Edit tour
Windows
Analysis Report
Toyota Mot_0043394_CC367099.pdf
Overview
General Information
| Sample name: | Toyota Mot_0043394_CC367099.pdf |
| Analysis ID: | 1437715 |
| MD5: | 4859953a387b32836780fc839fb02e20 |
| SHA1: | 0147602ab9808dc2bf4a8b5d83aded6714af6145 |
| SHA256: | 636922d548c79ab03614dab37b7896108b31bfa9a3615be1a841d99d3e089948 |
| Infos: | |
 | |
Detection
| Score: | 1 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 7644 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\T oyota Mot_ 0043394_CC 367099.pdf " MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 7812 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7996 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 08 --field -trial-han dle=1656,i ,935570342 3911665835 ,349598351 1669041495 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.77.8.172 | unknown | United States | 16625 | AKAMAI-ASUS | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1437715 |
| Start date and time: | 2024-05-07 20:38:28 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 48s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 10 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Toyota Mot_0043394_CC367099.pdf |
| Detection: | CLEAN |
| Classification: | clean1.winPDF@14/44@0/1 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.196.184.145, 52.202.204.11, 23.22.254.206, 54.227.187.23, 52.5.13.197, 23.223.209.213, 23.223.209.217, 172.64.41.3, 162.159.61.3
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Toyota Mot_0043394_CC367099.pdf
⊘No simulations
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AKAMAI-ASUS | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
| Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.189842555987087 |
| Encrypted: | false |
| SSDEEP: | 6:Dtnq2Pwkn2nKuAl9OmbnIFUt86tKZmw+6t2kwOwkn2nKuAl9OmbjLJ:D5vYfHAahFUt86E/+6k5JfHAaSJ |
| MD5: | 3BC8E052D511CE0D856260ADE04AECB7 |
| SHA1: | 18EC2AEDF656954409A6442DCE406A5DD5B30260 |
| SHA-256: | AF5F6A755A2907C3302C0CED31FD48E802393A35E4A153F2ACBBEB954C2FD7A5 |
| SHA-512: | B0661E2C0400C161A3058583E63F71B8C1D271D6F4647D14748B8E3E6C437C14DC105A275551F3D1B7FDECB2A9C0F34EAB9A2C9EAF345D659819F3CE66DB5532 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.189842555987087 |
| Encrypted: | false |
| SSDEEP: | 6:Dtnq2Pwkn2nKuAl9OmbnIFUt86tKZmw+6t2kwOwkn2nKuAl9OmbjLJ:D5vYfHAahFUt86E/+6k5JfHAaSJ |
| MD5: | 3BC8E052D511CE0D856260ADE04AECB7 |
| SHA1: | 18EC2AEDF656954409A6442DCE406A5DD5B30260 |
| SHA-256: | AF5F6A755A2907C3302C0CED31FD48E802393A35E4A153F2ACBBEB954C2FD7A5 |
| SHA-512: | B0661E2C0400C161A3058583E63F71B8C1D271D6F4647D14748B8E3E6C437C14DC105A275551F3D1B7FDECB2A9C0F34EAB9A2C9EAF345D659819F3CE66DB5532 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.2049581953301 |
| Encrypted: | false |
| SSDEEP: | 6:DYxVq2Pwkn2nKuAl9Ombzo2jMGIFUt869gZmw+6pSIkwOwkn2nKuAl9Ombzo2jM4:DYxVvYfHAa8uFUt869g/+68I5JfHAa8z |
| MD5: | 43B4FF9B53A754EB3F0FB6A6BD5EE151 |
| SHA1: | 3F386ADEB10F84A3829D92FD449E6642A37D57BC |
| SHA-256: | 88266DFFA33B509EC35C0968B37A1251DB7E9DB9F2256E8E1E9571FB647F4A2C |
| SHA-512: | D4303FBAA9146FF4F64742E5404D7BB10D83B5C839488E5009D19BC03E8DBA8CB21369A01FAFD111FD28747083B285F767048674812E343CF724B46B4214AC8F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.2049581953301 |
| Encrypted: | false |
| SSDEEP: | 6:DYxVq2Pwkn2nKuAl9Ombzo2jMGIFUt869gZmw+6pSIkwOwkn2nKuAl9Ombzo2jM4:DYxVvYfHAa8uFUt869g/+68I5JfHAa8z |
| MD5: | 43B4FF9B53A754EB3F0FB6A6BD5EE151 |
| SHA1: | 3F386ADEB10F84A3829D92FD449E6642A37D57BC |
| SHA-256: | 88266DFFA33B509EC35C0968B37A1251DB7E9DB9F2256E8E1E9571FB647F4A2C |
| SHA-512: | D4303FBAA9146FF4F64742E5404D7BB10D83B5C839488E5009D19BC03E8DBA8CB21369A01FAFD111FD28747083B285F767048674812E343CF724B46B4214AC8F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 474 |
| Entropy (8bit): | 4.957078780689853 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZcusBdOg2Hscaq3QYiubInP7E4T3y:Y2sRdsNdMHP3QYhbG7nby |
| MD5: | 6B666CF9D0DA2CBD3F09D76F7659F529 |
| SHA1: | CA58EADB2DC20C7D8B9FFFC50032E060D806C4A4 |
| SHA-256: | 1410B0187A064AED04FEE8CF9E45653F2058F395BFA5C0A403CBDC6E1868C40A |
| SHA-512: | E4A4AD5AD7544EC59CD77388206141C48CD47ED327A93CA3CB35C719F5615C323C5BD45423222F41D70FB37B9CAE3ACE277722D3E0929811B309DD81DA3FE8EA |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f02c40ac-e430-496b-9a63-168730030bd2.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 474 |
| Entropy (8bit): | 4.957078780689853 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZcusBdOg2Hscaq3QYiubInP7E4T3y:Y2sRdsNdMHP3QYhbG7nby |
| MD5: | 6B666CF9D0DA2CBD3F09D76F7659F529 |
| SHA1: | CA58EADB2DC20C7D8B9FFFC50032E060D806C4A4 |
| SHA-256: | 1410B0187A064AED04FEE8CF9E45653F2058F395BFA5C0A403CBDC6E1868C40A |
| SHA-512: | E4A4AD5AD7544EC59CD77388206141C48CD47ED327A93CA3CB35C719F5615C323C5BD45423222F41D70FB37B9CAE3ACE277722D3E0929811B309DD81DA3FE8EA |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4730 |
| Entropy (8bit): | 5.248558321732744 |
| Encrypted: | false |
| SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7H8tGUTtpOZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goT |
| MD5: | 4771446D0C0B0C9CA69CD2C1E88D9B09 |
| SHA1: | 82854755F85498582CDD92371747A65E627B9488 |
| SHA-256: | BE8CF1030BEFF97C8145B196DAA54085AF51593C59678BB79557736FAA1539B2 |
| SHA-512: | 2BAFA25A62195FE6EA9B431B5F1E911D1B5AEA4A226D45B5509B662604160ACCE84E503292CAD407629D17D2C983E907D11CD49A609E37DCC34ACFF24538AD07 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.226351596370954 |
| Encrypted: | false |
| SSDEEP: | 6:DidVq2Pwkn2nKuAl9OmbzNMxIFUt86GgZmw+6qdSIkwOwkn2nKuAl9OmbzNMFLJ:DuVvYfHAa8jFUt86Gg/+6qQI5JfHAa8E |
| MD5: | 1D33E87C95D03816BAC7F8D2DCB4CE6D |
| SHA1: | 67FB263A7B769779FD34820D7A11F4A915ADA7B6 |
| SHA-256: | D130A31DEC984651EE3441D915932B9D0E0A29B96B362280D5B7D543A64BE1BD |
| SHA-512: | FC5B33CEA1196EAF32F7A9A3102EA223780D65D549A818946547F120902B64D97374CA1D5B2F7E8BC677342972327E4F81B65AE39E461A5CE9CF322EEC285FC4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.226351596370954 |
| Encrypted: | false |
| SSDEEP: | 6:DidVq2Pwkn2nKuAl9OmbzNMxIFUt86GgZmw+6qdSIkwOwkn2nKuAl9OmbzNMFLJ:DuVvYfHAa8jFUt86Gg/+6qQI5JfHAa8E |
| MD5: | 1D33E87C95D03816BAC7F8D2DCB4CE6D |
| SHA1: | 67FB263A7B769779FD34820D7A11F4A915ADA7B6 |
| SHA-256: | D130A31DEC984651EE3441D915932B9D0E0A29B96B362280D5B7D543A64BE1BD |
| SHA-512: | FC5B33CEA1196EAF32F7A9A3102EA223780D65D549A818946547F120902B64D97374CA1D5B2F7E8BC677342972327E4F81B65AE39E461A5CE9CF322EEC285FC4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240507183918Z-156.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 0.5610254057291832 |
| Encrypted: | false |
| SSDEEP: | 96:xMGMMOpWMM9OMMMrY7MbMMjCHMQ4M/MMMMMZMMNMSEq4MiMlM0Mrio:CYS |
| MD5: | F6DA8214D727BA07427A651182B68F39 |
| SHA1: | 6DC65AD0D763BE2466945CAD329D1EC16E38338D |
| SHA-256: | C847213F3E15D299628612F2063ED7446BC837BB91361D6B1E515A020CAAB40A |
| SHA-512: | 1DAAE41FEE297F728429AB81439CFCC8BB08021BD92A0CCE4095BB34E8A6992F68515223B151CF294FF086CEE66F432B87DA32B5BB56C1B29E6F7B539D996896 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.44502111305005 |
| Encrypted: | false |
| SSDEEP: | 384:yezci5t0iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rjs3OazzU89UTTgUL |
| MD5: | 35C71103D3C7955447637D0FE3FD01B8 |
| SHA1: | BF8E7E9A99DB06C31B56FAD6471937820453901B |
| SHA-256: | BD13F180201F9038A795DFB067D0AA961B381A82214AB56164EE6B3AAE9CBB69 |
| SHA-512: | 1DD48DD18A06C164132345B5691BD1DBE1B20B5F5AB841688DF96F5342BB0163F00C527558DED2A5E7B301F0AFD9E62D80CCC357B60FA08F394AE60135E8314E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.7758908835833767 |
| Encrypted: | false |
| SSDEEP: | 48:7MEup/E2ioyVeioy9oWoy1Cwoy1uKOioy1noy1AYoy1Wioy1hioybioygoy1noyX:7SpjueFBXKQ5vb9IVXEBodRBk9 |
| MD5: | C042B7A3DE1AD50CC3DA74EF0DD7AEA1 |
| SHA1: | 45E62202E18C4ECC86F4DBB9D83837BC50555E4B |
| SHA-256: | 4759D723A8568C98D1915BA7F78834CB8679363A7A2EFBB8DB87B074167E6A5B |
| SHA-512: | 5BD57B789F6B9A40853CEC2B802486E24B696BA7092C8700AF9CBB522FABD4B87FC4C5165D7263589C34DB6F94A02996DA6565AA41E8373545DC0D7FDDF1F230 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 243196 |
| Entropy (8bit): | 3.3450692389394283 |
| Encrypted: | false |
| SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
| MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
| SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
| SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
| SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.361504142608443 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXPAcif9UaR79VoZcg1vRcR0YRs7oAvJM3g98kUwPeUkwRe9:YvXKXviNR7EZc0vuGMbLUkee9 |
| MD5: | EC079353A5B4C3BFF0208CDBC5B52F13 |
| SHA1: | D9727CEF91E29DC4DF8319780F41BB9992A8B487 |
| SHA-256: | 5F14502643AD0DD7D5646BFCCBC2EEF5AA6C3934F3095168A2417AE44876D523 |
| SHA-512: | B7E16E99D2B9EC5645175D6E532DE9EDFB724F90392F089293519EF352AC8E737E88CE310DC837869BC14E74626D92B4D7BB60D3631EFE8DFD9B970078DFA808 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.3076315977396105 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXPAcif9UaR79VoZcg1vRcR0YRs7oAvJfBoTfXpnrPeUkwRe9:YvXKXviNR7EZc0vuGWTfXcUkee9 |
| MD5: | 869D283674A1DE49E203CBAA36F0A613 |
| SHA1: | CEEC7DB2F891AE96F9E00FE825EA2B9D5C179D96 |
| SHA-256: | 612E0B7E5ABE155D852460C16516B17CAF13E8028886FA65D00E70D6EE4F05C6 |
| SHA-512: | 9D8632F515F686C8385345A1CD5D153B07BB2DD6F883FE1280AC805B8272D5D5500BE3C002C9D2DEEAF66ED0DBD45BEFEAAFBFE4E82531CCC2A0EC3FF0AA7F82 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.28566542663103 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXPAcif9UaR79VoZcg1vRcR0YRs7oAvJfBD2G6UpnrPeUkwRe9:YvXKXviNR7EZc0vuGR22cUkee9 |
| MD5: | 3CDB8988F72A5D30589C563A1F54941F |
| SHA1: | 8F49FD01F842A5DF19E5DD63823EA87CF7B18135 |
| SHA-256: | FBF9AA52A3FC677BEEB10E8CE33E8B7F21782115B335F2CA1428588C284932CD |
| SHA-512: | 8A1895E45654578E91640092D7F27356D96071A55CD6A87E2BD231DACEF5CC53DAFE591E8A0CF178A91C488CF6748F0819233AD07D3282C00C80734C1B18EE2B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.3484494121822435 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXPAcif9UaR79VoZcg1vRcR0YRs7oAvJfPmwrPeUkwRe9:YvXKXviNR7EZc0vuGH56Ukee9 |
| MD5: | 6CD8900EE2CA4CE6A2CF48C6B7802D65 |
| SHA1: | 5094A514F14B23723EB837DC666811B2971B51AF |
| SHA-256: | 898DDF373CD3D78D4F3728C8C49034619BE77F469696141756ECA7886113AA61 |
| SHA-512: | A1BCC23400C86670FF6667FBFE1E8332C5DFFF77186BE0A3BEFAA040E6E68DC754EA20B7A2EE8C934AFAE564BE3A9AA2A2182604422D32390EC7A18B4308EFE9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.308047315173093 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXPAcif9UaR79VoZcg1vRcR0YRs7oAvJfJWCtMdPeUkwRe9:YvXKXviNR7EZc0vuGBS8Ukee9 |
| MD5: | 8CB19710A28BEAD0D53C1E3AE335DF3F |
| SHA1: | B199EAB9D9DBE2D1879198A4F88537F1C92E39B2 |
| SHA-256: | D5826D0B1EB31829AE5910D783F715B996C284963F47A2F53C6FD2B2E7955AE5 |
| SHA-512: | C947254D7186F4BFC1701BDA26A443A439A63DCF2BD5FED76D01F7F672133951EAA264D05B8614C6A7D44BD89808830B0164715FA5A83B7767AD3C51D968553F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.29432001448096 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXPAcif9UaR79VoZcg1vRcR0YRs7oAvJf8dPeUkwRe9:YvXKXviNR7EZc0vuGU8Ukee9 |
| MD5: | 155FF8EA85CA418259F28C25012F0EB7 |
| SHA1: | EDB089E38CB14BFCD3C2DFDB735CAA9EE55C6F79 |
| SHA-256: | 2206C82B8AF5135BAD13C5084E363F26E5A67B0B172289E2DD56504106AE1D01 |
| SHA-512: | 7F9666E6DCF8AC12C6498D4EF15B64187FD457E5F004C8AE50BA903BA5E1E3F1D00C9F8F7DAE350F6DD08BB04F046981E4CE7810EFF0524B626D5B14D43E1161 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.297695382010819 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXPAcif9UaR79VoZcg1vRcR0YRs7oAvJfQ1rPeUkwRe9:YvXKXviNR7EZc0vuGY16Ukee9 |
| MD5: | 39E71EB4D9A5D9CF2DCA6774C2F2AFE2 |
| SHA1: | C57FC8803A5491D6EDBBB70D375E22017E3B3F1F |
| SHA-256: | 9977D5793CE5BD994E9ECFF6666DB8A7AD56FE91FC15EC1EA90632FECBB7A2F1 |
| SHA-512: | A464D41C79DCB69BFDEF04B435937573837484220DC803E57661CFC743D3D9813E21893374BD254A1C2BD4B7AFA4E5E1DD5DA7F647E25ED1A8291BA7648757B2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.305499200706181 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXPAcif9UaR79VoZcg1vRcR0YRs7oAvJfFldPeUkwRe9:YvXKXviNR7EZc0vuGz8Ukee9 |
| MD5: | E299402D3ACDC953BB0116C683DB0802 |
| SHA1: | 5B562AA63A8B166EA02CB868D0C2B0040BC247F3 |
| SHA-256: | 7D90E078F35999825E814AE5C96231C1F755133D04E69C7D985714151F5C990C |
| SHA-512: | A0B50C304ADA1079B3070133A47B937A7E962CC1FB7692517F9395753B792243C10C249F314E5BA827F9991AD9924E9669EF1CC331A947A3D750B95288ED461D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1372 |
| Entropy (8bit): | 5.738232773650697 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XvuR7EzvqKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNa:YvJBMiEgigrNt0wSJn+ns8cvFJg |
| MD5: | 5EF60E13FEB42E3326979BF5A5E3D77A |
| SHA1: | 68BC97F4ABB4FED73F6084509976627E6A904BF8 |
| SHA-256: | E1DE042294E6D69A42BEC1515CBD2EECBB479A11FAB408019F2766755830E15D |
| SHA-512: | 9890BD7771AB21F061E7DCEF694A72328196BAED9C8C09DB4EE081A37C725A4995504A436C8A320ED0CC536C06838F73227D78120DBC10AAB578AB426AE5BE42 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.3012041502554625 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXPAcif9UaR79VoZcg1vRcR0YRs7oAvJfYdPeUkwRe9:YvXKXviNR7EZc0vuGg8Ukee9 |
| MD5: | C693B0046AE7B9DE0804DF7AB68A00E6 |
| SHA1: | 406F5656B678393C2E7D37E28A5574D41B3B4A97 |
| SHA-256: | 77C4CD37760A0A16F7A396D3F965778D25C124F1D00634825710187C7C5EA16E |
| SHA-512: | 42F7E225B53E45F15564991C59E7673772E841A8C1153EF7237435A8303BEFD71C39710DA8450661964B0515ACA62AD2BA87303372E131BF07A30AF14EE0EEEE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.774491794891674 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XvuR7EzvZrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNS:YvJBMhHgDv3W2aYQfgB5OUupHrQ9FJ8 |
| MD5: | 2A1071E03CDBE2F140E21FFB3C636420 |
| SHA1: | 46E81807A992F0426672D984EC6FC7ED0E26B7D5 |
| SHA-256: | 9B6E13A97F7C18EBEA35E0BBDE90DE3A864A296270BFC122F9A3FB2C79D46ACB |
| SHA-512: | 49D563FEB3BD79AC07C9327B66677108CBB9BA5E079C4621CFE6FE9207A65C8B26FBE9D1D73870BFCF34A53D14DB7335AD2FD4D6009CDE4ABDAA6A8C8A934D5E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.284742971982554 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXPAcif9UaR79VoZcg1vRcR0YRs7oAvJfbPtdPeUkwRe9:YvXKXviNR7EZc0vuGDV8Ukee9 |
| MD5: | D18725676DC2BF9644D52DF5E125E010 |
| SHA1: | 1531220500CCF80CDE1789F0C8582F3632389BD9 |
| SHA-256: | BD3F7B03BDE9B555F2D7A2418B8A36D20B760ADCCE698EAD96E219283E364CEC |
| SHA-512: | FE655A0F51417D236E896BA91463FC4EB265F52CE6487ACCDE371B98B4ED348C910825E35D68A65E260A05E75E0FFE35400BCA4960B0C5C741A8F5D7E4FAED27 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.289096711245437 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXPAcif9UaR79VoZcg1vRcR0YRs7oAvJf21rPeUkwRe9:YvXKXviNR7EZc0vuG+16Ukee9 |
| MD5: | 17F12001A54CEDBBB2F778BBF7CE2404 |
| SHA1: | 73322D7893CE027159CBC3A6E196BB6F6A0894EA |
| SHA-256: | 265DB85BBAACDB5058D143B207C275C4A89660904E490A78AC3CCC274399A783 |
| SHA-512: | 38DF3B2D1AA47FC950B9F09BE28E4AA286851D935DE6F0CC8E03F38046425C72F5318294748EFDC84658CB160381664A0276A9E04CED79E415FB6AAA5B0860D9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.308316756538734 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXPAcif9UaR79VoZcg1vRcR0YRs7oAvJfbpatdPeUkwRe9:YvXKXviNR7EZc0vuGVat8Ukee9 |
| MD5: | 2B51AB118D80F48367E254D1D3E85E4C |
| SHA1: | 93D0651C0DE2AB72966D60F956266B0F2D74CD86 |
| SHA-256: | CA1422D732E738FAF9AF9CFA86A3BE7C4AEEE8B4E46CEACB5A386715DAE7F10C |
| SHA-512: | 2F4A848F075EA4A1C9E4E30538A8EECB7469BA90BEE4A27F82DA85D5241452676EF324E06DA91A973D5EC1D425480F45A5E391C1C43A3DE1312DDE49AA9DCA68 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.266352779101953 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXPAcif9UaR79VoZcg1vRcR0YRs7oAvJfshHHrPeUkwRe9:YvXKXviNR7EZc0vuGUUUkee9 |
| MD5: | 33445332FABAEF4EA4211AA1691B1BB0 |
| SHA1: | 975A3BFE98917EDF4D2F5B927E9C0D8EA17FB56A |
| SHA-256: | 4C7BD4C529D0ED12F0A07BFC43A569B2A84585F9EF51E79A2F05E5D0007D4150 |
| SHA-512: | 6B953FFE154AE737C80B9447ED7FE78D6F828665F3F42CAD03870A4017C44C835D7E544FC4051B0571B49035E79D759844371561518990F0157BB7931D4F4E46 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.361707950513898 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXviNR7EZc0vuGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW3s1:Yv6XvuR7Ezv4168CgEXX5kcIfANhr |
| MD5: | 5987366848EE6B726D7B648ADF30CFD5 |
| SHA1: | D4F2BFA4C6E559B9769D7621368C26430B7A8C72 |
| SHA-256: | 48C589170C883D8E0C228D4F6824257931B5C0477324885E07F1E7D05E5F9D6A |
| SHA-512: | 24DDDF09F1FC6AD3E77D926591D2BA5EC2A9E0EBD8655F88EBF5461F37264A92E0FB36B252B58C9E4576D3354C3FADE63303A422095120AB07C90E68C997E918 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.126246119166831 |
| Encrypted: | false |
| SSDEEP: | 24:YjsslrFWNEA/C9EGNXalLZfdbP9sQaNjJaysQPSvYDscgY43djWj0StlzgCgg2mY:YlcpIKZfxwjdHZKoEk/ljnY9R91 |
| MD5: | 5374301856523663C1F1A3F9CD5BA4FE |
| SHA1: | 608898A39A6727B2439CB32B65691AD66E840B44 |
| SHA-256: | 597E11C775694C198CC85FD8F3A7EE816980E468421CC94044C3266CC2E91976 |
| SHA-512: | 13EFF218F20AF4A9B43B43C796466781A22D2BE651AE78C9EE296D2B0D2F20B5D96F6C58F8595AC6FCE156212FB7C0DBA2BA967C22ED8CE00AC86D70FCEBCA86 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.1872246826132047 |
| Encrypted: | false |
| SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUYSvR9H9vxFGiDIAEkGVvpS:lNVmswUUUUUUUUY+FGSItW |
| MD5: | 7F896E4868C84E702B60FE0FC25D8837 |
| SHA1: | F16A373B7673D8787C0A222FE8205CD5401B578D |
| SHA-256: | 9EA5FCF0EC8C32B5AEDA5B5C8548054F5CF19F43A9B61E294ABEF8CF6DF8912E |
| SHA-512: | 320C1BD1CBE8691AE2C0459A36C9108D2044109FA9CC5F4179AC5CD3DB39D988344C78E4D66E34F18827B5B96ED9CC67BA6348EB79C6D05C015BD6C4DE03AAB4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.6071233000045446 |
| Encrypted: | false |
| SSDEEP: | 48:7M1KUUUUUUUUUU6vR9H9vxFGiDIAEkGVvsqFl2GL7msz:7DUUUUUUUUUUGFGSItCKVmsz |
| MD5: | A906CA29BCBE363D9F98D77577076B1F |
| SHA1: | A6695E137FC93D6EA6ABAFD50944216124F2C205 |
| SHA-256: | E70A492C21107DCDC68AE21C0C639385EE41083A9B747739869FF6613AC90F82 |
| SHA-512: | DAB45F26F9312DDFBC74C9CE118D3D60B7F5FF027161A9A8A22AE97E626D009F314DD2CAB28DB5409B805F0B05DF0F8D49BE4BF41ED85C2DC521661DFBC00941 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.524398495091119 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8yQrmNlH:Qw946cPbiOxDlbYnuRKTcmN9 |
| MD5: | 834539AA21F5F0E1CD1E9FF1231BE030 |
| SHA1: | AF0D1EAAF817AE8FB0453D975A70646E5DCC72C9 |
| SHA-256: | 539774B5A194610FE6DFAA9C32A62D712192967924F9C0CD067C1D19EEBD5AED |
| SHA-512: | 866F6D32D32709645BFE4AB1C182702C5CFCB3689F123BB36972606E54488D370B0B570AE35DB84F70DCD6097EBD68F65AA4EA9C01F76205076D69A7F2A85C99 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 358 |
| Entropy (8bit): | 5.0419887204381055 |
| Encrypted: | false |
| SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOfjlcO5jvcO5jRCCSyAAO:IngVMre9T0HQIDmy9g06JXZcavcaglX |
| MD5: | 0A748F005AEDD810F823D53103C2D4FF |
| SHA1: | 48BE080CC27AE1953BD9F22969ED4D1D90FB6D47 |
| SHA-256: | 1FE0780366966CBDB5D2915325FB39EC902EBAE9F1864784F589C1B8115F7ED3 |
| SHA-512: | E2B244349AD0A9F23989486FACB978948C2BA9F1997EC8000CE31085E6DD2E4AF28046F86AA50FE3EA5BB4D83AEBD8079C2444C6BB9766E011352C249B2A4B38 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-07 20-39-16-409.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.345946398610936 |
| Encrypted: | false |
| SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
| MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
| SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
| SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
| SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.39498909184927 |
| Encrypted: | false |
| SSDEEP: | 384:ZQ+5mk7UTuwrgAMjo/jFcVh2nTyJiS6JGwK8Eqfru6vVa+HP0daVdWnKIKdrEcM9:v6CL |
| MD5: | 11AFD094CF5E53CE53AC50751C75F688 |
| SHA1: | 8EBE058D1FA651C0D2ACAAD6A05108ADD3566F9E |
| SHA-256: | B481824ACFE295D28377A9815AC6012C3EA1FB3ACBEBD4AB1F1488F3D5D84495 |
| SHA-512: | 624AADC05199869641C870A0EA9B29096F945824855BB1D100BC232AC50FC02BA081F4F38E8EBC4AAA16B634B0B51D7C60E63874796AE6E67B34F344108786E2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29845 |
| Entropy (8bit): | 5.400448919193546 |
| Encrypted: | false |
| SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rW:C |
| MD5: | CAB8B4692F1FB1C2C897E480D2B17305 |
| SHA1: | A05633D803826B707EE0F93AC16AA49D58B9D7CB |
| SHA-256: | 1FC1D05094EDABE51AA5D05B8BD38035EC3DA0684026E7C308AF5AB0E3B15411 |
| SHA-512: | EDE5E00AB8F92B8335C96E2CB86827339514FB6FAD4760C8E2B64431DAE11713B48432A07D3ECE8B0E283253D0AE5F8F61C87542696C39D8E892D5023DD64627 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru |
| MD5: | AE1E8A5D3E7B2198980A0CA16DE5F3D3 |
| SHA1: | A1DB2C58AFC81E6A114A8EB47BE0243956F79460 |
| SHA-256: | 8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F |
| SHA-512: | 5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R0777owWLaGZDwYIGNPJe:Jb3mlind9i4ufFXpAXkrfUs0UwWLaGZo |
| MD5: | A292787F33B6A2690672445EB9A4F937 |
| SHA1: | ADBD2B485FF15FAC9CF0C5EAEEAFF7B4EC8AF26C |
| SHA-256: | 46FA158305389D5A7682C007E9FEBB08C4D2B57F4F590FF894AC3747EAB6C5AF |
| SHA-512: | F94EE27708CF0B9354CCF4C3A13594266AD9074053736BDD5C679383F7E87901A3B735F33A7FE5F879B065FF2EFB9F8FE3AF71061BA4528982916CC531215093 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.787418349662711 |
| TrID: |
|
| File name: | Toyota Mot_0043394_CC367099.pdf |
| File size: | 2'417 bytes |
| MD5: | 4859953a387b32836780fc839fb02e20 |
| SHA1: | 0147602ab9808dc2bf4a8b5d83aded6714af6145 |
| SHA256: | 636922d548c79ab03614dab37b7896108b31bfa9a3615be1a841d99d3e089948 |
| SHA512: | 5fe6df4a541bd5ff0fb6f5300ec61eb6a8d507466735f27c58e3ee3e5b1f26d226423d3ab064beba2a95f110f5a37f3b8b35e47742b0238acd214b0d36d5bb8c |
| SSDEEP: | 48:c5azOjPM61H/97em7341Z4PX9fDm1fOMkWxGvENF+TwfR7vTA+vX2Pe:c5abO7ILCXBmNkW0vENF+TwfRrTrX2W |
| TLSH: | 43418312B84F4CFCD5B95B921F24FCD66C2EB10376C8F5C0286CC25BE148F59694B912 |
| File Content Preview: | %PDF-1.6..8 0 obj..<</Type/XObject/Subtype/Form/FormType 1/BBox[0 0 612.0 792.0] /Length 92 /Filter /FlateDecode >>..stream..x.3P0.. w^..0.(...).....3T053...P074.3.T.....w3..R04P.I...0...BVm.gb..ZC!?M.U..!...!.@k.C..A..endstream..endobj..6 0 obj..<< /Leng |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.6 |
| Total Entropy: | 6.787418 |
| Total Bytes: | 2417 |
| Stream Entropy: | 7.785368 |
| Stream Bytes: | 997 |
| Entropy outside Streams: | 5.027364 |
| Bytes outside Streams: | 1420 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 11 |
| endobj | 11 |
| stream | 2 |
| endstream | 2 |
| xref | 1 |
| trailer | 1 |
| startxref | 1 |
| /Page | 1 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 7, 2024 20:39:27.393141985 CEST | 49740 | 443 | 192.168.2.4 | 104.77.8.172 |
| May 7, 2024 20:39:27.393182039 CEST | 443 | 49740 | 104.77.8.172 | 192.168.2.4 |
| May 7, 2024 20:39:27.393275023 CEST | 49740 | 443 | 192.168.2.4 | 104.77.8.172 |
| May 7, 2024 20:39:27.393477917 CEST | 49740 | 443 | 192.168.2.4 | 104.77.8.172 |
| May 7, 2024 20:39:27.393491030 CEST | 443 | 49740 | 104.77.8.172 | 192.168.2.4 |
| May 7, 2024 20:39:27.648861885 CEST | 443 | 49740 | 104.77.8.172 | 192.168.2.4 |
| May 7, 2024 20:39:27.649198055 CEST | 49740 | 443 | 192.168.2.4 | 104.77.8.172 |
| May 7, 2024 20:39:27.649219990 CEST | 443 | 49740 | 104.77.8.172 | 192.168.2.4 |
| May 7, 2024 20:39:27.650083065 CEST | 443 | 49740 | 104.77.8.172 | 192.168.2.4 |
| May 7, 2024 20:39:27.650134087 CEST | 49740 | 443 | 192.168.2.4 | 104.77.8.172 |
| May 7, 2024 20:39:27.652040005 CEST | 49740 | 443 | 192.168.2.4 | 104.77.8.172 |
| May 7, 2024 20:39:27.652082920 CEST | 443 | 49740 | 104.77.8.172 | 192.168.2.4 |
| May 7, 2024 20:39:27.652326107 CEST | 49740 | 443 | 192.168.2.4 | 104.77.8.172 |
| May 7, 2024 20:39:27.652331114 CEST | 443 | 49740 | 104.77.8.172 | 192.168.2.4 |
| May 7, 2024 20:39:27.703350067 CEST | 49740 | 443 | 192.168.2.4 | 104.77.8.172 |
| May 7, 2024 20:39:27.737215996 CEST | 443 | 49740 | 104.77.8.172 | 192.168.2.4 |
| May 7, 2024 20:39:27.737376928 CEST | 443 | 49740 | 104.77.8.172 | 192.168.2.4 |
| May 7, 2024 20:39:27.737529993 CEST | 49740 | 443 | 192.168.2.4 | 104.77.8.172 |
| May 7, 2024 20:39:27.737957954 CEST | 49740 | 443 | 192.168.2.4 | 104.77.8.172 |
| May 7, 2024 20:39:27.737967968 CEST | 443 | 49740 | 104.77.8.172 | 192.168.2.4 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49740 | 104.77.8.172 | 443 | 7996 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-05-07 18:39:27 UTC | 475 | OUT | |
| 2024-05-07 18:39:27 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 20:39:13 |
| Start date: | 07/05/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6bc1b0000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 20:39:13 |
| Start date: | 07/05/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 20:39:14 |
| Start date: | 07/05/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly