Edit tour
Windows
Analysis Report
User Manual.pdf
Overview
General Information
| Sample name: | User Manual.pdf |
| Analysis ID: | 1417300 |
| MD5: | 4e5167220439be2577e98d0d0e0f1b10 |
| SHA1: | 6ba9cee542a830ae2f1f8e246b6b0a4e1f5b9514 |
| SHA256: | 0dd816a9b2c428509e3bf91e66ed601e65d93b5d96180427ea121258225926eb |
| Infos: | |
 | |
Detection
| Score: | 1 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 5080 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\U ser Manual .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 7236 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7424 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 08 --field -trial-han dle=1572,i ,733084698 9784507453 ,386888986 2558952675 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | Initial sample: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.223.252.145 | unknown | United States | 16625 | AKAMAI-ASUS | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1417300 |
| Start date and time: | 2024-03-28 22:23:03 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 55s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 9 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | User Manual.pdf |
| Detection: | CLEAN |
| Classification: | clean1.winPDF@14/45@0/1 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.51.56.185, 18.213.11.84, 34.237.241.83, 54.224.241.105, 50.16.47.176, 162.159.61.3, 172.64.41.3, 23.40.179.136, 23.40.179.182, 23.40.179.141, 23.40.179.192, 23.53.35.208, 23.53.35.200, 23.40.179.21, 23.40.179.9, 23.40.179.17, 23.40.179.19, 23.40.179.8, 23.40.179.5, 23.40.179.4, 23.40.179.11, 23.40.179.14
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- VT rate limit hit for: User Manual.pdf
⊘No simulations
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AKAMAI-ASUS | Get hash | malicious | Vidar | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader | Browse |
| ||
| Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.223938216977274 |
| Encrypted: | false |
| SSDEEP: | 6:FZfmfdH39+q2P92nKuAl9OmbnIFUt88ZfmfGTXJZmw+8ZfmfGTX9VkwO92nKuAlz:8H34v4HAahFUt8yTXJ/+yTXD5LHAaSJ |
| MD5: | 2E8FBD4AF70A3EB7CF9AF12536ED6565 |
| SHA1: | DC712183D855B6430F431ED1A9188B28F95C3D8A |
| SHA-256: | 313AC78EEF3E3C368A076D2E6CAD564717E47189784C3A9157A2B96CDC476A43 |
| SHA-512: | FAF9024ABD3AE44E4FC71397CB4CD0B152ED5A06B4050C3AB2402AB250DC7B1835A3616590447A0BA456949E91127EA5E426AB997145EE47EB09B380BB48C767 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.223938216977274 |
| Encrypted: | false |
| SSDEEP: | 6:FZfmfdH39+q2P92nKuAl9OmbnIFUt88ZfmfGTXJZmw+8ZfmfGTX9VkwO92nKuAlz:8H34v4HAahFUt8yTXJ/+yTXD5LHAaSJ |
| MD5: | 2E8FBD4AF70A3EB7CF9AF12536ED6565 |
| SHA1: | DC712183D855B6430F431ED1A9188B28F95C3D8A |
| SHA-256: | 313AC78EEF3E3C368A076D2E6CAD564717E47189784C3A9157A2B96CDC476A43 |
| SHA-512: | FAF9024ABD3AE44E4FC71397CB4CD0B152ED5A06B4050C3AB2402AB250DC7B1835A3616590447A0BA456949E91127EA5E426AB997145EE47EB09B380BB48C767 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.155523156710773 |
| Encrypted: | false |
| SSDEEP: | 6:FZfm039+q2P92nKuAl9Ombzo2jMGIFUt88ZfmMBC3JZmw+8ZfmpN9VkwO92nKuAv:f+v4HAa8uFUt87Z/+FV5LHAa8RJ |
| MD5: | 065698984CB088A1D98BD9A8093098F1 |
| SHA1: | 3CE1E48F4EECAEF239092E52F2151932AA21F671 |
| SHA-256: | F0C43B12A6B39CF5088FAB456F53EACB1DB40A9505C8797870A93A819370ECCF |
| SHA-512: | E46B64E0DE64734642EF6D571F1512B8102250B0D82BB301037C1688F5F33C838D86A3B36882F693177ED5ABDE969BBB2D06FF9D92F318854AF09B1D427492F2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.155523156710773 |
| Encrypted: | false |
| SSDEEP: | 6:FZfm039+q2P92nKuAl9Ombzo2jMGIFUt88ZfmMBC3JZmw+8ZfmpN9VkwO92nKuAv:f+v4HAa8uFUt87Z/+FV5LHAa8RJ |
| MD5: | 065698984CB088A1D98BD9A8093098F1 |
| SHA1: | 3CE1E48F4EECAEF239092E52F2151932AA21F671 |
| SHA-256: | F0C43B12A6B39CF5088FAB456F53EACB1DB40A9505C8797870A93A819370ECCF |
| SHA-512: | E46B64E0DE64734642EF6D571F1512B8102250B0D82BB301037C1688F5F33C838D86A3B36882F693177ED5ABDE969BBB2D06FF9D92F318854AF09B1D427492F2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 507 |
| Entropy (8bit): | 5.047725111930163 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZlHWsBdOg2H9Acaq3QYiubxnP7E4T3OF+:Y2sRds+dMH9r3QYhbxP7nbI+ |
| MD5: | C99380396BB412BE5355ECDADD7B48CB |
| SHA1: | 12C608E8FFA5B66E37FDBB0C47D0A648AC474FDB |
| SHA-256: | 273530BB25D40B0969823291060FBA7EB394692DFF9D685B1C1AB0CC4F9BE572 |
| SHA-512: | 3C7E6E1EF81856383EBBC5CA4B5E3D77F5CD911D8A2453008E7C202F61ED267B25B54F5E70D37444BEC9DCA154C8F5919196DDABFAE07BB680B22C26F1A6A873 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f69e8f6a-aad8-4114-b43f-63e734951d0b.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 507 |
| Entropy (8bit): | 5.047725111930163 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZlHWsBdOg2H9Acaq3QYiubxnP7E4T3OF+:Y2sRds+dMH9r3QYhbxP7nbI+ |
| MD5: | C99380396BB412BE5355ECDADD7B48CB |
| SHA1: | 12C608E8FFA5B66E37FDBB0C47D0A648AC474FDB |
| SHA-256: | 273530BB25D40B0969823291060FBA7EB394692DFF9D685B1C1AB0CC4F9BE572 |
| SHA-512: | 3C7E6E1EF81856383EBBC5CA4B5E3D77F5CD911D8A2453008E7C202F61ED267B25B54F5E70D37444BEC9DCA154C8F5919196DDABFAE07BB680B22C26F1A6A873 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4509 |
| Entropy (8bit): | 5.23922659411318 |
| Encrypted: | false |
| SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUK54QlImyWmT/lZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLW |
| MD5: | 2175739EA0A4AFB5C2EE0116F8AB575B |
| SHA1: | 3C83293147FCB136BAA726B5E644D2BE75C9B26A |
| SHA-256: | A7C5ED83A13EEBA23E46D077F434D539756363EB1BBBD14575F3448FC6936B9A |
| SHA-512: | 4082F526426900593D1ADA76424C337728459B4E627E63AEFFAF7610591B5B79373A21777CEAE3E3735290111AC4D80DA55A2E82EF7AB792926B236B2AD57753 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.112065671795597 |
| Encrypted: | false |
| SSDEEP: | 6:FZfl39+q2P92nKuAl9OmbzNMxIFUt88ZfcC3JZmw+8ZfBi9VkwO92nKuAl9OmbzE:/+v4HAa8jFUt8G/+BV5LHAa84J |
| MD5: | 50E9DCB68CFE16183926723AC21987A1 |
| SHA1: | 6A98C969E47AC588249D5C4A979D9856812EA0CF |
| SHA-256: | CCAC87EAC54D347728AC4BA2854191D5339EF35DED2570841AA46093D7B7BA29 |
| SHA-512: | A53C54D42FD2B07A689B45F1D9F21147A41A3E762C0F0572B6F7CEDF7DF72E4DE6AC9BCE6BF34E401828F69F1E957A6DD0DFE878D835994744CB0DEEF964B7EF |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.112065671795597 |
| Encrypted: | false |
| SSDEEP: | 6:FZfl39+q2P92nKuAl9OmbzNMxIFUt88ZfcC3JZmw+8ZfBi9VkwO92nKuAl9OmbzE:/+v4HAa8jFUt8G/+BV5LHAa84J |
| MD5: | 50E9DCB68CFE16183926723AC21987A1 |
| SHA1: | 6A98C969E47AC588249D5C4A979D9856812EA0CF |
| SHA-256: | CCAC87EAC54D347728AC4BA2854191D5339EF35DED2570841AA46093D7B7BA29 |
| SHA-512: | A53C54D42FD2B07A689B45F1D9F21147A41A3E762C0F0572B6F7CEDF7DF72E4DE6AC9BCE6BF34E401828F69F1E957A6DD0DFE878D835994744CB0DEEF964B7EF |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240328212355Z-148.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 0.100662448604734 |
| Encrypted: | false |
| SSDEEP: | 6:ujlhyYyRC+H6rFUexa0WnaOhHKX2RikPHCFRnGq/G+HpzkoJsiSp5ZVJQKbuaCaJ:yyYa6iBnaOZqR0WRGr+Hpgov6/R |
| MD5: | 59F43ED39BDC6BDC175D0B5FCBD6BFEB |
| SHA1: | ED07F723EB6ACEC01A72DEB3BDCB3CE8439778D8 |
| SHA-256: | 585DA6234D1C73FE27FC8CD0F1AEAC87BA49182275D4EA4BD2550D08DC3B5A75 |
| SHA-512: | C12638D0845ACC342510B3FD4F4F07501F1B094DF7A4F88A32FF675CF8803D23A5CCF178B82A06F24B409CA634B8CD20C58D7FF470C084F768F3D863A233BDCD |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10880 |
| Entropy (8bit): | 5.214360287289079 |
| Encrypted: | false |
| SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
| MD5: | B60EE534029885BD6DECA42D1263BDC0 |
| SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
| SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
| SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10880 |
| Entropy (8bit): | 5.214360287289079 |
| Encrypted: | false |
| SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
| MD5: | B60EE534029885BD6DECA42D1263BDC0 |
| SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
| SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
| SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 227002 |
| Entropy (8bit): | 3.392780893644728 |
| Encrypted: | false |
| SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
| MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
| SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
| SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
| SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.363092285159866 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXINR1x+FIbRI6XVW7+0YrcoAvJM3g98kUwPeUkwRe9:YvXKXINR1UYpW7YvGMbLUkee9 |
| MD5: | 370C70B9BF88FE99DBEBEFC1249794A0 |
| SHA1: | 4A87E5C03E5FE84BAF1ADE11361CD65C65F30AC8 |
| SHA-256: | 63423E92E3DC3A545FA2268B1417AA268B88EE2FAF669D09CC9B93A683AD10E0 |
| SHA-512: | 7C4EBDBC4F230EAD85B2D99C3B352EA53167312F43496F62F4000621301B668E56880906E0D2B92BF6EFE615D8E37B249BFFBEBE3B1FAA2A1CED2523CD329D6A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.304759249764442 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXINR1x+FIbRI6XVW7+0YrcoAvJfBoTfXpnrPeUkwRe9:YvXKXINR1UYpW7YvGWTfXcUkee9 |
| MD5: | 3F0B906D873A2051D9C006319D45A5FE |
| SHA1: | F39FB1968B37544F6E61114EC9DB86F95ADC5F78 |
| SHA-256: | 168529D6FF34D4BE129CA6FAF0C7D040E5B7095ED2A4B79B28738C909906EB77 |
| SHA-512: | E7CC79966CA437E9C881C7D190195D0345B59317C6D2115CDF2F1A46DB9548F65D89C06EC578AE579BF73ABAAAC3313B828259239F79B22E60BFC674C10CACBB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.2827118497638015 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXINR1x+FIbRI6XVW7+0YrcoAvJfBD2G6UpnrPeUkwRe9:YvXKXINR1UYpW7YvGR22cUkee9 |
| MD5: | 0BB821F4BCF5DF0F04D41D8597D75FA3 |
| SHA1: | 4775E688BD95349DBA5DBDB7EA5847F1272E3AE2 |
| SHA-256: | 71B42DB6AEAD6742A03C752FEC34CB157456CCE4D2388AD0C381F625D0522FBB |
| SHA-512: | F21F17FBBD4E731915E421591FB233B1ADE34C672A7B5B31E3FEC5840EE5CEE75C33D3E9548AF0EEF9F2632029F231A4BCE7B43B672BC9A58C5BBBB8B52E223E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.341975650492493 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXINR1x+FIbRI6XVW7+0YrcoAvJfPmwrPeUkwRe9:YvXKXINR1UYpW7YvGH56Ukee9 |
| MD5: | 641A6A9EDB319BFB1F19910CA6701B1C |
| SHA1: | A2AF35F66BC4DA4E6907CC65C8E419DEC56ADC3F |
| SHA-256: | 27B30F056F725B7860B28177A45E6B1E15B122E83B730F28749FB4B0F791A98B |
| SHA-512: | 6D0D92DE1DC20CCD0093DAF71646A51E58FB0262B5BE76C16679DA12033FFEBF756ECA0CCC7A86325FBD70CCEE9F07E27E41F0E2709416F49A9836BC0C782E9F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.3044035486163725 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXINR1x+FIbRI6XVW7+0YrcoAvJfJWCtMdPeUkwRe9:YvXKXINR1UYpW7YvGBS8Ukee9 |
| MD5: | 11925D38C9FBB9E60B6375F72446D74D |
| SHA1: | 9817074CFEBBA49FAAB956CBD13313EF1A79C89C |
| SHA-256: | 75306C577073EAEB5EA26FBA3E81FAF902F9F42B4ED21A3EC81CECD3521B3969 |
| SHA-512: | 639F0B1946411E995981F25EF7DDD5931E93B734673D6A1063D4F726CC85B4BE658C3D152C14AB4722C82F8112C9CC3767E730591C8222990F8F7122A18D8F4A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.289949532535632 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXINR1x+FIbRI6XVW7+0YrcoAvJf8dPeUkwRe9:YvXKXINR1UYpW7YvGU8Ukee9 |
| MD5: | 77FFE61339A67CAA738613D289E18648 |
| SHA1: | 822F870556A3C5762ED3886E97884F19E1C15E52 |
| SHA-256: | 666F64BD59D2B0C3F9C1B512F5EFCAC01115712A51096DC3816AD8574F8197DA |
| SHA-512: | E30C1CE6B839927327CF26B494B350C3D34309ECAD88094CB97EA6190A8580998EE355D97996E765C853C90DFFA3E1F47B384ACC696D672CF01008732A0C7CFE |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.291316989576302 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXINR1x+FIbRI6XVW7+0YrcoAvJfQ1rPeUkwRe9:YvXKXINR1UYpW7YvGY16Ukee9 |
| MD5: | B226F6FD4D602D78B638461A0FC4DB14 |
| SHA1: | 48DF769F68BC3D96FF8E6A1CEB01D18D66111E16 |
| SHA-256: | 90132348D9E0EA9C8DF6BA7F6533EE31B050CEDA1E6D74223B2CEE5625CBADA9 |
| SHA-512: | B0BFFCF9F30CE38A9B980E5A9F27DBA78FD9BAD52712CF0BC5601A6313E7247216F0F4727383B5D876478439620F8910BE281E92C7B6E173A73FDE445791BC3C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.311471761465557 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXINR1x+FIbRI6XVW7+0YrcoAvJfFldPeUkwRe9:YvXKXINR1UYpW7YvGz8Ukee9 |
| MD5: | 3A4F28E1CE7550DD5096A7CB8B8640A1 |
| SHA1: | 0F5F4EE73A180D4892B62386C3CA5E53541BB2AA |
| SHA-256: | CCFD90EF79AB8050740074F3D59D95EA5CA6F6A635520E3B7062A367B806E5BF |
| SHA-512: | 715DA8A00607AFDC4EE9C548FA00EA1FC9F7AD7AC957B9BC241E4340D2574BA6C1F4807393D6D6DA7A6BECE37BB4164371C94A7050E17559D197F595C5359F19 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.318201922481645 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXINR1x+FIbRI6XVW7+0YrcoAvJfzdPeUkwRe9:YvXKXINR1UYpW7YvGb8Ukee9 |
| MD5: | AD47717272D9237A98F2A34369FFB89A |
| SHA1: | 8A9846015E1F373FBEEC957EEFAAE21AD9356E1E |
| SHA-256: | 42B0651310BCAF06CE7F42E6B7C8420D80C3DB79E5A43DBC8EAC37E04797CF09 |
| SHA-512: | CC3E54DF4F1060FFF31B16EC0DEFF9AAB78A57CEF96F8EAB6C50912BB448907364073BA80DB642985F3477A395EDF3207D0A5A19FAF1486B0E4C589355BDE0AA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.298527728874461 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXINR1x+FIbRI6XVW7+0YrcoAvJfYdPeUkwRe9:YvXKXINR1UYpW7YvGg8Ukee9 |
| MD5: | B323AFAF3EFD30D1C4ED2C6C56EB5F23 |
| SHA1: | 1C9B0D80BD490031739FBB5D3455514B167BC736 |
| SHA-256: | 07B93D6AEAA460CCD844A1F95BB8A0B5EA772BAA761DDB6915C01F378AD1643F |
| SHA-512: | F9D1AC032A17F5B77DD7A0BBAF3869D64D2DF11D4E63C1B024433D1023AB4CF0530F7359E304BF613D4C69B45ACFE5F21F45655028D79AF34AD05669F01CA5E4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.775732846429488 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XYBiYKrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNqO:YvrYYKHgDv3W2aYQfgB5OUupHrQ9FJN |
| MD5: | 77D64719292B1502FF87EA65CE802F2B |
| SHA1: | 469BD833AE981D639F51A80B15A712FD8BB236BB |
| SHA-256: | 55019AAEC59C93F5971C118845E0F3677BE3D67C0637E893036A4EC170E92170 |
| SHA-512: | 693243948C9DF357D4E905CDD923458693F5F131D2D7FCF0BD9FF5F5D129801F481C499840CD4271C54D84D770C8475F7404F733CA21D069B928472B598886D3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.282084945250218 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXINR1x+FIbRI6XVW7+0YrcoAvJfbPtdPeUkwRe9:YvXKXINR1UYpW7YvGDV8Ukee9 |
| MD5: | E2A5255A397C1B5EC23AD1A0E3661B78 |
| SHA1: | 9E8AF0B32625B4570F3CEB7FFA86147308719AC1 |
| SHA-256: | 93F9E03187295D3B6598B41A6E05EF1E43525BD1984B4AB30A0FF9F0644A8E77 |
| SHA-512: | FAEC362E0D0D34A2C17FC4A105383637F831153EB83791F810C85C3EF92EE933E9BF294F388C7527C2C5E9DD1AB36B2EA648BD93CC688483D7D90EFFE141D395 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.28342340549149 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXINR1x+FIbRI6XVW7+0YrcoAvJf21rPeUkwRe9:YvXKXINR1UYpW7YvG+16Ukee9 |
| MD5: | 8D4787BEFAD2EAA45E80C584B3A2B5BB |
| SHA1: | 6A51215654AEA4A1078E3924837A73DC46E98C9B |
| SHA-256: | B7B6DC9A4926FCE528B635985396A6263E0492FFECD636C1BEFAC5D6F6CFDA2F |
| SHA-512: | 0FCB1D45DE5314FBCDF54A8A155CCBBE21655F180612969BA25D8CD6DD81210810C08AA3929323E219B2FD19A818F7195148353EE9CD263B245198527F93BF50 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.304756834591663 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXINR1x+FIbRI6XVW7+0YrcoAvJfbpatdPeUkwRe9:YvXKXINR1UYpW7YvGVat8Ukee9 |
| MD5: | 60432BCEAA334C7A4195D0EF935E9041 |
| SHA1: | D63F9CB1958D28225DEAE82BD95A848D90535982 |
| SHA-256: | D7428A55531777B319F67B82FE794DC633A62DD77528251BE01DF6CEA95D97DD |
| SHA-512: | 6EA90CE2ABF68D77F3123A1DB3BC740F14D4A9E62A9128B6FE77FD441AAACF1C38526A916A5450B2170AD759DD79BC88CC26CA99EABC56761B4B63EA353AF998 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.2587511550794686 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXINR1x+FIbRI6XVW7+0YrcoAvJfshHHrPeUkwRe9:YvXKXINR1UYpW7YvGUUUkee9 |
| MD5: | F9D968FBADD3E1D13D55899887F51DA8 |
| SHA1: | E1AAD5E75F13A9B5E7E9AAE735720734829096F9 |
| SHA-256: | 8BA8391157C6CAC951943966B15AA3550B70789B2D86F09C416EEA3029D975DC |
| SHA-512: | 0C18272958E2026FA4DE46F02F7062EEC81AAA14A245C6B99C669EFCFF77E8B954B220A735C47241C68417FCC381B14AF3E77E3996DEE6C7A5AD14230A021CF0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.367420207002249 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXINR1UYpW7YvGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW+O:Yv6XYBiYf168CgEXX5kcIfANhHO |
| MD5: | F1E093B8145BEDC883ED4E971AEF39BB |
| SHA1: | 2493B5E1CA05679DA30642F5842708B4E9F3FE0E |
| SHA-256: | 23CCEDE5ED2E481D77E083B0BAD89EC5D1645B326849669E200C5D6962AE0DA4 |
| SHA-512: | 13158DDDF98BF87DB92DBC1D398EDCAD3A2EE113E15C960806DC96C91F410E05E22949FFC88A10F5825380775BE2730ACB1843D47D35FD9D43C4D4BEA28FCEAD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2813 |
| Entropy (8bit): | 5.139242674805198 |
| Encrypted: | false |
| SSDEEP: | 48:YKggj8qlM56tmhYrPN44V7kwC4MzqU9ptLX4:p/jlE6HTN44rC4MHph4 |
| MD5: | 88ABE94345434523D6E2F645455DD322 |
| SHA1: | 632B5F2927DF5841D3524D7A690D1F323ABC784F |
| SHA-256: | 7C3182AAB23512C9D4952F81EAFFAD454AEB5D899B40FF89D7FE7B7136B59CA5 |
| SHA-512: | 44C516630748FA2B2EC976D7115772399315DAA8604941415C6B020295D1C568FFD739AEC7429630F5C526C3EBD5CCCB6DDB719A84A70BD67B4CA62BC7681B8B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.9856810695853779 |
| Encrypted: | false |
| SSDEEP: | 48:TVl2GL7ms6ggOVpWBYiXzutYtp6PMBYiA:vVmsCOVpGYzaZYJ |
| MD5: | 6A5AABE911A18FA57F29D7DE187F4425 |
| SHA1: | 8E49DD14483108BDA5E01D83C12A78CF4A70BC7F |
| SHA-256: | 6745114848B727346347288D5DC3A647436EEC9D4DA6BA0331F725B318309A80 |
| SHA-512: | 2AC5305D0A4876B69EA03F4BC10FEE5C852AD2C2E7E1A753891AA9E73434125FE911ED3E3DFD1E1C6C41CCC887DFCB6025254705CD06CF8A100BA301C4A51F35 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.3373706995359946 |
| Encrypted: | false |
| SSDEEP: | 48:7MtGgOVpWBYiQzutYtp6PMlpqll2GL7msi:7AOVpGY+aBqVmsi |
| MD5: | 607A5E1E2CD5764F6F59D12B31D33468 |
| SHA1: | 5982565B6C1CF439C933A9EC5EC7C2419F3DF25C |
| SHA-256: | FBF83B60B4844E1B319530C383B44FB6F6D87C1B5BAC3B45AA4954D50A18A4DD |
| SHA-512: | 4FDC2EAF534C4882548D239DE457B44CA5558AD48B8CB671AA514E4A4BBE83301935AD7219A14734C1CAB1E23E2E70A39583F4DC0758B745761FB64D575AD5B7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66726 |
| Entropy (8bit): | 5.392739213842091 |
| Encrypted: | false |
| SSDEEP: | 768:RNOpblrU6TBH44ADKZEgsHABqY+lOSuM3QDSoWZS67bmVFYyu:6a6TZ44ADEsH2aOSuMgAziK |
| MD5: | 6CFCF9E42F45436710A640C78E7C13D9 |
| SHA1: | 5FE2D3EFFF66719227D98E78F688DD77334F8354 |
| SHA-256: | 063E92B05D17831D4B35E29B9018227B82916EAA153B5973E694F74A9F67957C |
| SHA-512: | FEEF9FB638891BA61EEB57FFE15C567DE98E606560B11B9E5E3D70783479D4C78E3BCD68035500AC166DB5D94D606CBB81856C55194049FCC99145D8010EBC34 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5191669646935457 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rVw:Qw946cPbiOxDlbYnuRKCVw |
| MD5: | B30680B5C144D30D9F0EA009983236A5 |
| SHA1: | 60125BD18AA7A49045C1A417BFD268EAFC5747D9 |
| SHA-256: | 781BAAAD262A4AE4E8E28C03B1603341C29E85F6129789DEEAA071E7AA22C98C |
| SHA-512: | 0DA79A5B1A01EF16FA8494EE0B40BE39A0A804C6E22139638CAFB10654FBE77CDF85C2CCC7FAAD62C05DFC7A3642CA975338804CDDFA053AE7BB57E96320BE67 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-28 22-23-53-758.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.376360055978702 |
| Encrypted: | false |
| SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
| MD5: | 1336667A75083BF81E2632FABAA88B67 |
| SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
| SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
| SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.385484385043163 |
| Encrypted: | false |
| SSDEEP: | 384:RzfuXbHyDMMnpnR4WWdftyv3IrCRTl+1ZwknNXOKot0tZoZ5Ch8HkHar6IPn80wS:aev |
| MD5: | 84B10B5A1AD583A623DAF4A90F7A5942 |
| SHA1: | 61A007A6635AA232FAD4801EE9013E30841729B5 |
| SHA-256: | B508131A111D12D6DA36D74167A60287F939E2CD44CB4DF8C3192135E6D0EE06 |
| SHA-512: | 047266F0E1F1742EEEAFF98362FBB715FF71FD9A0BB0A9032E3FF0D2B30303EF552DCF68CB948F988C259A6BFC04969A4003DADC76716E9D9CECA927B0B2E937 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29845 |
| Entropy (8bit): | 5.394441365016077 |
| Encrypted: | false |
| SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbk:g |
| MD5: | 7503CB28A4A852A2AE59BA6E1CA5E494 |
| SHA1: | 6E1A76E77B3FBAC08CD7AA3C335E4A4FB51553C7 |
| SHA-256: | B70DF5F6B583B1FDEC9C5AF254EDFB940EA7EC3EF55BF37DDF27115483E44A1A |
| SHA-512: | B9758C501ACF02A92D2E2A05F94B0A55818B47CF60E731DD7410944D37E15054423262F33D172FCDC0ECC6698492A50007F27BB9C6F04AE2EB2F3301931C8D8D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7owWLkwYIGNPZGZTodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGzGZ83mlind9i4ufFXpAXkru |
| MD5: | AB9AB7524370F33FCB9DC48C196C6192 |
| SHA1: | C0EB3BBE2884C9D081F2D09310D71F381818DDFD |
| SHA-256: | BBE7F54A87E89788FA9E2DEB351A34B8DD5D2F4789EF86D13FE5B0C7450F8213 |
| SHA-512: | 6532803EF05D96E197EEFC9AC1DCCC6C37B568F679379289220F84300C429410BE03C4E6A225589C774522097F61FDEBE8F5336B4165CD7CF9472DBD484FA3A3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLcGZtwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLcGZa |
| MD5: | 22B260CB8C51C0D68C6550E4B061E25A |
| SHA1: | DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E |
| SHA-256: | DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0 |
| SHA-512: | 503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.843353941193948 |
| TrID: |
|
| File name: | User Manual.pdf |
| File size: | 774'023 bytes |
| MD5: | 4e5167220439be2577e98d0d0e0f1b10 |
| SHA1: | 6ba9cee542a830ae2f1f8e246b6b0a4e1f5b9514 |
| SHA256: | 0dd816a9b2c428509e3bf91e66ed601e65d93b5d96180427ea121258225926eb |
| SHA512: | e9ea479b9de832b17dd79b219a0e525a1b1a293c600685bff0505669de05c7f5436a4fb86bea3e855e30d55a7dd856e5905225270e9732739ae7f6b4052174f3 |
| SSDEEP: | 12288:r20bGYJoXZN30F5ocYLfmEoxoFoLoKojKeiwSfhcCnflq3q30cFlTtOImsq09:JbGYJoJdI2roxoFoLoKojxiwSfhcCflV |
| TLSH: | F6F4CF174808ADC6D70D47D1BE0F3CAD3A493A90F1D62EE60268CF8676A1BB65D4B41F |
| File Content Preview: | %PDF-1.5..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 87 0 R/MarkInfo<</Marked true>>>>..endobj..2 0 obj..<</Type/Pages/Count 24/Kids[ 3 0 R 7 0 R 12 0 R 26 0 R 29 0 R 32 0 R 35 0 R 38 0 R 40 0 R 43 0 R 46 0 R 49 0 R 52 0 R 55 |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.5 |
| Total Entropy: | 7.843354 |
| Total Bytes: | 774023 |
| Stream Entropy: | 7.849571 |
| Stream Bytes: | 736884 |
| Entropy outside Streams: | 4.644950 |
| Bytes outside Streams: | 37139 |
| Number of EOF found: | 2 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 98 |
| endobj | 98 |
| stream | 49 |
| endstream | 49 |
| xref | 2 |
| trailer | 2 |
| startxref | 2 |
| /Page | 24 |
| /Encrypt | 0 |
| /ObjStm | 2 |
| /URI | 2 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 28 | e4ecb2b692159c90 | 11d04974789d717e69f5605ec829c2d8 |  |
| 31 | f4ecb2b292d09c90 | 61aeba41f2fc60380764a5e5bb6db9e7 |  |
| 34 | e4ecb6b696a09cd0 | 408beefdcc9f0d7a75f14fb1f8d07835 |  |
| 37 | e6c4313939063170 | df7d63dbf3043e080e8cb65ebe68d2b4 |  |
| 42 | 6a52582626065959 | 089a9f48a842a1f6b03b9409c9421233 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 28, 2024 22:24:04.631020069 CET | 49715 | 443 | 192.168.2.5 | 23.223.252.145 |
| Mar 28, 2024 22:24:04.631042957 CET | 443 | 49715 | 23.223.252.145 | 192.168.2.5 |
| Mar 28, 2024 22:24:04.631115913 CET | 49715 | 443 | 192.168.2.5 | 23.223.252.145 |
| Mar 28, 2024 22:24:04.631294966 CET | 49715 | 443 | 192.168.2.5 | 23.223.252.145 |
| Mar 28, 2024 22:24:04.631308079 CET | 443 | 49715 | 23.223.252.145 | 192.168.2.5 |
| Mar 28, 2024 22:24:05.106607914 CET | 443 | 49715 | 23.223.252.145 | 192.168.2.5 |
| Mar 28, 2024 22:24:05.107064009 CET | 49715 | 443 | 192.168.2.5 | 23.223.252.145 |
| Mar 28, 2024 22:24:05.107075930 CET | 443 | 49715 | 23.223.252.145 | 192.168.2.5 |
| Mar 28, 2024 22:24:05.108174086 CET | 443 | 49715 | 23.223.252.145 | 192.168.2.5 |
| Mar 28, 2024 22:24:05.108232021 CET | 49715 | 443 | 192.168.2.5 | 23.223.252.145 |
| Mar 28, 2024 22:24:05.110639095 CET | 49715 | 443 | 192.168.2.5 | 23.223.252.145 |
| Mar 28, 2024 22:24:05.110712051 CET | 443 | 49715 | 23.223.252.145 | 192.168.2.5 |
| Mar 28, 2024 22:24:05.110980988 CET | 49715 | 443 | 192.168.2.5 | 23.223.252.145 |
| Mar 28, 2024 22:24:05.110990047 CET | 443 | 49715 | 23.223.252.145 | 192.168.2.5 |
| Mar 28, 2024 22:24:05.155674934 CET | 49715 | 443 | 192.168.2.5 | 23.223.252.145 |
| Mar 28, 2024 22:24:05.267805099 CET | 443 | 49715 | 23.223.252.145 | 192.168.2.5 |
| Mar 28, 2024 22:24:05.267931938 CET | 443 | 49715 | 23.223.252.145 | 192.168.2.5 |
| Mar 28, 2024 22:24:05.268095016 CET | 49715 | 443 | 192.168.2.5 | 23.223.252.145 |
| Mar 28, 2024 22:24:05.268474102 CET | 49715 | 443 | 192.168.2.5 | 23.223.252.145 |
| Mar 28, 2024 22:24:05.268482924 CET | 443 | 49715 | 23.223.252.145 | 192.168.2.5 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49715 | 23.223.252.145 | 443 | 7424 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-03-28 21:24:05 UTC | 475 | OUT | |
| 2024-03-28 21:24:05 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 22:23:50 |
| Start date: | 28/03/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff686a00000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 22:23:51 |
| Start date: | 28/03/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 22:23:51 |
| Start date: | 28/03/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly