Edit tour
Windows
Analysis Report
RB Install Guide v7.1.3.pdf
Overview
General Information
| Sample name: | RB Install Guide v7.1.3.pdf |
| Analysis ID: | 1417376 |
| MD5: | ca3fa4e536c92e32e500d89dbea24d80 |
| SHA1: | c44b6cdb680d29a663d044f662c65acd32757231 |
| SHA256: | 2b690527c73a7b55b436f75397129cf9a513a17c4f98bc580290a353f02ca3dc |
| Infos: | |
 | |
Detection
| Score: | 1 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 384 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\R B Install Guide v7.1 .3.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 1496 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7172 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 68 --field -trial-han dle=1588,i ,554354658 2769599615 ,178056006 3813827884 7,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.45.148.189 | unknown | United States | 9498 | BBIL-APBHARTIAirtelLtdIN | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1417376 |
| Start date and time: | 2024-03-29 06:48:38 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 57s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 9 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | RB Install Guide v7.1.3.pdf |
| Detection: | CLEAN |
| Classification: | clean1.winPDF@14/46@0/1 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.210.240.138, 3.219.243.226, 3.233.129.217, 52.6.155.20, 52.22.41.97, 172.64.41.3, 162.159.61.3, 23.62.230.92, 23.62.230.70, 23.215.0.36, 23.215.0.48
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 23.45.148.189 | Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| BBIL-APBHARTIAirtelLtdIN | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Moobot | Browse |
| ||
| Get hash | malicious | Moobot | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Moobot | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.208646154686028 |
| Encrypted: | false |
| SSDEEP: | 6:FKPAAVq2P92nKuAl9OmbnIFUt88KbRSgZmw+8KbRSIkwO92nKuAl9OmbjLJ:mlVv4HAahFUt850g/+50I5LHAaSJ |
| MD5: | 2CD93ACAB9268D418236B5F75A354156 |
| SHA1: | FD4A35D00D6BA2CE86562E8342385F94B26B5626 |
| SHA-256: | 26332D77B3C70343AEB2B1DCC1B472583934DE415DCEC841918878D56738ECC6 |
| SHA-512: | 495812AE0CFDF961944BB901202F754DFC210F199012FF6DF415E682BC9E1F13B0601F31AA6DF4690DAD34597FA631A02484A5FD66D40BADFFDDDACAF3FF4212 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.208646154686028 |
| Encrypted: | false |
| SSDEEP: | 6:FKPAAVq2P92nKuAl9OmbnIFUt88KbRSgZmw+8KbRSIkwO92nKuAl9OmbjLJ:mlVv4HAahFUt850g/+50I5LHAaSJ |
| MD5: | 2CD93ACAB9268D418236B5F75A354156 |
| SHA1: | FD4A35D00D6BA2CE86562E8342385F94B26B5626 |
| SHA-256: | 26332D77B3C70343AEB2B1DCC1B472583934DE415DCEC841918878D56738ECC6 |
| SHA-512: | 495812AE0CFDF961944BB901202F754DFC210F199012FF6DF415E682BC9E1F13B0601F31AA6DF4690DAD34597FA631A02484A5FD66D40BADFFDDDACAF3FF4212 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.18278182559583 |
| Encrypted: | false |
| SSDEEP: | 6:FKLFIq2P92nKuAl9Ombzo2jMGIFUt88KmeZmw+8KOFkwO92nKuAl9Ombzo2jMmLJ:GIv4HAa8uFUt8P/+MF5LHAa8RJ |
| MD5: | 5BD31CA2AF93D3754D12295294B1EBB4 |
| SHA1: | 4CFF65E5A3958C299D29376F1841FA02C4103E32 |
| SHA-256: | F39E2F34E85D0608C668D70485229780FA9E952937A63D638C445BE4750A992D |
| SHA-512: | F29DF2EB01E02B65B4AA19C6622D8DAE6831B48A61FFB00050F4F8840032D16372653AFAF38762285B710F1480C743C637A1BEC85F0364D22F25B5529755D535 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.18278182559583 |
| Encrypted: | false |
| SSDEEP: | 6:FKLFIq2P92nKuAl9Ombzo2jMGIFUt88KmeZmw+8KOFkwO92nKuAl9Ombzo2jMmLJ:GIv4HAa8uFUt8P/+MF5LHAa8RJ |
| MD5: | 5BD31CA2AF93D3754D12295294B1EBB4 |
| SHA1: | 4CFF65E5A3958C299D29376F1841FA02C4103E32 |
| SHA-256: | F39E2F34E85D0608C668D70485229780FA9E952937A63D638C445BE4750A992D |
| SHA-512: | F29DF2EB01E02B65B4AA19C6622D8DAE6831B48A61FFB00050F4F8840032D16372653AFAF38762285B710F1480C743C637A1BEC85F0364D22F25B5529755D535 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\45586a9e-cc2d-4100-adce-4836a2a4724e.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 507 |
| Entropy (8bit): | 5.048558542831038 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZ0PlsBdOg2HLcaq3QYiubxnP7E4T3OF+:Y2sRdsBPmdMHy3QYhbxP7nbI+ |
| MD5: | B08F6E8C4B67387CE9D8D83BDA2383CD |
| SHA1: | 8AB1C734167C3F0A4854B0BF79FCD8E3CF89A7E8 |
| SHA-256: | 87CE93F83D97D0676A4DD05EDC019380FCBADB9EA5B0CDF8D32FB7B05619E153 |
| SHA-512: | 71E3138B1D16C26B77A4257962840DA538DC8418A11E3B30596022964A4F7FB39961609B301B91E774DB3A9063ACFEEC00C6D4992BC9341009242D2F7EDE5361 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 507 |
| Entropy (8bit): | 5.048558542831038 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZ0PlsBdOg2HLcaq3QYiubxnP7E4T3OF+:Y2sRdsBPmdMHy3QYhbxP7nbI+ |
| MD5: | B08F6E8C4B67387CE9D8D83BDA2383CD |
| SHA1: | 8AB1C734167C3F0A4854B0BF79FCD8E3CF89A7E8 |
| SHA-256: | 87CE93F83D97D0676A4DD05EDC019380FCBADB9EA5B0CDF8D32FB7B05619E153 |
| SHA-512: | 71E3138B1D16C26B77A4257962840DA538DC8418A11E3B30596022964A4F7FB39961609B301B91E774DB3A9063ACFEEC00C6D4992BC9341009242D2F7EDE5361 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4509 |
| Entropy (8bit): | 5.228706241606735 |
| Encrypted: | false |
| SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLU+ei/YZYkZZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLy |
| MD5: | 6BEA03EB8F9E56F805035DA17074881C |
| SHA1: | 90C1F31C548D4CAE13D4627D4CAE729B5A37F820 |
| SHA-256: | 4168A5FF6C43A0D11852413CC4E3E9F2DA4AEE4840B6ABA9AB9563A401EB3766 |
| SHA-512: | 111FFDA7E320EC7F02DB7A613E6310094E4D7A86CD171D8EDD7B7BFC59C453F6ACF635183A3763F392494278AFBBE30E66A5EDB4FB744A01BFD5B134D890E342 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.166049663812482 |
| Encrypted: | false |
| SSDEEP: | 6:FKMq2P92nKuAl9OmbzNMxIFUt88KeZmw+8KhzkwO92nKuAl9OmbzNMFLJ:Bv4HAa8jFUt80/+P5LHAa84J |
| MD5: | D012BF5A9376F552E93F71F58DA75B99 |
| SHA1: | 37170344063DCB33F7D069A68BC1A2C77707D545 |
| SHA-256: | F0C8AD2EF1C8C3FE2CB0AEFDF848F7496120953BE5D50AC93A9141008E4520EB |
| SHA-512: | 8931F565AF259F6228FD0F42E500104A2AE28CB034A8847C62F2B63F6B048DD172D58A372CE4BAFC80B1021F137508488E119A224732B071BE5BDE4446ED51E7 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.166049663812482 |
| Encrypted: | false |
| SSDEEP: | 6:FKMq2P92nKuAl9OmbzNMxIFUt88KeZmw+8KhzkwO92nKuAl9OmbzNMFLJ:Bv4HAa8jFUt80/+P5LHAa84J |
| MD5: | D012BF5A9376F552E93F71F58DA75B99 |
| SHA1: | 37170344063DCB33F7D069A68BC1A2C77707D545 |
| SHA-256: | F0C8AD2EF1C8C3FE2CB0AEFDF848F7496120953BE5D50AC93A9141008E4520EB |
| SHA-512: | 8931F565AF259F6228FD0F42E500104A2AE28CB034A8847C62F2B63F6B048DD172D58A372CE4BAFC80B1021F137508488E119A224732B071BE5BDE4446ED51E7 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240329054928Z-155.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 1.5364396798495359 |
| Encrypted: | false |
| SSDEEP: | 48:04eXwTzjhJt/C8gfA2pjaQ/bu4q7TcCmdm9pDEF2ZVZ7ZjGuOasBFTa1qmJFP0:0K2XDuZbr7AFKiBFPm8 |
| MD5: | CA2C3518E9D46647EF6D78D8178F17BC |
| SHA1: | F893C8CAB8355060A103E1613A7D56EDF9BF09CE |
| SHA-256: | 6F36E9BFC297AFB674D62E1E8B11625458898AEAC3156DEE83F91E5DDDACDD02 |
| SHA-512: | 7173697E8F686EE31ED523A1C9E3CAF4C5F156E21A067E5E67218F2E0ED4CE4CA484A03D44860E42C236412C865FCD5178DC2D5C5C851AD2988A8FB99AABC505 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10880 |
| Entropy (8bit): | 5.214360287289079 |
| Encrypted: | false |
| SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
| MD5: | B60EE534029885BD6DECA42D1263BDC0 |
| SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
| SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
| SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10880 |
| Entropy (8bit): | 5.214360287289079 |
| Encrypted: | false |
| SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
| MD5: | B60EE534029885BD6DECA42D1263BDC0 |
| SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
| SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
| SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 227002 |
| Entropy (8bit): | 3.392780893644728 |
| Encrypted: | false |
| SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
| MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
| SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
| SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
| SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.361672806198232 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXcmbR+FIbRI6XVW7+0YfgDeoAvJM3g98kUwPeUkwRe9:YvXKXcmIYpW7NVGMbLUkee9 |
| MD5: | 6327E2968A4A6C69DD3705D6D8755D07 |
| SHA1: | B47FB14B3F86A6533A8CC4B04DB5E42D097CB002 |
| SHA-256: | A47AEAF8BF4C3B76BB420E3CFDD1AB26E41D40B4B6A8F96445129CF6E1A3F4BA |
| SHA-512: | D3D5498434730288A48B93C176B584E39D0CB32B703DA5F1FDAE04619278D4F3C6AF668E2CD1932CEE7A1E3C5B15F538FCCD8ED2B519F61F70B9E3ED810FD4F4 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.3039224147693655 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXcmbR+FIbRI6XVW7+0YfgDeoAvJfBoTfXpnrPeUkwRe9:YvXKXcmIYpW7NVGWTfXcUkee9 |
| MD5: | 34AC88C0D7832E922503B487F3D2FFC5 |
| SHA1: | 8DCD88286F467327374146D7B564031792CBF069 |
| SHA-256: | C41DDA826C304BE0DFA31935807CF8F93FD56E4CC5FA0A48CDC855D10D7AF0CB |
| SHA-512: | B8268FCD77637B726C81900FE0B2B23403A6C77541CADF666F84AD5EDE480D1694448C758C29D6793860268C84043084CB4AD0C0BAFF469DACD7D42E55FD329E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.2831201627385695 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXcmbR+FIbRI6XVW7+0YfgDeoAvJfBD2G6UpnrPeUkwRe9:YvXKXcmIYpW7NVGR22cUkee9 |
| MD5: | 653F9D8FE1222494509C884972C53DB4 |
| SHA1: | 7BF139A6918FC4EA4CB36468EC17E787AAB9F1C9 |
| SHA-256: | 2B19F7426437D58BEA91488D25EEAE3CF72FBC39424DCF9C415F7950557DFE0F |
| SHA-512: | E7A3DC584D0CC76E91E88D3A45A255090AD1ECECB60DBB38F6EF3EF7ED2C755BDFE143435D2173D0751145A37A14C0FF7C2C4AF746DD109049B25A19EBE04C5F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.340506365251503 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXcmbR+FIbRI6XVW7+0YfgDeoAvJfPmwrPeUkwRe9:YvXKXcmIYpW7NVGH56Ukee9 |
| MD5: | 80F3EF7E74E8ED4BB4CB4A4C927FF73E |
| SHA1: | BBD533706375FAD19DE7E5128A375BB71895538C |
| SHA-256: | EECDDC71BC070462499DE22299A682F9273C51275887D8D0774723FAE6CF7C63 |
| SHA-512: | 64E44D19F97D7311BDF2FE7AB3E7DB533B816FFA01947D4E69A2416D199B927B11B28B8ABC7597E2AD5440F41B2AE45B31C10D4F34C900DAD9862E0222D81CAF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.2987153685624495 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXcmbR+FIbRI6XVW7+0YfgDeoAvJfJWCtMdPeUkwRe9:YvXKXcmIYpW7NVGBS8Ukee9 |
| MD5: | E3E070892DAB9F976CE62298F64CD0B2 |
| SHA1: | 5F3A8031745EFE4BDDE5E21B3578E4D1D27D463F |
| SHA-256: | 9031B8AE53F21EAFF1DCA07A684286C484B4145E46999D1DC226943CEF1ADE02 |
| SHA-512: | E10C4F81896B2658FCCA185F256EB027000FEC39B9A826DF717764331CC7AF58BA08539FD8E36C0BB932AC782BBD651F20B0426C617AA80D571553EA270BE07C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.285570364725229 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXcmbR+FIbRI6XVW7+0YfgDeoAvJf8dPeUkwRe9:YvXKXcmIYpW7NVGU8Ukee9 |
| MD5: | C4908A2E65979A696FC14BEAED901AC5 |
| SHA1: | 1E1F5DA7F88C0238A892F92D185D0BDA7F61CFE2 |
| SHA-256: | 827953837E9F31909B742AFF330691C7540FFCA60A3126D45FD0D0B07E7B906D |
| SHA-512: | E36CD37483A3778D22C54BE3EB16AD0168C92065C4E25AE95F62DA572871B42E7A5F991AB20AE42CD01F1427FBD3224B478D1326B4103DC914BCDE0F6ED73887 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.286982813216007 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXcmbR+FIbRI6XVW7+0YfgDeoAvJfQ1rPeUkwRe9:YvXKXcmIYpW7NVGY16Ukee9 |
| MD5: | 6C6990EF3F66F2EAE3F2EA2CFB3ADBDB |
| SHA1: | C47734D33BA546F704DA394F6E2DCF83967DB47D |
| SHA-256: | 985B090F134F0F62AB943A40CB215E0D35FA1835C3FD0420D7733BC469A95820 |
| SHA-512: | 5517A6EF2280BB01264C7DE88242F219BC3B41D21A17FDD2B6367EAFC8288125697513BDCB0791214632A2AD4DBA3B10D6373F48BB391E39D922101466630A54 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.3041956704067275 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXcmbR+FIbRI6XVW7+0YfgDeoAvJfFldPeUkwRe9:YvXKXcmIYpW7NVGz8Ukee9 |
| MD5: | C458AACD690E154C71C42ACE6459DD09 |
| SHA1: | EB7739ED55A2E54A9B4F0E3977CFABBD7CFCE57B |
| SHA-256: | B61CFD74AC425F406CAD3FDF7017C3236E4A99A6ABFA112930121180C814B9F0 |
| SHA-512: | FDF9D03B1FC0BFCB6E81F1FDCEC3D1CA50A5EC1E9F59B5F37EC484E4983524616969BDD3A9E1CEDABA147FBFD619BDF70AC4C5C972CF1186D42FDAFB6D3062DF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.312283746213184 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXcmbR+FIbRI6XVW7+0YfgDeoAvJfzdPeUkwRe9:YvXKXcmIYpW7NVGb8Ukee9 |
| MD5: | 3016F07A022AD8ACABFF6267630EB0A1 |
| SHA1: | CDCAC69AF14E9F19D8B44D80A908F427212BB391 |
| SHA-256: | 081FB1468D538C463E8FB8C9AD59D4EDFCF1D81B220B4DDA2225CAF5771F6F7A |
| SHA-512: | 103D69F6DE0902F6AA8187A49907766DE5375A0D217A8A1BE7855396BB0E7BC32691839D892A5F2687047A24F198C2A137349798AEDD388423BFFC55D1A1C894 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.292780501968767 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXcmbR+FIbRI6XVW7+0YfgDeoAvJfYdPeUkwRe9:YvXKXcmIYpW7NVGg8Ukee9 |
| MD5: | 1590A3D7B6E53E928B03C684C3472B6C |
| SHA1: | 8FB8CB7C5070C5B43FCD1D50A3FC07A5E85A4B66 |
| SHA-256: | A2C609E8F86DA6728D8B692C4092B0DA9F59CA22644F5D771755C234572EC759 |
| SHA-512: | D61A19AC3FA4CDBD2009F8277A0DD2057BC4CC6D3E302FC5A4BBE6457A77570166061C0DA4879EB4E0BF385847ED0E3B74778F934DAEBBF20C0C953856CC533A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.7750312310188825 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6Xpxi6rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNq:Yvt6HgDv3W2aYQfgB5OUupHrQ9FJY |
| MD5: | D8E2F593171A383F20EA8754EAB2E1EB |
| SHA1: | A40BD228F93EB5053D23A81E276A9CC563455520 |
| SHA-256: | B3CC7B0301A58E34E41AE1BD3CEA39CBB34F0CC331E94E21AFCA7D3FDA92DEED |
| SHA-512: | 7E524210E7B9C55581A57FF2D568F137FAEBF27719B4780316D6AFEF1E119E22DA461FED02275B1E0C1BA9C8FB680CACC775AD7477659CD9B0365B48A2241A7C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.2763772181858 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXcmbR+FIbRI6XVW7+0YfgDeoAvJfbPtdPeUkwRe9:YvXKXcmIYpW7NVGDV8Ukee9 |
| MD5: | 64A2D266B4D172FF863D441D4DCA0D32 |
| SHA1: | 504ABB458BEAB11DB4E0FB087E669F231EBFC91F |
| SHA-256: | 75717A0B03B93153A80A4875D4ECCA8C0141D51A2F61027294B0AF184A622FCD |
| SHA-512: | F964D6CD9A9F5DE598D245A2CCD889CF67430BBBB71A4A57CD128CF321B3A8F63591CCC6F6B91F6D7FD528364096CDC9BFFA79DFF5C22CF6FEC51EA23AD1DFFF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.277950508835176 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXcmbR+FIbRI6XVW7+0YfgDeoAvJf21rPeUkwRe9:YvXKXcmIYpW7NVG+16Ukee9 |
| MD5: | FB08EC70CAB921DEB86F49CACA71DA3B |
| SHA1: | 750499EA2EE22398DC9A4BF7190E20168AC22E82 |
| SHA-256: | 384DEBB90D590A5C71DF1089970F7CB0C9DC62D81393DEEBF9E8F266468D83B1 |
| SHA-512: | 01242C567BC7F689B337DEC09CFD6743835E969616D6EB5DAE2045A2A3C731807F2FDCC9C871E8DA5666EA332B09FEE9A4E500F56D64C422C03A56631060F1C2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.299321812652693 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXcmbR+FIbRI6XVW7+0YfgDeoAvJfbpatdPeUkwRe9:YvXKXcmIYpW7NVGVat8Ukee9 |
| MD5: | 00B0482026E0E2A34334BF2CBBBFBF7E |
| SHA1: | D8C7FF4EE44BB9D42E92B79352571CE57E2F1D2A |
| SHA-256: | 539B49226F18EE03DEC4AA9B66E0C2BCA20EEA57F4D3167AA7F95C2ECD3E7286 |
| SHA-512: | F7946D0682036416FC161147B52A31A76DD0D1539208F1E879D1FE3DA2340D1BF6E59498C9976BEFEB4DEF47A5840FCC1CD2CA45E09001FFBA297F6BC95A214D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.251398741387155 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXcmbR+FIbRI6XVW7+0YfgDeoAvJfshHHrPeUkwRe9:YvXKXcmIYpW7NVGUUUkee9 |
| MD5: | 1CC341EE947B89985DA0218F6BE5D9B8 |
| SHA1: | 4CE8D00D35A8D925539D303CC0C94A592957BC97 |
| SHA-256: | 158CD72B6C9C015516AF94AF03CEAF4A21F18C85C96D1102F4C073FDE91D5DA1 |
| SHA-512: | D96F85D8A3F52939F6D506DEB533795D57992D7A014693A54C19D6A6839182135A666514B632BA3A416A357B742EE46BC0EE59F6EDEDF684676E6E274BB8EBF5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.365444483666261 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXcmIYpW7NVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWsN:Yv6XpxiP168CgEXX5kcIfANhz |
| MD5: | 4CEC7CEA9C40F9C3BA13DC7EA437D601 |
| SHA1: | 6794B590C711E07E3E1018C6D1C656E43B5193F0 |
| SHA-256: | 6CFFFACA2CAD0FD2D01BD75F7C97385EF2AC6EB656465BB833C4CE697DB359F7 |
| SHA-512: | C8D5109F861C5DCF851C4F3001442E5C5A0A58552EBBCCDFC21E5FB45806703D838D39CE29F760F0195635A7303C48FF3CBB20C9BCF3C037F0E81F6BF65B3C1E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2813 |
| Entropy (8bit): | 5.139534321454874 |
| Encrypted: | false |
| SSDEEP: | 24:YlZ7z2RCLpfMwhxrqOa8ay/QJsXJCjNj0S+arbG2r2LSou401Md5z9quqJOG:Yl2wP7rCLh5CaOuX1MdR9iF |
| MD5: | B0524408FD65F3B4E1ECE22D7F755E7A |
| SHA1: | 4C40864198149F01FFDEBC12F595C8B06363C460 |
| SHA-256: | A4126680830D729FF75382C7002B8CD02DC3713C1A13EC9D491BC5D1E383C242 |
| SHA-512: | 5C898B69BD2C03386D4980F7049B06F8C13FF88D34982F82284209EDE5BD949E0A9C51240FA058A604079ECAFB9BD527E93031EF61823830BB63567FBBDECA88 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.9831974743268793 |
| Encrypted: | false |
| SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SponC4zJwtNBwtNbRZ6bRZ4pnCF:TVl2GL7ms6ggOVpSlzutYtp6PQC |
| MD5: | 12C7B62D733F8BF94D35F32C63CF279A |
| SHA1: | 6499573883F988807FC84658D99FCEDD7E34C80B |
| SHA-256: | 767D794B0A4EB7CF2C203D756B7ECBA2FC87B3B143006B099DB3F11FC6B8896D |
| SHA-512: | 72D0E396B5FFEC7AF4649A61D1674FECB3E1EA88F21DBBF0739CCC82FA5C83FED5A9F76D7C4D6AEF193D3C12E7DE391D277D8807DBD512EDEF0D6EEF1ACF0CD7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.3361430941272234 |
| Encrypted: | false |
| SSDEEP: | 24:7+tZAD1RZKHs/Ds/SponCPzJwtNBwtNbRZ6bRZWf1RZKDqLBx/XYKQvGJF7ursB:7MZGgOVpSezutYtp6PMyqll2GL7msB |
| MD5: | B11980903FDC089BD0FDF224C1425000 |
| SHA1: | 72C22DF1F067F5AD40FC1761852AE2F7CB5D41C8 |
| SHA-256: | EACB7358A4CCE29FEC48054AED29DE91B1295C8A6319BF7F8371E1BB0B5C9D85 |
| SHA-512: | AE9CEFA732513DA29737B163D0243E6BEA3C498AA334B62148002C3688C0DA00BA145C6F31639F339DF3171F3DF43AE3BE533536253B0B08C78EE3B81DDBECD3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66726 |
| Entropy (8bit): | 5.392739213842091 |
| Encrypted: | false |
| SSDEEP: | 768:RNOpblrU6TBH44ADKZEgM7y7Ag2Udtxqb4WJwgEBWeYyu:6a6TZ44ADEM70AgPtx/BzK |
| MD5: | 1FB1C8C0E0C1BE1EEF8DBAA7CF272C94 |
| SHA1: | 2355EB55D82AEDABD3ED1EC3A9F235E9145371C7 |
| SHA-256: | E548C4EDFA95F3F660DC18BD75C83CEC4FA94853969A61838DA4E065AA4CC09D |
| SHA-512: | 711A54405CABE63EE91560DB49F17875C7ED2F4BB2BFD46206909DA00556F10076C69F032558A58335CCBCF2BE78CEE320ECA24A55B5B81694DA8006FBF9B7C2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.536003181970279 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8xU1f3H:Qw946cPbiOxDlbYnuRKRX |
| MD5: | 566A910EF5BB5FE492987702CBBB78F5 |
| SHA1: | B50075DE838EE7DE5A72F757A585BA6815A436B8 |
| SHA-256: | 123553ABF4A7215007164FC86D076C37773E08EDD202AAEA4E397667FC14D1D5 |
| SHA-512: | A932855BF458A5B109BF728896EF73DC21EBC4B279F585AD0B26853E3B02EB3D795FB0401EA20F63C4B18A1D8C15F79C8758D787C045DADCB5DEFE0933CB3753 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 358 |
| Entropy (8bit): | 5.05881122821214 |
| Encrypted: | false |
| SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOGiXX3kiXX3xyLCSyAAO:IngVMre9T0HQIDmy9g06JXWiUiByLlX |
| MD5: | 5B475DB023D386278FCDA898793F1EE8 |
| SHA1: | E143446513CAF4A329045D452A772B2C8910FA9B |
| SHA-256: | 3B74AF45862B439B1FF488A9B81B9B7A6509923122AA33023DE9043FCF892F29 |
| SHA-512: | 86E610D82358EE393C1F5C3BDDC838F82A43233DB53735FF9B1305C9860CDBFF462550951BA679DFE9FBF25AECC393E9804340522121789437C03AB45850C2FF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-29 06-49-26-477.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.376360055978702 |
| Encrypted: | false |
| SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
| MD5: | 1336667A75083BF81E2632FABAA88B67 |
| SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
| SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
| SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16601 |
| Entropy (8bit): | 5.363545558471603 |
| Encrypted: | false |
| SSDEEP: | 384:BumgvI+1Zi/56EinTxQBtSD5OlDh3FtT+h+npBRV/MMYDWOBv2s1/6/ujGonhggj:BXZE |
| MD5: | 8B02E6B45531C69F0C5EA939C4C05299 |
| SHA1: | C8BF33BCF689A3F32BF271AD4B167552AB99BFFD |
| SHA-256: | 2A63A2CF222FCB636438FC303F84FCABE9A6DD689EA801A11274C207981A7B47 |
| SHA-512: | F2BB6010AB2C60B882C7741257918B6B77C1667B20F5748147D1DC11A8EFA15E82A3B1EBC343E00662E911D9D4028C1FEF84DB40C96455168D0BA9D4C383F25A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29845 |
| Entropy (8bit): | 5.4073117599546965 |
| Encrypted: | false |
| SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbC:Yp |
| MD5: | B8ABCF6EE28A92FF32BD2A032D24B72F |
| SHA1: | B2A228D76ADB49B0931B05D2227614ED97DF0A5E |
| SHA-256: | 72D7540277CDA652F3CF5A4554F403DDE68A55FEF0827FB1AF68E90FECAF6561 |
| SHA-512: | C4CDA7A5A3F13E7D848E90AD73F97132B285BCEF1D4B3C66746B65E84A16B2ECDDE8B925EEEA85674DE983DCE483C4FDC5E27D46805FF21CF9BFDD3B32D55DEC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
| MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
| SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
| SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
| SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.930672724722675 |
| TrID: |
|
| File name: | RB Install Guide v7.1.3.pdf |
| File size: | 618'780 bytes |
| MD5: | ca3fa4e536c92e32e500d89dbea24d80 |
| SHA1: | c44b6cdb680d29a663d044f662c65acd32757231 |
| SHA256: | 2b690527c73a7b55b436f75397129cf9a513a17c4f98bc580290a353f02ca3dc |
| SHA512: | dabfea5f15fefe3dfaacde63344cc9c8c1167ef9f54e093dc4f46061f617fb87c9b518922b813949e27eeb325ad1dad5236b607ceef3a06975b576d9ca392eda |
| SSDEEP: | 12288:bXnVtk3nmZqE1grHA6CmRxTaSXIQujZEU6sUwfIhQ3j3+3dem:bFG3nmZqWg05M4qBWz3jrm |
| TLSH: | BFD4F0178C5DE8CAD54547F03E1A6E0C3929B26DACC11AFE357C8ECB9F51A968C83217 |
| File Content Preview: | %PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 74 0 R/MarkInfo<</Marked true>>/Metadata 333 0 R/ViewerPreferences 334 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 12/Kids[ 3 0 R 15 0 R 22 0 R 26 0 R 28 0 R 29 0 R 30 0 R 3 |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.7 |
| Total Entropy: | 7.930673 |
| Total Bytes: | 618780 |
| Stream Entropy: | 7.936185 |
| Stream Bytes: | 595979 |
| Entropy outside Streams: | 5.116498 |
| Bytes outside Streams: | 22801 |
| Number of EOF found: | 2 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 98 |
| endobj | 98 |
| stream | 39 |
| endstream | 39 |
| xref | 2 |
| trailer | 2 |
| startxref | 2 |
| /Page | 12 |
| /Encrypt | 0 |
| /ObjStm | 1 |
| /URI | 6 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 13 | 0000000000000000 | 0a6489a1c89fcc31c0fe09b5311e0fdd |  |
| 14 | c444444b52568400 | 39cd721e4f413b72c59b9289a18039e4 |  |
| 35 | 0000000000000000 | 8bd110c35b574e7fe1b7b946d117d3fb |  |
| 36 | 183b7334ac494d03 | 4ba4e86574ed778c1c2e61ef6bc4501b |  |
| 45 | f8f2e0e0f02d9696 | 755462826c5aa0660385011590f3cd26 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 29, 2024 06:49:37.056027889 CET | 49715 | 443 | 192.168.2.5 | 23.45.148.189 |
| Mar 29, 2024 06:49:37.056087971 CET | 443 | 49715 | 23.45.148.189 | 192.168.2.5 |
| Mar 29, 2024 06:49:37.056191921 CET | 49715 | 443 | 192.168.2.5 | 23.45.148.189 |
| Mar 29, 2024 06:49:37.056369066 CET | 49715 | 443 | 192.168.2.5 | 23.45.148.189 |
| Mar 29, 2024 06:49:37.056401014 CET | 443 | 49715 | 23.45.148.189 | 192.168.2.5 |
| Mar 29, 2024 06:49:37.574392080 CET | 443 | 49715 | 23.45.148.189 | 192.168.2.5 |
| Mar 29, 2024 06:49:37.574898005 CET | 49715 | 443 | 192.168.2.5 | 23.45.148.189 |
| Mar 29, 2024 06:49:37.574918032 CET | 443 | 49715 | 23.45.148.189 | 192.168.2.5 |
| Mar 29, 2024 06:49:37.575958014 CET | 443 | 49715 | 23.45.148.189 | 192.168.2.5 |
| Mar 29, 2024 06:49:37.576025009 CET | 49715 | 443 | 192.168.2.5 | 23.45.148.189 |
| Mar 29, 2024 06:49:37.577791929 CET | 49715 | 443 | 192.168.2.5 | 23.45.148.189 |
| Mar 29, 2024 06:49:37.577852964 CET | 443 | 49715 | 23.45.148.189 | 192.168.2.5 |
| Mar 29, 2024 06:49:37.578078985 CET | 49715 | 443 | 192.168.2.5 | 23.45.148.189 |
| Mar 29, 2024 06:49:37.578084946 CET | 443 | 49715 | 23.45.148.189 | 192.168.2.5 |
| Mar 29, 2024 06:49:37.625345945 CET | 49715 | 443 | 192.168.2.5 | 23.45.148.189 |
| Mar 29, 2024 06:49:37.748281002 CET | 443 | 49715 | 23.45.148.189 | 192.168.2.5 |
| Mar 29, 2024 06:49:37.748328924 CET | 443 | 49715 | 23.45.148.189 | 192.168.2.5 |
| Mar 29, 2024 06:49:37.748545885 CET | 49715 | 443 | 192.168.2.5 | 23.45.148.189 |
| Mar 29, 2024 06:49:37.748933077 CET | 49715 | 443 | 192.168.2.5 | 23.45.148.189 |
| Mar 29, 2024 06:49:37.748950005 CET | 443 | 49715 | 23.45.148.189 | 192.168.2.5 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49715 | 23.45.148.189 | 443 | 7172 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-03-29 05:49:37 UTC | 475 | OUT | |
| 2024-03-29 05:49:37 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 06:49:23 |
| Start date: | 29/03/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff686a00000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 06:49:23 |
| Start date: | 29/03/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 06:49:24 |
| Start date: | 29/03/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly