Edit tour
Windows
Analysis Report
S6EYDMM5FRYSUFUO.pdf
Overview
General Information
| Sample name: | S6EYDMM5FRYSUFUO.pdf |
| Analysis ID: | 1391069 |
| MD5: | a46406310ca63339723f1e6b33bdc7d5 |
| SHA1: | 0e9a10c5489a0368e3d886b5c0cb95f65228d773 |
| SHA256: | 7e0dfbfcb7a7c2a65d9160b7750836d8b8d71a24c5dea559abf003efef0f36a0 |
| Infos: | |
 | |
Detection
| Score: | 1 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 7132 cmdline: C:\Program Files\Ado be\Acrobat DC\Acroba t\Acrobat. exe" "C:\U sers\user\ Desktop\S6 EYDMM5FRYS UFUO.pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 5860 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5752 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 80 --field -trial-han dle=1584,i ,938530095 4617959697 ,617825529 3535161296 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.63.158.36 | unknown | United States | 16625 | AKAMAI-ASUS | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1391069 |
| Start date and time: | 2024-02-12 20:14:25 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 54s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 9 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | S6EYDMM5FRYSUFUO.pdf |
| Detection: | CLEAN |
| Classification: | clean1.winPDF@14/45@0/1 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.123.200.169, 34.193.227.236, 18.207.85.246, 54.144.73.197, 107.22.247.231, 162.159.61.3, 172.64.41.3, 23.34.82.78, 23.34.82.70
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: S6EYDMM5FRYSUFUO.pdf
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 23.63.158.36 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AKAMAI-ASUS | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.064722406546781 |
| Encrypted: | false |
| SSDEEP: | 6:qK5Lq2P92nKuAl9OmbnIFUt8fK5IcZmw+fK5IckwO92nKuAl9OmbjLJ:lLv4HAahFUt8eIc/+eIc5LHAaSJ |
| MD5: | E12B42EFFBFBD4ACC0FEF335AD13DFC4 |
| SHA1: | CAF7A3984F18BFD0076482141784B6057C85DBF9 |
| SHA-256: | 2DF5C7224F94C86D36F256251724BED9B68BDA48932F90576B02E52836AB4F1F |
| SHA-512: | 2AD055B79F883D779E91A92475EC2C12B5827FF60E1E38975C289A646ABD48DA22DF260417330BB6B4B6EEF11F1EC2E4AEBE9DE75B565F32C1387E5AB2F119A7 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.064722406546781 |
| Encrypted: | false |
| SSDEEP: | 6:qK5Lq2P92nKuAl9OmbnIFUt8fK5IcZmw+fK5IckwO92nKuAl9OmbjLJ:lLv4HAahFUt8eIc/+eIc5LHAaSJ |
| MD5: | E12B42EFFBFBD4ACC0FEF335AD13DFC4 |
| SHA1: | CAF7A3984F18BFD0076482141784B6057C85DBF9 |
| SHA-256: | 2DF5C7224F94C86D36F256251724BED9B68BDA48932F90576B02E52836AB4F1F |
| SHA-512: | 2AD055B79F883D779E91A92475EC2C12B5827FF60E1E38975C289A646ABD48DA22DF260417330BB6B4B6EEF11F1EC2E4AEBE9DE75B565F32C1387E5AB2F119A7 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 335 |
| Entropy (8bit): | 5.141746815052055 |
| Encrypted: | false |
| SSDEEP: | 6:qK9YRFIq2P92nKuAl9Ombzo2jMGIFUt8fKu6djZZmw+fKu6djzkwO92nKuAl9OmT:hYjIv4HAa8uFUt8v29/+v2P5LHAa8RJ |
| MD5: | B33552A9A6857F2550B5ED79EFC31E2D |
| SHA1: | 316606F8718B7F00BBD5CC42E25BCB2DAE83C9C0 |
| SHA-256: | 2B263FBC76C76D4660AF6A0DDCD2E02EC38C5A92B4131AFF9D40DA51B1F8972B |
| SHA-512: | CD3D6CC5FBAB8849A4C67F9D81E83B5B74DA375C8F17FD29ADC8A7F4C0BDFE9F83C8186F308A33E8BFF4DB2910170E0B9ED5EC72798A5C70A8FE4B0CB9926395 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 335 |
| Entropy (8bit): | 5.141746815052055 |
| Encrypted: | false |
| SSDEEP: | 6:qK9YRFIq2P92nKuAl9Ombzo2jMGIFUt8fKu6djZZmw+fKu6djzkwO92nKuAl9OmT:hYjIv4HAa8uFUt8v29/+v2P5LHAa8RJ |
| MD5: | B33552A9A6857F2550B5ED79EFC31E2D |
| SHA1: | 316606F8718B7F00BBD5CC42E25BCB2DAE83C9C0 |
| SHA-256: | 2B263FBC76C76D4660AF6A0DDCD2E02EC38C5A92B4131AFF9D40DA51B1F8972B |
| SHA-512: | CD3D6CC5FBAB8849A4C67F9D81E83B5B74DA375C8F17FD29ADC8A7F4C0BDFE9F83C8186F308A33E8BFF4DB2910170E0B9ED5EC72798A5C70A8FE4B0CB9926395 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\956cec36-afd1-47f5-968b-893a6dff9dec.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 508 |
| Entropy (8bit): | 5.040070170317635 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZBKyhsBdOg2Hpcaq3QYiubxnP7E4T3OF+:Y2sRdsMLydMHQ3QYhbxP7nbI+ |
| MD5: | 2096413BDF6C20A0B96CB0CFD240C2EC |
| SHA1: | D925A2B9D6215D76591B0619F1048337E2960964 |
| SHA-256: | F737523ECFBE40DE79B46350D91EB05CBD452C1487D3B26191713444C76E98E9 |
| SHA-512: | F368D51278BBFB7A38836DC8A9627FB3FE3B1BA2E3BA4C63837403F0F52FD9DD6BB82AA9F6E89EF64DF5917DB3079B7045E7D887E2D708951749C405A6A88A3B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 508 |
| Entropy (8bit): | 5.040070170317635 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZBKyhsBdOg2Hpcaq3QYiubxnP7E4T3OF+:Y2sRdsMLydMHQ3QYhbxP7nbI+ |
| MD5: | 2096413BDF6C20A0B96CB0CFD240C2EC |
| SHA1: | D925A2B9D6215D76591B0619F1048337E2960964 |
| SHA-256: | F737523ECFBE40DE79B46350D91EB05CBD452C1487D3B26191713444C76E98E9 |
| SHA-512: | F368D51278BBFB7A38836DC8A9627FB3FE3B1BA2E3BA4C63837403F0F52FD9DD6BB82AA9F6E89EF64DF5917DB3079B7045E7D887E2D708951749C405A6A88A3B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4509 |
| Entropy (8bit): | 5.244613464607917 |
| Encrypted: | false |
| SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUHRZJVd2Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL7 |
| MD5: | BDA655BF2AAAE078B2E253E3C635DE24 |
| SHA1: | 2E6917B722EBEBED21E720422ED3C10FD700550B |
| SHA-256: | 9CA62B7F4DD5BD607A6ECA9392E471B2FA0CE9DF343DA747996BA09C10187AC5 |
| SHA-512: | 1C74474DA71953218BD4710719C2038D3BF4D3823635A6EE873E1753B89A2527619B4452D34033560CFDCCEC98DB4E7C4B5C9329CC31F8FBAEAB08593697983F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 323 |
| Entropy (8bit): | 5.164288511539202 |
| Encrypted: | false |
| SSDEEP: | 6:qKbEaq2P92nKuAl9OmbzNMxIFUt8fKbVZmw+fKbWkwO92nKuAl9OmbzNMFLJ:f5v4HAa8jFUt82V/+2W5LHAa84J |
| MD5: | 8AFFDBBB9A0D52591D9A04D874845BA4 |
| SHA1: | F28FD052DF707BBD8015E6DA4ECD2220FA8EBD30 |
| SHA-256: | 6DF6178DE19D83713CDF89098377C2A588D2FE663E966887E21560C1649A718B |
| SHA-512: | 091539F3F860FE926D1DD249256F41419AAE23CBB9A34035A7F80F06F98ED02F07AA51E93086506DA3BF83FFE3F2DB0D8EF9BCD315B0260575F24AD3A4537C85 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 323 |
| Entropy (8bit): | 5.164288511539202 |
| Encrypted: | false |
| SSDEEP: | 6:qKbEaq2P92nKuAl9OmbzNMxIFUt8fKbVZmw+fKbWkwO92nKuAl9OmbzNMFLJ:f5v4HAa8jFUt82V/+2W5LHAa84J |
| MD5: | 8AFFDBBB9A0D52591D9A04D874845BA4 |
| SHA1: | F28FD052DF707BBD8015E6DA4ECD2220FA8EBD30 |
| SHA-256: | 6DF6178DE19D83713CDF89098377C2A588D2FE663E966887E21560C1649A718B |
| SHA-512: | 091539F3F860FE926D1DD249256F41419AAE23CBB9A34035A7F80F06F98ED02F07AA51E93086506DA3BF83FFE3F2DB0D8EF9BCD315B0260575F24AD3A4537C85 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240212191516Z-156.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 87958 |
| Entropy (8bit): | 1.6102445118782054 |
| Encrypted: | false |
| SSDEEP: | 384:u50k/VMtzcjMIqO/50yg5NnyqYhSiAVCXmW:VXRcjOJ3Mf |
| MD5: | 9656573FB2968947F4A6C07B58C4CD27 |
| SHA1: | 520F66D055367B4197BE2FBD6C10717A16F9DE24 |
| SHA-256: | E65FDAA88741D0C4B1A03F94A29342C8661CE23838CE2CEC3193FAAE9A6D6101 |
| SHA-512: | 83189944DE43BAE0D9E6F41B87B97A8873F8E2673732C31EFB454118704478BCFA5C9BAEC2BEA0CEC9FFC8B1BD6BFC1A70BE6BF2109D749E9002D0033833776A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10880 |
| Entropy (8bit): | 5.214360287289079 |
| Encrypted: | false |
| SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
| MD5: | B60EE534029885BD6DECA42D1263BDC0 |
| SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
| SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
| SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10880 |
| Entropy (8bit): | 5.214360287289079 |
| Encrypted: | false |
| SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
| MD5: | B60EE534029885BD6DECA42D1263BDC0 |
| SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
| SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
| SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 228346 |
| Entropy (8bit): | 3.3890581331110528 |
| Encrypted: | false |
| SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:DPCaJ/3AYvYwgXFoL+sn |
| MD5: | BAE090D23B1C0D4F6DC247F0080D349E |
| SHA1: | 8A7AAD52A54F9A3CCEF3CE323F6BBD5B2B530461 |
| SHA-256: | D7D3096317CF32DBEDF75D85390FE89A96170D44C09B2F6D164036064F506AE3 |
| SHA-512: | 208136EBA10544EA5EADA1C32EADFD8066047A9D851FF95BADF9938D40AFA1771003C2725DB8C78991E700C73FA2FC3C9F3CC3712B3332E4CF6F8DDE0E539130 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.330326420249662 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCANuBp1x+FIbRI6XVW7+0YEnQgoAvJM3g98kUwPeUkwRe9:YvXKXCuuBnUYpW7hnCGMbLUkee9 |
| MD5: | 08E6DE4BBF06E6298E2C62AAE44FC069 |
| SHA1: | 4EF22DC6035CC9A1A1150B9DD0A2AC0B5DA8976D |
| SHA-256: | 1C3DE6A3391EEB37252DE5D317DD3A368F6D66046198DE9D87DA1AEA6B6C1AFC |
| SHA-512: | E863A487D75B7B183B4025978A87BB18E6C533ED8C4BEF4E6A89290CA35F1D201F6A77FF388A4400B95EBCD8DAE7B00AD3144C0A9118D94B00218D717BAD3D17 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.266156860723743 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCANuBp1x+FIbRI6XVW7+0YEnQgoAvJfBoTfXpnrPeUkwRe9:YvXKXCuuBnUYpW7hnCGWTfXcUkee9 |
| MD5: | 4F69706C8C7B5857B5342BC29CEF1208 |
| SHA1: | 96684AEC99F5075D96805A300679A72B1A4EEE5A |
| SHA-256: | 7563B12A447B384BDCE470CAC8B5CB423980E19814891C2AE679900CC21F230E |
| SHA-512: | 1775A771CD5820BCB62DCEC15111CB394B62617118D5F52990952C93F23CB79922EC790051D12A2E202C9DD44ED7F6040FF594C91CB84686339BC589B5348D8D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.24327830226632 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCANuBp1x+FIbRI6XVW7+0YEnQgoAvJfBD2G6UpnrPeUkwRe9:YvXKXCuuBnUYpW7hnCGR22cUkee9 |
| MD5: | 1B0A6DC9B452F76E7734CEF3FD298D65 |
| SHA1: | DB32AB4B178C127EECCD585A3B2DFD8E3E8CA23A |
| SHA-256: | 2B6B9149854E2B1D61EAB4218483F55F199F2A62AD73DA517CE4C8FD420D77E9 |
| SHA-512: | C6D516195EF40A483CA9D59966528064D5D311423760F6FC04E344DE47B6FB1F1CE8EF1BA22E4AEB7FC8EEC7572B38ACFE8C446BFB010C9B818D342E1967ED50 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.308060106111754 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCANuBp1x+FIbRI6XVW7+0YEnQgoAvJfPmwrPeUkwRe9:YvXKXCuuBnUYpW7hnCGH56Ukee9 |
| MD5: | E8D4EB58AEDEA91D1D205B188D93F61C |
| SHA1: | 953FC5FC4B13922DA7C418659205F9ACF32C814F |
| SHA-256: | 248C1AA466A422CBAFDCCA476ABE55989C4FC51C0150B5A04161115F6AE7238B |
| SHA-512: | C95200E9D2C3EFCDB4CDA6F79E14510114EC715D9E33B3BE4DDFAED7B49CA5C8BE44A87E3F33D9FC52B5443A664772DDC0F0B85C66C2F816EA796AC899D2D24A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1255 |
| Entropy (8bit): | 5.689503923636744 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XCVFFidpLgEsv4ce3KnctSrymTBcu14wChluBks8ctq3Hoy:YvidhgnvjRrNTB5OJhABks8c2Hoy |
| MD5: | 689EC30C7AC5CA08D16B682F07DE5846 |
| SHA1: | 336284DB95EFDFB6B218D29475125AF843E138AA |
| SHA-256: | 962E93C33BCF7501563DC0E95EB168DD967740AA4BFC4D6E738AF465AC4F059F |
| SHA-512: | 495A0869658ABD575A75069EAA4A1D74F536F5E832B56FC37C687DA2E0077745E52C8D1CB63D1687A3A1218AEACF795BB1410970B46E69D97D410F5EC0148B00 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1250 |
| Entropy (8bit): | 5.698848328720485 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XCVFFiBVLgEsy4c19ZrGmTBcu14wCh5rgos8ctq3Hoy:YviBFgnyl9ZrBTB5OJhFgos8c2Hoy |
| MD5: | 2CE4C6ABB92D42E93DB2F58E9264DD41 |
| SHA1: | 4DF234D7854D1627A68CE2F41637C1CB42E8C3DB |
| SHA-256: | 3C8A773283E08218C5B885AEC34C4A01675EB1470D5BD99A7899F2BE452EC646 |
| SHA-512: | AAEF1AC7C47CEFDF61947DB709927E5327B25524C88DAF947F7B78B56FBF8E72CB71F0C47BD6C96BEC9FA02D755D3E6F28E7FF99C7A84A4B297846B61257C6FA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.2533565790575505 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCANuBp1x+FIbRI6XVW7+0YEnQgoAvJfQ1rPeUkwRe9:YvXKXCuuBnUYpW7hnCGY16Ukee9 |
| MD5: | 15D500C91613D4280E5D4CD19210A3F8 |
| SHA1: | AD3D0871F09FCBFBB8E1A33FF6F67D8B6DB91BC5 |
| SHA-256: | AE419183CEA599F4499885ACBC965846E8DA4000EBBBB90F172B83F72D2D14C4 |
| SHA-512: | B3ED3514D17D5F1DAD0C448B5702CA896D7B44BB6529DFB1D46E6EDEFA9DD6841CBC0C94983E1030CF4934DE0AB292009CDF8B6211A0579B72D157FED997A48D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1230 |
| Entropy (8bit): | 5.681415879629039 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XCVFFiw2LgEsk4ccVrhmTBcu14wChds8ctq3Hoy:YviwognkMVrYTB5OJhds8c2Hoy |
| MD5: | DEC929E683609B633E0AB5AB9066C1DA |
| SHA1: | 8A1273DB995A75B6F312C38020BBB3176814013D |
| SHA-256: | A5151815515662F9F44E5B177A28D97015D7D8B208B1F71BA80853E886BC0F25 |
| SHA-512: | 91434A09E6DE8A8C5A85541EF74B8D01E91A637C77A74AE3CD4787B207644B8EA75EA899C2EE2744C177DC03CCFEF03032D70A4F8070581C8DD8838E799F9FE3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1368 |
| Entropy (8bit): | 5.747352365475168 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XCVFFi4KLgEGcooZbq0jCaBrwJoZct5uWaHbX3Hoy:Yvi4EgNoNtlSJEc3uWaHbHHoy |
| MD5: | DE9AD647836B2E132904543E5858BF14 |
| SHA1: | 54AFC0FCABE3EEBA54464EC33A7D25C1F2D0EBEB |
| SHA-256: | 75C8BBCC30C0C950E32142AF1114CB9E9FAF1CA0BF1764787CE8CB3844B6B3B3 |
| SHA-512: | 40241D771070A118558563879F0E8A61D268C8220182A28CE1813E6522CF539B9273359D380BC801F3B14AF997E77C5DFFF5656EE1C2EF86A7788269CC720EB8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.261428579550448 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCANuBp1x+FIbRI6XVW7+0YEnQgoAvJfYdPeUkwRe9:YvXKXCuuBnUYpW7hnCGg8Ukee9 |
| MD5: | C69BC580C77C1AEE783714869F0CEC93 |
| SHA1: | A192DBD1E384FE13B6183F68CC33729A1C16D977 |
| SHA-256: | 6D66C6014CF89C2C1E6A61A3C037545469265D6CAE563B59115E625BBBD0F170 |
| SHA-512: | 86536E6F34C0B093226147EB9D3CE08B05B72F3D92C50E895D925C64BA3ACFF32D09A5EF3C3AC8637976C318879BEDB11F4A93D0B38503FDBD240723480F37BA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.772377912451303 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XCVFFiXrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNzy:YviXHgDv3W2aYQfgB5OUupHrQ9FJxy |
| MD5: | 83E7F2A3E7638EF2C7B3DC54389E5FF3 |
| SHA1: | A2907939E29C052E6F1BC31A177A75776F9334D0 |
| SHA-256: | 73F6C3EA3FEB53F3A8212F61EE06773A9AB2C87920F3CDA8387BCB9B462A6F66 |
| SHA-512: | 7E1EB7BA4FD288E316715027B4892CF67BC1CB16AFDFF3AB1889D9C7ECF9259A503C3EA8D79D95E513AEBE7B9C4E25975F117E39B24D3E2EABBF3B74EB717CEC |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.245240772897505 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCANuBp1x+FIbRI6XVW7+0YEnQgoAvJfbPtdPeUkwRe9:YvXKXCuuBnUYpW7hnCGDV8Ukee9 |
| MD5: | BE30D197EAA3CEC7589601ACE12D98D4 |
| SHA1: | B008EF4FA4191304E44D3DBE71F4517B7D8877A9 |
| SHA-256: | CA270954E5EC2666910AE939851147AB5C3D438FD9E1768E3E925E958C51BF8E |
| SHA-512: | C5DC5A7123924E36BE2A7C6418FED65FBE9DD2F090B6A19D2A657D67233B5546763E55135E80ECB272885FA1D52F3DAACEBDDE36675D73AC75FAAEB0364C4FD4 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.246065725510169 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCANuBp1x+FIbRI6XVW7+0YEnQgoAvJf21rPeUkwRe9:YvXKXCuuBnUYpW7hnCG+16Ukee9 |
| MD5: | 2D8ECF14D3CA2D88D38E0C7EB3450E28 |
| SHA1: | 5FA369F5760252B0FCE448BAEA273BDBFE4C751D |
| SHA-256: | 7792B96A99F9F6BB0700409246894E580A5EA3A18B2F56CB85781D4A000779DB |
| SHA-512: | A343963CDB3FBA4528F64F572456F5731D93001D3BEDE3DC80C665F45E734461DE65C8BDEF57016B59D687319A9D21608B700EDB7B34A04753A90A57B9485E18 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1250 |
| Entropy (8bit): | 5.715188616343049 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XCVFFilamXayLgEs54c3drNaHmTBcu14wChqx+plVCV9FJN3Hoy:YviZBgn5drpTB5OJhr9Q9FJ9Hoy |
| MD5: | E6F78CFFDFBA15755A60E81CE99B8733 |
| SHA1: | 257D1F3FF3ACC3D442D08DCACE1821BE1E9A6C37 |
| SHA-256: | 5AC3E3C7C259A5D9F9B567EAC3D857C2AB1FACFC49BD37319825A330312C9313 |
| SHA-512: | 8074D84099A7CFBDC4B0D843599A6A1B87FF273DE94CD90C63803767FB7596B25F351577A818BAF58D0887D48846B39E13444ACD98AD2804A5A43675C6140CDC |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.219717952649764 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXCANuBp1x+FIbRI6XVW7+0YEnQgoAvJfshHHrPeUkwRe9:YvXKXCuuBnUYpW7hnCGUUUkee9 |
| MD5: | 9E5E0D8D9CC71B87E27BB7EE9F79D89B |
| SHA1: | 78F1E65F7F3100140B0C854910F3D6CAA8D7ED6E |
| SHA-256: | CA9EB39C2CE657232EDDC06F37A595A0B323BD9DA6082CAE03DFEB15721D0D93 |
| SHA-512: | 796B42F1E068B715BDF99ADBEB68232896F5EC677BD302D0E9D1D6B95D1EEFA88F88CE032BB9D69269D6540E722E03B30D1FBE40C8487333C99B781AE34A3CB1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.3547135808764015 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXCuuBnUYpW7hnCGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW/u1:Yv6XCVFFi2168CgEXX5kcIfANhoy |
| MD5: | 70B91DE9D2F9D46C7C7C0E0FBD582D64 |
| SHA1: | F30C517A8C719DD2A542C15D421AE308BD3E688C |
| SHA-256: | D843E025A84DD368B84639952921DE22D9441B3D430AF1CA925ED647FEBF6F51 |
| SHA-512: | 59BA6DC5DA7530E187193CC347CDE29945F1E3BD4804D6D7CE798CDC94751E82C8CC3A65E5B2E4898C91F4121582F65C79F413D4476F24792F67CBA4341BADC5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2818 |
| Entropy (8bit): | 5.135839747134751 |
| Encrypted: | false |
| SSDEEP: | 48:YjH5GlEmJrOfL2cAUVVybabQU+vuVpkJpmLD/JQh9Lqprrx:hC4VUV81U+GE+LlQ/+pJ |
| MD5: | 06B8F5547AD5165646B5A5CE73D12565 |
| SHA1: | 4278AEDFD8BABAEC1DC2DCD00394A242A2A63971 |
| SHA-256: | FA8A00012BCD17EB311488B8F881EBCAB392E163462AAFC47AF173A43B8B76D3 |
| SHA-512: | 4C01A6E1E16E38EE304232FEFA27E6C0292F0025E785617536DBCBF88902B41611DFC19C61333750625F74D686311D41CA644F5BD5BE5DC293656A038C4D7D34 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.9837907608345322 |
| Encrypted: | false |
| SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpNFf4zJwtNBwtNbRZ6bRZ4mFfF:TVl2GL7ms6ggOVpgzutYtp6PL |
| MD5: | F7F3786D0A8A7754B792C347626399E9 |
| SHA1: | 6E83BFCC5A938D30554AE36220B895748BDC0F72 |
| SHA-256: | E0C60C352A2B399682489CB5A09E2A143245016BCCEB2C621EAFBB624C63E58A |
| SHA-512: | 70278AFC342CC6D4A06BF214017D341F6A84B8458D5EBBE99CC6C9E669F6A18733FC0A930B2E9E36E44B38F83D363B4AB1F4A59C72248A74380137EE68567BD0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.338614358163135 |
| Encrypted: | false |
| SSDEEP: | 24:7+tplAD1RZKHs/Ds/SpNFfPzJwtNBwtNbRZ6bRZWf1RZKjiRqLBx/XYKQvGJF7uL:7MfGgOVpHzutYtp6PMfqll2GL7msW |
| MD5: | 096C98D2EF0BCC299AC327BBF5F27707 |
| SHA1: | 32A19276DF6F58B2FBE2A01A9E66AD17DE423FDB |
| SHA-256: | 80D3F7FA623593CF33A891E5128C0951CB4D3F42F96BCE386E52298138AC941D |
| SHA-512: | 831252FE88F89F22FDAB2396577082AE085F1C0730F8A77B21F09247DB1BC81282330C8634FCD25282D84974D520EE9E3B36EADD1FD527F134F8EEC7F2255676 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66726 |
| Entropy (8bit): | 5.392739213842091 |
| Encrypted: | false |
| SSDEEP: | 768:RNOpblrU6TBH44ADKZEgN9dYn48b5QvkKtHTDVMztkImVYyu:6a6TZ44ADENrY48buMKWqVK |
| MD5: | 1C2F235D7EB7B967B428AD7155209B94 |
| SHA1: | 94764F4480EAFB1D679AB40082BFD8374C5913E6 |
| SHA-256: | F305BB0715D28D715208CD36CB2857E49B572630E3E8BF1B760C216ED8356AF1 |
| SHA-512: | 59322D029C7103A37E18193980A59F383CC1E982F6E53F52A767605DAD7EA377BE7E7671EFF910C9C73893F3FF59EB82668D1EEC4CB8196B50B6D99A2050ECB7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.486646639490294 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8qK2n4lYH:Qw946cPbiOxDlbYnuRKtK2noYH |
| MD5: | 868BF9F7359577C87A65195890FC86C7 |
| SHA1: | DDC0A6393B5269E9F040FA212D25808C35E0C79B |
| SHA-256: | 800CE6B7E3CE4AE8BF885B0CD8628D1D53702AA4E97A34380C12BCF9D312E2D0 |
| SHA-512: | 2EE8E6181BC44BB24FBE8E257FE01272A81A4E7587D4C71FA08F8A314EFE53ED2DDC0CA932EE475CB27139D86B0E1C000803833A710652185F8CE0FFCEE18E21 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-02-12 20-15-14-551.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.376360055978702 |
| Encrypted: | false |
| SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
| MD5: | 1336667A75083BF81E2632FABAA88B67 |
| SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
| SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
| SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.349445284081892 |
| Encrypted: | false |
| SSDEEP: | 384:xcYJIY18Re2Roe2PckrVWYeuN2w8w8Sbwd/JtvB0GncWnKKqNhvIXIl05XC6h51D:8xL |
| MD5: | C996B0C42668B0ED14BCDD320972F811 |
| SHA1: | D3BF2160BF4DAF8AD4C966F4F55FBBEF60292C28 |
| SHA-256: | 5ED8564FBA9F1F94BA2F9EBB9DFC45C161A69EFB0A40C59B46A6B27BDE45CA9C |
| SHA-512: | 9F18E78F9EAAFA1E9D09D8FE9C6A2DA2C30BA559F3BF3F9C45401D3D84C73B7270B5BAB8CF8D355E459433EB144133BB2DEEC638711ABE97C8D58D4A5B543D90 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29845 |
| Entropy (8bit): | 5.392076708209907 |
| Encrypted: | false |
| SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbZ:1 |
| MD5: | 08C06E4CF0514511A3655E493F577330 |
| SHA1: | 9EDF07C65A42335507B642CC3D9269B295E0A4D4 |
| SHA-256: | 5A12BFC150692EA385575D23627B7946A9E916F5C5AE318C59753864FF63B7EF |
| SHA-512: | E002A4C0CD8C0394E513FE2268C9E9E23E74B1D5323872FDA7F598CE91DFBE4F5C01D0AF8490ED5E76ECCA1DA43901195973A61E58E8F2FD6FFEEBE6371BB376 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/gWL07o4GZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:4WLx4GZjZwZGk3mlind9i4ufFXpAXkru |
| MD5: | C6DE2E081C576210E023AF885AA931A3 |
| SHA1: | 1CEFF36CBEAFA969720B01ECA8D3F7AB23412C8E |
| SHA-256: | D0C03410921BA00F6A3BE6ECA883188B05E0A346FC0BF891CCA298F9339A5988 |
| SHA-512: | BFD8EDACB7392C28612DD5D9E00B7D8CA4B9550258FDBF892AC1C4D52A4B46193B43DE60ED0757E47207139438614A80DFE961FC3B3B0118DB99C79FE875C25D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.747531582741921 |
| TrID: |
|
| File name: | S6EYDMM5FRYSUFUO.pdf |
| File size: | 53'463 bytes |
| MD5: | a46406310ca63339723f1e6b33bdc7d5 |
| SHA1: | 0e9a10c5489a0368e3d886b5c0cb95f65228d773 |
| SHA256: | 7e0dfbfcb7a7c2a65d9160b7750836d8b8d71a24c5dea559abf003efef0f36a0 |
| SHA512: | d93f8ac8341d538219b42c400b2e2a3029902bc26c3e47f2583996c3e5fce239b99df2b0b16c225ca1b5f7caded0b74f67c871e100b665e93f3b185dd1071775 |
| SSDEEP: | 768:45Vva8lUR0AlFSRDeQ3Eu/sDr6Hxn6Erf18SloKdmLyGi5KvYyucR+a:4ny70WSRT36Dron6gN8StdSMKvEcR+a |
| TLSH: | CA33C0BC940096EEE449F03E56133EAEFEE9188069B0C27533EDBF0B5B84855F987495 |
| File Content Preview: | %PDF-1.4.%.....3 0 obj.<< /Linearized 1 /L 53463 /H [ 582 121 ] /O 6 /E 53134 /N 1 /T 53285 >>.endobj. .xref.3 7.0000000015 00000 n .0000000533 |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.4 |
| Total Entropy: | 7.747532 |
| Total Bytes: | 53463 |
| Stream Entropy: | 7.743310 |
| Stream Bytes: | 51767 |
| Entropy outside Streams: | 4.900578 |
| Bytes outside Streams: | 1696 |
| Number of EOF found: | 2 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 9 |
| endobj | 9 |
| stream | 4 |
| endstream | 4 |
| xref | 2 |
| trailer | 2 |
| startxref | 2 |
| /Page | 1 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 7 | 1278211505850c04 | ad71f965619ea1905ba7af3c030c3db6 |  |
| 8 | 0000000000000000 | 091633745fb9bfc52547267330a62fd7 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 12, 2024 20:15:24.955719948 CET | 49714 | 443 | 192.168.2.5 | 23.63.158.36 |
| Feb 12, 2024 20:15:24.955766916 CET | 443 | 49714 | 23.63.158.36 | 192.168.2.5 |
| Feb 12, 2024 20:15:24.955905914 CET | 49714 | 443 | 192.168.2.5 | 23.63.158.36 |
| Feb 12, 2024 20:15:24.956130028 CET | 49714 | 443 | 192.168.2.5 | 23.63.158.36 |
| Feb 12, 2024 20:15:24.956150055 CET | 443 | 49714 | 23.63.158.36 | 192.168.2.5 |
| Feb 12, 2024 20:15:25.274683952 CET | 443 | 49714 | 23.63.158.36 | 192.168.2.5 |
| Feb 12, 2024 20:15:25.275113106 CET | 49714 | 443 | 192.168.2.5 | 23.63.158.36 |
| Feb 12, 2024 20:15:25.275146008 CET | 443 | 49714 | 23.63.158.36 | 192.168.2.5 |
| Feb 12, 2024 20:15:25.279048920 CET | 443 | 49714 | 23.63.158.36 | 192.168.2.5 |
| Feb 12, 2024 20:15:25.281275988 CET | 49714 | 443 | 192.168.2.5 | 23.63.158.36 |
| Feb 12, 2024 20:15:25.281275988 CET | 49714 | 443 | 192.168.2.5 | 23.63.158.36 |
| Feb 12, 2024 20:15:25.281397104 CET | 49714 | 443 | 192.168.2.5 | 23.63.158.36 |
| Feb 12, 2024 20:15:25.281409025 CET | 443 | 49714 | 23.63.158.36 | 192.168.2.5 |
| Feb 12, 2024 20:15:25.281740904 CET | 443 | 49714 | 23.63.158.36 | 192.168.2.5 |
| Feb 12, 2024 20:15:25.330583096 CET | 49714 | 443 | 192.168.2.5 | 23.63.158.36 |
| Feb 12, 2024 20:15:25.330610037 CET | 443 | 49714 | 23.63.158.36 | 192.168.2.5 |
| Feb 12, 2024 20:15:25.377362013 CET | 49714 | 443 | 192.168.2.5 | 23.63.158.36 |
| Feb 12, 2024 20:15:25.384387016 CET | 443 | 49714 | 23.63.158.36 | 192.168.2.5 |
| Feb 12, 2024 20:15:25.384480000 CET | 443 | 49714 | 23.63.158.36 | 192.168.2.5 |
| Feb 12, 2024 20:15:25.384604931 CET | 49714 | 443 | 192.168.2.5 | 23.63.158.36 |
| Feb 12, 2024 20:15:25.385170937 CET | 49714 | 443 | 192.168.2.5 | 23.63.158.36 |
| Feb 12, 2024 20:15:25.385189056 CET | 443 | 49714 | 23.63.158.36 | 192.168.2.5 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49714 | 23.63.158.36 | 443 | 5752 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-02-12 19:15:25 UTC | 475 | OUT | |
| 2024-02-12 19:15:25 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 20:15:11 |
| Start date: | 12/02/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff686a00000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 20:15:12 |
| Start date: | 12/02/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 20:15:12 |
| Start date: | 12/02/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly