Edit tour
Windows
Analysis Report
image08-29-2024-123918.pdf
Overview
General Information
| Sample name: | image08-29-2024-123918.pdf |
| Analysis ID: | 1501356 |
| MD5: | fef2d5366df96c6517f5205045092498 |
| SHA1: | b410d6e69994094c1b154d3b8efae585bb6eec3f |
| SHA256: | d50dccde354000b20082dbb26982d5d0b39d4ff3e0f05de6178626ee4c09d8f5 |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 7084 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\i mage08-29- 2024-12391 8.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 5608 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7248 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 12 --field -trial-han dle=1520,i ,322399088 3004043102 ,255997904 226767848, 131072 --d isable-fea tures=Back ForwardCac he,Calcula teNativeWi nOcclusion ,WinUseBro wserSpellC hecker /pr efetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.41.168.139 | unknown | United States | 6461 | ZAYO-6461US | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1501356 |
| Start date and time: | 2024-08-29 19:25:37 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 14s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 10 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | image08-29-2024-123918.pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@14/45@0/1 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.227.187.23, 23.22.254.206, 52.202.204.11, 52.5.13.197, 2.19.126.143, 2.19.126.149, 162.159.61.3, 172.64.41.3, 2.16.241.13, 2.16.241.15, 2.16.202.123, 95.101.54.195
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: image08-29-2024-123918.pdf
| Time | Type | Description |
|---|---|---|
| 13:26:52 | API Interceptor |
| Input | Output |
|---|---|
| URL: PDF document Model: jbxai | {
"brand":["Portail Subvention"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false} |
 |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 23.41.168.139 | Get hash | malicious | HTMLPhisher | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Sliver | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ZAYO-6461US | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Sliver | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.25726852586616 |
| Encrypted: | false |
| SSDEEP: | 6:N5Fyq2Pwkn2nKuAl9OmbnIFUt885d1Zmw+85LRkwOwkn2nKuAl9OmbjLJ:NLyvYfHAahFUt885/+8FR5JfHAaSJ |
| MD5: | B60CAF61E6B3DB3B76F28F6A85C9070A |
| SHA1: | A273BD119BB1A1B7C5271623EDDF163BAAF016F2 |
| SHA-256: | DB2A0BDB659C2573C12C567DC06904247FA75C5BA67C94E0CF667D432AA8EE69 |
| SHA-512: | D3B087C3985173B7B05B52701C95D23630B908BE5D4A896683ED0EC07EB27B6C7A16BB641BDE958F2DF826C8A65931A0DA0055227E117481DC4CF03FC4A1F7FB |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.25726852586616 |
| Encrypted: | false |
| SSDEEP: | 6:N5Fyq2Pwkn2nKuAl9OmbnIFUt885d1Zmw+85LRkwOwkn2nKuAl9OmbjLJ:NLyvYfHAahFUt885/+8FR5JfHAaSJ |
| MD5: | B60CAF61E6B3DB3B76F28F6A85C9070A |
| SHA1: | A273BD119BB1A1B7C5271623EDDF163BAAF016F2 |
| SHA-256: | DB2A0BDB659C2573C12C567DC06904247FA75C5BA67C94E0CF667D432AA8EE69 |
| SHA-512: | D3B087C3985173B7B05B52701C95D23630B908BE5D4A896683ED0EC07EB27B6C7A16BB641BDE958F2DF826C8A65931A0DA0055227E117481DC4CF03FC4A1F7FB |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.166776605095224 |
| Encrypted: | false |
| SSDEEP: | 6:N5HOq2Pwkn2nKuAl9Ombzo2jMGIFUt885eUGPZZmw+85eUGPzkwOwkn2nKuAl9OU:NcvYfHAa8uFUt88IUGB/+8IUGb5JfHAv |
| MD5: | 8701FC0A022AA90E016896312C9C4D93 |
| SHA1: | 61B698635FD4F44D74DC3D378D5E43404EBD9317 |
| SHA-256: | 52E570C37C76160621F6D077F3B82FC0E538157C2015E8206F0069A58FF041F6 |
| SHA-512: | 05BA4209A32231B377A5BA7FCA7617DB69C4991C414E77493B7865EDD984E239FE5C8832FA5CD22E9C68AC2C8D0F0D246C85B82A7B33C90BE0406117D16D5ABC |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.166776605095224 |
| Encrypted: | false |
| SSDEEP: | 6:N5HOq2Pwkn2nKuAl9Ombzo2jMGIFUt885eUGPZZmw+85eUGPzkwOwkn2nKuAl9OU:NcvYfHAa8uFUt88IUGB/+8IUGb5JfHAv |
| MD5: | 8701FC0A022AA90E016896312C9C4D93 |
| SHA1: | 61B698635FD4F44D74DC3D378D5E43404EBD9317 |
| SHA-256: | 52E570C37C76160621F6D077F3B82FC0E538157C2015E8206F0069A58FF041F6 |
| SHA-512: | 05BA4209A32231B377A5BA7FCA7617DB69C4991C414E77493B7865EDD984E239FE5C8832FA5CD22E9C68AC2C8D0F0D246C85B82A7B33C90BE0406117D16D5ABC |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0ecb46d3-ade2-463c-bd1d-3de736f45212.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.969340035861989 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqixsBdOg2Hkcaq3QYiubInP7E4T3y:Y2sRdsHidMH33QYhbG7nby |
| MD5: | B7ECC2C9685611094262617C52B68BAE |
| SHA1: | 12CDAF46EA65F0931730EC9F78B0532E36070186 |
| SHA-256: | 116EA87B482B1782D22C8FE79B31FDB7C8B414C3F95F601F5C1341585176603E |
| SHA-512: | EAAD7A5819E63ADB0B0FF1F062891A5E195849CCCB23DF4B535952DA480892AF074F881DA45F4E755DF15948AA2354310B90F0C77F5D999F60D819F355775E3A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.969340035861989 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqixsBdOg2Hkcaq3QYiubInP7E4T3y:Y2sRdsHidMH33QYhbG7nby |
| MD5: | B7ECC2C9685611094262617C52B68BAE |
| SHA1: | 12CDAF46EA65F0931730EC9F78B0532E36070186 |
| SHA-256: | 116EA87B482B1782D22C8FE79B31FDB7C8B414C3F95F601F5C1341585176603E |
| SHA-512: | EAAD7A5819E63ADB0B0FF1F062891A5E195849CCCB23DF4B535952DA480892AF074F881DA45F4E755DF15948AA2354310B90F0C77F5D999F60D819F355775E3A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4730 |
| Entropy (8bit): | 5.255910123041284 |
| Encrypted: | false |
| SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7QvJ//Gg7Z:etJCV4FiN/jTN/2r8Mta02fEhgO73goQ |
| MD5: | 9071A6212F423EB6C9CCC433EBC731D1 |
| SHA1: | 59F56500C9902982707CD871074F5CCC9CEE6D15 |
| SHA-256: | 2205095C4E6BA61C9F273DD8AA82AEF81FA9459E3164A96DDBFC327F0CC35466 |
| SHA-512: | 7C7887C739A2914F4A8BF11E3719760568D7BFED8E92B6D0A5BF3E1AF281922C8276D3FAD3C5CFA737B84BBF7A0AD3336CFE83DC7A5F9C5D2937BACAC09398A2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.20574307339931 |
| Encrypted: | false |
| SSDEEP: | 6:N5ghIq2Pwkn2nKuAl9OmbzNMxIFUt885uLZmw+85JzkwOwkn2nKuAl9OmbzNMFLJ:NehIvYfHAa8jFUt88m/+835JfHAa84J |
| MD5: | 6764DA29BF41329B929C7AB5681C53D3 |
| SHA1: | 6BAA4ED66F3895535DE2CBC3765C2151E5D94990 |
| SHA-256: | D0E6E92924DD79277464C1D786B6B7FA60DD687C918E31BD28B7BB7E3E3C356F |
| SHA-512: | 06FCD653E50BE8B0A64306D01756B0581CAB374ADDAE80219B22303ADDC281FDA14412E6C95AE2EED621AF42E48B8F03BE94946E8549480A1B2B2BA3A994C70B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.20574307339931 |
| Encrypted: | false |
| SSDEEP: | 6:N5ghIq2Pwkn2nKuAl9OmbzNMxIFUt885uLZmw+85JzkwOwkn2nKuAl9OmbzNMFLJ:NehIvYfHAa8jFUt88m/+835JfHAa84J |
| MD5: | 6764DA29BF41329B929C7AB5681C53D3 |
| SHA1: | 6BAA4ED66F3895535DE2CBC3765C2151E5D94990 |
| SHA-256: | D0E6E92924DD79277464C1D786B6B7FA60DD687C918E31BD28B7BB7E3E3C356F |
| SHA-512: | 06FCD653E50BE8B0A64306D01756B0581CAB374ADDAE80219B22303ADDC281FDA14412E6C95AE2EED621AF42E48B8F03BE94946E8549480A1B2B2BA3A994C70B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240829172644Z-161.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 1.7917568670494184 |
| Encrypted: | false |
| SSDEEP: | 192:+bHDxWauJOG2Q7e3pat+e0rpShiDeDrXKl2Jae/sNxhv4eIMaDY:+bHga14e5at+fS2MrXKl2YqsNLvTmDY |
| MD5: | DCBFA2267D2DD006966FFCCB91BE61CF |
| SHA1: | F0DF6D90F9CB62FC4D10A7A290617A3737E7C5F7 |
| SHA-256: | 7B1771F2133ADFA2E2E08E0A59E7889ED21B1E521D93C53DAB46E78E1913353D |
| SHA-512: | CD635F0F8C1CB9F82A4719D7F692BAAE3275333CE7D8680D46B04959605619743C077C4C3DAD593664A0B3E76A52F78D2645B8F815BEFDBBFC972572741F7943 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.445294606698888 |
| Encrypted: | false |
| SSDEEP: | 384:yezci5teiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rxs3OazzU89UTTgUL |
| MD5: | A4415BD4E6D12CC1AA085F6006A71F5A |
| SHA1: | 646C1666EF13B3EE368CBB6758331B5E2B4B35CA |
| SHA-256: | 398318517D982EEFF3094965691E666AD5977D94A3681D5A21B0EFD6509C4533 |
| SHA-512: | C6D7D4ABE25F44D35D9443F81368EDED0B8446E1C7FD34ADA3E7DD4FDE8C2EE1A85F75A0E49E4E680586CD7C29F969F167624DAD99A2A5610DD1A45134C526D4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.773952800893877 |
| Encrypted: | false |
| SSDEEP: | 48:7Mqp/E2ioyVTioy9oWoy1Cwoy1LKOioy1noy1AYoy1Wioy1hioybioyvoy1noy1E:7ZpjuTFSXKQiqb9IVXEBodRBkf |
| MD5: | BF3372A87AF6DC5FEEF9CAC067A05E54 |
| SHA1: | A150025EA6AEBAA1FE27971BCA3B0043FE170A85 |
| SHA-256: | B3FB8ACA868FE7073ACB0074FA1F3587AFE40BF86214F7A9DF169C040CEC2426 |
| SHA-512: | 50BBA964BDA6C8DB8E3CAB51DB5B2FFA6A97D1AB48B0DC7001D09EB906BF1EF052B25E5A15BAC11B536CFA584BB32A8222DAF9E60C5E590ED25E84B157003AB6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 893 |
| Entropy (8bit): | 7.366016576663508 |
| Encrypted: | false |
| SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
| MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
| SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
| SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
| SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 252 |
| Entropy (8bit): | 3.018531379206123 |
| Encrypted: | false |
| SSDEEP: | 3:kkFklDWkVXfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7ln3:kKujVLxliBAIdQZV7I7kc3 |
| MD5: | C1A112302A3B9895FC7ADCFBF13C6BBF |
| SHA1: | 803EF6FB44A31B9C95E2E876F75F8EC143DF4D39 |
| SHA-256: | 0713D3B17DC2241151E0BE94490DEF8A2C289ACA4E6B9C1BF8F844EF732C8BBF |
| SHA-512: | 9ADF68E524B4A5FE3829D2E3B10AF71021359AF247DC4A1B77409367A4FE5F236D883C163BAC02EA73DCAF5A359407BD748689394CFE02D83C4105294E8E6EC5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 243196 |
| Entropy (8bit): | 3.3450692389394283 |
| Encrypted: | false |
| SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
| MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
| SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
| SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
| SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.36194131374819 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXyZopP0V9VoZcg1vRcR0YZDeoAvJM3g98kUwPeUkwRe9:YvXKXyZopM2Zc0v+5GMbLUkee9 |
| MD5: | 50A60CD94878B0D84D43BAE5CD472E67 |
| SHA1: | 4F89DA5A4F169A6049068B92F3DC7F15266780B5 |
| SHA-256: | 6A205C46170F835DE5EC2D949D6BE48C78F7899E3132C1DBD4ED41E8CF685FDE |
| SHA-512: | 56A5FA2E3E1862FC3279DE116733D4E94F6F3284DDAA58366071448FB4D30565F3088661D21B2121DF4088C2138D9C4D7A0D6A87FDE932F6111A437F8774F2E1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.306522196468163 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXyZopP0V9VoZcg1vRcR0YZDeoAvJfBoTfXpnrPeUkwRe9:YvXKXyZopM2Zc0v+5GWTfXcUkee9 |
| MD5: | 88B8EEE50DEB3A84D0A44A7C70028750 |
| SHA1: | 56B0D46C3F6182FACC7FA6B5DBAD2D2FB57A524E |
| SHA-256: | 9F8B7C40C79C086ECDD25B4DD0830687104AFB192D6C150F50EED149B2466D3B |
| SHA-512: | 68D8442BA00AAF431E0D4E8A9D2E8B986802EDB807867EBF0141F604C7186C5E66EC18B8AA9548C7FA3A212F5256CE6B03B75BC39B61852F9A7B5A4FCDFEB106 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.286293838175826 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXyZopP0V9VoZcg1vRcR0YZDeoAvJfBD2G6UpnrPeUkwRe9:YvXKXyZopM2Zc0v+5GR22cUkee9 |
| MD5: | B1430D8D2C08A2C8D4DB641E79ED40B0 |
| SHA1: | C667469B348ADD239CBC70A7AF8E52F8E22E0F60 |
| SHA-256: | 813363B94BA7174D717C4CEE0F8DC9FC62761715776C511F16455EE386FDAD55 |
| SHA-512: | 8EB97E97C917CD8401A8C9FDD95475F5E2983068164EDF58053ED6BC10E6403A75D9182D53FEF502695F450E8F32F1405B4671B3AF930A3A4E839A8E38F8DC25 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.348901922660226 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXyZopP0V9VoZcg1vRcR0YZDeoAvJfPmwrPeUkwRe9:YvXKXyZopM2Zc0v+5GH56Ukee9 |
| MD5: | DED3C795E1A4A49DC735732D52177012 |
| SHA1: | 649B17215D8AF6110BE10854727876BE6FBDB4D7 |
| SHA-256: | 57CD31FD3B486E0E481CA6C8F3DE669D91ABADF5921EFD2C2C5C287376F40F2C |
| SHA-512: | 01C1F2CF9D5DCF93F273EF7C583356B8DBEA2A68839AA3AB61F40215F3C149A0A395E8F94BA4A17549E38E8D36214C014C2656F6441C52F394009F2A48CDEC70 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1063 |
| Entropy (8bit): | 5.666003735836508 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X0izv1pLgEFqciGennl0RCmK8czOCY4w2P:YvOthgLtaAh8cvYvk |
| MD5: | 48DCE8E87DB5BA51A57293346CD78605 |
| SHA1: | BD46D27843E0D3CF09681E844F5B207E539B7678 |
| SHA-256: | 99405C1877AFB9EFAC992F6678A0420D4818F63F08B9656D524FA3D664C3A647 |
| SHA-512: | 784B1CD9FB2085DA67379CA0CB334BA9410AE00795293F72AFCE58B60746AAB3E72512C8FF7CF1EA56DB26B198D4CFB8ABBB5393583A4318A1EA14AE22CE829E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1050 |
| Entropy (8bit): | 5.655284997871573 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X0izvZVLgEF0c7sbnl0RCmK8czOCYHflEpwiVP:YvOxFg6sGAh8cvYHWpwa |
| MD5: | F7FA6A8016967D3EDAA42C507D1FAEE3 |
| SHA1: | 7989F1250B2466B5BC0A1C22AAE357C1BF1D140F |
| SHA-256: | DDBA27C2B61752558B3A430B60D403C66FC1931BD3D5CF6CD18FCDC4DBF00B0A |
| SHA-512: | 6D5AD6513FE818552D067B7810ABD2BE04E53833C0098669F7CC64625C6465F35FC9805F765B4499574505971E0BBAFDD8F7A79B043E7EA4B018B8F5BA26D98C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.297286622153678 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXyZopP0V9VoZcg1vRcR0YZDeoAvJfQ1rPeUkwRe9:YvXKXyZopM2Zc0v+5GY16Ukee9 |
| MD5: | 00B3F390C57F1E520649EEE3FE057833 |
| SHA1: | 53814B197AB312FA3F119E5361F97E04A25C555D |
| SHA-256: | A37F6A6620044886916D751EE3799FED1D21C7A42257C54D2DB8620D1734A7DB |
| SHA-512: | 38D06E3F8B97A006342C96E4450B53C5044482BB3E868CBE48A3A04530A8C5A6EBB3D5FF1C3940A8DA4D47CC758B24759FE098475EAFEF26A308E1BD9EA313DD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1038 |
| Entropy (8bit): | 5.647605180706216 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X0izvI2LgEF7cciAXs0nl0RCmK8czOCAPtciBP:YvOgogc8hAh8cvAt |
| MD5: | 4E8EBD02BE90C2CE10E7860306A97C6B |
| SHA1: | 20E7D6C3418D5FBC256AC5F274DFE58D0CB811E8 |
| SHA-256: | C7ED94E680DF74414DF3576A6FB77E2BA51D8074A2C783577E51458F32F4A920 |
| SHA-512: | D68E13B7CE292875A4A1CF7720D880E6B850BBA7B1B0C366978D2AF78F1CA8357585AB9CF1BFDBD4FBD686C2244B44EC0CBEACFD2CE2AF6DE19ACD7AD33E7342 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1164 |
| Entropy (8bit): | 5.6987562986680205 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X0izvAKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5P:YvOoEgqprtrS5OZjSlwTmAfSKR |
| MD5: | 5C67AB41CE9E2D5EB2B3A47911A410B2 |
| SHA1: | 399D9B66543BDEAA0F509CF262C5A5ED51EAF652 |
| SHA-256: | B17D9CB0E08B547BD57F6124B2E8794AE169CD6D4E3E812487AC89DBD98074FB |
| SHA-512: | 4F066ABF5A84133ABFF677927CE4F2250F3141829FB820BBE8B8C6962FF9D847CBECCFD33E503DC910C43F303FE28E9C014BB443BF02B9FEC94A2BCEFCE24BFD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.299420177004346 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXyZopP0V9VoZcg1vRcR0YZDeoAvJfYdPeUkwRe9:YvXKXyZopM2Zc0v+5Gg8Ukee9 |
| MD5: | 9907789332E127E44D1000B5DD383B58 |
| SHA1: | 5C96FA67CA52AB5D20F769F398F3077D92306B1C |
| SHA-256: | 844E9543BD52C9AF56E251AEEFD25B3AEFE003715B1AF72D0AD420A6093A944D |
| SHA-512: | 6A71A61B17E61C04B8E6EAF8E5A39BD55C5D818BD7B73F4E461F9A3D9246CE5A978C5AFE44E122E6594447DFE63481329DC2EE3AF5C543E8B944B1D9506A1B74 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.776866560557559 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X0izvPrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNH:YvOHHgDv3W2aYQfgB5OUupHrQ9FJR |
| MD5: | 58E2BCB4D50BE9FB8672FE2B8E5E1B1B |
| SHA1: | EAD3AD20DE66E27F7CA0E20490EB17A54A0F9350 |
| SHA-256: | 3846DA479D74B72B9D31FB4B37EB8F68239C7F13D3A55B1F795FF2220B60B1AC |
| SHA-512: | 2613216054BAAAA4FEE7EEF6D1282E8CF924C77D669A8F99F42FFADC5E96F14422061382941B174AD288FF7696187F5111CDC4097771F70B4503DEAA257774A1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.282971259715981 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXyZopP0V9VoZcg1vRcR0YZDeoAvJfbPtdPeUkwRe9:YvXKXyZopM2Zc0v+5GDV8Ukee9 |
| MD5: | 955AF00757391DCF433A076627CDBDCF |
| SHA1: | 0E09719CC80322A78FF15FAF3A73A4304D79BE0B |
| SHA-256: | EE8170FD2E20BD38B4775CA14E7D4DFEAF181D53BAC881F4F3789E4327C7ACF0 |
| SHA-512: | 6D84E9BBF0C595D7C55EBCC767417B705DA8AF86319CE43C2A13B35967A17432295D9CF4B4FFB56C0A4967121D42D0D42AA8E05C08089C1ECE613070891CAF79 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.287300306124975 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXyZopP0V9VoZcg1vRcR0YZDeoAvJf21rPeUkwRe9:YvXKXyZopM2Zc0v+5G+16Ukee9 |
| MD5: | 7DDC262203DCC9E28D1AE94981335216 |
| SHA1: | 852ADB91774F8165465852D72BEE14FD0EFF6E45 |
| SHA-256: | EA48DEBD02094C8BB8EF452968082E1E16D0F8C806CAFAAE8DFDF2C8DEA8291D |
| SHA-512: | D244B2A0097282EE1B998FFDC52F83599B6FCA5B3AAA2D68D4FF5B3D6C5012C0ED3E270DF07B9D31ABAA3E5E14EC06762E9E1ED26286449106CD9C12957342ED |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1058 |
| Entropy (8bit): | 5.654643300009604 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X0izvtamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BP:YvOJBguOAh8cv+NKM |
| MD5: | 34F70559091FA7EF7A506D22B81D418C |
| SHA1: | 89DE83BE81C1FA5A7E0596EE673340164797A08D |
| SHA-256: | AE90A5B42C520D2098A9B1885EC57B6AC770187AEFE43AE0827AC25922BDF9BA |
| SHA-512: | 9575E7853F4EA1BD593B8889B0D618BDBBF7DD6DBD65DCA5364B723A2C75BAEECDD0FD94643300E30D1CFE2CBB24151A756C9C7ED7808F12ECD90B7C6FFD2D2D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.265068034282258 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXyZopP0V9VoZcg1vRcR0YZDeoAvJfshHHrPeUkwRe9:YvXKXyZopM2Zc0v+5GUUUkee9 |
| MD5: | 43A37949651951AFB81DC6A41F44EA55 |
| SHA1: | 1FFD54EF7F85502A06ABCCA974ED6D962B9EA93C |
| SHA-256: | 909EF73D7904A7A7F53F08C79E289DACA9E745EA48FDA2E5295A92EBCDBF3203 |
| SHA-512: | 9808E7C679564F5B054B32C86796E768B48AFA0D1FBD8B0E4C8052BF929F47D22FDDB6CAFE955AAF3C8635DA27D9DC4594A8C6087207AA394CD3F3B0CA2FAC67 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.366646904037978 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXyZopM2Zc0v+5GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWj:Yv6X0izv+168CgEXX5kcIfANha |
| MD5: | 92ECFAE95BFF4FEA79D00DA909E5BD1A |
| SHA1: | E3CC33B9C2F8C78C54C85268BE39E3121CB2A8CB |
| SHA-256: | BA18028D8233F50C247C9429D86231FB7C46E8507D0C91A78A427FD039861D87 |
| SHA-512: | 73047A72A2D08E63072268F36537B608EECA04A4BE499DE324DC6C5C16BA6471C316A61316599DE87AA7740D5C8FC522996364D011D9B8C3F6A4A61E63662F08 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2818 |
| Entropy (8bit): | 5.13367541276176 |
| Encrypted: | false |
| SSDEEP: | 24:YqgNJ7ZiYOZaTCHayyF996u0CdocaAGOwv/4CjHOj0SqgUOe2Q0T2LS0WP6B5X2n:YprFy/WotAGOCzQlU13Wus6B129F |
| MD5: | 96F890169613D92ADB3285ED40DF9432 |
| SHA1: | 41ABB37331B16FC410A7742EDC19FFF001FC1918 |
| SHA-256: | CB7C377BE412A2A9CCA58146028B1192A88DE8812840059F2987CA533C5C7747 |
| SHA-512: | 41D3268D76AC69A540665889DC0EA01E06D606AF4CCB047ADF2BCC31DE96F3099D071FDDD895A4F41F9E292811185FD31B7FA4080B8DC06E5B7D48346D4968C9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.1879433571321625 |
| Encrypted: | false |
| SSDEEP: | 48:TGufl2GL7msEHUUUUUUUU8XSvR9H9vxFGiDIAEkGVvpwX:lNVmswUUUUUUUUO+FGSItI |
| MD5: | 27B63DE09A416C796DDBF09DFD2E3CE4 |
| SHA1: | 178C046398799FE19C2A2C5EDAA8F6C4E69E10C9 |
| SHA-256: | 8C18C91E11C05810F59D37E267135A4585A7A68E2286E42835B22DD7E5BA48BC |
| SHA-512: | B26DE59B3042B174327B26E07209A465B72BFD253220711746544B88166880A4A9C9673550A876F4E0B2BFE63AF9A56DB3648BE4F228F90A1004C7E9DD5C2E78 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.6080191661102345 |
| Encrypted: | false |
| SSDEEP: | 48:7MkKUUUUUUUUUU8LvR9H9vxFGiDIAEkGVvlqFl2GL7msSn:7QUUUUUUUUUUsFGSItzKVmsS |
| MD5: | 08A556DF081A02D4CE550D2C8AA0A450 |
| SHA1: | 9364550DC37D106B328CC51D49CD0F1E4FDACC6D |
| SHA-256: | E8D6F8AB26073F0897B724221F56C7D0FEDFBC49EDD57104BE9B5E1E9AAB55FA |
| SHA-512: | 0336B196C0A434515F251D5E1850DFB6BABAFDF5BCB8C86375B6CEDD67F7913FAE295FD6C22853FD1B5B6C8035DD602BFE2A40357248EC5C40C3C9C3DC233770 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5406586576927443 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8xIA5w:Qw946cPbiOxDlbYnuRKJ |
| MD5: | 8AEED635694060D2D7307641535835B2 |
| SHA1: | 0109E20D3742C861FD005161E62D2F4AB4392DD6 |
| SHA-256: | 48D79D3E23A945E9CA0D4FCD2AC46B8DFB22CA741F0E1C6A87EFC16A9608D63B |
| SHA-512: | 78735284432DA7AAC2E8D15093D40CB8DCCBA0CAD46ACD9F75CFCD05A40A4E90897334172D708682DEB03417304885DFDD869181A51589A7D8AA4D67A652F91E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-29 13-26-42-196.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.345946398610936 |
| Encrypted: | false |
| SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
| MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
| SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
| SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
| SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15114 |
| Entropy (8bit): | 5.345518376071342 |
| Encrypted: | false |
| SSDEEP: | 384:X+Y3Q/w7H4Ro+NMsPhbSm7H6+dF/RC6VkfqOjLbh8kWsaDdWm0zUpWp4RLZXoJp8:j4D |
| MD5: | 5755859B6825D27BD608EFC738ED4C1B |
| SHA1: | 48BCBBE4A1606E4FEB8E886D7231851CC57AC150 |
| SHA-256: | CA280D3F7FA7037B2DA9D2A54D8F623D8F0DAAEFDAD4AFE4504C6CD8B914263A |
| SHA-512: | A1381AAB2FD1AAFE4B89E3312DD7A563B04C8A2AF2FC8855AF9C261A2DD750C4AD8EFF521574B76D6826960F5E30E606A7B74FD6504A249E01ED72873EE3073F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.394588155874889 |
| Encrypted: | false |
| SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rl:ss |
| MD5: | 2D391CF614D8D7DF6FC7B3B2E77AE118 |
| SHA1: | 4AF6DB9C29C4F7748B22355605A1254B1F91C02C |
| SHA-256: | 7B821BAFFEA48580AFFC9A94219E37CC03D71542BD91406BB4499864E1775EF0 |
| SHA-512: | 712BAFB27328D5D709EF02F2DC5030F6AF74523505B3B2991C9A84C9EC91B2BF79E33CF8806D54DE3026F24E52304B772407DCE3D14CCF8E1100C94CFAAA10BF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru |
| MD5: | AE1E8A5D3E7B2198980A0CA16DE5F3D3 |
| SHA1: | A1DB2C58AFC81E6A114A8EB47BE0243956F79460 |
| SHA-256: | 8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F |
| SHA-512: | 5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLcGZtwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLcGZa |
| MD5: | 22B260CB8C51C0D68C6550E4B061E25A |
| SHA1: | DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E |
| SHA-256: | DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0 |
| SHA-512: | 503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.765253016400527 |
| TrID: |
|
| File name: | image08-29-2024-123918.pdf |
| File size: | 998'199 bytes |
| MD5: | fef2d5366df96c6517f5205045092498 |
| SHA1: | b410d6e69994094c1b154d3b8efae585bb6eec3f |
| SHA256: | d50dccde354000b20082dbb26982d5d0b39d4ff3e0f05de6178626ee4c09d8f5 |
| SHA512: | fa166897861f6af682a4fbefabb5cd5e5fd6f1297a889cf2a0f4f6418912199d7640fde0d41a5c3c4fffaf69710c48c904cbb22adae1c4a4d164789c90eb8145 |
| SSDEEP: | 24576:dsu+c9PIBPFLu2TaxvtQdsFFPf3eSmKw3GmcamvBo:euK/u2TaB3erWImZo |
| TLSH: | 6225F9039C59DB97952996D4BE030EAD2F072B5CE9853AFF10664ECF3E216260DDD02E |
| File Content Preview: | %PDF-1.5.%.....11 0 obj.<< /Type /Page. /Parent 3 0 R./Resources << /ProcSet [/PDF /ImageB /ImageC /ImageI]/XObject <</I13 13 0 R>> >>./MediaBox [0 0 612 792]/Rotate 0/Contents 12 0 R >>.endobj.12 0 obj.<< /Length 76.>>.stream.q.Q.q.W.0 0 m.612 0 l.612 79 |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.5 |
| Total Entropy: | 7.765253 |
| Total Bytes: | 998199 |
| Stream Entropy: | 7.764017 |
| Stream Bytes: | 994173 |
| Entropy outside Streams: | 4.988918 |
| Bytes outside Streams: | 4026 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 29 |
| endobj | 29 |
| stream | 13 |
| endstream | 13 |
| xref | 1 |
| trailer | 1 |
| startxref | 1 |
| /Page | 6 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 13 | 812103030303030f | fc58a1693868f5956ef526738f39421c |  |
| 17 | 633b111b0b032309 | 92d65d1105c66fbef4377ea6a80df483 |  |
| 21 | 331311191b411939 | 467b6ed61174ac6b33fabe4073f13570 |  |
| 25 | 2f1f1919190b0303 | f6cb1f284bc7dce9a0a0cd670fc86b93 |  |
| 29 | 5913032303430121 | 1d60b38ce29412b66c344ac280d99202 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Aug 29, 2024 19:26:53.817795038 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
| Aug 29, 2024 19:26:53.817816973 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
| Aug 29, 2024 19:26:53.818090916 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
| Aug 29, 2024 19:26:53.818265915 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
| Aug 29, 2024 19:26:53.818279028 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
| Aug 29, 2024 19:26:54.392446995 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
| Aug 29, 2024 19:26:54.392877102 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
| Aug 29, 2024 19:26:54.392903090 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
| Aug 29, 2024 19:26:54.394013882 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
| Aug 29, 2024 19:26:54.394144058 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
| Aug 29, 2024 19:26:54.428472042 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
| Aug 29, 2024 19:26:54.428648949 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
| Aug 29, 2024 19:26:54.428834915 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
| Aug 29, 2024 19:26:54.428850889 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
| Aug 29, 2024 19:26:54.476332903 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
| Aug 29, 2024 19:26:54.529117107 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
| Aug 29, 2024 19:26:54.529246092 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
| Aug 29, 2024 19:26:54.529337883 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
| Aug 29, 2024 19:26:54.529705048 CEST | 49747 | 443 | 192.168.2.4 | 23.41.168.139 |
| Aug 29, 2024 19:26:54.529730082 CEST | 443 | 49747 | 23.41.168.139 | 192.168.2.4 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49747 | 23.41.168.139 | 443 | 7248 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-08-29 17:26:54 UTC | 475 | OUT | |
| 2024-08-29 17:26:54 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 13:26:38 |
| Start date: | 29/08/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6bc1b0000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 13:26:39 |
| Start date: | 29/08/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 13:26:39 |
| Start date: | 29/08/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly