Edit tour
Windows
Analysis Report
a63.pdf
Overview
General Information
| Sample name: | a63.pdf |
| Analysis ID: | 1467830 |
| MD5: | e800cacb7da9706f7cbadecc954b0a10 |
| SHA1: | 58342023921cfa86088d234ba94230e805acfe94 |
| SHA256: | 13a80791ee707dca434fa10783c8adc4175c091adc6499c8cbc32db0d59a27f8 |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 4176 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\a 63.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 3392 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6436 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 00 --field -trial-han dle=1640,i ,627395230 2131609035 ,143439629 5294344410 8,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 96.17.64.189 | unknown | United States | 16625 | AKAMAI-ASUS | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1467830 |
| Start date and time: | 2024-07-04 21:00:23 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 2s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 12 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | a63.pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@14/47@0/1 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 34.237.241.83, 54.224.241.105, 18.213.11.84, 50.16.47.176, 162.159.61.3, 172.64.41.3, 2.19.126.143, 2.19.126.149, 184.24.77.47, 184.24.77.69, 88.221.110.96, 88.221.110.91
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com, wu-b-net.trafficmanager.net
- VT rate limit hit for: a63.pdf
| Time | Type | Description |
|---|---|---|
| 15:01:26 | API Interceptor |
| Input | Output |
|---|---|
| URL: PDF Model: gpt-4o | ```json{ "riskscore": 0, "reasons": "The provided screenshot of the PDF document does not contain any visually prominent button or link. There is no text present in the screenshot that could create a sense of urgency or interest. Additionally, there is no indication of impersonation of well-known brands. Therefore, there is no evidence to suggest that this PDF document could mislead the user into clicking on a potentially harmful link."} |
 |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 96.17.64.189 | Get hash | malicious | HTMLPhisher | Browse | ||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Jupyter | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AKAMAI-ASUS | Get hash | malicious | Vidar | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Moobot | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 298 |
| Entropy (8bit): | 5.143715161655519 |
| Encrypted: | false |
| SSDEEP: | 6:BOXhUFA9+q2PN72nKuAl9OmbnIFUt84OXhQFiN2WZmw+4OXhQFiN9VkwON72nKui:EXhcA9+vVaHAahFUt81XhQiNJ/+1XhQZ |
| MD5: | 7CF986D70AAF93AAB22239692355D604 |
| SHA1: | CCD8FE9289B0C07F81CA17836BE05A47478DEF3F |
| SHA-256: | C29B8CC458CD56E09A83C584364E6239A54062AB269EEC98847A641A1DC73F80 |
| SHA-512: | EC5C134CDD9BD0662E29B19482823DCA791BEB4E39215A3BF279E84C08F0B9CF948ED1C02C550EBF6C5E4F01C1549D5C8777FCD57E4B6CB94CA8013DA8D0F0C4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 298 |
| Entropy (8bit): | 5.143715161655519 |
| Encrypted: | false |
| SSDEEP: | 6:BOXhUFA9+q2PN72nKuAl9OmbnIFUt84OXhQFiN2WZmw+4OXhQFiN9VkwON72nKui:EXhcA9+vVaHAahFUt81XhQiNJ/+1XhQZ |
| MD5: | 7CF986D70AAF93AAB22239692355D604 |
| SHA1: | CCD8FE9289B0C07F81CA17836BE05A47478DEF3F |
| SHA-256: | C29B8CC458CD56E09A83C584364E6239A54062AB269EEC98847A641A1DC73F80 |
| SHA-512: | EC5C134CDD9BD0662E29B19482823DCA791BEB4E39215A3BF279E84C08F0B9CF948ED1C02C550EBF6C5E4F01C1549D5C8777FCD57E4B6CB94CA8013DA8D0F0C4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 342 |
| Entropy (8bit): | 5.17314499675251 |
| Encrypted: | false |
| SSDEEP: | 6:BOXodq2PN72nKuAl9Ombzo2jMGIFUt84OXPZmw+4OXcLd7kwON72nKuAl9Ombzos:EXodvVaHAa8uFUt81XP/+1XcLd75OaHA |
| MD5: | 089718EA578F7DCFD34476C1F4FEC1BC |
| SHA1: | 1BA9E2E92D6431EE9745B3C650CF5B2894E9245E |
| SHA-256: | 06383F077C58A12E2307E88CFA3130A93813A9D3077D59C236BB5205C991F288 |
| SHA-512: | B8243FAEDC911BF3401D6AD04727E4A3D2825EBFD6135BC7FD5C81149DA85642D68D4D383EA41D5C31BF4D8D37F65256E435F473300F48CE7060370FD9ED649E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 342 |
| Entropy (8bit): | 5.17314499675251 |
| Encrypted: | false |
| SSDEEP: | 6:BOXodq2PN72nKuAl9Ombzo2jMGIFUt84OXPZmw+4OXcLd7kwON72nKuAl9Ombzos:EXodvVaHAa8uFUt81XP/+1XcLd75OaHA |
| MD5: | 089718EA578F7DCFD34476C1F4FEC1BC |
| SHA1: | 1BA9E2E92D6431EE9745B3C650CF5B2894E9245E |
| SHA-256: | 06383F077C58A12E2307E88CFA3130A93813A9D3077D59C236BB5205C991F288 |
| SHA-512: | B8243FAEDC911BF3401D6AD04727E4A3D2825EBFD6135BC7FD5C81149DA85642D68D4D383EA41D5C31BF4D8D37F65256E435F473300F48CE7060370FD9ED649E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\51c1e3ce-e1d8-4ed6-83e8-288964157c5a.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.969516568575897 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqG3bKxsBdOg2Hpcaq3QYiubcP7E4T3y:Y2sRdsHbKidMHQ3QYhbA7nby |
| MD5: | B0397CA1ECB8835E140B2EAE3B820334 |
| SHA1: | 020ECDD8CCCEF7622925DA49997E6C16717DB19D |
| SHA-256: | A456CA2D38AF67560389E28EEEF6E1EFED89E37E76D1174AC52A2B727353C6B8 |
| SHA-512: | 6F0C286151BEFE9CFCABB7B819BF103E77D8D1E7D65F6B75353616474444EAE235BD9B7182A5E0CC1BA00224E36D02AECBD41BB6D1CFE935D1A51C3F6FDC5F3B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.969516568575897 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqG3bKxsBdOg2Hpcaq3QYiubcP7E4T3y:Y2sRdsHbKidMHQ3QYhbA7nby |
| MD5: | B0397CA1ECB8835E140B2EAE3B820334 |
| SHA1: | 020ECDD8CCCEF7622925DA49997E6C16717DB19D |
| SHA-256: | A456CA2D38AF67560389E28EEEF6E1EFED89E37E76D1174AC52A2B727353C6B8 |
| SHA-512: | 6F0C286151BEFE9CFCABB7B819BF103E77D8D1E7D65F6B75353616474444EAE235BD9B7182A5E0CC1BA00224E36D02AECBD41BB6D1CFE935D1A51C3F6FDC5F3B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5859 |
| Entropy (8bit): | 5.247600608807063 |
| Encrypted: | false |
| SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7XDeSB:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhD |
| MD5: | E710C182795200EE174D4653DFE9514B |
| SHA1: | 9967FC01FD6ADFE4A45B973D1F175A1DECF5043D |
| SHA-256: | 3964A8269D96E9BF3CADDF7D767B81E514CCC74ABBA899142131393AFC2C4C57 |
| SHA-512: | E6DA5B1F0D5223A69D9037A41552ABD8327926701B9E10FF5BBD65EBAADCACE58816F8A3DA9811C69A9CB5A3A2130D3BAD0E36F978E2D04BC1845101523EE2E3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 330 |
| Entropy (8bit): | 5.143371576901338 |
| Encrypted: | false |
| SSDEEP: | 6:BOQq2PN72nKuAl9OmbzNMxIFUt84Oz7Zmw+4OjpVFzkwON72nKuAl9OmbzNMFLJ:EQvVaHAa8jFUt81n/+1jpVF5OaHAa84J |
| MD5: | C19A2DD70E43FCDE540B3D77E531B9A5 |
| SHA1: | B27F8F3953BB707B0933E0833268ABA8B774026D |
| SHA-256: | D0B5E42A04DA6B7AE4A7911A7C2F5F671B5E0441F4828F195958B20769EBA506 |
| SHA-512: | 7E545B7380988FBE6D255200FCF7FA01657DA4D9E2B7C2EE06CCF565C60F62E64662F901268C17DDD19D3DCC88B98D6387A962D335A81B125F0A18972D212D95 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 330 |
| Entropy (8bit): | 5.143371576901338 |
| Encrypted: | false |
| SSDEEP: | 6:BOQq2PN72nKuAl9OmbzNMxIFUt84Oz7Zmw+4OjpVFzkwON72nKuAl9OmbzNMFLJ:EQvVaHAa8jFUt81n/+1jpVF5OaHAa84J |
| MD5: | C19A2DD70E43FCDE540B3D77E531B9A5 |
| SHA1: | B27F8F3953BB707B0933E0833268ABA8B774026D |
| SHA-256: | D0B5E42A04DA6B7AE4A7911A7C2F5F671B5E0441F4828F195958B20769EBA506 |
| SHA-512: | 7E545B7380988FBE6D255200FCF7FA01657DA4D9E2B7C2EE06CCF565C60F62E64662F901268C17DDD19D3DCC88B98D6387A962D335A81B125F0A18972D212D95 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240704190118Z-160.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 72406 |
| Entropy (8bit): | 0.0640284735327138 |
| Encrypted: | false |
| SSDEEP: | 12:zstzRafAajn2baY2RausAaqaboraOa7jaWgCaAjadaERaeaQRamRaob:zs18f/jmzus/hbv17mf3YE8FQRlRP |
| MD5: | 3077E0AD608B5D120A28634DC3890B8B |
| SHA1: | 13B57A30AD0C726A3BA787A2250E14DF87D3BF18 |
| SHA-256: | 0FC2D40E490DD2FA04909CA9840F24AEA668F86B1B99C6D81B65DC1DE9084F6F |
| SHA-512: | 8E368438C9DBEC0D9584A744666EE911C67DF80EF65EB2B537AE03F18A00249AAFEB1D9459CF572BB4C230C649C985473BD1F7026F9AE973DD4FA9F0AE6F0669 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.444712458735252 |
| Encrypted: | false |
| SSDEEP: | 384:ye6ci5t1iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mes3OazzU89UTTgUL |
| MD5: | 98143B3CBE02D31FF5328678A024B9F1 |
| SHA1: | 2D6E484D4FFB5FDBABFEB92A434B45DA3D43EBBE |
| SHA-256: | 8002EA1117FBF86BA0A6E4B49129804CEEF197951E72A238EF26A4AEFFE7BEDA |
| SHA-512: | 5DFF1447A7F3DC32786D698C7D4F55489DCF4C53E0023F5E9E0865D716CED98B5DEC71BE9DA665A1DEA35A84678C3A5A1ADEFA47A229BE585582655A433E4324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.7665516176636706 |
| Encrypted: | false |
| SSDEEP: | 48:7M8OTJioyVzioyroy1C7oy16oy19KOioy1noy1AYoy1Wioy1oioykioyBoy1noyi:77oJuzpUXjBi92vb9IVXEBodRBk9 |
| MD5: | BBE709346414FEAD27ABB1C22A0417D0 |
| SHA1: | FACCBB9D55C02CC3F7858D6048BE67563E0DA773 |
| SHA-256: | C09E10154FC86999800D1E3CCD9859894E003B292D90B5F2BC2DD1628BF509E4 |
| SHA-512: | 4269A4344442E9B608059B30C565ADD3CC7583CF7CAC4FF7F7A0AFC4E2EBF9D11B58A72870A76215F914785C7F747772210D1E56DF67BBABF0850401D909AF8B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 893 |
| Entropy (8bit): | 7.366016576663508 |
| Encrypted: | false |
| SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
| MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
| SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
| SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
| SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.144086598890895 |
| Encrypted: | false |
| SSDEEP: | 6:kK59UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:gDnLNkPlE99SNxAhUe/3 |
| MD5: | A4956F37D88E4C1DBC80614018D9A527 |
| SHA1: | 3F251D7EF62E370E1795193ABE5F1E140D86F716 |
| SHA-256: | 9A38FB6412AB0F996F01F58830F99D687B3F9484D30F3BCD7172061380B5B08E |
| SHA-512: | 0734CE8A1C0E92581602F2D2CB7314C260B29802B580DA92DFD39115D54EDBD8BFAA6D179CF259766A2E7C23D6EF64F58F5D9CF30D94C6DA85B8150C8752BA45 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 252 |
| Entropy (8bit): | 3.026467887142631 |
| Encrypted: | false |
| SSDEEP: | 3:kkFkl+3hr/kfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7l3:kK339YxliBAIdQZV7I7kc3 |
| MD5: | A7A89D105D2687BFB8A5E30F3BDC3B60 |
| SHA1: | 8690383CF90FE73F2C9A9DA2615E14E82A4C569E |
| SHA-256: | A77850151B9C649EC7F8D8980D0153333C79D3837E11CECB8EF10034170D6A6B |
| SHA-512: | 3903226A08CADDBB60F8AC308BB95688239ABDF9CA09FE37372A32901EFBD463F9F1399A705DF95F6337C83C717C6195372540C75A823F038366E56900D738D9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 227002 |
| Entropy (8bit): | 3.392780893644728 |
| Encrypted: | false |
| SSDEEP: | 1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn |
| MD5: | 265E3E1166312A864FB63291EA661C6A |
| SHA1: | 80DFF3187FF929596EB22E1DB9021BAD6F97178C |
| SHA-256: | C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728 |
| SHA-512: | 48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.3187130913865674 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDBKDoz7z1nZiQ0YOX5xoAvJM3g98kUwPeUkwRe9:YvXKXFvJcPEGMbLUkee9 |
| MD5: | 5E0AA2DB488179ED77F9DB130422102F |
| SHA1: | FB06CC62FC7772736051D35BBE0784AFC209A34F |
| SHA-256: | 503F8C20B32FD26B33BEBA2CA83F2E327E31064EF204C0B19C33A073912891B6 |
| SHA-512: | 027507A812AAAD62CD16C2624395EFB9A30E3A4EA436602358B8FADC5D52BAC5055A891C2335189F9D1C3DBD68101FDADD8C32754C1EBE55B17A11F2F2637676 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.267896443076102 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDBKDoz7z1nZiQ0YOX5xoAvJfBoTfXpnrPeUkwRe9:YvXKXFvJcPEGWTfXcUkee9 |
| MD5: | 72EC08E1778E7192ECEF166C9822ACF1 |
| SHA1: | 18AE1B68E75DF9B2765F513C63B2659E7A13DEF5 |
| SHA-256: | 38B00AF8F4628B3C1D0C0689D1D8E462E113F5E56515EFEF6153A374C14D8B68 |
| SHA-512: | 75F21BF9423A4BCF597B99EEB8B7C5068DC14B0EBE66E4461A6513640877315DC2AA9EEA127D351B4D1FD1F5B99FEC55B144C6E139B66143494A5FCEF81C24B8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.247164236990772 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDBKDoz7z1nZiQ0YOX5xoAvJfBD2G6UpnrPeUkwRe9:YvXKXFvJcPEGR22cUkee9 |
| MD5: | C1453F3F9D77CFD76D96670BEEE0B17E |
| SHA1: | 3A0B048788B6D0D94B16DE8BC4BA875A1743C217 |
| SHA-256: | A3BD190AF118F10B960B7DB788F0656CF897F35CB7E0CC30013876892928F054 |
| SHA-512: | 61B7520947CD35B402FBBBD37AE27113ED1A2FF08BEB527B8C234B5C568D3744901E81C1AC9D82F18F45EBA39D065AF8254888AAA1BE62585335BC812E4137EB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.297168990035394 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDBKDoz7z1nZiQ0YOX5xoAvJfPmwrPeUkwRe9:YvXKXFvJcPEGH56Ukee9 |
| MD5: | DA63C4B0024D27D0EF7548738BFF6E49 |
| SHA1: | B744DE8F98BA161EB5C92F5D24D132538F3C4D16 |
| SHA-256: | C1276F4A14451E12EA1789CD7F0FD4F2057D434011100AA3AEA5C9EF62C093EE |
| SHA-512: | 02DFA5DEBD723FA6835A8FF89EA2C4761FC0CA6E019AECCE98F552DFEC96600DC6CB52ACF70A42AB1D13E64B9B4D56C9AE20A24A023547265280B4619A99A54C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.261195986455267 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDBKDoz7z1nZiQ0YOX5xoAvJfJWCtMdPeUkwRe9:YvXKXFvJcPEGBS8Ukee9 |
| MD5: | 130FA2113270DE180373F93CB140AC5A |
| SHA1: | B61CBCD952E8CB94F1D681FB82F58AA940E8E894 |
| SHA-256: | 1031A42967C337223733170DA70DB89FE7B0658E3A864257E641ED1C26DBDC09 |
| SHA-512: | 96F6BB8B839E53628EF12BFB22FAAEDA807BB0909F2BB2949CA29944559B35C3E8ED9B1DE57E4B856780FDE083377237F5B8F0637F3D48CAAE560E69F1BC6CB0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.2459105128850645 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDBKDoz7z1nZiQ0YOX5xoAvJf8dPeUkwRe9:YvXKXFvJcPEGU8Ukee9 |
| MD5: | 04C272443E559183CD4ED75D742484F4 |
| SHA1: | 3ABEC75AA940F76D4ACE3ABD9AF6F0D37369D036 |
| SHA-256: | CFFD755069A6501F7B92BDDE991817B51206468BE0AE0965720EA91556B769D1 |
| SHA-512: | B3EA27673BBF4179F9B9DCB6BF3612B3C1A3C7F505F1BFE28656E4E24DBF55231C08DFB93B24AA9A9772546DB89595C7BF49FF4F68294DB687225DCDE2024E8B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.249669437280108 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDBKDoz7z1nZiQ0YOX5xoAvJfQ1rPeUkwRe9:YvXKXFvJcPEGY16Ukee9 |
| MD5: | F0001FD6A46D2E81F605F15BE5BDBDB6 |
| SHA1: | B3E540CED33609ABD1562C60F5127E97CF29B971 |
| SHA-256: | 121C529C6CBC9E91524031DA06856B096F5292E4A9CB84D0540872EF6230CB47 |
| SHA-512: | 43C39EE23901BF1181DE4525CEB3633523B69346F7F81A6E2D718A128B5EC7A2EB4B243C09E34C567F2DFD9AC2CF9D6F6E6AEAAD79F03930322484BAD9D70DA5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.256900183535919 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDBKDoz7z1nZiQ0YOX5xoAvJfFldPeUkwRe9:YvXKXFvJcPEGz8Ukee9 |
| MD5: | 220C69221DDEB5E8D5AD623AD8A8E13A |
| SHA1: | FCF566BCA91B137B79053C2AC16ED2D446BBACF6 |
| SHA-256: | AB1615984DBCFAD6EC19315ED8145AA74B5BDE07EC84AD1B727CBA9DD9EE6610 |
| SHA-512: | 370B697F78E537E7DA3CA5B2168A5642ECF87FC0EBF1CA8E05DAFAAD2E7E49FE435DBAA04F16BE141104891AE5F6A7612C47CF6EA7357A0637CF2C7FCB3534E5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1372 |
| Entropy (8bit): | 5.733678747287298 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XFvuPcKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNQ:YvIvVEgigrNt0wSJn+ns8cvFJu |
| MD5: | 6B0E3B40B958B9D4AB5B94A73646362E |
| SHA1: | 7133F6F0E9EA36737E7182C294DD571D375F9850 |
| SHA-256: | 40A9BE9E648F41A28A30F1CFF68A8C9057F47DA8A7AD2385C2E26847475F04D8 |
| SHA-512: | 1160261912A111D4E868F66403E8C8EDB89A6CA0235231C04DE85BFF06A9B78BF77B754569B36E5C40636788DAF88F315676B4EB7490CF625D69C5E2A803567A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.2526051330852015 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDBKDoz7z1nZiQ0YOX5xoAvJfYdPeUkwRe9:YvXKXFvJcPEGg8Ukee9 |
| MD5: | 52C135D8B35FEABA6B82CC30BDD5CECA |
| SHA1: | BE1CEDBA8107403A71F1105ACC7592810766F5E8 |
| SHA-256: | C786034C91A3784146C84410F5C3ED3CBDAD14EC661EAD65ED7A50FF1B487C3D |
| SHA-512: | D94FAA4DB9F02C618942461738950106B2ED990EEEE63F947272A9A37ACAF574CB09B0B5DB295F7B2EDB5A7DF8D92EFD490267C6F02A9F601FC7CFC0AF96D322 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.7734376143640915 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XFvuPTrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNY:YvIvIHgDv3W2aYQfgB5OUupHrQ9FJq |
| MD5: | 8E05DC6DA7F353B1A935F3EA53B1E7BD |
| SHA1: | 0AA73323BCFB7313D674EB892F15FCC5C105331B |
| SHA-256: | 87FEB151624C7F01A3A7233C0F8F0511648D9B060995F6EC2BF2DA2D006AAD3A |
| SHA-512: | EFAFECCC2D4E6FB4FB3AC617594627F504B33F8185EE87F52EB7C5BA0E8535385D8B9EA9A1B93D9C7E53B2AE3E50362AB3970C61D26A4860127AFD17F18EA57C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.236477968676005 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDBKDoz7z1nZiQ0YOX5xoAvJfbPtdPeUkwRe9:YvXKXFvJcPEGDV8Ukee9 |
| MD5: | 1750342B14AAB441286680DCD40B4DCE |
| SHA1: | EAC3F4271163B4013CEEFEC99E28BDCBD13FA969 |
| SHA-256: | C3F917CB9C0850E1955851A5D0F03860BF8CD565A250592698B5231C3FDFE847 |
| SHA-512: | 0112A6842A2CDA8CAF0EFBED5C7859C4652C858FD52707CE3796C019C1E108C9A20EC97FDD2DE2969267F22CA013F556B7F647696357A2FC72FE61C9A10894F5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.240043241341748 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDBKDoz7z1nZiQ0YOX5xoAvJf21rPeUkwRe9:YvXKXFvJcPEG+16Ukee9 |
| MD5: | 073DFC53C99CB1C0FFC01967E3FF4EAF |
| SHA1: | 7A7184F14EB72A25C4F348AE79CB8D1F0E9495EB |
| SHA-256: | C63F52FDE3998EF88872DEF3CF615F4F466CA22B05F13D52E8003538873C719F |
| SHA-512: | 1C2067E42E45DAD72A335DBD26FF85CCE72D73E7C07DD964BF6BABDBF259F7344AC6F3A775934FBA13F06C6540EC82FC10AA45B44F262FDCA706E9DFA2A5F34D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.259717739368472 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDBKDoz7z1nZiQ0YOX5xoAvJfbpatdPeUkwRe9:YvXKXFvJcPEGVat8Ukee9 |
| MD5: | 8BEDC7E09342FFB641C750537BAEEC54 |
| SHA1: | 4631DD4B68F570D29A70EF4D4680AEF127E66FC8 |
| SHA-256: | 363FD2CD20AF24AE4B1B6C3392CEDAD8C0EFE4C31C54D99052C50097B8DF10D4 |
| SHA-512: | 240B935A4B38D92F3A0EE8F15E32FFC13BCBA9E6A36DBDBF55F968C3AF5D89AEFACA10181A57C5BC34D7C0A2D1457C89E8569A72425895DA4752A17881F7548D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.217243982031303 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDBKDoz7z1nZiQ0YOX5xoAvJfshHHrPeUkwRe9:YvXKXFvJcPEGUUUkee9 |
| MD5: | 752372A58C8AA164BDEB6F515C2BF3D4 |
| SHA1: | 7EC0822015B65F48AD1A8A1C871D9D8D6BACA22F |
| SHA-256: | 5CDA2B4E4D2C2F9835CE9ACFE866893E36694804FC21B5B195A8A59A9BE6A63F |
| SHA-512: | 940F053DE32D84AFB9483ACF7C8A4B9BB67BCD3FC06B8B6F357CBB88375BF3470751D196E58D0886B421F9A94569B2172E099980BFCEC9596A6E09D405093170 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.354145086587886 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXFvJcPEGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW8:Yv6XFvuPq168CgEXX5kcIfANhl |
| MD5: | 5FDCDA54F540308F9E20A93010D1D9D9 |
| SHA1: | 47C60746493D766C665457775A87B8AC6C5A51F6 |
| SHA-256: | 92E107FD45C50232D3B37EC3CB00E8E62D3A9C84498F6C43DB90B873B7C51731 |
| SHA-512: | 5A8223EE14F4E612BF1929E1B79328317254A94AB6C2AFB83B698C259182415B6530FE3712D74AAD4DF3664C33F30FB87626B4EFA27733B680BD69BB87FE826A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.134141753943909 |
| Encrypted: | false |
| SSDEEP: | 48:Y9fdDAgDyIjgfsrt/EHAkZ8cXa52tpb9yyb:EpZsf1ghcqSPDb |
| MD5: | B0341961B95D8000128BB9CEEDFCDC33 |
| SHA1: | 3862891CFD068AE2FCF5D408BBB295D5FA6BE2DC |
| SHA-256: | 1BFD35BB1708174A9177355A51FD50B8002739DB89FA5DC57C7460C32DDD1769 |
| SHA-512: | E22B311C46872EF4318F7BC48D65BFB25DB000573144F8624DE120C704A53EBD7AB8CE9F7560EECC40B8BF73934A3B51A5FEB88F206D9290427B0C821D457A0E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.1467346738445705 |
| Encrypted: | false |
| SSDEEP: | 24:TLhx/XYKQvGJF7ursWzFRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUud+:TFl2GL7msWFXc+XcGNFlRYIX2v3khr |
| MD5: | 3AAAF06F5118D59FEF924BF71C2A22C5 |
| SHA1: | 33D1ADD2FF52DFEB10252F6E359610ABF770F40D |
| SHA-256: | 196680DFBBD832669570D0C11E2DD8EEAC8945DB59C56B958B450D99DB84DE89 |
| SHA-512: | 8C277BFAA91851DE8E59F2956323462FC1EC6D32E01C2E62E46473C9CA98683F1227FA2F7B511E667F9AF249636C2E36A0F299F5F3620760612C4A4F6631F8FE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.5523036760033648 |
| Encrypted: | false |
| SSDEEP: | 24:7+tQczFUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLux9qLxx/X1:7MQcqXc+XcGNFlRYIX2vkqVl2GL7msD |
| MD5: | F86BA04FB16C27EFB3917A07638425B3 |
| SHA1: | 668B06EC0C5D039675EDA13ED003FE28CCC74DAD |
| SHA-256: | DEB87E561600A23495CD807B0EEEA30004AE2749AEEFF3BB138A77D7AC111E93 |
| SHA-512: | 07BC03D8B695E6A1EA65C034CA1ADC445FA8D345F00A02C47DEC25075345D743E5B5A45655AF394BC5691697D470DD200FE524D037A2CA15C69AEF437EE6B81D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5030768995714583 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82/aw80lH:Qw946cPbiOxDlbYnuRK//H9 |
| MD5: | E9601EF2AE3483DF2250179900683F89 |
| SHA1: | 3C6096A3017ECF42E7F6F909A90273BC8B6B4583 |
| SHA-256: | 57B34BE61B1CE39A438620C375727CC8E093D6A22EB866CFC5FDB93C60B4C43D |
| SHA-512: | 646FC12D7F6A7033EE9DD81FDBA00B81E8FCB21F75EF96C24B3BBFBAB44908AF73A7BCC47B0114D17B96D92DE0849B43EE998858EAD1C14FEF76A9E853059B44 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-04 15-01-16-013.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.338264912747007 |
| Encrypted: | false |
| SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
| MD5: | 128A51060103D95314048C2F32A15C66 |
| SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
| SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
| SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.315188514414577 |
| Encrypted: | false |
| SSDEEP: | 384:uiGPGGzUxf4o1h1qoSEDImLaSJSE5HXBg364WuYlf/o9rnkVLeWPzSzS7NjOUXPH:znjp |
| MD5: | 6AF245A07235470D5C734A64AB4AB42D |
| SHA1: | 7AA1C9F06E92E0E6380ED4DAC29566B5271ABEF1 |
| SHA-256: | BA4065BE98484579D9747B736E9618526E8544D140AA3FA2818D5AB44044785A |
| SHA-512: | 3083113D06DD614D63D6D01DDF389F9809350830CEA126585D000BCC1CD5FFEF3AFFFA8ABA57EC1A163DC41695F375356CE9C3CDAA152979FB0C0308FEB12C4F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.396771826738583 |
| Encrypted: | false |
| SSDEEP: | 192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbZcbqIYKcbx:V3fOCIdJDecYh |
| MD5: | 27B9F2D3BA4ACBFBFFE641BD00A983BC |
| SHA1: | B5D4A46683001AE2A7F04DAEC918C567E9CC0520 |
| SHA-256: | 7E6CE30117CB98F7125CAE9469ED923173C157600763A1D23C3BA3F97321D722 |
| SHA-512: | D6F3146D61412839F1F3C16D93FE2ED672D369C3CECCF4ED76F324DC3E23545548EFBC7545048544BFB236EADAE832F1C0DBBA1C6DFA436AFFCF1C7B2ACE2518 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
| MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
| SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
| SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
| SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.859691281321626 |
| TrID: |
|
| File name: | a63.pdf |
| File size: | 179'024 bytes |
| MD5: | e800cacb7da9706f7cbadecc954b0a10 |
| SHA1: | 58342023921cfa86088d234ba94230e805acfe94 |
| SHA256: | 13a80791ee707dca434fa10783c8adc4175c091adc6499c8cbc32db0d59a27f8 |
| SHA512: | 70562d10b9477fd5826dece6d48a79481d0e25133aa5c034b890206df5c2049753978f2e458032ef174b596f897602ccdef3ce090072fbe69ebb1b0aca95f222 |
| SSDEEP: | 3072:7Jp/QzgaPJ2FHnVVWrVvlR+zcX7VlyyBpW+55/dPuwC/4vc2FYPy51plsSr:HaJ2FH7W/R+z6Vc2pJbur/Qc2FAS1plb |
| TLSH: | 330412A4C7CA4DA0FB4638B0D2015B7AE66949D91541BFD0618E4A13860BCFBF3E1E6D |
| File Content Preview: | %PDF-1.6.%......2 0 obj.<</Type/XObject/Subtype/Form/BBox[0 0 630 802.08002]/Group 16 0 R/StructParents 0/Resources<</ColorSpace<</CS0 3 0 R>>/ExtGState<</GS0 5 0 R>>/Font<</TT0 6 0 R/TT1 10 0 R>>/XObject<</Im0 14 0 R>>>>/Filter/FlateDecode/Length 2309>>s |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.6 |
| Total Entropy: | 7.859691 |
| Total Bytes: | 179024 |
| Stream Entropy: | 7.857886 |
| Stream Bytes: | 176805 |
| Entropy outside Streams: | 5.266457 |
| Bytes outside Streams: | 2219 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 19 |
| endobj | 19 |
| stream | 18 |
| endstream | 18 |
| xref | 0 |
| trailer | 0 |
| startxref | 1 |
| /Page | 0 |
| /Encrypt | 0 |
| /ObjStm | 1 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 14 | 0000000000000000 | d4e1a967557f7d21399b655ad250a36f |  |
| 15 | 181840880002010b | 80de75b5a496cb0e1538a227d32e54d5 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 4, 2024 21:01:26.767841101 CEST | 49723 | 443 | 192.168.2.6 | 96.17.64.189 |
| Jul 4, 2024 21:01:26.767929077 CEST | 443 | 49723 | 96.17.64.189 | 192.168.2.6 |
| Jul 4, 2024 21:01:26.768023014 CEST | 49723 | 443 | 192.168.2.6 | 96.17.64.189 |
| Jul 4, 2024 21:01:26.768171072 CEST | 49723 | 443 | 192.168.2.6 | 96.17.64.189 |
| Jul 4, 2024 21:01:26.768207073 CEST | 443 | 49723 | 96.17.64.189 | 192.168.2.6 |
| Jul 4, 2024 21:01:27.370138884 CEST | 443 | 49723 | 96.17.64.189 | 192.168.2.6 |
| Jul 4, 2024 21:01:27.370446920 CEST | 49723 | 443 | 192.168.2.6 | 96.17.64.189 |
| Jul 4, 2024 21:01:27.370498896 CEST | 443 | 49723 | 96.17.64.189 | 192.168.2.6 |
| Jul 4, 2024 21:01:27.371788979 CEST | 443 | 49723 | 96.17.64.189 | 192.168.2.6 |
| Jul 4, 2024 21:01:27.371864080 CEST | 49723 | 443 | 192.168.2.6 | 96.17.64.189 |
| Jul 4, 2024 21:01:27.374147892 CEST | 49723 | 443 | 192.168.2.6 | 96.17.64.189 |
| Jul 4, 2024 21:01:27.374223948 CEST | 443 | 49723 | 96.17.64.189 | 192.168.2.6 |
| Jul 4, 2024 21:01:27.374350071 CEST | 49723 | 443 | 192.168.2.6 | 96.17.64.189 |
| Jul 4, 2024 21:01:27.374367952 CEST | 443 | 49723 | 96.17.64.189 | 192.168.2.6 |
| Jul 4, 2024 21:01:27.423293114 CEST | 49723 | 443 | 192.168.2.6 | 96.17.64.189 |
| Jul 4, 2024 21:01:27.478861094 CEST | 443 | 49723 | 96.17.64.189 | 192.168.2.6 |
| Jul 4, 2024 21:01:27.478928089 CEST | 443 | 49723 | 96.17.64.189 | 192.168.2.6 |
| Jul 4, 2024 21:01:27.478991985 CEST | 49723 | 443 | 192.168.2.6 | 96.17.64.189 |
| Jul 4, 2024 21:01:27.481267929 CEST | 49723 | 443 | 192.168.2.6 | 96.17.64.189 |
| Jul 4, 2024 21:01:27.481307030 CEST | 443 | 49723 | 96.17.64.189 | 192.168.2.6 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49723 | 96.17.64.189 | 443 | 6436 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-04 19:01:27 UTC | 475 | OUT | |
| 2024-07-04 19:01:27 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 15:01:12 |
| Start date: | 04/07/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff651090000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 15:01:13 |
| Start date: | 04/07/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff70df30000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 15:01:13 |
| Start date: | 04/07/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff70df30000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly