Edit tour
Windows
Analysis Report
CONVOCATION..pdf
Overview
General Information
| Sample name: | CONVOCATION..pdf |
| Analysis ID: | 1415999 |
| MD5: | 498843deeb487cefc54c5c57b720c6d1 |
| SHA1: | 12d039b8a98e266919658d27e0adc910de5a8b61 |
| SHA256: | dda4d289c48ea04bfe840ea5b96dfdb12200f759ff94aed7806b47500be41de8 |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 5736 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\C ONVOCATION ..pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 4456 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7216 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 92 --field -trial-han dle=1672,i ,538803249 5680149869 ,561657240 2652665692 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.48.8.182 | unknown | United States | 20940 | AKAMAI-ASN1EU | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1415999 |
| Start date and time: | 2024-03-26 18:15:48 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 0s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 9 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | CONVOCATION..pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@14/45@0/1 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.221.240.182, 3.219.243.226, 52.6.155.20, 52.22.41.97, 3.233.129.217, 172.64.41.3, 162.159.61.3, 23.221.227.88, 23.221.227.70, 23.221.227.101, 23.221.227.110, 23.221.227.74, 23.221.227.89, 23.221.227.73, 23.221.227.94, 23.221.227.103, 23.221.227.80, 23.221.227.83, 23.221.227.111, 23.221.227.66, 23.221.227.105, 23.221.227.68
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- VT rate limit hit for: CONVOCATION..pdf
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 23.48.8.182 | Get hash | malicious | PDFPhish | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | XWorm, zgRAT | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AKAMAI-ASN1EU | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Moobot | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.185072087626921 |
| Encrypted: | false |
| SSDEEP: | 6:FQt4q2P92nKuAl9OmbnIFUt88QtJZmw+8QoDkwO92nKuAl9OmbjLJ:2uv4HAahFUt8x3/+xG5LHAaSJ |
| MD5: | 790F3B595556DD41782637B00AFB8182 |
| SHA1: | 95D23A29F41F213AE39CE74BD4B40EC9B8025DAB |
| SHA-256: | 748975249CD0355C4E93FF7AEA25A05819D88F49F1B1D2BF936AE2F27F6B2AAE |
| SHA-512: | 44ADE9CE5CAEEC94D12A2A7F3DED607B763AE9FAABF692E18F25AEAD609F16E96C713EF2DA1BB6B9CBB1C64D438D02A61270BEAF5ECF1FB833CF2CD7123E68EC |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.185072087626921 |
| Encrypted: | false |
| SSDEEP: | 6:FQt4q2P92nKuAl9OmbnIFUt88QtJZmw+8QoDkwO92nKuAl9OmbjLJ:2uv4HAahFUt8x3/+xG5LHAaSJ |
| MD5: | 790F3B595556DD41782637B00AFB8182 |
| SHA1: | 95D23A29F41F213AE39CE74BD4B40EC9B8025DAB |
| SHA-256: | 748975249CD0355C4E93FF7AEA25A05819D88F49F1B1D2BF936AE2F27F6B2AAE |
| SHA-512: | 44ADE9CE5CAEEC94D12A2A7F3DED607B763AE9FAABF692E18F25AEAD609F16E96C713EF2DA1BB6B9CBB1C64D438D02A61270BEAF5ECF1FB833CF2CD7123E68EC |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.188570494128348 |
| Encrypted: | false |
| SSDEEP: | 6:FQ+C+q2P92nKuAl9Ombzo2jMGIFUt88QFAWZmw+8QcWJDVkwO92nKuAl9Ombzo23:2+C+v4HAa8uFUt8xOW/+xZV5LHAa8RJ |
| MD5: | 6144CF29A10EA71ED8CB72923C8711E8 |
| SHA1: | CAB3F49A377780CA710D2C5CB9864F71615485B0 |
| SHA-256: | 7A63B678D867B720C0498F84AF3B6A2B62257817C7FAD58A5432D22E771F9DA4 |
| SHA-512: | 631A8908B71A789ABEC79FFC5C45C4DA3611E7048E66DDD4B62720106002EF197E6CDD1A693A8FDE48C8EC4E7C921F7775C09B94B954EAD412DAE054447B24EE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.188570494128348 |
| Encrypted: | false |
| SSDEEP: | 6:FQ+C+q2P92nKuAl9Ombzo2jMGIFUt88QFAWZmw+8QcWJDVkwO92nKuAl9Ombzo23:2+C+v4HAa8uFUt8xOW/+xZV5LHAa8RJ |
| MD5: | 6144CF29A10EA71ED8CB72923C8711E8 |
| SHA1: | CAB3F49A377780CA710D2C5CB9864F71615485B0 |
| SHA-256: | 7A63B678D867B720C0498F84AF3B6A2B62257817C7FAD58A5432D22E771F9DA4 |
| SHA-512: | 631A8908B71A789ABEC79FFC5C45C4DA3611E7048E66DDD4B62720106002EF197E6CDD1A693A8FDE48C8EC4E7C921F7775C09B94B954EAD412DAE054447B24EE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\933696ab-9a40-46af-a123-a3dcfdfdc978.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 507 |
| Entropy (8bit): | 5.05523866501627 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZohcSiSsBdOg2HItcaq3QYiubxnP7E4T3OF+:Y2sRdsph8dMHIc3QYhbxP7nbI+ |
| MD5: | 08EA1D5136E728A4EA978AAF9E692F8C |
| SHA1: | AE4306B889DAFF1B84BEF90A63032920F879B065 |
| SHA-256: | B9566FCA93B0FA018CF94DFCDB684D24B380059C0375338976E9C143D1F9853D |
| SHA-512: | DCFA6483FFA891566FE06961F85E22A7915A72698F72DAFD0874C00B9845FD5E91E79F4EB224E25945D4F83F66384E7B161BFCE63AD247F3A94EB2F43648A36C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 507 |
| Entropy (8bit): | 5.05523866501627 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZohcSiSsBdOg2HItcaq3QYiubxnP7E4T3OF+:Y2sRdsph8dMHIc3QYhbxP7nbI+ |
| MD5: | 08EA1D5136E728A4EA978AAF9E692F8C |
| SHA1: | AE4306B889DAFF1B84BEF90A63032920F879B065 |
| SHA-256: | B9566FCA93B0FA018CF94DFCDB684D24B380059C0375338976E9C143D1F9853D |
| SHA-512: | DCFA6483FFA891566FE06961F85E22A7915A72698F72DAFD0874C00B9845FD5E91E79F4EB224E25945D4F83F66384E7B161BFCE63AD247F3A94EB2F43648A36C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4509 |
| Entropy (8bit): | 5.238557657172385 |
| Encrypted: | false |
| SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUI746/YY3tZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLt |
| MD5: | 143D91F33EB20AEFB72DADD272019297 |
| SHA1: | 59A2CE0214FD57685C894746E086945824FE4FF6 |
| SHA-256: | B14EA0F4A612CBD7BD1B3607EC50280D92B028F4D66ADB487378BE7E326CFE50 |
| SHA-512: | 149C4A52BB57D80FBF9082DB9509B6D741F22C54AD30A3839878E1E1E933669F30BBB876B6DC1F91F319F385306B7E3D3D3D8AE710FF02A98FB19A22637EA4D2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.191390808463111 |
| Encrypted: | false |
| SSDEEP: | 6:FQYC+q2P92nKuAl9OmbzNMxIFUt88QmFU3WZmw+8QZVkwO92nKuAl9OmbzNMFLJ:2v+v4HAa8jFUt8xH3W/+xZV5LHAa84J |
| MD5: | 8224FD49C18773AE3C800129BD445F53 |
| SHA1: | 15EDC8322662724FEEB889DA3406C0769ADA6BB1 |
| SHA-256: | 26E97F1BD3714DD336C52505F3262F05653FE8A47CDED1760A2AE0C36B42F5CA |
| SHA-512: | D81C2818362028C4CB3B2E7D8A1D82FC385AF2D04AE9F370EEA3A10E2AAB11A64574D6BF27D9E2ADF5744BA62F9BFE754DADB7A06F7B3CD16D6CBAB2B9A459D4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.191390808463111 |
| Encrypted: | false |
| SSDEEP: | 6:FQYC+q2P92nKuAl9OmbzNMxIFUt88QmFU3WZmw+8QZVkwO92nKuAl9OmbzNMFLJ:2v+v4HAa8jFUt8xH3W/+xZV5LHAa84J |
| MD5: | 8224FD49C18773AE3C800129BD445F53 |
| SHA1: | 15EDC8322662724FEEB889DA3406C0769ADA6BB1 |
| SHA-256: | 26E97F1BD3714DD336C52505F3262F05653FE8A47CDED1760A2AE0C36B42F5CA |
| SHA-512: | D81C2818362028C4CB3B2E7D8A1D82FC385AF2D04AE9F370EEA3A10E2AAB11A64574D6BF27D9E2ADF5744BA62F9BFE754DADB7A06F7B3CD16D6CBAB2B9A459D4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240326171636Z-151.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 2.0217916237229976 |
| Encrypted: | false |
| SSDEEP: | 384:WQ4d/dzAmS4QaCKMKTHAW53o8NDHNh9TMlJZc:WQKymS4Q6M0HAgo8dt/80 |
| MD5: | EBC62BFF64BD14A0323D62BD23C744CA |
| SHA1: | C7DFCC65468E75B3DB40B4DCC65BEB9BDC574D8F |
| SHA-256: | 79E7F88B52093D58965E36510FC4B0BAC07157150C2D028F8F34A37547782D3B |
| SHA-512: | 71B70525E88109470F3F634CF4C97BAF4BD9304C2C82EFF1941977CBFA761A6BC1C3942E4C132F9E17E2F7665AE11AFB97A43F506C49BCBA6B08779BC92E2341 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10880 |
| Entropy (8bit): | 5.214360287289079 |
| Encrypted: | false |
| SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
| MD5: | B60EE534029885BD6DECA42D1263BDC0 |
| SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
| SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
| SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10880 |
| Entropy (8bit): | 5.214360287289079 |
| Encrypted: | false |
| SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
| MD5: | B60EE534029885BD6DECA42D1263BDC0 |
| SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
| SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
| SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 227002 |
| Entropy (8bit): | 3.392780893644728 |
| Encrypted: | false |
| SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
| MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
| SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
| SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
| SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.329674910682748 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXztJCGtXEeOx+FIbRI6XVW7+0Y7u2xoAvJM3g98kUwPeUkwRe9:YvXKXhJd8UYpW7cCGMbLUkee9 |
| MD5: | DA42AD32B42BD99F67D6AFA19A0783AB |
| SHA1: | F09D0149589B5BAF91469576856FACB899D0C90C |
| SHA-256: | 56B94F05AFDAECBCA685302C9A5AAF31656F6C72670AE877A3C9181AE61C9B6F |
| SHA-512: | 8AD7BB3EF917B67EB1359311DCF46E9253AEEBED1F77132D6F8B127F55CDBDB5628899CA5D30FA656FCC14C5BED5863F69FB09EE2803FAEEA578B09E27B8784A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.269206563976462 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXztJCGtXEeOx+FIbRI6XVW7+0Y7u2xoAvJfBoTfXpnrPeUkwRe9:YvXKXhJd8UYpW7cCGWTfXcUkee9 |
| MD5: | F9893FF465A06BE6819CB981CE9EB121 |
| SHA1: | C437A76E9711924B6B09DAA208FAF0AA00C4B515 |
| SHA-256: | 6C0B858C570BEDABC46ACA7B5A755CA92664F470D067FDB63F23FEFC7B958313 |
| SHA-512: | 0DCB405FDFAB6CD11A4580871B64DFC2CF94C7012248CEBABD9966084FB927BE2A817BDEBD6B8D11D9821224AAC5F83466DDA55C9C864D9070766F9D8E968171 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.247605882844892 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXztJCGtXEeOx+FIbRI6XVW7+0Y7u2xoAvJfBD2G6UpnrPeUkwRe9:YvXKXhJd8UYpW7cCGR22cUkee9 |
| MD5: | 63FC1B30705A61271BA9A87485F5889B |
| SHA1: | 02132179BC593FC29C30EAAF04B1C3047A1D151A |
| SHA-256: | 701B940DBCAC182EB6F117A387D194820CFA422788C7164595BC6DE124A95763 |
| SHA-512: | 80F8BB414542AC9D64D31AD000C20F8CEDD5EF426A4C594269BE6B529F5F05002AE03292F0E2A9646125CF45EE8137C676F8BD1CFA52A7A794D37B391917E191 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.307385736560037 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXztJCGtXEeOx+FIbRI6XVW7+0Y7u2xoAvJfPmwrPeUkwRe9:YvXKXhJd8UYpW7cCGH56Ukee9 |
| MD5: | A02ADFC524CF8BE72957C27F9FF029FE |
| SHA1: | 1ED25336E6F9346A123CBC3CC795215EEF439944 |
| SHA-256: | C6E69C1A287CA6FC3262A5881F295380266627ED5B349B506E40440C97D07A78 |
| SHA-512: | 277C06DA46AA687B3C6BCA236FEC30CBF132B807A5D3D7A4CD398D3F4AF8C786819113DC5EC5B892C810595DE00EE679E6CB449D962246F40F2F4A85F32D4449 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.267572307441748 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXztJCGtXEeOx+FIbRI6XVW7+0Y7u2xoAvJfJWCtMdPeUkwRe9:YvXKXhJd8UYpW7cCGBS8Ukee9 |
| MD5: | 32B13D85C1817128848B4B5BD045806F |
| SHA1: | 3AD826336AB94EA791B6D160D02843407D92AF83 |
| SHA-256: | 472FC5DF9E0920AC86B1911B4F3BD2124F7D8636162F0CC35FC9529175EAAC70 |
| SHA-512: | DFEBC080C7635121B97B561634E72361AE722C5A589502D1DCFD1533F4CFD417DCD6F7B802CA6A8D555BBE5F174EAD1A00984A6A993ED4790E4474C85DF7B384 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.253235997924053 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXztJCGtXEeOx+FIbRI6XVW7+0Y7u2xoAvJf8dPeUkwRe9:YvXKXhJd8UYpW7cCGU8Ukee9 |
| MD5: | AF4E392FD84FCCC7C9217DAF21B0BFCE |
| SHA1: | 518EC8B895D5ED04D553FB841E0B9B2B3E9F7AC9 |
| SHA-256: | 23EE73DADE55938FF388E291861DD785C9542D969F3D74342DD072964811180F |
| SHA-512: | AA8D53B5313F65A61F4514F38EFCA12BA0D2308E65617F233FD237D29EA2436A7A4BE67B9970A6CF04DF76BD8FBF4E9E732320D4E4DCEB23943D009EEFF9D9C7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.254980648813472 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXztJCGtXEeOx+FIbRI6XVW7+0Y7u2xoAvJfQ1rPeUkwRe9:YvXKXhJd8UYpW7cCGY16Ukee9 |
| MD5: | AA94C2CB7A3E960CC0A3C84D162681E3 |
| SHA1: | CBBACCAF939BACCB8D07D22169C41BE4CC51D0F3 |
| SHA-256: | CE2B5AF17A67D5D96978A67A47E64ACDD8349377990D380083624182F9A26B36 |
| SHA-512: | 34A5D5ABDE69B73C86E33106FC63EB9C4B6B054EB227C32A49F9BE8A4662239F28EEE3DB5CEFD69589966BAC8E651E0D9107841F4928CC273C451C6C2601970D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.271701527921785 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXztJCGtXEeOx+FIbRI6XVW7+0Y7u2xoAvJfFldPeUkwRe9:YvXKXhJd8UYpW7cCGz8Ukee9 |
| MD5: | CE4E3E3AA252788F6FABB5CBE4D1E64F |
| SHA1: | 080822E16C35C22217E818E054EC2062F7392D2D |
| SHA-256: | 60DA62CB9698468C5C5283332A4BFF16F461F8C9E78BC85014CA35EF6CA7BA28 |
| SHA-512: | DA8F2E3426A9EF3E6697ED1B0E87332559BB583A19EC252A8F99AE3B3F7E3C9E6AC575F6C8426680BFECA7E2DF90FFDFEB23CD7EB68FF80D58F50DFDFDFF85F5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.281745236302019 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXztJCGtXEeOx+FIbRI6XVW7+0Y7u2xoAvJfzdPeUkwRe9:YvXKXhJd8UYpW7cCGb8Ukee9 |
| MD5: | C6008BE80F783C7EB0F7EBD6F09BBF79 |
| SHA1: | E908F798E8EFA6906C3778483A69D9F1C325E10C |
| SHA-256: | BA45A20558D75CD605ACE2A1D0E8D671CA5AF23E8BF349F07A21BDFFF16A8BB4 |
| SHA-512: | 2198AFBE09EB36F8803BB3815A98403A32FD3F277580EA1F7596B2F37201B6DEDAA2B098E04F480768266BD53C73835767B070B91EEC4EB186C73E6AFF874FCD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.261314156476572 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXztJCGtXEeOx+FIbRI6XVW7+0Y7u2xoAvJfYdPeUkwRe9:YvXKXhJd8UYpW7cCGg8Ukee9 |
| MD5: | A7B44D2D7335DE747268F1A1BC9099E6 |
| SHA1: | CC831117F021FD08F4F015A508DB6CF643EDCD46 |
| SHA-256: | F014E194EBC869F64F7C02BD31AF165F28751D6F285A307A5B5093E04935235D |
| SHA-512: | 24B780956297AAE4CFF457EA2C8FE25765E5DEA68215AD0C764F97F8CCD53D6F66A1266F86F22E811BA64FB70285ADC7D9DA399279B509D7C3BDFCB63BDBF659 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.771094621878696 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XhJmiclrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNAS:YvAJRaHgDv3W2aYQfgB5OUupHrQ9FJSS |
| MD5: | 213B5C8756F73F137ED538974BC63406 |
| SHA1: | 37173FD93F3714F419141D69DCCB9CBC4597983D |
| SHA-256: | 08CF7AAC4BECF7D9D4BB4AC100F7BA7D089947951CF37B273187D9060F81FE0C |
| SHA-512: | E3AC462EFCC84874619E3AEF886E2DC905E88C41E60CD54FF8C0D3783539F072D2EE0CC16E590ACF0403FC3981CF180233AFA16FF0FCD59BCC1C4FF74AAA61A6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.245127136236508 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXztJCGtXEeOx+FIbRI6XVW7+0Y7u2xoAvJfbPtdPeUkwRe9:YvXKXhJd8UYpW7cCGDV8Ukee9 |
| MD5: | B66BBEAC5D6009F4A0636CCB31E2B3A6 |
| SHA1: | F4F8261117352E9A7F89F133AE6B7C315D9CD926 |
| SHA-256: | E4E620B4D09CF2277C834202A152524DA39F92B5229E05D8E5CB646230B5ADBD |
| SHA-512: | 7638335C4FDF8ADF9091F2C5B5A8CB2FD12397D49B13418235287609B9719BD135E93C97689F588CFDFDCAF1978112B8EE02D120FBFDD9A48087AC10E71C1905 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.245950505062955 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXztJCGtXEeOx+FIbRI6XVW7+0Y7u2xoAvJf21rPeUkwRe9:YvXKXhJd8UYpW7cCG+16Ukee9 |
| MD5: | 4BD6BC96751CD46B3AF51E464552AA9F |
| SHA1: | 1C3F46369AE3DA93CFD85D045BA6B8926EC69A67 |
| SHA-256: | 6E83814B0E76767862D1F975048E9C7A8D420CD508161E6FB178F49946A6DF26 |
| SHA-512: | 39BCB7CA3F92F85CD05D9F67909EE8FCDF1C7F5B41D40BE1949E8177485F1AC6FDA301D71174A33A5BB67B278B55F6393A521D6D27C48A150506EF87912CA44D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.267543262193772 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXztJCGtXEeOx+FIbRI6XVW7+0Y7u2xoAvJfbpatdPeUkwRe9:YvXKXhJd8UYpW7cCGVat8Ukee9 |
| MD5: | AF91EDC6473FD899A7A16E4B5F8B00AC |
| SHA1: | D4082C153AF81A6482CA54CBA507E6B21420C880 |
| SHA-256: | B8970F1C1865895B84A5F2CA5F1678644636BB7D760B03FC799F1225D7898575 |
| SHA-512: | F6730620FE6F8BCE001EC392411DF59086D20984B52AE60B941A2186370CA3FC216954FD0B71A3F8A6E4518F98D1F5D849CDBB6CCE5AC46AF4302754D42A625D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.218563751253769 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXztJCGtXEeOx+FIbRI6XVW7+0Y7u2xoAvJfshHHrPeUkwRe9:YvXKXhJd8UYpW7cCGUUUkee9 |
| MD5: | DF77B6E80ED993FADE9097C91DB09C6B |
| SHA1: | CFE9E3E4E5C458ABCF0B8C28E79B36A79B1FB427 |
| SHA-256: | C17078FDB79774B4B414EF11E863CBBFE5354CD3F03175B8D080FB37DCCCCD5F |
| SHA-512: | CDEFB6214D7E39E17FD8CE56161BEB5EBEE9DEB0429B3C1BD87467E149A888ADAC575E4B71F09C9C7546E36B18F286B42362ED210709EFEFE721070AADC323E6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.3636207008776235 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXhJd8UYpW7cCGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWUS:Yv6XhJmicM168CgEXX5kcIfANhPS |
| MD5: | 23D1CB94EFB7C1D3EC23726274B9B28F |
| SHA1: | 7E2AAC062CF5D4FD45A3F06A592F77E798A27A6B |
| SHA-256: | 34B574982D68C23900E8B5C65CDEE19911A023638F0F12ECA4CE753758451070 |
| SHA-512: | 62925134A79BC4610C0053CE6EDDF831BFFF8E247B82835E1EAE8CCA11024724BF3C344A3B9B7F8D5B3BF14A1917C46728520B4263BB713741044F3E144A0199 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2813 |
| Entropy (8bit): | 5.133618132865071 |
| Encrypted: | false |
| SSDEEP: | 24:YLhECTPL3WALJ6r/h4wnBfa3ABayurB3WqJYJ4ZjJg/vj0SLdL2n4pP2LS1lqg5z:YLeKPLFmiwn6N3w+CjN5pP/lqgnh9Fqi |
| MD5: | CD1B5CB868EBC0110F9C20B8676FD475 |
| SHA1: | 592B8C23F5362295F1A616CA45859EFE69AB7103 |
| SHA-256: | 5FA979AB2EBFF55AB7D2EC14CC9F53B42BA5A9A7342C57C08A4B7A5E72BBA0DB |
| SHA-512: | AD369D91ACE363B9D884398AF8F4D53F2E397FFC6D9AF683F6368E482B0B8D0C75EC094478E59CD3E3E2F103F247F2CC8A0C4DCC1CB1E0EFA3E812CCFC85DE0C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.9851032027990193 |
| Encrypted: | false |
| SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sp7w4zJwtNBwtNbRZ6bRZ4ewF:TVl2GL7ms6ggOVp7TzutYtp6PdM |
| MD5: | 5DDAE51F08039CC8D874A57A62296081 |
| SHA1: | 9ACD9BF17E2699C54F5E50D182D532A34F4383FF |
| SHA-256: | 6CAD4A98E0BBD491BE97E091050B4D3654B00D0C1983BC1D8EDB5CCCE9C6419D |
| SHA-512: | 7BED9784AB20784ED1E42A46285474788B658EB88EEAAF7F5DF951A8F502D82301BE508B6B6439C72F4CECDDF8C1B2396D22AC5C80B7C174143EB8BB21661757 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.3389485126153622 |
| Encrypted: | false |
| SSDEEP: | 24:7+tpAD1RZKHs/Ds/Sp7wPzJwtNBwtNbRZ6bRZWf1RZK26qLBx/XYKQvGJF7urse:7MpGgOVp7szutYtp6PMcqll2GL7mse |
| MD5: | 1BF8809FECD0D38ED3557B949FDF06A6 |
| SHA1: | F9A72EC87ECFFC39E831970053CE58D193DF9880 |
| SHA-256: | 8F3ABE0A5FD25E045CB0DB4F0FBAC9D4A866E85BA19D75DDB9B221093E35426F |
| SHA-512: | 198183228C8A98B5C008EAAA48243E359D20087168663CEABC4C5FCA1C336CE1C8D07AF439E90589E1CA65B179B2A83EEBD9633D60235019799BACBC800CDEE5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66726 |
| Entropy (8bit): | 5.392739213842091 |
| Encrypted: | false |
| SSDEEP: | 768:RNOpblrU6TBH44ADKZEg0Qo1C/pqr9sXwl08LyKO7xX85arYyu:6a6TZ44ADE9q6wl0DKWX85qK |
| MD5: | E9A14165DF90A94A440357A0E385D627 |
| SHA1: | 87AF6AB3E3ADCD02A9175420DDB058AB0BC2CAF2 |
| SHA-256: | C37C18B0C4691753CB537CFC23ECAB6506A8E68594EBF09A967FB038B8C2D237 |
| SHA-512: | 20EC9D1B7C31219FB009555E162155B0523133A97AEAAACE9110877A2491B5F1FBC43D97ED80A53AC55CE824506B42661991BA6F2EAB3E8740E73509551D8688 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5421404787358357 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8mdUFGljyw:Qw946cPbiOxDlbYnuRKvlRyw |
| MD5: | 54110B69A4829065C8A2BC1C25933DD5 |
| SHA1: | 777E593BDA4C4B3A84130BEF9D0BD80BD94D1C3C |
| SHA-256: | 0399814C4FFCE09D169F9F31F41A03B68541ED8792801229738A4258B44FCCA6 |
| SHA-512: | 36B295B33D0DD5F3C382FEAF525263554A61BAD36E5F35D9F7D0F518E94FC12747EA830016EF0E072A1B50CEEA93616655B2B2F29A2DE1F17FFE8AD8D168ECFA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-26 18-16-34-473.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.376360055978702 |
| Encrypted: | false |
| SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
| MD5: | 1336667A75083BF81E2632FABAA88B67 |
| SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
| SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
| SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.403970215499996 |
| Encrypted: | false |
| SSDEEP: | 384:zpPkXhGJuCsD3ZmLaVthKGvjAhhzv7eahFbRVbdY3yXYe/5hy9sDIDfKiAnYt9ty:/KrbzVZA1J |
| MD5: | FFD5EC1AA97864645CD568C78A1A93AA |
| SHA1: | C5476EF11AA6B68E667CD387D1A3B058BC2D5B8F |
| SHA-256: | A9B5190AC3EC2B75B73365DEEB4BBB379864895C2663B395617B27FD6B0BD8E7 |
| SHA-512: | B1299F55CD4BBA1F2A04553DC1A4856AB7F33B91716FC73202F126133BF89AB3C33DBE3A63E1D20D88D3BA0F9D5A11BDDA45594327BC1A634250603F9AAE0682 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29845 |
| Entropy (8bit): | 5.404654341245064 |
| Encrypted: | false |
| SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbl:B |
| MD5: | 65DA8BD563B15B6800A75FCC0E216E6C |
| SHA1: | 9D8C6B30C07BF42C2D7D9778A4EEF8A79A5EF746 |
| SHA-256: | 926C97174C4BBD04B76634895805797D92DE1F9A75A5DF0F42E231DC4CDEE3BF |
| SHA-512: | 7A51AE11CF3C0A71497F36F75F8C5ACC179A521795594D368AEB7F0A3F3721989E54A651C736F7699F7C1A3514D338A72035375C501AFE5CDF88AEAAF438387F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
| MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
| SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
| SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
| SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
| MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
| SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
| SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
| SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.991651078890106 |
| TrID: |
|
| File name: | CONVOCATION..pdf |
| File size: | 569'943 bytes |
| MD5: | 498843deeb487cefc54c5c57b720c6d1 |
| SHA1: | 12d039b8a98e266919658d27e0adc910de5a8b61 |
| SHA256: | dda4d289c48ea04bfe840ea5b96dfdb12200f759ff94aed7806b47500be41de8 |
| SHA512: | ae8da85a67aeb0890252b0ca7e5bb23cb46362350d13d8245597ad1d8420fcb627b6939248624a94a43f4569ebf5f4a761621d16a2facb686027a08aa54f27a2 |
| SSDEEP: | 12288:W/+QQL54f0CEiK8SJzBNAyY2i6jNQZlFLcqNPN1od+A1LB:r54fWxJ8yY2tIAsPg+A3 |
| TLSH: | AAC42314E0D0DE18DF2B347479D1EF57AB6B906420E91EACF2AA8000DD4BF195EA6B4D |
| File Content Preview: | %PDF-1.5.%.....7 0 obj.<<./Type /FontDescriptor./FontName /Times#20New#20Roman./Flags 32./ItalicAngle 0./Ascent 891./Descent -216./CapHeight 693./AvgWidth 401./MaxWidth 2614./FontWeight 400./XHeight 250./Leading 42./StemV 40./FontBBox [-568 -216 2046 693] |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.5 |
| Total Entropy: | 7.991651 |
| Total Bytes: | 569943 |
| Stream Entropy: | 7.991588 |
| Stream Bytes: | 566350 |
| Entropy outside Streams: | 5.210649 |
| Bytes outside Streams: | 3593 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 23 |
| endobj | 23 |
| stream | 3 |
| endstream | 3 |
| xref | 1 |
| trailer | 1 |
| startxref | 1 |
| /Page | 1 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 15 | 370679736e976f4e | 08f0db5b229e342cd82096e4e519e188 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 26, 2024 18:16:45.554977894 CET | 49714 | 443 | 192.168.2.5 | 23.48.8.182 |
| Mar 26, 2024 18:16:45.555022955 CET | 443 | 49714 | 23.48.8.182 | 192.168.2.5 |
| Mar 26, 2024 18:16:45.555097103 CET | 49714 | 443 | 192.168.2.5 | 23.48.8.182 |
| Mar 26, 2024 18:16:45.555253029 CET | 49714 | 443 | 192.168.2.5 | 23.48.8.182 |
| Mar 26, 2024 18:16:45.555274963 CET | 443 | 49714 | 23.48.8.182 | 192.168.2.5 |
| Mar 26, 2024 18:16:45.845649958 CET | 443 | 49714 | 23.48.8.182 | 192.168.2.5 |
| Mar 26, 2024 18:16:45.845938921 CET | 49714 | 443 | 192.168.2.5 | 23.48.8.182 |
| Mar 26, 2024 18:16:45.845971107 CET | 443 | 49714 | 23.48.8.182 | 192.168.2.5 |
| Mar 26, 2024 18:16:45.846956015 CET | 443 | 49714 | 23.48.8.182 | 192.168.2.5 |
| Mar 26, 2024 18:16:45.847029924 CET | 49714 | 443 | 192.168.2.5 | 23.48.8.182 |
| Mar 26, 2024 18:16:45.848716974 CET | 49714 | 443 | 192.168.2.5 | 23.48.8.182 |
| Mar 26, 2024 18:16:45.848784924 CET | 443 | 49714 | 23.48.8.182 | 192.168.2.5 |
| Mar 26, 2024 18:16:45.848893881 CET | 49714 | 443 | 192.168.2.5 | 23.48.8.182 |
| Mar 26, 2024 18:16:45.848901987 CET | 443 | 49714 | 23.48.8.182 | 192.168.2.5 |
| Mar 26, 2024 18:16:45.889247894 CET | 49714 | 443 | 192.168.2.5 | 23.48.8.182 |
| Mar 26, 2024 18:16:45.944825888 CET | 443 | 49714 | 23.48.8.182 | 192.168.2.5 |
| Mar 26, 2024 18:16:45.944873095 CET | 443 | 49714 | 23.48.8.182 | 192.168.2.5 |
| Mar 26, 2024 18:16:45.944925070 CET | 49714 | 443 | 192.168.2.5 | 23.48.8.182 |
| Mar 26, 2024 18:16:45.945422888 CET | 49714 | 443 | 192.168.2.5 | 23.48.8.182 |
| Mar 26, 2024 18:16:45.945441961 CET | 443 | 49714 | 23.48.8.182 | 192.168.2.5 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49714 | 23.48.8.182 | 443 | 7216 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-03-26 17:16:45 UTC | 475 | OUT | |
| 2024-03-26 17:16:45 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 18:16:31 |
| Start date: | 26/03/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff686a00000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 18:16:32 |
| Start date: | 26/03/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 18:16:32 |
| Start date: | 26/03/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly