 192.168.2.5 | 63275 | TCP |
| 2024-10-31T13:54:16.241587+0100 | 2022930 | 1 | A Network Trojan was detected | 20.12.23.50 | 443 | 192.168.2.5 | 63281 | TCP |
Click to jump to signature section
Show All Signature Results
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
Persistence and Installation Behavior |   |
|---|
| Source: | LLM: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | 1 Browser Extensions | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
| x1.i.lencr.org | unknown | unknown | false | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown |
⊘No contacted IP infos
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1546091 |
| Start date and time: | 2024-10-31 13:52:54 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 57s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 9 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Scan 7820126fdp.pdf |
| Detection: | SUS |
| Classification: | sus21.winPDF@14/46@1/0 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.202.204.11, 52.5.13.197, 54.227.187.23, 23.22.254.206, 172.64.41.3, 162.159.61.3, 2.23.197.184, 23.32.184.135, 199.232.214.172, 2.19.126.143, 2.19.126.149
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- VT rate limit hit for: Scan 7820126fdp.pdf
| Time | Type | Description |
|---|---|---|
| 08:53:59 | API Interceptor |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Strela Downloader | Browse |
| ||
| Get hash | malicious | Strela Downloader | Browse |
|
⊘No context
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.265771129720629 |
| Encrypted: | false |
| SSDEEP: | 6:B5Tczvq2P92nKuAl9OmbnIFUt8C5TcEjZZmw+C5TcEjzkwO92nKuAl9OmbjLJ:BNEv4HAahFUt8CNb/+CNx5LHAaSJ |
| MD5: | EEBE3B10C007F3D3D578B6033490BAC6 |
| SHA1: | A05306090213812C511586BAC73197670ED4FB1A |
| SHA-256: | ED0DA2D28DCD9BA23465C57E38907868249BDC29D9EBB61FA3D5571CC4D7278C |
| SHA-512: | D2B70D65D6230B7D3F9F4D8688C621136632857BDC119E8338C7C084527E634A8940424B2C71C7DEFEBDB806D0B983459409DF1052755967C82BA54B440B05C0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.265771129720629 |
| Encrypted: | false |
| SSDEEP: | 6:B5Tczvq2P92nKuAl9OmbnIFUt8C5TcEjZZmw+C5TcEjzkwO92nKuAl9OmbjLJ:BNEv4HAahFUt8CNb/+CNx5LHAaSJ |
| MD5: | EEBE3B10C007F3D3D578B6033490BAC6 |
| SHA1: | A05306090213812C511586BAC73197670ED4FB1A |
| SHA-256: | ED0DA2D28DCD9BA23465C57E38907868249BDC29D9EBB61FA3D5571CC4D7278C |
| SHA-512: | D2B70D65D6230B7D3F9F4D8688C621136632857BDC119E8338C7C084527E634A8940424B2C71C7DEFEBDB806D0B983459409DF1052755967C82BA54B440B05C0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.224435988955531 |
| Encrypted: | false |
| SSDEEP: | 6:B5TrTFIq2P92nKuAl9Ombzo2jMGIFUt8C5TIZmw+C5TJTFkwO92nKuAl9Ombzo23:BNtIv4HAa8uFUt8CNI/+CNJTF5LHAa8z |
| MD5: | F6B15C316C7B2B7D99FA34591C472B81 |
| SHA1: | 1770109BF7407B412A116B21CCCFDD5D266BECF4 |
| SHA-256: | 2388FCE3B7F611221214ECE77FB1DC8B0DC5E8A49B8DCBA0FBB444895DA548AD |
| SHA-512: | E7B46C146168E0D47FA55655F6E96E3D9219CC24A089C9C0007581DDA7FD13BD98A7C57035EC67811A14194D7EAF1DECD1B4B90EF6CE884C8FCA02F6AB5F35F4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.224435988955531 |
| Encrypted: | false |
| SSDEEP: | 6:B5TrTFIq2P92nKuAl9Ombzo2jMGIFUt8C5TIZmw+C5TJTFkwO92nKuAl9Ombzo23:BNtIv4HAa8uFUt8CNI/+CNJTF5LHAa8z |
| MD5: | F6B15C316C7B2B7D99FA34591C472B81 |
| SHA1: | 1770109BF7407B412A116B21CCCFDD5D266BECF4 |
| SHA-256: | 2388FCE3B7F611221214ECE77FB1DC8B0DC5E8A49B8DCBA0FBB444895DA548AD |
| SHA-512: | E7B46C146168E0D47FA55655F6E96E3D9219CC24A089C9C0007581DDA7FD13BD98A7C57035EC67811A14194D7EAF1DECD1B4B90EF6CE884C8FCA02F6AB5F35F4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 508 |
| Entropy (8bit): | 5.053486809992764 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sq3LsBdOg2HpPcaq3QYiubxnP7E4T3OF+:Y2sRdsosdMHp+3QYhbxP7nbI+ |
| MD5: | B98A324C021CAB3A155C3B2338C700F2 |
| SHA1: | A7BA0C29156C2D205746AC6F6F3F8C3F07A883A6 |
| SHA-256: | 650B131BC3D7065D3F6FC2C3C8048ED970668C3EB16D608B76D2BECD832CB2E1 |
| SHA-512: | 3D28AC60F78698BB6AB27AEE2927DB117195A6E067BB3704CC2AFEE939DCDC84F41A895392C3ECDC0E85E3BC56CB3DC4B963778DB8AFD79D562799E1118BB728 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\de107480-9020-4091-b653-3c5d47f3aa0e.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 508 |
| Entropy (8bit): | 5.053486809992764 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sq3LsBdOg2HpPcaq3QYiubxnP7E4T3OF+:Y2sRdsosdMHp+3QYhbxP7nbI+ |
| MD5: | B98A324C021CAB3A155C3B2338C700F2 |
| SHA1: | A7BA0C29156C2D205746AC6F6F3F8C3F07A883A6 |
| SHA-256: | 650B131BC3D7065D3F6FC2C3C8048ED970668C3EB16D608B76D2BECD832CB2E1 |
| SHA-512: | 3D28AC60F78698BB6AB27AEE2927DB117195A6E067BB3704CC2AFEE939DCDC84F41A895392C3ECDC0E85E3BC56CB3DC4B963778DB8AFD79D562799E1118BB728 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4509 |
| Entropy (8bit): | 5.228353696347544 |
| Encrypted: | false |
| SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUL0RwraqfRKZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL7 |
| MD5: | 1EC4EFED83B9E326375BEDB842357BE0 |
| SHA1: | B58B9120729421CEA7465C5A21356081A4800808 |
| SHA-256: | 2DCCBEDA359A7631CFAD47A702AD6EBEFD8A117BD278FEC36F7ED53B1C7A66EE |
| SHA-512: | 3AB33DF8BC9F1C7B78D4E83F46C2B90C29BF62FF7923F21ABFB5BCF1B1433AE6C68EE3033240459AE3A55A32B66A911F14885EC3B98810EA8FFB46C0E18D660C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.230143766034349 |
| Encrypted: | false |
| SSDEEP: | 6:B5TnaOq2P92nKuAl9OmbzNMxIFUt8C5TnXZZmw+C5TnYkwO92nKuAl9OmbzNMFLJ:BNnaOv4HAa8jFUt8CNnJ/+CNnY5LHAab |
| MD5: | 3E0BC16032815A94DAA9585509532D2B |
| SHA1: | 054EA580B72952C7B205054C76E4B16AFC469BE2 |
| SHA-256: | 913B5D38DFE45F5BDE898EAD07A920783309915F0756CEB1207A78225844D340 |
| SHA-512: | BA62B8629FC4B9012624E6B335523D4374735F35D346CC1CC675FDEC5DF9A7D89A061E3D373AB60568D5C89FBBA2280DAA3EE8F42C3E47DF63F3336BEC6ED76D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.230143766034349 |
| Encrypted: | false |
| SSDEEP: | 6:B5TnaOq2P92nKuAl9OmbzNMxIFUt8C5TnXZZmw+C5TnYkwO92nKuAl9OmbzNMFLJ:BNnaOv4HAa8jFUt8CNnJ/+CNnY5LHAab |
| MD5: | 3E0BC16032815A94DAA9585509532D2B |
| SHA1: | 054EA580B72952C7B205054C76E4B16AFC469BE2 |
| SHA-256: | 913B5D38DFE45F5BDE898EAD07A920783309915F0756CEB1207A78225844D340 |
| SHA-512: | BA62B8629FC4B9012624E6B335523D4374735F35D346CC1CC675FDEC5DF9A7D89A061E3D373AB60568D5C89FBBA2280DAA3EE8F42C3E47DF63F3336BEC6ED76D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241031125350Z-155.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 1.0751062366694253 |
| Encrypted: | false |
| SSDEEP: | 96:jd9DbBPbPeJw+bgxJMM0MMMMTcIf79MMEMBMVP7ELW2pbNg5EU/PdvG+mZMM4Mre:jd9DhrMbg+soL7pBg5EeyEycqRy9 |
| MD5: | E3433F85EB3C65AFD6EE833AEDC90548 |
| SHA1: | E0925BA814455D87190CFA68FD8196661653C140 |
| SHA-256: | 15E86F7BD4FC1892EA1F9DF01E35A68BEFCE65DA305402475BDC8B70CD0DE6AA |
| SHA-512: | 801CD1330FEA96A77B342BB0938D01F704DFC7B00752623BF746B5F764E82B9291C2DD221604414F1CCBDD437ED45C2DCED053A22B0988573BE81B3B2482EF22 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1391 |
| Entropy (8bit): | 7.705940075877404 |
| Encrypted: | false |
| SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
| MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
| SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
| SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
| SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192 |
| Entropy (8bit): | 2.7673182398396405 |
| Encrypted: | false |
| SSDEEP: | 3:kkFklS8L/XfllXlE/HT8kkGbNNX8RolJuRdxLlGB9lQRYwpDdt:kKL/T80pNMa8RdWBwRd |
| MD5: | 616655423B5383D4F1057BB0DA724D67 |
| SHA1: | E5A467EFC9B001662989D3D380BB0A08BEB93191 |
| SHA-256: | 2E3047ECB6FA83BD3F97FBC6D5CB27D8CF3B52D45A56A94615CFF1E6C75E83DB |
| SHA-512: | F30053A2504B766A1E1EF5572D4842710AE09F5468F5111FC690AF0C66FE8DA0565DD0FA126F7561F8FC6ED833D86B581C7706E8E935BAD909BE442AA129F151 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.2539954282295116 |
| Encrypted: | false |
| SSDEEP: | 6:kKKn9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:C2DImsLNkPlE99SNxAhUe/3 |
| MD5: | 7AF4AAA2F05CB0C820E447D5FF03C0E4 |
| SHA1: | 57C3E2624F838E4223382449515596E9419CA924 |
| SHA-256: | A5EA109F1B3892A92DA7DDE9143F700E3E82B44B68CB399D0C5FF322A8601F86 |
| SHA-512: | 916AC892F3F97FA8DBF046AD9F0B67247D4B1766E017ABDD7B74410F396193496F8B4891958AEA23077B6CA6A47462093F1DE9EC837B4ABE6DE260C7E740967A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 227002 |
| Entropy (8bit): | 3.392780893644728 |
| Encrypted: | false |
| SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
| MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
| SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
| SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
| SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.316015212182085 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX9SEb+FIbRI6XVW7+0Y8XVRVDoAvJM3g98kUwPeUkwRe9:YvXKXzSYpW7FVRSGMbLUkee9 |
| MD5: | A2DFD8EFBF4408AF47F5D5E25A7D0256 |
| SHA1: | F3CACBF78D9EEA2F2101EB0582B813EB07321927 |
| SHA-256: | 098A92E78F6784588BE1CF50FC3589F4BC4398FEE7089721874150E74A7612F7 |
| SHA-512: | AE2B4542B741B4FE1858CA8AF180EB265BBD31190466E01BD6037818611AF65B5E485E4FC701D7AE37BF09F2B906053ADC39C7EC321FDC6DAEE9FE9F62482B17 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.253853499836867 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX9SEb+FIbRI6XVW7+0Y8XVRVDoAvJfBoTfXpnrPeUkwRe9:YvXKXzSYpW7FVRSGWTfXcUkee9 |
| MD5: | F23A1636D0F45FE54ED8379C08DF2F5D |
| SHA1: | AC3AB1FBC6988C068C253825B7D892178BE88702 |
| SHA-256: | 2FAD2B8C353A483C36A5FDC894A1F788F4EFB81820E77AC458178C1BA15E44DB |
| SHA-512: | 0CE4DDBF43105F9FB57914DD1F0DDB1D427F7A205A8112C3D05EFB2BA6C99670F3F1FB848F223A72C1C3238D869E624953CA2C275F67D6B3531C7DAF5596602A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.2331212937515375 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX9SEb+FIbRI6XVW7+0Y8XVRVDoAvJfBD2G6UpnrPeUkwRe9:YvXKXzSYpW7FVRSGR22cUkee9 |
| MD5: | 384D3E6CD725C86723A3EE30A1D22328 |
| SHA1: | A6C34EC4DFE9E531454A3F2A15F2FE16C4FF9C9B |
| SHA-256: | 282ECF4B7E3AB15BFF5F0096B6C4FD35A87BBEE84638FEE9DD64436931E1130E |
| SHA-512: | FE150AA05B42ED53352D26B6468153B074841DD0B02F846017DB9F5F96791E6A4D42282A093866F42678AD50C6D44E379C5216D3D3C4D1DE421CC00C7AF2CD2E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.293246750392685 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX9SEb+FIbRI6XVW7+0Y8XVRVDoAvJfPmwrPeUkwRe9:YvXKXzSYpW7FVRSGH56Ukee9 |
| MD5: | 4566CFD8897BE6EE11C34C8326B74BC1 |
| SHA1: | 99F32146EA3D7DEED7576015939D6B0115350CD3 |
| SHA-256: | D6CEC7B6C711ED98FF099FAA839CE6D392EFE52A2115EBEC8F1D0CE31422CEFE |
| SHA-512: | F402901538ACE36F1250CD1E1FF8AD94D4C5B77B8124DECCE299434910D881D01763AD559439C84C8EB31F1CB265294849BCD5ABB2EE9F203BD4FBB9B4AFB4F7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1055 |
| Entropy (8bit): | 5.649917917548663 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6Xz3iFVRvpLgEscLf7nnl0RCmK8czOCCSL:YvRFPhgGzaAh8cv/L |
| MD5: | 32CB43C8AF4F0936254671B5D574286B |
| SHA1: | C7AE5D5A00D28FC1729EE532A23E11811F5D0AAF |
| SHA-256: | 9F5536ECB1A627E15C660247A6CE0A3C4C495AF4C796747E16A07232A083E9AD |
| SHA-512: | E5DBA7D47AFDEBCB36C7AB879004B7B6468C86CF45616B8471918E800C4C1D2819477EC053921040342DB5AFA08A16D6D629AEED9B1F45B99EB63DCCEDC21B32 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1050 |
| Entropy (8bit): | 5.641630844635166 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6Xz3iFVRzVLgEF0c7sbnl0RCmK8czOCYHflEpwiVm:YvRFTFg6sGAh8cvYHWpwL |
| MD5: | 1D854EF50C0A7D1BC907673BC60F1FA5 |
| SHA1: | 7100A2B8DDC2F202B8E28A1EA71D8BBF536568F5 |
| SHA-256: | 85A27A1F490463E57FE18F0291DF0AEA971AE791E9B389FE6066BE12478AF5C1 |
| SHA-512: | C893B08EBF0456064B5F1E102181250A48010E0230AABD95688CE4996400C6956793B58C9812BC139AC8C048FE0B0DB933E6B35E840B0B03F37462C99301583D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.240062570128675 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX9SEb+FIbRI6XVW7+0Y8XVRVDoAvJfQ1rPeUkwRe9:YvXKXzSYpW7FVRSGY16Ukee9 |
| MD5: | 6AB6D76401E15049AE70FB6554936825 |
| SHA1: | 263AC30C72C6549522D6CEEBC2F6944A5BA4890F |
| SHA-256: | 6FC58687133AD8B199F16F12A9C75B5CA9C50C56FAEA3A7BD74166F5D63BD1E0 |
| SHA-512: | 0532A951D01926CCC30CD50B300D6C079B4632E6FD84C9CA85E41303C12C1006B49D314AEFACC29D513D022596800FB54C9F0EB4C9EDABFBA5F8670D742C3211 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1038 |
| Entropy (8bit): | 5.640549316876444 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6Xz3iFVRC2LgEF7cciAXs0nl0RCmK8czOCAPtciBB:YvRFiogc8hAh8cvAT |
| MD5: | 5051BFE777E9E155908AAC9D384C136D |
| SHA1: | 269AE2B083BFAF8BB7105CD7BDE81AFBC8B220FF |
| SHA-256: | FFA630A2C98FBD70EEB11F866E3859342AD08AEB917DA318F841C3A91D8512CF |
| SHA-512: | 72E72440B14A4F04C77825AB6FB993C9095B69AFC83D3AD95A7441354B941635280813C992A594E841D1DBC5F8C03239131B364E3C7521D568C6A71307CAB053 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1164 |
| Entropy (8bit): | 5.691795781475672 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6Xz3iFVR+KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5B:YvRFeEgqprtrS5OZjSlwTmAfSK/ |
| MD5: | 66D5E64D644B6FADE41520ED2CB3E9B1 |
| SHA1: | 1B2E338C53C0464496FFB25DA9F1E1F2A1F253B2 |
| SHA-256: | 3A9B8DB8D716065042467151B13B923407EEFBAE0C33400CD2B72F6A1928F1F7 |
| SHA-512: | 4528DEE692B3FB959D69BBBEED8B801EF3B21ABD73179228F69A5296BFAF86C22FB9C7EF2B8B15792180465109795529641DDAEF3967042ECF7B4525200DEF76 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.245929013876765 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX9SEb+FIbRI6XVW7+0Y8XVRVDoAvJfYdPeUkwRe9:YvXKXzSYpW7FVRSGg8Ukee9 |
| MD5: | E82FFA34783D7738B27193E54E2ABB8C |
| SHA1: | 795ABEC34F403DC3541B29377FAAEE5DF902B18C |
| SHA-256: | 978CD30BB144E3B0F1F5AD303D9FC12B922723F29C54F7BD8C7D7A2B838C6688 |
| SHA-512: | 3F815ED861B0C873AA12955E479F21CAA98F56AD16F4A08C2644603A0FD52922942CA0BF576E40450A5BE536E68EE585B977DC25CF74B9364D0F43E11F1D48A1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.764546861806082 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6Xz3iFVR1rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNe:YvRFVHgDv3W2aYQfgB5OUupHrQ9FJo |
| MD5: | 838435A6CA3C4BAB8ECD764DD11C85CF |
| SHA1: | ACB9C6CC54BA596E670A6EC1A65F1789FFB37D16 |
| SHA-256: | 6BB50568DF2344F28F9C92D2749B1823D959521ACA2F5754341A673EA67CF815 |
| SHA-512: | E59733DAFD6F64FFBC583A7961A2F48A4FB7C6E05EC64C3E0BFF91F9C3BCA5BEC795C2F77C55F3AC25A34E50280E1E4D6B7110D5488CF13EB84D60AC6A841A19 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.229847733448382 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX9SEb+FIbRI6XVW7+0Y8XVRVDoAvJfbPtdPeUkwRe9:YvXKXzSYpW7FVRSGDV8Ukee9 |
| MD5: | 37FBB95F8FAB8C4AEF41E4B59E87AFD7 |
| SHA1: | DE83C4BC4413504BF35B3F5B1B46AF9681D4BEA8 |
| SHA-256: | 67751B3B094321055151385577C8062379AC5E4807CA63FC8E90784A5B82A64D |
| SHA-512: | 250E04A208B77B32EA417A7F8429A2244A158974F5302A5E8E243374971DA77EB1736650A6E6C9D1EB889FF958B377A6B80DE5EB183837B62C600B750F204F64 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.230772529536958 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX9SEb+FIbRI6XVW7+0Y8XVRVDoAvJf21rPeUkwRe9:YvXKXzSYpW7FVRSG+16Ukee9 |
| MD5: | 5D1C0EED1DA5E516455B1BBA8C0AB284 |
| SHA1: | D15AE5CAF0CF1AD77950F3C68077D50741EF1706 |
| SHA-256: | 1886A3A632D7697C65E34960258A15087B879B75E06014B6AA6614E52D9558AD |
| SHA-512: | 8DC18D2CB6FBB1AF52BAB14E7D6E4BD4668BC87877E29570A1A15C032D576C8A4377CC63CBF602C8ABD28B38D4437CAB46D45EEC9FB81E60744BE19C0940975C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1026 |
| Entropy (8bit): | 5.6191512172030675 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6Xz3iFVR3amXayLgE7cMCBNaqnl0RCmK8czOC/BSL:YvRFvBgACBOAh8cvML |
| MD5: | 483D1DDEE2A2CAED495EF8A14DED5915 |
| SHA1: | B6EE2613A7D876BAA76E6DBF373B7BE975432EF6 |
| SHA-256: | CA89F2FEA06AABE09B3F4AB158617E644008221BDA45F0521604418461F32F21 |
| SHA-512: | 6A81CC927CDDD544B10EE783F7B64B7C7DE81F04B6539B12D9A1D6721235F16E52C64063046364C2F20F87D91A18ADA8C7D3ECDA66733E3F0513AF5F143E7BC6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.206493473363594 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX9SEb+FIbRI6XVW7+0Y8XVRVDoAvJfshHHrPeUkwRe9:YvXKXzSYpW7FVRSGUUUkee9 |
| MD5: | C981B291026FA438FD5B80D8BA2D6332 |
| SHA1: | BC4B716E8F27DD15799FEC284AA97B78AB67E54F |
| SHA-256: | 5D2244012D4BF7DF2E1445761E556409AF360106083EB1C266A0B70B3C2A56A6 |
| SHA-512: | 3DDA6E4ECA8C32F8272BCB166905D9EB0C0FB25422927D8D7349F35AC35D3726BCD0A79012EF7A5B8C9DBBF8042729132F93F6C635BA898633E0BE0737C7FB65 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.356171772183636 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXzSYpW7FVRSGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWKL:Yv6Xz3iFVRc168CgEXX5kcIfANhL |
| MD5: | 44D644424CCD629E7DEC3EB0740F189C |
| SHA1: | 9BE957AA957B742FCB7B40C5B4DDAF0EEAF50680 |
| SHA-256: | 053D6E0E2858F33F8417F3D6AEE9A8EA8F18436A93F129D010F7883C7E83AD80 |
| SHA-512: | C189350460B61813DA52013DEEE9ADAEB3B722D13C727004FE55B8AF92FB262846DC1547BDC3DC07C67E58F6B8B2A70E8A1FE73333CDD4ED8DD969A2514B1A98 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2818 |
| Entropy (8bit): | 5.131702882288819 |
| Encrypted: | false |
| SSDEEP: | 48:YMaaKVOfNTcWnVbr6oEv9fUaXqMjFfwR9xCX:lK2NbnVX6OJMWs |
| MD5: | 6CAD5E7A2439B45882AE37EC847D08CC |
| SHA1: | 93EBDBF53C8CB36696D7432D539F2ADF93ABAD67 |
| SHA-256: | 0722B21F45EA8CBB3EC7F37EC5ABE8B3DABD1B9A9937530A89287A5666A715B6 |
| SHA-512: | C7CFFFC6DDB1DEA10947634303084C2C8AC6D419C64AF2ED8DF48E407504BD9A31D577AF85FA9022CA7C5B74A8AD9F01B72C42445DDBD608AA4BE261A423C9B4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.9846454906760591 |
| Encrypted: | false |
| SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spc3q4zJwtNBwtNbRZ6bRZ4n3qF:TVl2GL7ms6ggOVpcNzutYtp6P+6 |
| MD5: | 51917B3BEF3C32E84DAD224C6926E33B |
| SHA1: | 7C30EEDA75D9937D8F0D5856B3D058EF7B1E5C4F |
| SHA-256: | 14AAEFDA094A219D2B07929B1D6416C917D6527C587176486EBE6B8B6111AE10 |
| SHA-512: | 39E42CC7719AD30D08E4A71F194980E557C986721DDA161F050F0E538630A1FE35D209AD170242AD78F6403B5B71E103D8350D723AD393AED83FE7BE4910F4F5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.3400392380867072 |
| Encrypted: | false |
| SSDEEP: | 24:7+tDEAD1RZKHs/Ds/Spc3qPzJwtNBwtNbRZ6bRZWf1RZKulqLBx/XYKQvGJF7urs:7MDEGgOVpcWzutYtp6PMFlqll2GL7msJ |
| MD5: | 48F88C1406AEA2538761813CE72D9B5B |
| SHA1: | B0374983FBD01900119EAE61ECCBBD4875771FF4 |
| SHA-256: | 221FF525A1F0C8CD69F0B6D336A7B8D9E496C6443FDC7F42A775DD5447A82610 |
| SHA-512: | 6C8C20CE8C1DFF0B547346D882A7ED10F6838AC4B5ED09D7DC730FC689C7EBF43D0401067BE995D42403A713847CB709B91F64ABD0D37975699B231E942E6E4E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.536003181970279 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8fQRklWk9:Qw946cPbiOxDlbYnuRKuX9 |
| MD5: | 1259C1B9AD42CC91FCC2DDE19DDEB77C |
| SHA1: | 4BA6AC276B01F92F645F587F9E55FD8EFA74F8EF |
| SHA-256: | DF7021FF4A3EDED90C120B73DA33E0071B311914501074DEF294EBEDED8AF1F0 |
| SHA-512: | E8914E0EBFA727D1ED766F15E1D85CB6B6824FE3332B5C03ECE941DB1FF9A0FF9F30FC0D65B66F4699B37EDD02FA6E750550278F645A5E453DA2286EB9674602 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 358 |
| Entropy (8bit): | 5.093929896341246 |
| Encrypted: | false |
| SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOvnpYVdT2npYVdcqLCSyAAO:IngVMre9T0HQIDmy9g06JXfp0dT2p0dr |
| MD5: | AD85908E23F29537A9BC8F514A36EDFE |
| SHA1: | E74F088E3705383C894CBE615179ACA86727A8CA |
| SHA-256: | 0FE0F71E3B0DB656D283B7A1F4A187BED5AED50A5247D6F84D30DDDB4BCC50B6 |
| SHA-512: | DB4029D4F993CB9416AB9F5DC76992E87194535C3E226A606B95B0945A10A08EBE634CA29A5B2F30F2ED96B9EB52DC0753A7A066E64A4E397F92C9CE59F4AB51 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 08-53-49-003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.376360055978702 |
| Encrypted: | false |
| SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
| MD5: | 1336667A75083BF81E2632FABAA88B67 |
| SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
| SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
| SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.354405694562682 |
| Encrypted: | false |
| SSDEEP: | 384:vfz+zzSEgu1lG3AgfpdJz5mvnAH0AdRXStkYGqVvD+DKDl9jIk9VGl4XdOfiFfTo:iAGE |
| MD5: | 81440DBE1F555C142BE0E5A1564CA18E |
| SHA1: | C7B577AB4496CDA010821C94A4F0D4623EE5D508 |
| SHA-256: | 7F34024A745C601D7E9351968EE9BCF017A852EB0A7E778A106C804C850A1A72 |
| SHA-512: | 809A04C6FAF636A11005B4AC84186173C5255380D9E97D2CF1A75F68E0380A0B6CDA7A4B29207B7E2D853A71B496E41B4FDF1D04F331668DD3DCEC725359CE4E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.401052949911933 |
| Encrypted: | false |
| SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbB:l |
| MD5: | 0F4F44D88E86A8A06D364EBB2F2C81D6 |
| SHA1: | 102F9ED37EFA0030CA81FE425B2B5238E008776A |
| SHA-256: | 31D6DAF9246FC4A2A36AF375EE5610DF33CD946784A75D19CDA9B75244AB63E3 |
| SHA-512: | 2D63C4915F44874D1F95E1605F79D74EA56722FC2A9F7188D82A4AC05F08DA08151BEE37D5A91A8B4B5AD254BF8659CF21FAFA6DD1F351E73896EC206C6A5AD5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru |
| MD5: | AE1E8A5D3E7B2198980A0CA16DE5F3D3 |
| SHA1: | A1DB2C58AFC81E6A114A8EB47BE0243956F79460 |
| SHA-256: | 8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F |
| SHA-512: | 5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.912402069790741 |
| TrID: |
|
| File name: | Scan 7820126fdp.pdf |
| File size: | 73'126 bytes |
| MD5: | 78951686980095ae33f017a8d267e7d3 |
| SHA1: | c58431ecf229382880f143208992384065a86532 |
| SHA256: | 47930e997509ae9efa420f64d0bf2aee3f1082812e4a82b6f7b697cb3da848c6 |
| SHA512: | d3b31cdbb8f77d52e5fa1d35a8a2bc6e8187c73f2e1454cbaaee2eb9184c53eef868cb76baae5674cbc27055655ce7221e10ece1909924a20bd26afa522e0307 |
| SSDEEP: | 1536:i7xiiVK2obSpk5fo8YxzT3H9p7bxqLxQ95RkHW1OpbqbeLR0fgeKOB:+rVzoepk5QPxPz7bxqLxQbReWchqbyRa |
| TLSH: | AA63C064F99E9C6CFCC6DC66897D344D1E8EB12763CC248801254B48F506AD6EB972CB |
| File Content Preview: | %PDF-1.4.%.....1 0 obj.<</Creator (Chromium)./Producer (Skia/PDF m127)./CreationDate (D:20241031111016+00'00')./ModDate (D:20241031111016+00'00')>>.endobj.3 0 obj.<</ca 1./BM /Normal>>.endobj.5 0 obj.<</N 3./Filter /FlateDecode./Length 293>> stream.x.}..J |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.4 |
| Total Entropy: | 7.912402 |
| Total Bytes: | 73126 |
| Stream Entropy: | 7.994557 |
| Stream Bytes: | 63873 |
| Entropy outside Streams: | 5.084442 |
| Bytes outside Streams: | 9253 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 58 |
| endobj | 58 |
| stream | 8 |
| endstream | 8 |
| xref | 1 |
| trailer | 1 |
| startxref | 1 |
| /Page | 1 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 4 | 0000000000000000 | 6c5fd3b355285a855cd9dbe5bdd51683 |  |
| 8 | 0000000000000000 | ef2e9a4dec3b652b0260a80e20296837 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-31T13:54:02.006619+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 20.12.23.50 | 443 | 192.168.2.5 | 49717 | TCP |
| 2024-10-31T13:54:14.269507+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 20.12.23.50 | 443 | 192.168.2.5 | 63275 | TCP |
| 2024-10-31T13:54:16.241587+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 20.12.23.50 | 443 | 192.168.2.5 | 63281 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 31, 2024 13:53:59.593463898 CET | 57317 | 53 | 192.168.2.5 | 1.1.1.1 |
| Oct 31, 2024 13:54:04.766587019 CET | 53 | 60879 | 1.1.1.1 | 192.168.2.5 |
| Oct 31, 2024 13:54:07.376075029 CET | 53 | 58297 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Oct 31, 2024 13:53:59.593463898 CET | 192.168.2.5 | 1.1.1.1 | 0xdfd2 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Oct 31, 2024 13:53:59.601341009 CET | 1.1.1.1 | 192.168.2.5 | 0xdfd2 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Oct 31, 2024 13:54:00.504278898 CET | 1.1.1.1 | 192.168.2.5 | 0x5df4 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Oct 31, 2024 13:54:00.504278898 CET | 1.1.1.1 | 192.168.2.5 | 0x5df4 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 08:53:45 |
| Start date: | 31/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff686a00000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 08:53:46 |
| Start date: | 31/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 08:53:46 |
| Start date: | 31/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly