Edit tour
Windows
Analysis Report
SIBZ3SUD0124112517250.pdf
Overview
General Information
| Sample name: | SIBZ3SUD0124112517250.pdf |
| Analysis ID: | 1562880 |
| MD5: | 40e4924a1498bd865e42c20f0e94521a |
| SHA1: | 62aefb8b6218720c03310efa68b451d87e99ec13 |
| SHA256: | 022d78b26004791e5579dfc7f5e1625d2fc6ba09ac89c5359b2a27a1c76e07da |
| Infos: | |
 | |
Detection
| Score: | 3 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
PDF has an OpenAction (likely to launch a dropper script)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 7260 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\S IBZ3SUD012 4112517250 .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 7484 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7668 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 92 --field -trial-han dle=1740,i ,150435130 9213663095 5,42853878 0138100454 7,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
| x1.i.lencr.org | unknown | unknown | false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.47.168.24 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
| 52.6.155.20 | unknown | United States | 14618 | AMAZON-AESUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1562880 |
| Start date and time: | 2024-11-26 08:23:58 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 9s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 16 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | SIBZ3SUD0124112517250.pdf |
| Detection: | CLEAN |
| Classification: | clean3.winPDF@14/52@1/2 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 69.192.160.136, 172.64.41.3, 162.159.61.3, 18.213.11.84, 34.237.241.83, 50.16.47.176, 54.224.241.105, 23.195.39.65, 199.232.210.172, 23.32.238.200, 23.32.238.226, 23.32.238.243, 23.32.238.235, 23.32.238.185, 23.32.238.234, 23.32.238.233, 23.32.238.232, 23.32.238.211
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
| Time | Type | Description |
|---|---|---|
| 02:25:06 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 23.47.168.24 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Ducktail | Browse | |||
| Get hash | malicious | Ducktail | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 52.6.155.20 | Get hash | malicious | HTMLPhisher | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | CVE-2024-21412 | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Tycoon2FA | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher, Tycoon2FA | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CobaltStrike | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | BlackMoon | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AMAZON-AESUS | Get hash | malicious | Mirai, Moobot | Browse |
| |
| Get hash | malicious | Mirai, Moobot | Browse |
| ||
| Get hash | malicious | Mirai, Moobot | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Mirai, Moobot | Browse |
| ||
| Get hash | malicious | Mirai, Moobot | Browse |
| ||
| Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 290 |
| Entropy (8bit): | 5.207270073672038 |
| Encrypted: | false |
| SSDEEP: | 6:HYu4q2PqLTwi2nKuAl9OmbnIFUt8YYVYXJZmw+YYVYXDkwOqLTwi2nKuAl9Ombjd:l4v8wZHAahFUt8+XJ/++XD5TwZHAaSJ |
| MD5: | 8B0AC8AADC6E820F26B9EF9C75A78C55 |
| SHA1: | A6622D4524E960C928D8EB52E828E09A9674BDBD |
| SHA-256: | B4E35FEED901EBAB4EB11E75E7A3E6A8B5AA9066E35B485342CAEBA095815D43 |
| SHA-512: | 9F77D361675496E2484ADEE9271B3EFC377C9C7EAA4374ED78A58774DC8B9EE84DC560298E36533BF524B2B7E4C2EC5483290F1998445F6A69777C26784702BD |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 290 |
| Entropy (8bit): | 5.207270073672038 |
| Encrypted: | false |
| SSDEEP: | 6:HYu4q2PqLTwi2nKuAl9OmbnIFUt8YYVYXJZmw+YYVYXDkwOqLTwi2nKuAl9Ombjd:l4v8wZHAahFUt8+XJ/++XD5TwZHAaSJ |
| MD5: | 8B0AC8AADC6E820F26B9EF9C75A78C55 |
| SHA1: | A6622D4524E960C928D8EB52E828E09A9674BDBD |
| SHA-256: | B4E35FEED901EBAB4EB11E75E7A3E6A8B5AA9066E35B485342CAEBA095815D43 |
| SHA-512: | 9F77D361675496E2484ADEE9271B3EFC377C9C7EAA4374ED78A58774DC8B9EE84DC560298E36533BF524B2B7E4C2EC5483290F1998445F6A69777C26784702BD |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 334 |
| Entropy (8bit): | 5.129318309714634 |
| Encrypted: | false |
| SSDEEP: | 6:HYuHu0q2PqLTwi2nKuAl9Ombzo2jMGIFUt8YYuASXZmw+YYuBOzkwOqLTwi2nKuA:bnv8wZHAa8uFUt8uAS/+uBOz5TwZHAaU |
| MD5: | 182AAE0B6355ED606B7DF25DA9073C89 |
| SHA1: | 6BBD74AE82480B260F0AEFA08A815ABB78A4DF86 |
| SHA-256: | 0C20763C2FF501088CEBC6C85EAC8CBA3D431CFA206A8BEBD6C9ECE52A6E60FC |
| SHA-512: | CBA81A1F6F4C2524E6EB3665A6A7C65D76EEAACD615DFBC43FEB156F05B0F1B631CF6F14393280E04290CF2432E6B43A1845377E847E04E363D4AC63FD97608B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 334 |
| Entropy (8bit): | 5.129318309714634 |
| Encrypted: | false |
| SSDEEP: | 6:HYuHu0q2PqLTwi2nKuAl9Ombzo2jMGIFUt8YYuASXZmw+YYuBOzkwOqLTwi2nKuA:bnv8wZHAa8uFUt8uAS/+uBOz5TwZHAaU |
| MD5: | 182AAE0B6355ED606B7DF25DA9073C89 |
| SHA1: | 6BBD74AE82480B260F0AEFA08A815ABB78A4DF86 |
| SHA-256: | 0C20763C2FF501088CEBC6C85EAC8CBA3D431CFA206A8BEBD6C9ECE52A6E60FC |
| SHA-512: | CBA81A1F6F4C2524E6EB3665A6A7C65D76EEAACD615DFBC43FEB156F05B0F1B631CF6F14393280E04290CF2432E6B43A1845377E847E04E363D4AC63FD97608B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\60168a38-55c5-4283-ab29-17c8511690ab.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.96165270016851 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqxpsBdOg2Hl/2caq3QYiub5P7E4TX:Y2sRds+6dMHlR3QYhbt7n7 |
| MD5: | ACCB522AE87A739BDC04EB5A34975EEB |
| SHA1: | A41FED54445E729A85E7017A002D4FF6FCAFEC93 |
| SHA-256: | C7106DE6A60A389FB9B4BBC9971C9922919583A3C382664F3E78DFDC2A95AE96 |
| SHA-512: | 5B35F36E3C53CC53F90AEA276934753CAD809640E7447BD9F7AAFF48FD46EFBE5FFDEEBC19770D7D0550E67624AB76571D64525F00B82430534576B3015EFF3B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.96165270016851 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqxpsBdOg2Hl/2caq3QYiub5P7E4TX:Y2sRds+6dMHlR3QYhbt7n7 |
| MD5: | ACCB522AE87A739BDC04EB5A34975EEB |
| SHA1: | A41FED54445E729A85E7017A002D4FF6FCAFEC93 |
| SHA-256: | C7106DE6A60A389FB9B4BBC9971C9922919583A3C382664F3E78DFDC2A95AE96 |
| SHA-512: | 5B35F36E3C53CC53F90AEA276934753CAD809640E7447BD9F7AAFF48FD46EFBE5FFDEEBC19770D7D0550E67624AB76571D64525F00B82430534576B3015EFF3B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5d3a74.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.96165270016851 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqxpsBdOg2Hl/2caq3QYiub5P7E4TX:Y2sRds+6dMHlR3QYhbt7n7 |
| MD5: | ACCB522AE87A739BDC04EB5A34975EEB |
| SHA1: | A41FED54445E729A85E7017A002D4FF6FCAFEC93 |
| SHA-256: | C7106DE6A60A389FB9B4BBC9971C9922919583A3C382664F3E78DFDC2A95AE96 |
| SHA-512: | 5B35F36E3C53CC53F90AEA276934753CAD809640E7447BD9F7AAFF48FD46EFBE5FFDEEBC19770D7D0550E67624AB76571D64525F00B82430534576B3015EFF3B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c1f44fb3-8d3d-416e-a7ed-4ea77f0f9bb1.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.978235956891848 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sq2LLsBdOg2HA2caq3QYiub5P7E4TX:Y2sRdsFIdMHAJ3QYhbt7n7 |
| MD5: | C7CF8AB1A457BAE0D5465DEBE68A1430 |
| SHA1: | 15368E3A7DABC16132831EAD70AD653111F1075D |
| SHA-256: | AE6207C0297C9C87A84FD652D7B7E291D4B7DDBE645758D0850ED3A75C6AC1C7 |
| SHA-512: | 892536B52332860BDC850810B17E384853EB2348329C426DC507E896560FE15D6EA67CD6F8D8610C831254FC52BD158D31F5D3738D31AD9E293366142788413A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4288 |
| Entropy (8bit): | 5.2164866864321455 |
| Encrypted: | false |
| SSDEEP: | 96:GICD8SBCmPAi8j0/8qbGNSwPgGYPx8xRqhm068Oz8S5bXzbjZ:1CDLCmPj8j0/8qKgwPHYPx8xemT8Oz8W |
| MD5: | 7A914A38791CA938F81F3A7C9DE129F8 |
| SHA1: | 0419425A3863E4D8AD66C2907B1CF4FD80C2E9D5 |
| SHA-256: | E05D389BC5156DCF3E06DA284D0E7C1876B8CC5E13AF6265A552ACBB011E10CA |
| SHA-512: | 07221E25C338D8C6E350FD0BA22BF201858B4E4D0790CBBB724ACED8EBDC0B7703C6A1C9DC95896DA9FDB342C5A64F5CA91662CCAFAA65CEFCBAE059977F2197 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.184758756139449 |
| Encrypted: | false |
| SSDEEP: | 6:HYsmq2PqLTwi2nKuAl9OmbzNMxIFUt8YYlZmw+YYq8kwOqLTwi2nKuAl9OmbzNMT:cv8wZHAa8jFUt8l/+q85TwZHAa84J |
| MD5: | 6EEC677BFAD5C47E5F31E592A9023B50 |
| SHA1: | 25A1A6033C09F331A6FB42F8F6B2DDF55DB744C7 |
| SHA-256: | 3A84477CD0D522955CF80673DE836C9240CF0BF12A7A9F16461AC04FC8FAF329 |
| SHA-512: | B60E2577CA7D0FF8F38FD10830F6E9ABD8B84B70062499BFC24DF8771B3EAD69C40D3CE713BA17DBF66A020A7F23088AE908850F4599F08CBD4DF5A2BACDA16B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.184758756139449 |
| Encrypted: | false |
| SSDEEP: | 6:HYsmq2PqLTwi2nKuAl9OmbzNMxIFUt8YYlZmw+YYq8kwOqLTwi2nKuAl9OmbzNMT:cv8wZHAa8jFUt8l/+q85TwZHAa84J |
| MD5: | 6EEC677BFAD5C47E5F31E592A9023B50 |
| SHA1: | 25A1A6033C09F331A6FB42F8F6B2DDF55DB744C7 |
| SHA-256: | 3A84477CD0D522955CF80673DE836C9240CF0BF12A7A9F16461AC04FC8FAF329 |
| SHA-512: | B60E2577CA7D0FF8F38FD10830F6E9ABD8B84B70062499BFC24DF8771B3EAD69C40D3CE713BA17DBF66A020A7F23088AE908850F4599F08CBD4DF5A2BACDA16B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241126072500Z-174.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65110 |
| Entropy (8bit): | 2.9021432638641906 |
| Encrypted: | false |
| SSDEEP: | 384:PE7D4CCv2Y84BIgKaWMM2rQCR1NZj1/864llXmRDTJwD1P:wUCul88F1oCRvqllEY |
| MD5: | 4977612267EA36C9973D149F36AA7577 |
| SHA1: | 74D24E76FF388FC9987CDB5CA65FE325F37A3BB9 |
| SHA-256: | EA357E4FA55D4E718EC1C1A3ABB62F2C2F67753DC2F4428D49DC2C8679145002 |
| SHA-512: | D784363D921C65ED2090375C94C6FAC4FCB3270EEF56792941A0487558267B35B3CC0951E138C8CF72D09687A60642FE84E1DA40F63DFFB870A37248179A369B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.4385135328749925 |
| Encrypted: | false |
| SSDEEP: | 384:ye+ci5G1iBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:p5urVgazUpUTTGt |
| MD5: | 98C5A9F8B298C5A74EBC8D73117A659F |
| SHA1: | F203E2429B124D77792890BBB40DB6AF182B1EEC |
| SHA-256: | B3D4AAFA8090E7EF8F7FA6BDEF64F60F6ABA179D4825F282C34133F042D11C10 |
| SHA-512: | 523A3DA4BD2BAE9EA9BF04035CD7AA7B5741098049EAA5E839E9C5C08A31AE4B2AD8C85EEE9E477CBD4303681BBCA876107376D661AB76DC3B4A035DB351A7A1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.7657148289611952 |
| Encrypted: | false |
| SSDEEP: | 48:7MFJioyV6fioyH8oy1C7oy16oy1JaKOioy1noy1AYoy1Wioy1oioykioyBoy1no3:7aJu6f+BISXjBiNb9IVXEBodRBkW |
| MD5: | 97E5961A4121C703B621D976F8E9476A |
| SHA1: | A31ABB574EAA5BAB0B94D9CBE5ECB3CCBD3C7CA6 |
| SHA-256: | 0929B8B93D7203A2120C4A1F9DA4D278A43A319FC3068188738D01629CDEFAD8 |
| SHA-512: | 80DF9AB47A049BEE5F10E3F33E5A79C0521C1336F67133840391A78AE96BA6805FB5C40127BDECA6E72FF7FF6C3E729974CD22C07E4198E50F56891E03757988 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1391 |
| Entropy (8bit): | 7.705940075877404 |
| Encrypted: | false |
| SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
| MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
| SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
| SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
| SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192 |
| Entropy (8bit): | 2.7529698674325394 |
| Encrypted: | false |
| SSDEEP: | 3:kkFkloILPkltfllXlE/HT8kzlZNNX8RolJuRdxLlGB9lQRYwpDdt:kKx8PseT8cl3NMa8RdWBwRd |
| MD5: | 2994DA9B13192755FB3954EB4CF17960 |
| SHA1: | C576D67770AA43677ED2715CF7DB8EC0EFA7AEA0 |
| SHA-256: | DEDC8936F7DAC0F447321361728E10FB458CD80E2B4CF02D7F78BA985AD33701 |
| SHA-512: | E2ECE88F920DEFB9A6493F09AC9631C7830EB514F6BF2A97C0C6F10796A41CBCC9C6CF62E3FD78B6F263CD5A2C299C96E8BF6C061EB8B4B16DB972F0A7E99600 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.242990426783058 |
| Encrypted: | false |
| SSDEEP: | 6:kKNtL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:FtiDImsLNkPlE99SNxAhUe/3 |
| MD5: | 1E8FFF6A28AF49947BBC0CA0E1632C1E |
| SHA1: | 6B5B9825EA5FEC3FC7F7282CDFA38FEBE48E3ADC |
| SHA-256: | 50C9CF8980D0BBACB535A71070C4835A6B7E1B4A87D1712053276026FA938437 |
| SHA-512: | CBCF50AA8280EF129CED7CF6B6B842EA12F4F60185217A227EC668C66E8CD21FA13F3F644C1FF8525698DE773769C79A42CA28D16BA23E89CB5F15F4ABDD7782 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10880 |
| Entropy (8bit): | 5.214360287289079 |
| Encrypted: | false |
| SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
| MD5: | B60EE534029885BD6DECA42D1263BDC0 |
| SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
| SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
| SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10880 |
| Entropy (8bit): | 5.214360287289079 |
| Encrypted: | false |
| SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
| MD5: | B60EE534029885BD6DECA42D1263BDC0 |
| SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
| SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
| SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 227002 |
| Entropy (8bit): | 3.392780893644728 |
| Encrypted: | false |
| SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEiv07VK/3AYvYwgF/rRoL+sn:DPCaL/3AYvYwglFoL+sn |
| MD5: | 11F2FC7F8C64BEAE994575ECEF93CFFF |
| SHA1: | 75014E1BF55814F00BDD25BB8D290A2FFE881A3A |
| SHA-256: | 962CBFB11B6666C900037518E4F69ACA3B2633A3A522D2BFB830A4868EA366CB |
| SHA-512: | ECE2F0B04DB5A01316ED75FFD2AB381EC035636B758A20E58C355AEEB4E5032102A279EB97FBC0CC8617BCC47DBF7ECBB3BE15994342CC5B56B4C56999956975 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.330227746040961 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/BHGIaR8WmSg1c2LjcWkHvR0YS+xoAvJM3g98kUwPeUkwRe9:YvXKX/QPcT5LjIPW+OGMbLUkee9 |
| MD5: | 7830BB708BA710198E5B13157A9242D5 |
| SHA1: | BFAB89D8DCDD029EA88C18EDBADDDC0573786A55 |
| SHA-256: | E99E37D45AD94A1B4A4A218DFE3A2A69FF23F966307DD5F691D00969EF4AA480 |
| SHA-512: | 5D83CC6207072D5061A717A929EC504EE3316C5AA36FA11DE8B9658AAE4029FFCADE869845D8F0E579B5980126312D17EFCE495AC77C77E6C6A7A39093B7D8F7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.2800422378142615 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/BHGIaR8WmSg1c2LjcWkHvR0YS+xoAvJfBoTfXpnrPeUkwRe9:YvXKX/QPcT5LjIPW+OGWTfXcUkee9 |
| MD5: | 0F9713694BDD90BD9E7A6B7B9CC775F2 |
| SHA1: | 78D5A52834735787DCDD93CAE56F17D01D6793F0 |
| SHA-256: | 1FF3ABBB20E83087D3E2FC63442500E139EAF816BC9785AD1A722AA18B61A970 |
| SHA-512: | DA7074A901408E2ED75F717AECFE290F0D947E3813DF8422F6E53BC1A3B53801797451511940F7C450B12D8AAB49914C68830ECEF1C37DE7C95B3D33A3E0BB27 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.258076066705681 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/BHGIaR8WmSg1c2LjcWkHvR0YS+xoAvJfBD2G6UpnrPeUkwRe9:YvXKX/QPcT5LjIPW+OGR22cUkee9 |
| MD5: | E2CEFE9B646B9FBB570F73A4242E0B95 |
| SHA1: | 50479EDE63EA217DF2895E3BDA329B771AF833F0 |
| SHA-256: | 7CFDDB4FAD742D42E29C8E2BA23A639169682373F2FDFE51C4EC8513CF77A0C4 |
| SHA-512: | 2A8C06E6E923716838C4BB2412AF21B08B44D47D5A02288A3C9586885AF99503995440AAB3958987BD6F8D7341E275706D8CB1F516AF1CF07E78165D2856DBBC |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.310067124554924 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/BHGIaR8WmSg1c2LjcWkHvR0YS+xoAvJfPmwrPeUkwRe9:YvXKX/QPcT5LjIPW+OGH56Ukee9 |
| MD5: | 790C5A82374E1F61B884EE1365A285EA |
| SHA1: | 717E4961D3E71FACB7EAFC09FD4CC6E3A5B780B0 |
| SHA-256: | 8ED1CF64BD48C12C4FF7F9ACD988ABF40347D332EDFFEAB28474E61E64C065AA |
| SHA-512: | C539FBDE0459BD87409CDD1AB74812DD9DC9EC2E1717685CA55E1014534771C14110079C87C3835FBDB29920B2138D05DF2527C874415CBF3222C921BBDDE9F1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1123 |
| Entropy (8bit): | 5.685764452424386 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XycT5XIumpLgE9cQx8LennAvzBvkn0RCmK8czOCCSN1:YvN4Xahgy6SAFv5Ah8cv/N1 |
| MD5: | F409E37C91BAF8CD11D523AFEB27734F |
| SHA1: | 3571DA53695ED1B5EED7D8E8CB34D4CCEDBAC213 |
| SHA-256: | 586A0D61DF58C58F2B3D282579B0A99BA92638E93379FD4B211C3819504395DB |
| SHA-512: | F7413258ACFEE49D42BE697771C0F3EA20D5369236CD18165BEE7D00739E31501C7C5352D705D57806D80E80D45E7BCB4A2FB0465E8D5B273F2362286560F665 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1122 |
| Entropy (8bit): | 5.678291723294955 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XycT5XIuQVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBc1:YvN4X8FgSNycJUAh8cvYH71 |
| MD5: | 656DB89A94A2CBA61185C95390F79B54 |
| SHA1: | 3B13DE228F2FE7025027A0BE59D9CAF1CA46874C |
| SHA-256: | B74E5981CD31256A9E8D776E194874A5778ABECC32546537218C58ED7E15F349 |
| SHA-512: | 0CA94ED3ABD5A62D66F0D1E91D62BCCD267BFC377D13EED6E9DC9ED10CCB8FD5AB242E9696D5F89E32220435C1561F5689DBAE4EE28A90EA163D8437D005B1FD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.270491389751093 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/BHGIaR8WmSg1c2LjcWkHvR0YS+xoAvJfQ1rPeUkwRe9:YvXKX/QPcT5LjIPW+OGY16Ukee9 |
| MD5: | 84A6BEC93C749B7ACE0959AB60DABB3C |
| SHA1: | A39E94CFFAD9C6D17EAA7FFF966B208B8ACEB9B5 |
| SHA-256: | 0630E267D64C4CC6A671251381A062CBF71AF68F435224EDC33349454DFD42DD |
| SHA-512: | F956F2FB46B692941681D1CA5B8D19ECBDBBAAEEE10ACEF945A6FF3BFE6799A950664F6B1C3149E98531704891B85C46BC1DFF324C29F271C15240963A255C85 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1102 |
| Entropy (8bit): | 5.664291213279789 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XycT5XIu12LgErcXWl7y0nAvzIBcSJCBViVc1:YvN4XhogH47yfkB5kVN1 |
| MD5: | A4D9337F8D9F77E0DF15B10DF6A5E73F |
| SHA1: | 4984216DF02EA7EA114F21E7E7BC3265DD26BEC1 |
| SHA-256: | BB2C079DA9162CC5D89EE1563C94E519F7544CD57ED79738BBBC8200D9980784 |
| SHA-512: | 8FE92DA951D1B82F7A7DCF38A1720C66879613B9BDFC8DB0DB900D64187A23CB6EF06F7F6AB9D07F4C9B96EC6FB79928851E007C1BC6D3FDAEC0738DBCC5A52C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1164 |
| Entropy (8bit): | 5.695322920532019 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XycT5XIudKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5c1:YvN4XhEgqprtrS5OZjSlwTmAfSKq1 |
| MD5: | DEE7DF95A4D863AF22DB7398A893E4B5 |
| SHA1: | 1A57A96DD88EEFDA30570D35A4286304A847C542 |
| SHA-256: | 45D45D29B288854C7C9EE58602157BA7C625570BF26D2910C58C61C45E1165B2 |
| SHA-512: | 2A45583E057661995CE8E76695F4AD3D026D0B6D88E41A2B94DFDCFBF3E971C8D717ABD7B2F96AC700C4CAF724A54FD26E427AE7D6A57A41BC238495C575EB38 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.285950006789672 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/BHGIaR8WmSg1c2LjcWkHvR0YS+xoAvJfYdPeUkwRe9:YvXKX/QPcT5LjIPW+OGg8Ukee9 |
| MD5: | CC66270E1B06C9D88875F3E308518A4D |
| SHA1: | 671CB935B1207B188416EBC6BE27836A23B10CD2 |
| SHA-256: | B61A0C3A59B39A072AA61A36469D0A026E9AB9679FD3E634C59385FD8740F2C4 |
| SHA-512: | F5BF172599932B89C2B087551464F2428D726525B5699BA1BBB4ECEABEED25B63080FDC399951A79FC9D5FAF8724C4D76D2F8934E1302449725BAB2714522A5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284 |
| Entropy (8bit): | 5.272334374197614 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/BHGIaR8WmSg1c2LjcWkHvR0YS+xoAvJf+dPeUkwRe9:YvXKX/QPcT5LjIPW+OG28Ukee9 |
| MD5: | 193FBAA045539BB3FEA66764F84EE13E |
| SHA1: | E1ACFAFCA2894893753148A2D4F6ADD190A38C53 |
| SHA-256: | DE1DC37A0B4B2E447889E9AECB70959E72B24680641335D9A3E274D276C8C1AA |
| SHA-512: | 07ACB1FE25DA03614FB22AED442029A3A854C6DEFE2EEAD1B609D63F4929AFA37BBC219F68ADAA023F4706E072BF3ED8E0CA12A9D6B65F73540C47CC0164A324 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.269593667990756 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/BHGIaR8WmSg1c2LjcWkHvR0YS+xoAvJfbPtdPeUkwRe9:YvXKX/QPcT5LjIPW+OGDV8Ukee9 |
| MD5: | 088EE07DDFAB528EFD9A8343B1F58579 |
| SHA1: | BD979F4E74DD3C5CEBE0F86E642873B7EC0E8D92 |
| SHA-256: | 16848A9E1574CC07EE3A2A12CF01A00E8CE870356256C308D67D62F939957DDF |
| SHA-512: | 2C45E2741DC8187254836827CF5444917885384C809AA1187389E73E66C9859D1E494ECA7E19C1C6A91F8BE5DDFBF7F54742F21F1E6CF3DC3847FA60C7FFC1EE |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.262048779982525 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/BHGIaR8WmSg1c2LjcWkHvR0YS+xoAvJf21rPeUkwRe9:YvXKX/QPcT5LjIPW+OG+16Ukee9 |
| MD5: | 6674380ADC08FDA5544380565A62A563 |
| SHA1: | 1FB8618602F2B620279CC9639CD149900B1DB55F |
| SHA-256: | 9CC04F81412AF98A3934AC1D2D5BD59F66FBBE920216475343115064D0CD3053 |
| SHA-512: | AC1C151DC3ECCAA683A1CFD9880631DC6200B84288969BC99665FEA8E738AF781E01981BB45C8D8FF098706FE2324FDF7363C31C140ABE13B257815D25EC505D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1090 |
| Entropy (8bit): | 5.660806027031568 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XycT5XIu6amXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSS:YvN4XIBgkDMUJUAh8cvMS |
| MD5: | 4568BABAD5B7573E85F7334DBC07BE43 |
| SHA1: | 99854B6D99D82675462003F0AAD1DEDFDD44E399 |
| SHA-256: | 28B31EA76BA3FD5B70639D77828C9E446B95EE1C9504757C3762E04B301EFC7B |
| SHA-512: | 4360CD3095FBD9AC94DF26DD789AD35F476D6045A4BAB768D56D4F269E59A5C5025CB5D6BE71CE60E255CE2F2D19C911ABDB08405AB73AFFC2C1E0A74AA71B3D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.23544141208397 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/BHGIaR8WmSg1c2LjcWkHvR0YS+xoAvJfshHHrPeUkwRe9:YvXKX/QPcT5LjIPW+OGUUUkee9 |
| MD5: | DA98E28FE06B17F9674B0659A314F458 |
| SHA1: | 7525952497EBA4D812BAF3D0437E4A766595F575 |
| SHA-256: | 238B8059A226CD5E38FB287D65D57BEECB1122CA857B423796B9A7CB7297C870 |
| SHA-512: | 75FB75354BAC03B4F8DCA044FBDB98196D0F88F7F55FB01384D42256D1112D1ADEF48F5FA123501EB4CF87060997E76B77CFF8070FBEABFB5B5FB6309A9C11A0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 282 |
| Entropy (8bit): | 5.239660193160434 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/BHGIaR8WmSg1c2LjcWkHvR0YS+xoAvJTqgFCrPeUkwRe9:YvXKX/QPcT5LjIPW+OGTq16Ukee9 |
| MD5: | EB21D2FE7AA5630C5A4A27B9F728430D |
| SHA1: | DFA04443D9551EB1915B5D26307AB3B1EE5A5CA9 |
| SHA-256: | EF3386F05B75A2D46FAA54FAFE8D7C0AB44F16A436320D4C4EE4B51ADB485BEE |
| SHA-512: | 611797DEFF03C52AB8304BDE197AC8B111165B43F6704DFA91924CFA28E134566BBA56A4C993BBF8D0B416463D5E48FE6135E6D8263299D942231DD2090806C3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2817 |
| Entropy (8bit): | 5.135084584645557 |
| Encrypted: | false |
| SSDEEP: | 48:YB2XlV8x09Gx3Ar/xyjjQWG7gvpdM1O3Tdampgcm9uYMb:q2XlSx09Gx3ADxqjQWG7KP4lmpgDuYu |
| MD5: | D29418FC37B705AA791628E034B8DA58 |
| SHA1: | A5892BBF20B19D1C4C1BC38EFFBCC183F93DD43D |
| SHA-256: | 47C4C1A5C2260FF3D8FF7AD15CB3926DB7AE9A8D23F3E70DD942D0C1E7217DB9 |
| SHA-512: | 0207CAFA186EA278F2BE5301B5104DBF93F0CCDCCFB58829DD9A82D01F8A8C218F4AAA24DA16D19BF94ACA554C53BAFBE01966FEBB1342C41640F6D6C52291A8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.3668040442787304 |
| Encrypted: | false |
| SSDEEP: | 24:TLBx/XYKQvGJF7urs9S6bqyKn6ylSTofcNqDuPXKdqEKfS8EKfM1baHF:Tll2GL7msMcKTlS8fcsuEfIl |
| MD5: | 658E1629BCF068AB5A7A5172F309CF6A |
| SHA1: | 933AF42A8B5EBE92344B61E7B50AF0F326E3087A |
| SHA-256: | D41F0B1592A09A636663AFD8046B4D32A6ABF60018D8B9B41AB4FC0076A4005C |
| SHA-512: | 74F906E711F953F07714482D710FFBD272A38653813496446EC8BEEE4801A3CC6E5F7E0468C364089806A9E1D8FFECFA930799935DC7583BB7363C306855635D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.8423754634082612 |
| Encrypted: | false |
| SSDEEP: | 24:7+tUPZ6bqyKn6ylSTofcNqDuP+KdqEKfS8EKfM1banbqZnqLKufx/XYKQvGJF7u7:7MUhcKTlS8fcsudfIMnqGufl2GL7msm |
| MD5: | 71A777165B51199D930A225DDB75D2F3 |
| SHA1: | 758E51141A5AD3A32A427A892C0B3FA08881C9F2 |
| SHA-256: | EC5FAD657D766C601B05525EE2F4F0D4A509C28A60446B60E4EE812FE16994F6 |
| SHA-512: | 4737F661E83D835384C524DFEB7C89606F8D1C25B906CEFB0E64F18C6FFF806F78B3BFD6C43C6B66670AED743EBB879339F2849085D87E67BFD30D8A265D94F9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66726 |
| Entropy (8bit): | 5.392739213842091 |
| Encrypted: | false |
| SSDEEP: | 768:RNOpblrU6TBH44ADKZEgtd9nEWQvc3Xgi6LEa2D+3i0MvYyu:6a6TZ44ADEtd9EWQUHgj3i0CK |
| MD5: | FADDE5ED761013E6FD04C1F65A467B16 |
| SHA1: | 3EAC8B322D81545E42A9C13B810E34CD7A13A32A |
| SHA-256: | 92BBF58EA51C3B94FFC488B645165F8F97281869600272052A1685C1F40C5C95 |
| SHA-512: | 15658FAD5CF8B313E1ECB9ADFDB5C3A4A5E1895D77D6C1240708F4413E104594FA420E6C8153AA5A5A3B34440F7405FA0D7AC8E1260957DB2D42CCE42DE79DA0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.516674370985874 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8mOKhiwCH:Qw946cPbiOxDlbYnuRKvOBl |
| MD5: | E04182FBFEC75B4A14AA35E28AEC9E61 |
| SHA1: | 749C6A13918A5630B8066DDD4579B8AAEA50380C |
| SHA-256: | 3A62DACA4030A3DC361EEE6C75F47E9451DEA81B45D12F1D140AE4C7F31E8309 |
| SHA-512: | 6E8BBBAF852B9C72AC0E680CD3091E443EFD94759EFC29A82F99A3BBD2540BF91B8C1000E0F43DD94ED7D3E19D6B3CB90F6BDC52673C64E5CE001D73EA5408B8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-26 02-24-58-382.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.330589339471305 |
| Encrypted: | false |
| SSDEEP: | 384:usQfQQjZyDzISMjg0svDBjA49Y0/sQHpMVhrSWD0Wny6WxIWd44mJmtaEKHvMMwh:Ink |
| MD5: | 5BC0A308794F062FEC40F3016568DF9F |
| SHA1: | 14149448191AB45E99011CBBEF39F2A9A03A0D15 |
| SHA-256: | 00D910C49F2885F6810F4019A916EFA52F12881CBF1525853D0C184E1B796473 |
| SHA-512: | CF12E0787C1C2A129BE61C4572CF8A28FC48039B2ADFD1816E58078D8DD900771442F210C545AD9B3F4EAEC23F6F1480F7BBF262B6A631160B20D0785BC17242 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.3640834130777755 |
| Encrypted: | false |
| SSDEEP: | 384:OC4jQCtBslYaVmxFe0wo0m1wMPi9j19Gq1Lp4Q+i77rZn/2Os5asUlUlcnVLMXn/:cVkw |
| MD5: | 1E1DEDE07E6F5027B9C8A17FEF920F20 |
| SHA1: | 8EA7BB49DF5CEF7A9640CBEA76C947ED53DCF4B2 |
| SHA-256: | A1D34F1348D7A0773C0634DC97C1AFC8738E838873E6CA09FD61723981AE4BE1 |
| SHA-512: | C4AC2A51FE85302D024199701F6F77D4FBDF0A4ED776D406DD0757BB5796A4AA270FF1F298AA5EDAB60510CB2CCAE1CD33DE57ACC20340E561717A9853A87C65 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.387843066184151 |
| Encrypted: | false |
| SSDEEP: | 192:icbENIn5cbqlcbgIpLcbJcb4I5jcbKcbQIrxcbmFPcbUI+nnJ71yXYMcbUcbSiWk:8qnXopZ50r4+R |
| MD5: | C0A44D286FBA161C31F8F78C3C407770 |
| SHA1: | B608814B6B8DE633FE79E638430851530F872CF5 |
| SHA-256: | EB899F17722483CB299757B5B656C813D88B3C2772F9FA0044255E523281C004 |
| SHA-512: | DCC8757EBCA9F575EA3305D475B78C2FAB05126DF2DA1BF3479B38B4BB36C594C4C864B80DA5467ACD52EDFFF3710008BF395C88AB043D0C3C4E52E4F3D39823 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru |
| MD5: | CA6B0D9F8DDC295DACE8157B69CA7CF6 |
| SHA1: | 6299B4A49AB28786E7BF75E1481D8011E6022AF4 |
| SHA-256: | A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7 |
| SHA-512: | 9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.696147766582621 |
| TrID: |
|
| File name: | SIBZ3SUD0124112517250.pdf |
| File size: | 172'310 bytes |
| MD5: | 40e4924a1498bd865e42c20f0e94521a |
| SHA1: | 62aefb8b6218720c03310efa68b451d87e99ec13 |
| SHA256: | 022d78b26004791e5579dfc7f5e1625d2fc6ba09ac89c5359b2a27a1c76e07da |
| SHA512: | 97b179367faec2acab3a7c4503b245041449310a8537802c5c34978dcfb02910de31d9b4f3df4b71779a048b15898d5e44709bcf7a5a1f7042f1e54c43be0836 |
| SSDEEP: | 3072:zDGeqJwwrVdZbEoObCL1qUrj0eeG6H3t3eJhMn4xuAPvbOIHg93i:HGowrVdFEXbu1Fj0eeGUwJzvbOUci |
| TLSH: | AAF3BFB0901559AACC8A92C09F20351F8CEEF16389CF5AE135FD87849F08F5EF4A56E5 |
| File Content Preview: | %PDF-1.4.%......1 0 obj.<</Type /Page./Parent 2 0 R./MediaBox [ 0 0 595.200 841.680 ]./Resources <</XObject 3 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]>>/Contents [ 4 0 R ]./Rotate 0.>>..endobj.5 0 obj.<</Type /XObject /Subtype /Image./Name /JI1 |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.4 |
| Total Entropy: | 7.696148 |
| Total Bytes: | 172310 |
| Stream Entropy: | 7.790369 |
| Stream Bytes: | 143578 |
| Entropy outside Streams: | 5.173513 |
| Bytes outside Streams: | 28732 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 191 |
| endobj | 191 |
| stream | 93 |
| endstream | 93 |
| xref | 1 |
| trailer | 1 |
| startxref | 1 |
| /Page | 1 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 1 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 26, 2024 08:25:05.336407900 CET | 49717 | 443 | 192.168.2.9 | 52.6.155.20 |
| Nov 26, 2024 08:25:05.336445093 CET | 443 | 49717 | 52.6.155.20 | 192.168.2.9 |
| Nov 26, 2024 08:25:05.336921930 CET | 49717 | 443 | 192.168.2.9 | 52.6.155.20 |
| Nov 26, 2024 08:25:05.336921930 CET | 49717 | 443 | 192.168.2.9 | 52.6.155.20 |
| Nov 26, 2024 08:25:05.336972952 CET | 443 | 49717 | 52.6.155.20 | 192.168.2.9 |
| Nov 26, 2024 08:25:06.749720097 CET | 443 | 49717 | 52.6.155.20 | 192.168.2.9 |
| Nov 26, 2024 08:25:06.750025034 CET | 49717 | 443 | 192.168.2.9 | 52.6.155.20 |
| Nov 26, 2024 08:25:06.750042915 CET | 443 | 49717 | 52.6.155.20 | 192.168.2.9 |
| Nov 26, 2024 08:25:06.751116991 CET | 443 | 49717 | 52.6.155.20 | 192.168.2.9 |
| Nov 26, 2024 08:25:06.751202106 CET | 49717 | 443 | 192.168.2.9 | 52.6.155.20 |
| Nov 26, 2024 08:25:06.751210928 CET | 443 | 49717 | 52.6.155.20 | 192.168.2.9 |
| Nov 26, 2024 08:25:06.751280069 CET | 49717 | 443 | 192.168.2.9 | 52.6.155.20 |
| Nov 26, 2024 08:25:06.751646042 CET | 49717 | 443 | 192.168.2.9 | 52.6.155.20 |
| Nov 26, 2024 08:25:06.751704931 CET | 443 | 49717 | 52.6.155.20 | 192.168.2.9 |
| Nov 26, 2024 08:25:06.752206087 CET | 49717 | 443 | 192.168.2.9 | 52.6.155.20 |
| Nov 26, 2024 08:25:06.752221107 CET | 443 | 49717 | 52.6.155.20 | 192.168.2.9 |
| Nov 26, 2024 08:25:06.797677994 CET | 49717 | 443 | 192.168.2.9 | 52.6.155.20 |
| Nov 26, 2024 08:25:07.258537054 CET | 443 | 49717 | 52.6.155.20 | 192.168.2.9 |
| Nov 26, 2024 08:25:07.258564949 CET | 443 | 49717 | 52.6.155.20 | 192.168.2.9 |
| Nov 26, 2024 08:25:07.258640051 CET | 443 | 49717 | 52.6.155.20 | 192.168.2.9 |
| Nov 26, 2024 08:25:07.258666992 CET | 49717 | 443 | 192.168.2.9 | 52.6.155.20 |
| Nov 26, 2024 08:25:07.259073973 CET | 49717 | 443 | 192.168.2.9 | 52.6.155.20 |
| Nov 26, 2024 08:25:07.264146090 CET | 49717 | 443 | 192.168.2.9 | 52.6.155.20 |
| Nov 26, 2024 08:25:07.264172077 CET | 443 | 49717 | 52.6.155.20 | 192.168.2.9 |
| Nov 26, 2024 08:25:09.877240896 CET | 49721 | 443 | 192.168.2.9 | 23.47.168.24 |
| Nov 26, 2024 08:25:09.877279997 CET | 443 | 49721 | 23.47.168.24 | 192.168.2.9 |
| Nov 26, 2024 08:25:09.877356052 CET | 49721 | 443 | 192.168.2.9 | 23.47.168.24 |
| Nov 26, 2024 08:25:09.877558947 CET | 49721 | 443 | 192.168.2.9 | 23.47.168.24 |
| Nov 26, 2024 08:25:09.877573013 CET | 443 | 49721 | 23.47.168.24 | 192.168.2.9 |
| Nov 26, 2024 08:25:11.461112976 CET | 443 | 49721 | 23.47.168.24 | 192.168.2.9 |
| Nov 26, 2024 08:25:11.461611986 CET | 49721 | 443 | 192.168.2.9 | 23.47.168.24 |
| Nov 26, 2024 08:25:11.461625099 CET | 443 | 49721 | 23.47.168.24 | 192.168.2.9 |
| Nov 26, 2024 08:25:11.462709904 CET | 443 | 49721 | 23.47.168.24 | 192.168.2.9 |
| Nov 26, 2024 08:25:11.462919950 CET | 49721 | 443 | 192.168.2.9 | 23.47.168.24 |
| Nov 26, 2024 08:25:11.508554935 CET | 49721 | 443 | 192.168.2.9 | 23.47.168.24 |
| Nov 26, 2024 08:25:11.508646965 CET | 443 | 49721 | 23.47.168.24 | 192.168.2.9 |
| Nov 26, 2024 08:25:11.508846998 CET | 49721 | 443 | 192.168.2.9 | 23.47.168.24 |
| Nov 26, 2024 08:25:11.508862972 CET | 443 | 49721 | 23.47.168.24 | 192.168.2.9 |
| Nov 26, 2024 08:25:11.552067995 CET | 49721 | 443 | 192.168.2.9 | 23.47.168.24 |
| Nov 26, 2024 08:25:11.833539963 CET | 443 | 49721 | 23.47.168.24 | 192.168.2.9 |
| Nov 26, 2024 08:25:11.833743095 CET | 443 | 49721 | 23.47.168.24 | 192.168.2.9 |
| Nov 26, 2024 08:25:11.833807945 CET | 49721 | 443 | 192.168.2.9 | 23.47.168.24 |
| Nov 26, 2024 08:25:11.834108114 CET | 49721 | 443 | 192.168.2.9 | 23.47.168.24 |
| Nov 26, 2024 08:25:11.834126949 CET | 443 | 49721 | 23.47.168.24 | 192.168.2.9 |
| Nov 26, 2024 08:25:11.834137917 CET | 49721 | 443 | 192.168.2.9 | 23.47.168.24 |
| Nov 26, 2024 08:25:11.834214926 CET | 49721 | 443 | 192.168.2.9 | 23.47.168.24 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 26, 2024 08:25:05.800019979 CET | 52363 | 53 | 192.168.2.9 | 1.1.1.1 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Nov 26, 2024 08:25:05.800019979 CET | 192.168.2.9 | 1.1.1.1 | 0xf2d9 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Nov 26, 2024 08:25:05.944483042 CET | 1.1.1.1 | 192.168.2.9 | 0xf2d9 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 26, 2024 08:25:07.725951910 CET | 1.1.1.1 | 192.168.2.9 | 0xf7d6 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Nov 26, 2024 08:25:07.725951910 CET | 1.1.1.1 | 192.168.2.9 | 0xf7d6 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.9 | 49717 | 52.6.155.20 | 443 | 7668 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-26 07:25:06 UTC | 1473 | OUT | |
| 2024-11-26 07:25:07 UTC | 608 | IN | |
| 2024-11-26 07:25:07 UTC | 4762 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.9 | 49721 | 23.47.168.24 | 443 | 7668 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-26 07:25:11 UTC | 475 | OUT | |
| 2024-11-26 07:25:11 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 02:24:54 |
| Start date: | 26/11/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6153b0000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 02:24:55 |
| Start date: | 26/11/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61f300000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 02:24:55 |
| Start date: | 26/11/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61f300000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly