Windows
Analysis Report
ATT0394382.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | true |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
Acrobat.exe (PID: 6480 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\A TT0394382. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) AcroCEF.exe (PID: 2828 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) AcroCEF.exe (PID: 4744 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 08 --field -trial-han dle=1756,i ,708153111 8072016957 ,951564188 9187517562 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.47.168.24 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467827 |
Start date and time: | 2024-07-04 20:43:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | ATT0394382.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/43@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.22.41.97, 3.219.243.226, 3.233.129.217, 52.6.155.20, 172.64.41.3, 162.159.61.3, 2.16.241.13, 2.16.241.15, 173.222.108.210, 173.222.108.226, 2.19.126.149, 2.19.126.143
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com, wu-b-net.trafficmanager.net
- VT rate limit hit for: ATT0394382.pdf
Time | Type | Description |
---|---|---|
14:44:05 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.47.168.24 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | ScreenConnect Tool | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Vidar | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.1715967943959615 |
Encrypted: | false |
SSDEEP: | 6:BOVESWAq2P92nKuAl9OmbnIFUt84OVE32ZZmw+4OVE32zkwO92nKuAl9OmbjLJ:EVTfv4HAahFUt81VK2Z/+1VK2z5LHAae |
MD5: | 485E8DCD258F8BEB7B3132828294FCC3 |
SHA1: | 6FADC8F1A2082D4D73E7F56664F1481999D957B4 |
SHA-256: | EEE4D3651931D883A31853C2E0166FCA0698A479CB4399B10FE42334D6C56E66 |
SHA-512: | CF924C138C918DB4E8BB9ABCEB2072602332F6D4430723DE69E25091ABC1C70E8D52D3D385EDE608228824246D4AF438DCE3CDF39D7A6F9C1BCE9CE81C379190 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.1715967943959615 |
Encrypted: | false |
SSDEEP: | 6:BOVESWAq2P92nKuAl9OmbnIFUt84OVE32ZZmw+4OVE32zkwO92nKuAl9OmbjLJ:EVTfv4HAahFUt81VK2Z/+1VK2z5LHAae |
MD5: | 485E8DCD258F8BEB7B3132828294FCC3 |
SHA1: | 6FADC8F1A2082D4D73E7F56664F1481999D957B4 |
SHA-256: | EEE4D3651931D883A31853C2E0166FCA0698A479CB4399B10FE42334D6C56E66 |
SHA-512: | CF924C138C918DB4E8BB9ABCEB2072602332F6D4430723DE69E25091ABC1C70E8D52D3D385EDE608228824246D4AF438DCE3CDF39D7A6F9C1BCE9CE81C379190 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.195930565970439 |
Encrypted: | false |
SSDEEP: | 6:BOVER6FN+q2P92nKuAl9Ombzo2jMGIFUt84OVEbZmw+4OVErVkwO92nKuAl9OmbX:EVcv4HAa8uFUt81VS/+1Ve5LHAa8RJ |
MD5: | 1021F7C064D4C02DDCBD8CC49B622D29 |
SHA1: | EA760A256FFAAB8170C7F57701C3241A560772D0 |
SHA-256: | BC1801E7CABB91CD00F90095CD75267153BB37E628D53FF200B10745C76D6A15 |
SHA-512: | 199C87E15709825F6C67A3065430BB906A038869297B5BCCF31B979D76C61B50C02D0C85B33AC0A6B62307AFD17EB117AA63C08DE67381E56379B37436F9981F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.195930565970439 |
Encrypted: | false |
SSDEEP: | 6:BOVER6FN+q2P92nKuAl9Ombzo2jMGIFUt84OVEbZmw+4OVErVkwO92nKuAl9OmbX:EVcv4HAa8uFUt81VS/+1Ve5LHAa8RJ |
MD5: | 1021F7C064D4C02DDCBD8CC49B622D29 |
SHA1: | EA760A256FFAAB8170C7F57701C3241A560772D0 |
SHA-256: | BC1801E7CABB91CD00F90095CD75267153BB37E628D53FF200B10745C76D6A15 |
SHA-512: | 199C87E15709825F6C67A3065430BB906A038869297B5BCCF31B979D76C61B50C02D0C85B33AC0A6B62307AFD17EB117AA63C08DE67381E56379B37436F9981F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\39a00701-6dc5-46a3-8a20-c0cc942a40e2.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.047098793264739 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqPrsBdOg2HRcaq3QYiubxnP7E4T3OF+:Y2sRdskMdMHo3QYhbxP7nbI+ |
MD5: | 62B78E73191FBBD7A2308EEB6430C4D9 |
SHA1: | 4BFF466012AEA707365129988C04EC2FDB38A606 |
SHA-256: | B40C84A919847367C4ACED40CD0257A37194DCFBFE2E8827AACE097C8752ACF6 |
SHA-512: | D4CA446F0464885BBC03EA8112D84A48CF0893B0DF5DC2ECB97D9A5B3461ED19D14B31BEDECB5913DB3036DCA4D13C16528A86EB5EABE29DE4A2BF43463CFFF2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047098793264739 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqPrsBdOg2HRcaq3QYiubxnP7E4T3OF+:Y2sRdskMdMHo3QYhbxP7nbI+ |
MD5: | 62B78E73191FBBD7A2308EEB6430C4D9 |
SHA1: | 4BFF466012AEA707365129988C04EC2FDB38A606 |
SHA-256: | B40C84A919847367C4ACED40CD0257A37194DCFBFE2E8827AACE097C8752ACF6 |
SHA-512: | D4CA446F0464885BBC03EA8112D84A48CF0893B0DF5DC2ECB97D9A5B3461ED19D14B31BEDECB5913DB3036DCA4D13C16528A86EB5EABE29DE4A2BF43463CFFF2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.234537104173891 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUCcjpGt6:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLw |
MD5: | 36922BC8B1A1F07EECDE43E59D9BEE20 |
SHA1: | 35848554AC5B2370EDC89AF0CEB6CA6C31AE8E22 |
SHA-256: | 8A6473BDBEF2331645B859BE7CBD75DA6C3FA786BBA5739C5F4C9F4ACF8CFB9C |
SHA-512: | 2B7A7ED5B92EE0830510CF295C0C048A26481B0260C15CF7C948D8DA11731AB97C7D345FF151D41B5F9C38C3037A0BD4B5D5D2427233CF65363E77CAD67E30A2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.251641822007949 |
Encrypted: | false |
SSDEEP: | 6:BOVEYf+q2P92nKuAl9OmbzNMxIFUt84OVEprZZmw+4OVEyfVkwO92nKuAl9OmbzE:EVxmv4HAa8jFUt81VCZ/+1V15LHAa84J |
MD5: | 36E91D047A8AEE9169427DC50D84E780 |
SHA1: | 92B460244CDDB05C4CF16E8BB135B7D0773DCDB3 |
SHA-256: | EAC8EFEF0D8DB9105C3E9ECC307B5EEB44BB6204D0C78EE311D5820482104708 |
SHA-512: | 913378E421A299612A12925DE930EED87DAB6496E79AC8BB17710F9C43FF9C0713771BC51D0295BE520AAF5CC9D27164BA316B9795A67B46EE5C93B3ACB72396 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.251641822007949 |
Encrypted: | false |
SSDEEP: | 6:BOVEYf+q2P92nKuAl9OmbzNMxIFUt84OVEprZZmw+4OVEyfVkwO92nKuAl9OmbzE:EVxmv4HAa8jFUt81VCZ/+1V15LHAa84J |
MD5: | 36E91D047A8AEE9169427DC50D84E780 |
SHA1: | 92B460244CDDB05C4CF16E8BB135B7D0773DCDB3 |
SHA-256: | EAC8EFEF0D8DB9105C3E9ECC307B5EEB44BB6204D0C78EE311D5820482104708 |
SHA-512: | 913378E421A299612A12925DE930EED87DAB6496E79AC8BB17710F9C43FF9C0713771BC51D0295BE520AAF5CC9D27164BA316B9795A67B46EE5C93B3ACB72396 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 ![encrypted](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAXCAYAAAARIY8tAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQyIDc5LjE2MDkyNCwgMjAxNy8wNy8xMy0wMTowNjozOSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6NkY0N0QxMkZFMDExMTFFNzlEQjNEM0NBNTA2NjRBOEEiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6NkY0N0QxMkVFMDExMTFFNzlEQjNEM0NBNTA2NjRBOEEiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjUxREYxNzEwRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjUxREYxNzExRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+MtWoxQAAAcJJREFUeNpi/P//PwMyYGRkhLOrauvZuDg5izk5OZPff/ig9O/fP0YGVADSfBOI5wLxpLbmxl9wCai5jLgsABkuJiq6j5ub2/rBw4cM6OqwgD1A7A2zBKaeBZdqoMFNwsLC1tdv3ABxXwPxJiD+gqaMB4j9gFgUiF2AuBaKEQ7G5gOg61nk5eXev3v7jufzly93gcKWQJe9xuYQoFqQ4ceBWBmIP4AsA6r9AzOXCYcHVIDhDjIcxJ6My3AQgMpNhnIFQHqR5XFZwMHECJd6yEAYIKvhIMYCqoFRCwgCjGSanZPzhpeXVwiYXBn///vH8PPXr/8MaGpu3Ljx+e/fv/+RkjYrExMTF4gNzO1fgGYe27VrlzvWjCYsJCT8/ccPkEKIF5mYGLE4jA+lvAA6AGghcuZzwxlE/4CKYYbTPQ5AuVxTU5PBzMwMpVDEB1hIscDB3p7Bx8cHzJ49ezbD6tWrqesDGRkZOFtNTY36QXT02DFw/IAidNOmTdQPonv37jFcv36d4fPnzwyXL1+mTUb7j1SZDIqcjBFEhFx34sQJhkcPH5Jvwa9fv/BqAMXBtatXyQ+iHz9+/KRCyFyDMQACDADO2LiJuitcAQAAAABJRU5ErkJggg==)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.137989037915285 |
Encrypted: | false |
SSDEEP: | 6:kKM+9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:UhDnLNkPlE99SNxAhUe/3 |
MD5: | 727A30C102DC646633811A515430F900 |
SHA1: | 13C6566B14F22855B2D589033FB0509853399FEF |
SHA-256: | DD8F0DE4335853EE02A5280EE20566C58430A4DCA0B38FDAB4068C95B85DF85B |
SHA-512: | 31F21BCC71815AC1A1866B011508DB83F1EDC00EEBCF4DE7E7517955A6FA1A43482CDE800852CACCC92FA18BA7CB6B6709098819E31A7C3C2A56C3F25A3E65B8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.034404395079139 |
Encrypted: | false |
SSDEEP: | 3:kkFklFslfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnklc:kKSYxliBAIdQZV7I7kc3 |
MD5: | A0BCF5EB38034E78A3C782826A27C13C |
SHA1: | 29984C59581489405A024867FA9580B15E0B9B6C |
SHA-256: | 63CC2754C2B1654AAD045136FB88968AE2C6C503F1D874680852CD95BA741584 |
SHA-512: | 869EB20B0749B4E9B4459A065E74F3D08AEB50138EC3756A1A1F701EEE505D07ECF036E0D6006FFAFEF13E9439FEBBA3F87D2193BE7F1BDB0A9A03DD748F43E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.310008885602657 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1fKf+FIbRI6XVW7+0YOXNTUoAvJM3g98kUwPeUkwRe9:YvXKXF7YpW79BnGMbLUkee9 |
MD5: | F71E4DD58D6D90E5B7BB867110E786C0 |
SHA1: | B7D5F6713CF9BC9EF0482FCAD1323E5C9FBA81B2 |
SHA-256: | A02B3B940EFAFA23B0355ED4CD2B39EADF34A1659DD449116ECD25BB363F31C0 |
SHA-512: | 30478C7344280FA846A3BB5A78CB5669D021EC0348281F1D4A36712304A814BD0D2D8FE21D183A6B4E72103BCBAD8067CED81B0F643E9A6FB6CBD66335F1FCEB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.245969411277556 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1fKf+FIbRI6XVW7+0YOXNTUoAvJfBoTfXpnrPeUkwRe9:YvXKXF7YpW79BnGWTfXcUkee9 |
MD5: | 2337939F65CAF18871F473826BEA8AA8 |
SHA1: | C26C46F19B14B8DF1B3D8B161CD988C317C621B9 |
SHA-256: | 52EB32A1758F97528DB266DBE22A9EDBB86D11183F5B7D9D0207824E519E4277 |
SHA-512: | 8660AF5B0C48D3B45159DD2D1419E28E408778BA5813B7C99835711B79B62EE3FB5E4FA8244CC969F69B423C374D7E6348EA7E754860B10EAD7D92063D185338 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.224108326022824 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1fKf+FIbRI6XVW7+0YOXNTUoAvJfBD2G6UpnrPeUkwRe9:YvXKXF7YpW79BnGR22cUkee9 |
MD5: | 567E5B99F67365B114D9BD9BF6F39BD9 |
SHA1: | 1F709368A03269F963D6C8D3490C184ED0759FDB |
SHA-256: | 937192F387C3AA463A797D2501BF5B608571B509B6BFA2E792844929475A8D00 |
SHA-512: | D94670FEE65B44A103B256B3E90BC79AEA60E0F3E9B64A88BA209BC7666B58D973C1EA5C0BA862ACF3A91698CC0F4961EA2FF2538BD310196927630E3AD82A43 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.287029675512223 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1fKf+FIbRI6XVW7+0YOXNTUoAvJfPmwrPeUkwRe9:YvXKXF7YpW79BnGH56Ukee9 |
MD5: | F40FD37114DE69881617BC197850A15A |
SHA1: | BF2884F5F682801EF9B8C936FC5F2B423296F8B5 |
SHA-256: | DC55360F37BAB909CFFE8E798FBD338E0429A5CF7FAEE821088BF24E7317EC95 |
SHA-512: | 60B6DE0B3BB229ADC90010E9A7EE9775B42BC725EBB02CA6AF61C3E27E9F55E2AD7D511093270A63B4AEECF8968D94CA6324B260CCA6182C4063E20D248226AC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.246952791660052 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1fKf+FIbRI6XVW7+0YOXNTUoAvJfJWCtMdPeUkwRe9:YvXKXF7YpW79BnGBS8Ukee9 |
MD5: | DCC88B16DF5EDE8C4C34D52F6C1A2049 |
SHA1: | C5FB1ACECC1143ADD51EB0FA1B33B3F8B778C6AF |
SHA-256: | 1918E3CAA842794094B7DDF575177D16F55FC5BADDA573D405B6F2D6EE284765 |
SHA-512: | E7C639C4D45DDFD415684DC6BAF5E8546DF0C913883E3D28E0A42503E5C8676B1BC80FD836128B665DB54941AB780BD31E6473638CC39C33C4F8107E1C13C58A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.232053976411345 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1fKf+FIbRI6XVW7+0YOXNTUoAvJf8dPeUkwRe9:YvXKXF7YpW79BnGU8Ukee9 |
MD5: | 83A5B56D437D24A39EADD92E93AA27B1 |
SHA1: | 3D4E7F1D5A7554FC5E140D860EBB845BE5581054 |
SHA-256: | 08A38432F51FA51B7619A06D7E31ABE59580C544C14891F8A636484F0B32AE1C |
SHA-512: | 9286C7807A891322B2E189242F1A17475011902B65CB97DE69A5437565CA3F45A6708F23984FB629C7B062DA0BC2AC6EBC3CDB1EAED5EE91E65E88CDADD98004 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.234798176343364 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1fKf+FIbRI6XVW7+0YOXNTUoAvJfQ1rPeUkwRe9:YvXKXF7YpW79BnGY16Ukee9 |
MD5: | B32D090A7E5E0A4E4433FDE4C1320F34 |
SHA1: | 798E800883BF6DC46496808CB6B9E3BE5DBBF322 |
SHA-256: | C58FF1ABE573CB0742316840344D965487A3CD0406C0CC4426696F772325CEF9 |
SHA-512: | C7AC3793C5D53BED8D6FB0B5A96405A120727FF3E5727299E8B3CE9F2D04DC42A9BA6F6AD42B7C2BED57C975798242494E71A85A56780237C336F1924B2BF379 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.255291995390084 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1fKf+FIbRI6XVW7+0YOXNTUoAvJfFldPeUkwRe9:YvXKXF7YpW79BnGz8Ukee9 |
MD5: | AF3C39CDDCEC3FEBAB6D059FB00AB2BD |
SHA1: | 702A7194A2D61EEED789AB60329D673DC8D787AC |
SHA-256: | D486F3FA04D4CD257851915C7D1D18156E0CB281E9645B7D4DF232F0BA0CB43F |
SHA-512: | C7B220184733539DC8A2853ECFF3400799ED46B88C10BE092FEC3EE0333E18EDA29CFF6585FFFF0C3BD6810283EBA016BB48A9CE7198CA4BE09458382EDAB961 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.7334393159964065 |
Encrypted: | false |
SSDEEP: | 24:Yv6X6i9B/KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNH:YvqnEgigrNt0wSJn+ns8cvFJN |
MD5: | D15DFB182207BCD4DC63CB6E67D53DBC |
SHA1: | 0A3AF1D7C4428F4127A571F46E4C1105B99907C4 |
SHA-256: | ABCE539F1A083439A857D96EB953A78EC81FA5E738CECD69418897E3B385B2D7 |
SHA-512: | AAF0B244262999B76FA379522FB02D211820F187F8AFEDF65EA4D5CBFFB3B06055072C39D8B0FFDAE6085401C27ADFD0F4F5073BC251043C1FF55BAC43EAD9CD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.240480597278456 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1fKf+FIbRI6XVW7+0YOXNTUoAvJfYdPeUkwRe9:YvXKXF7YpW79BnGg8Ukee9 |
MD5: | 8246FA2782B7F0E6BAAA7A5C0BF980FF |
SHA1: | AFE6FD5B510A7C4E257642ACC711856699753AA0 |
SHA-256: | 7FC89BAC4C16AF1CA3E26FD0C6A5C66D8F908D350674B83F2D2FE341D1D81C33 |
SHA-512: | F26A498D4D799E7AE597F744F206A21D37356080F607FAA739BAE442997EF0E42AB5E71FB4D4B4D562CA53AFE7707DC20867DA9F28FB40652112BEA49AB673C7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.769051486280706 |
Encrypted: | false |
SSDEEP: | 24:Yv6X6i9BCrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNv:Yvq6HgDv3W2aYQfgB5OUupHrQ9FJ5 |
MD5: | D491F2486EE2E0061A0C3B4037D0F39F |
SHA1: | 602846EA8E802A0C6D023963CC27D6231193B6ED |
SHA-256: | 2BA13F3ECCFEE704A538837FBE4AF4382C6C77975CEE20E257A24B8C7A616879 |
SHA-512: | C37B3F89BF3E9FA84B7CEEB6FAF5BF4C04587BE9ED43379F09A83647E86DF5AD9B5876031D81F91C1560CF9511E3933612300EEFE5F3E23951C6B1D8573CEF3D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.224436763012262 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1fKf+FIbRI6XVW7+0YOXNTUoAvJfbPtdPeUkwRe9:YvXKXF7YpW79BnGDV8Ukee9 |
MD5: | DC73EA085B256A79D4C634A673C11AAE |
SHA1: | 2EC529753FCBD3B1CA29165BAC54BAA37B14F1AA |
SHA-256: | 0F9F1C4F28183100CF26B1C3D107E43D72F44D4E8E7729CD35D87C9E09D73FE6 |
SHA-512: | B168272A06EE55CCA851ED149B0E3DAFE5C29AC7D187F63615C90B402B92FF637553609C1CD90860F93FE6AAB5AFE555078A256854650B38B284FE20F339BED9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.226377558395634 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1fKf+FIbRI6XVW7+0YOXNTUoAvJf21rPeUkwRe9:YvXKXF7YpW79BnG+16Ukee9 |
MD5: | BA5DEA7748CC1D0782FE829125FB5418 |
SHA1: | 714AB488A5B64C620C88313EADB9F3BC0E442DFA |
SHA-256: | 73944590ABECC308DD1175F07F262803F561A345B8009D4B2EDBD669A145DF0F |
SHA-512: | 923712C88BFE85628D89DB90A80D6A46E72A98AC65FC148AE58949CF7B824D62AB2A98CA506E4B854C3C1A24C8C5B58906D303BDD539A1CD5167D0459C76B46F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.247315726036604 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1fKf+FIbRI6XVW7+0YOXNTUoAvJfbpatdPeUkwRe9:YvXKXF7YpW79BnGVat8Ukee9 |
MD5: | F40A68481B7C1EC2EA756558EB069A55 |
SHA1: | CA602418FF92C7B90710A52C5F5AB13CDA0EA880 |
SHA-256: | D466B51B333CE1990F25042843D29F6DE574037E3448C31867C934EE1E1F05B9 |
SHA-512: | DC37B49648A9C10328E238DE934D7D256C608486DC7E3D55D81C0D329CFBBE4A90CD88C01285833F82A8B5A8C092B7FED3AC6B62D296AEEA7012F5F1214358CC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.201982090758448 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1fKf+FIbRI6XVW7+0YOXNTUoAvJfshHHrPeUkwRe9:YvXKXF7YpW79BnGUUUkee9 |
MD5: | BB10847D6D766984AEF5D25A404242F2 |
SHA1: | 35F228B5513CB4768206B4F01A40329C3EF6B431 |
SHA-256: | F3A4D95F394BDCF79C460D9BE6681F56469AD34DDDD55292ED68DC2675C9156C |
SHA-512: | DF8D8E0BA80F1FEDFBCB7664994C051FBA1C9724B97D8088ABE68721357B39C986A4E35884D0FC7FEDC31F55683687DB84AD9A19ED1FBA9921D7AD927E739DCF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.34950856316145 |
Encrypted: | false |
SSDEEP: | 12:YvXKXF7YpW79BnGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWzX:Yv6X6i9Bn168CgEXX5kcIfANhm |
MD5: | 4E965AF1F6A675E675E6615FA88FDA21 |
SHA1: | B32F967168E3104241CDB5FDA26E8C466252434B |
SHA-256: | D41BD5844729BB6E3C93A3C8738457A9430928229EF96184B47CC0D2844FBFFE |
SHA-512: | 8BB228F4FDA79E8FC1F58C1929A49D8DFCB2FE9B6BA1F2B6BE96DE40FB4B8BA87AABE4B2635DA77A7F284C9B8AA06B73ED32F61B0BB1611E6E8B1500427726D4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.123695946022555 |
Encrypted: | false |
SSDEEP: | 24:YFJCLHlBOBpdmG6j7aKkKmayA1w0wIG9VjKH0LqAj0SfwH0X2312LS5Qc56h9TxJ:YjIHPOBpwGEFftGvSFSrkjQcAh97 |
MD5: | 9C85968263ADD0131E5E489F63BC2C06 |
SHA1: | 1C8E5108E8114FC0E9A53EEF5211A7D169C8C407 |
SHA-256: | B2B90C744FC84AC09436ADDA5F51A7A53D2D7E4043EE90AC6E278459AC6842A3 |
SHA-512: | 336AF7C1123CE5181C4CA316C355B28045ED2DB7147DC48536DB8D30DE047C3DFF6938A297AFBDADAF2E6B1006FCB7D7B1310FA3D5652F93E84C308C98008A0F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.98570020615023 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpJFoL4zJwtNBwtNbRZ6bRZ4sFoLF:TVl2GL7ms6ggOVpJ9zutYtp6P3q |
MD5: | FDA09F0FA6AFB9DD378E66B34AA4EE9D |
SHA1: | 8DB0B9623779BF48904C2DDF9A276840A789AA38 |
SHA-256: | 5C7310823EF81716E801D973BC050AEF15E0AEBA0A4D66C32A613004F0325DDD |
SHA-512: | E119725A397FED7C030402494440FFD100A62596C25D00B6756FB3A60745FB0CDBFC83D1EAAFD0B5C08CAE1297FEDDC39D331F5E83351A1F8B97A779F91DC29F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3380092567233997 |
Encrypted: | false |
SSDEEP: | 24:7+tM/vAD1RZKHs/Ds/SpJFoLPzJwtNBwtNbRZ6bRZWf1RZK3qLBx/XYKQvGJF7uQ:7MkGgOVpJmzutYtp6PMWqll2GL7msl |
MD5: | 9F4CFFB7A5C39636D6520803A924F065 |
SHA1: | 19A1EEE00E364C93DAA179E262441DF8DFD4DA0E |
SHA-256: | 0A52CCA3D779A129733179804FD420185B23A8F891B172578B505376DF02B379 |
SHA-512: | 7AB2C32E3D45358ACAD8198FAC26B85A29918C2D25A6046223975447B2766C61E3BF239EECD167C72630B21B602EA14E7D983406CA38E84916EB83751AF59BD7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5329345335875004 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82/aRIfp:Qw946cPbiOxDlbYnuRK//TB |
MD5: | ABC5065865A5D46DB76E5B2373E9BA7D |
SHA1: | 3A9CD275364F632741E980738B54E43F285A8DC9 |
SHA-256: | 6287597FB243641DDF3D04B49B31FCA4EBEC6D880D0638BE2D255AF9203190E0 |
SHA-512: | CF9F646F0E9E2D596FF2FED85A3A42C193467F179F359687AC513D544338DA8E637254CF87AF246CA65DCB40CD32AFAC206A57E34848E6C27EC51A9C6AD4FE22 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-04 14-43-54-787.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.326769642388506 |
Encrypted: | false |
SSDEEP: | 384:x9TELx13uNIuFzSWprCGoqHDEBDBDuW5/X6GAo4EhDyX531//U5uVeVMBxoK/iyS:okQ |
MD5: | 9EA5D5B96BBB43BCB651C07DAB208884 |
SHA1: | 940FFBD11D3B8D3E6018E7E43C52BD99792713F0 |
SHA-256: | EF0D82CCC05CB3BE53E3A65D542B985F21FA2A05CEA2B78F745B7EC8B9C4CADE |
SHA-512: | EF7517BDE86C045CAE3EA04D1547AAC505B15991221B99B571BA33D46D1DAD838510C97844B028C691A47A6A8CEB9A8E9467A34620B2D357A66016F561AB28A3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.389917317329204 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbG:C |
MD5: | 0760690BCADF6027C550D09BFDA88545 |
SHA1: | EDB8BB60FBAE2A43B9C54A85BBC838D297115A5F |
SHA-256: | BA49CCBECE53750682B84713503EEF22B7A5E783A148BE1E4999A07FC7FB972E |
SHA-512: | B6B4B9A773966275A36C8CC2740E8FD871CE2175122AF79A7268BE3063B05AE8CA25FCD3EB948EADF1986307E10BD373015DB15A7109BDE0E4429B8839FD6C01 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLcGZtwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLcGZa |
MD5: | 22B260CB8C51C0D68C6550E4B061E25A |
SHA1: | DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E |
SHA-256: | DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0 |
SHA-512: | 503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 0.0 |
TrID: | |
File name: | ATT0394382.pdf |
File size: | 2 bytes |
MD5: | 23b58def11b45727d3351702515f86af |
SHA1: | 099600a10a944114aac406d136b625fb416dd779 |
SHA256: | 6c179f21e6f62b629055d8ab40f454ed02e48b68563913473b857d3638e23b28 |
SHA512: | 16b7aa7f7e549ba129c776bb91ce1e692da103271242d44a9bc145cf338450c90132496ead2530f527b1bd7f50544f37e7d27a2d2bbb58099890aa320f40aca9 |
SSDEEP: | 3:/:/ |
TLSH: | |
File Content Preview: |
Icon Hash: | 62cc8caeb29e8ae0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 4, 2024 20:44:06.225440025 CEST | 49716 | 443 | 192.168.2.5 | 23.47.168.24 |
Jul 4, 2024 20:44:06.225471020 CEST | 443 | 49716 | 23.47.168.24 | 192.168.2.5 |
Jul 4, 2024 20:44:06.225552082 CEST | 49716 | 443 | 192.168.2.5 | 23.47.168.24 |
Jul 4, 2024 20:44:06.225703001 CEST | 49716 | 443 | 192.168.2.5 | 23.47.168.24 |
Jul 4, 2024 20:44:06.225713968 CEST | 443 | 49716 | 23.47.168.24 | 192.168.2.5 |
Jul 4, 2024 20:44:06.880752087 CEST | 443 | 49716 | 23.47.168.24 | 192.168.2.5 |
Jul 4, 2024 20:44:06.881028891 CEST | 49716 | 443 | 192.168.2.5 | 23.47.168.24 |
Jul 4, 2024 20:44:06.881041050 CEST | 443 | 49716 | 23.47.168.24 | 192.168.2.5 |
Jul 4, 2024 20:44:06.882015944 CEST | 443 | 49716 | 23.47.168.24 | 192.168.2.5 |
Jul 4, 2024 20:44:06.882075071 CEST | 49716 | 443 | 192.168.2.5 | 23.47.168.24 |
Jul 4, 2024 20:44:06.884063005 CEST | 49716 | 443 | 192.168.2.5 | 23.47.168.24 |
Jul 4, 2024 20:44:06.884119034 CEST | 443 | 49716 | 23.47.168.24 | 192.168.2.5 |
Jul 4, 2024 20:44:06.884260893 CEST | 49716 | 443 | 192.168.2.5 | 23.47.168.24 |
Jul 4, 2024 20:44:06.884265900 CEST | 443 | 49716 | 23.47.168.24 | 192.168.2.5 |
Jul 4, 2024 20:44:06.939032078 CEST | 49716 | 443 | 192.168.2.5 | 23.47.168.24 |
Jul 4, 2024 20:44:06.988507986 CEST | 443 | 49716 | 23.47.168.24 | 192.168.2.5 |
Jul 4, 2024 20:44:06.989164114 CEST | 49716 | 443 | 192.168.2.5 | 23.47.168.24 |
Jul 4, 2024 20:44:06.989192009 CEST | 443 | 49716 | 23.47.168.24 | 192.168.2.5 |
Jul 4, 2024 20:44:06.989306927 CEST | 443 | 49716 | 23.47.168.24 | 192.168.2.5 |
Jul 4, 2024 20:44:06.989326954 CEST | 49716 | 443 | 192.168.2.5 | 23.47.168.24 |
Jul 4, 2024 20:44:06.991786003 CEST | 49716 | 443 | 192.168.2.5 | 23.47.168.24 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49716 | 23.47.168.24 | 443 | 4744 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 18:44:06 UTC | 475 | OUT | |
2024-07-04 18:44:06 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:43:51 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 2 |
Start time: | 14:43:54 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 4 |
Start time: | 14:43:55 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |