Edit tour
Windows
Analysis Report
BoxManifest[6].pdf
Overview
General Information
| Sample name: | BoxManifest[6].pdf |
| Analysis ID: | 1427006 |
| MD5: | a526de74701d3e9da6e1e65834e6cf98 |
| SHA1: | 6bd5da2092012f4c7639465722c1baa91b1f39d8 |
| SHA256: | 30612b633ebc4d643259b32ec114de58d783e9b8f28eea447b912c7c7da71434 |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 6888 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\B oxManifest [6].pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 7092 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7212 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 68 --field -trial-han dle=1676,i ,405415081 8948417399 ,139190677 6219417668 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 184.25.164.138 | unknown | United States | 9498 | BBIL-APBHARTIAirtelLtdIN | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1427006 |
| Start date and time: | 2024-04-16 21:43:19 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 1s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 10 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | BoxManifest[6].pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@14/43@0/1 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.44.104.159, 52.202.204.11, 54.227.187.23, 23.22.254.206, 52.5.13.197, 96.7.224.58, 96.7.224.9, 96.7.224.48, 162.159.61.3, 172.64.41.3, 96.7.224.59
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: BoxManifest[6].pdf
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 184.25.164.138 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Lokibot, PureLog Stealer, zgRAT | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | DarkGate, MailPassView | Browse | |||
| Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse | |||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| BBIL-APBHARTIAirtelLtdIN | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CobaltStrike, Ducktail | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.241453291533012 |
| Encrypted: | false |
| SSDEEP: | 6:uw2v34q2Pwkn2nKuAl9OmbnIFUt89w0FdJZmw+9w0FdDkwOwkn2nKuAl9OmbjLJ:14IvYfHAahFUt8q0h/+q075JfHAaSJ |
| MD5: | D14DFAAEDBF9AF19FCC1324688621F12 |
| SHA1: | 580C03D950403FA38A253299460F07F05DF68C13 |
| SHA-256: | A520B054B47F4FA2E5368A89C865E07EDFC2EF303FB304E37BDFA7FAA7744FA3 |
| SHA-512: | F78F093FCC5FC894C07B98F9D6C4BE2B4770B4B281522CF7AB79C4FE5DEE17D7171D4FE77BC015B5765494393E76506BDF4C6B02C7489C21A47B58C45DC9BDA4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.241453291533012 |
| Encrypted: | false |
| SSDEEP: | 6:uw2v34q2Pwkn2nKuAl9OmbnIFUt89w0FdJZmw+9w0FdDkwOwkn2nKuAl9OmbjLJ:14IvYfHAahFUt8q0h/+q075JfHAaSJ |
| MD5: | D14DFAAEDBF9AF19FCC1324688621F12 |
| SHA1: | 580C03D950403FA38A253299460F07F05DF68C13 |
| SHA-256: | A520B054B47F4FA2E5368A89C865E07EDFC2EF303FB304E37BDFA7FAA7744FA3 |
| SHA-512: | F78F093FCC5FC894C07B98F9D6C4BE2B4770B4B281522CF7AB79C4FE5DEE17D7171D4FE77BC015B5765494393E76506BDF4C6B02C7489C21A47B58C45DC9BDA4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.16274137579499 |
| Encrypted: | false |
| SSDEEP: | 6:u4Weyq2Pwkn2nKuAl9Ombzo2jMGIFUt894WqGc1Zmw+94WvFlRkwOwkn2nKuAl97:YeyvYfHAa8uFUt8pq7/+pdlR5JfHAa8z |
| MD5: | 3250A1A2EEC6CBFF8BBFC2A3A08ACBDF |
| SHA1: | 55FED347A145DE55F19931AB6A88C1781D154269 |
| SHA-256: | BE28D87D0F845CC822A4F4D27754B057798CCB8F3E8F9EFEB7AEC0A0AAAC4CE6 |
| SHA-512: | 54A8A0305CA5BCFE408B38B86AB8FCDF5B3C425295E13E0C35F63EC225080498FB7A47B1AE854B48E78E7D8FA08F1B51D5435B04406E6DA20A2A99BEE2C8DE1C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.16274137579499 |
| Encrypted: | false |
| SSDEEP: | 6:u4Weyq2Pwkn2nKuAl9Ombzo2jMGIFUt894WqGc1Zmw+94WvFlRkwOwkn2nKuAl97:YeyvYfHAa8uFUt8pq7/+pdlR5JfHAa8z |
| MD5: | 3250A1A2EEC6CBFF8BBFC2A3A08ACBDF |
| SHA1: | 55FED347A145DE55F19931AB6A88C1781D154269 |
| SHA-256: | BE28D87D0F845CC822A4F4D27754B057798CCB8F3E8F9EFEB7AEC0A0AAAC4CE6 |
| SHA-512: | 54A8A0305CA5BCFE408B38B86AB8FCDF5B3C425295E13E0C35F63EC225080498FB7A47B1AE854B48E78E7D8FA08F1B51D5435B04406E6DA20A2A99BEE2C8DE1C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\713a3046-9a66-44eb-a156-0933a583617b.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.977203904269378 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZ4FsBdOg2Hr/caq3QYiubInP7E4T3y:Y2sRdsxGdMHrO3QYhbG7nby |
| MD5: | 24ACCFFF92356CC054DF59CD31924805 |
| SHA1: | 47373153AE7FE2EF3BBCADD279215FE1668F607E |
| SHA-256: | 9A7F811A0B45D6260DC1AF996F5B0615372C105334AE34B9548602FD4C780FB6 |
| SHA-512: | 449ECAE51FE952AC5FE1E52ECC8AF7D32A332F220F4DE8A8368BA3B4287D29A2EA8C9A6F94A329FEF54681BB560667E818C5DFE7DDA96F11EA9EA4796D7EAB6F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.977203904269378 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZ4FsBdOg2Hr/caq3QYiubInP7E4T3y:Y2sRdsxGdMHrO3QYhbG7nby |
| MD5: | 24ACCFFF92356CC054DF59CD31924805 |
| SHA1: | 47373153AE7FE2EF3BBCADD279215FE1668F607E |
| SHA-256: | 9A7F811A0B45D6260DC1AF996F5B0615372C105334AE34B9548602FD4C780FB6 |
| SHA-512: | 449ECAE51FE952AC5FE1E52ECC8AF7D32A332F220F4DE8A8368BA3B4287D29A2EA8C9A6F94A329FEF54681BB560667E818C5DFE7DDA96F11EA9EA4796D7EAB6F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4730 |
| Entropy (8bit): | 5.251549788781842 |
| Encrypted: | false |
| SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7nDNw9vYNZ:etJCV4FiN/jTN/2r8Mta02fEhgO73god |
| MD5: | D4A08B8C6C47D9D5AD146654E693CB2D |
| SHA1: | 5F0981332342A1D3C8A3E32A7066CBA5C0E41815 |
| SHA-256: | 71C95DC4056F241B1FC26D1DE35DA0D5A28A7C45AE8355CDF0479AFD13E7B486 |
| SHA-512: | 9AE940BB40180C4C3767CF368DFA960F783ACD1FE078BA76BDC214FBF9C55861DCEEDCB4983AA6E1F895E629E965FD6C710B66239FF0B67C793086B04E354360 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.191923335110704 |
| Encrypted: | false |
| SSDEEP: | 6:u4Fpyq2Pwkn2nKuAl9OmbzNMxIFUt894f41Zmw+94fanRkwOwkn2nKuAl9OmbzNq:bpyvYfHAa8jFUt8D/+9R5JfHAa84J |
| MD5: | A378BED2156DEE3193E83569510543F8 |
| SHA1: | 839F4AA7ACA0EFA92C1745126CDABB266912A5DA |
| SHA-256: | 074FA34BBF392A828BB7C213BE85DDD7DBACF115AF6110120F8A535B26EB9056 |
| SHA-512: | 758B8ED8F61C1B0A82F19A5B6B7F0A5F63442C66385232A29F11244EBEF683323E56634D572C503A72DB663B2BCAFF9EBA4329FDDDF1EDB2B3F4194F277269FB |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.191923335110704 |
| Encrypted: | false |
| SSDEEP: | 6:u4Fpyq2Pwkn2nKuAl9OmbzNMxIFUt894f41Zmw+94fanRkwOwkn2nKuAl9OmbzNq:bpyvYfHAa8jFUt8D/+9R5JfHAa84J |
| MD5: | A378BED2156DEE3193E83569510543F8 |
| SHA1: | 839F4AA7ACA0EFA92C1745126CDABB266912A5DA |
| SHA-256: | 074FA34BBF392A828BB7C213BE85DDD7DBACF115AF6110120F8A535B26EB9056 |
| SHA-512: | 758B8ED8F61C1B0A82F19A5B6B7F0A5F63442C66385232A29F11244EBEF683323E56634D572C503A72DB663B2BCAFF9EBA4329FDDDF1EDB2B3F4194F277269FB |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240416194411Z-159.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 1.6298497650917154 |
| Encrypted: | false |
| SSDEEP: | 96:9VmXSxK1FXkDJyCWOUjC5F3xjmI2AYmIQObqxK1NP8qDJyCBkuv7xbvgZFvo2WZW:9KKF3xjNZuv7xbvgZFvoUN |
| MD5: | E4D9812D9C45DF493EC9245B8B7DAFD2 |
| SHA1: | D3019691E7231A283C4927F2D3EF3BB15DCDD8CD |
| SHA-256: | 83926DBB8D027B01C3739E42A02C9E3CA44630F353E0A0FE9F252CDFDD668063 |
| SHA-512: | 1FBE86C329331138ED3A4C8428A6160C6A41CB81C3DF0C855F227600628A22866F2AFF7C10D5A1D7968EECEE5F0FC5244E5219E21210678779D954225DBF6465 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.445377006141107 |
| Encrypted: | false |
| SSDEEP: | 384:yezci5teiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rxs3OazzU89UTTgUL |
| MD5: | 6A5C6D37C5F4F3A6636DDF9BF69B06EF |
| SHA1: | 69409B17804BA39FF41E6D0DF0FACB175BBBCF45 |
| SHA-256: | 8063600EA53A1F853E2FA63497EA9F4EA6A78DC2D85F18A4BD756E8D6A07E620 |
| SHA-512: | 2537FBCCCD5674C439EFA5C07F62EAE8B06AC7D703DBD16801AABB99259C540D7A4573AA4E667F3D3A018385FBEAEF9AA52C83EB5F5A8BFC403DD907B2506879 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.7748661871210363 |
| Encrypted: | false |
| SSDEEP: | 48:7M8p/E2ioyVPioy9oWoy1Cwoy1jKOioy1noy1AYoy1Wioy1hioybioyvoy1noy1L:77pjuPFOXKQmcb9IVXEBodRBkC |
| MD5: | 8C59735FB34607ECA0D30532871F6EB8 |
| SHA1: | E660E7E71E50CFA9F48180E3A3230B7D165E8F93 |
| SHA-256: | 6BC7F9B1B9F3072C80F01493FE4C958689EE7CCA0C789178577ED121790FD594 |
| SHA-512: | C20EC58BA1C21969584D7DD8B934F9C7BC64D41145DA843CD81B9D6BD86BACC53A79688046CD817A849B7AEFDE3B80170DE9E231AC200DDFBA046F573709F33D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 243196 |
| Entropy (8bit): | 3.3450692389394283 |
| Encrypted: | false |
| SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
| MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
| SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
| SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
| SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.369808365181351 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHL2EIGhnVoZcg1vRcR0YFoAvJM3g98kUwPeUkwRe9:YvXKXKJZc0vhGMbLUkee9 |
| MD5: | 347CC6CBCACE2331C8B13888F2E611BB |
| SHA1: | AED0EE3678692E359AFE94DA222B8C8E9D3E2520 |
| SHA-256: | B737D488934684E018E9172399B44FBE3C72EE8887B6C5C51A557EEE2A9D8D5E |
| SHA-512: | 308115207650818194A98835F12B8D172AFC2A4B9CBA5B53817404082C893473AF83740ACF265E257AB788E93DCCE94E5C22E4051589EE1A37868B248246327C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.318391010688167 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHL2EIGhnVoZcg1vRcR0YFoAvJfBoTfXpnrPeUkwRe9:YvXKXKJZc0vhGWTfXcUkee9 |
| MD5: | 252C04DB43CA055360AADE7C9E9E54B1 |
| SHA1: | F2066497C05E61C0952A4E72CB9EAB2A6A6BF0C0 |
| SHA-256: | AD065D1AE112841CE4C9E44EF60AA6B3981568A9907D9264239FDBFEFB8203FF |
| SHA-512: | 39A2B61689F73CC80073849FDCB7DC4411BF985D36D19C7401B8BC505F17356581AD2C7036905EEBC827907B352CC620C3F170492F5FFB71EA45A6C4DC98E858 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.296529925433434 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHL2EIGhnVoZcg1vRcR0YFoAvJfBD2G6UpnrPeUkwRe9:YvXKXKJZc0vhGR22cUkee9 |
| MD5: | 0ABF2A8FCD937B779715005B2F8B2465 |
| SHA1: | 5E4BF4BCB312FD1EC4899D097AA6C640DA0C3EA6 |
| SHA-256: | 77F5AACD884D8859C81ABD077198AD76A6269B75D68ECA495CD8500ECCF8D4CA |
| SHA-512: | 96EB07BA5F04C0D8B0C3B02848DEF2F7A0BA37C19B51BDF789101EA51A7DF2DAC5F806D8A412C04F7695CAA88B647F59B1173BEDE118EAACFF23D588AE81B1DE |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.357045010985779 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHL2EIGhnVoZcg1vRcR0YFoAvJfPmwrPeUkwRe9:YvXKXKJZc0vhGH56Ukee9 |
| MD5: | DD798D647D66B1F3018359F5AF2BBA8A |
| SHA1: | 9F366F4CD1DE451EAD4D5FACFE94597E1FBCEBDC |
| SHA-256: | 179B5325E4A20A182961DBF2AF72F23D1BDD4CE69023C2FD46D970503CC1999C |
| SHA-512: | 9011690A1CE6D3CED3BE0993931A5A4F3340C60D3EC96F70AEB8B2572A296A0C4B42989667289322ED11AE8DB30200241A9105F32F79BE798E16B5381B0E5B6F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.316392521976356 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHL2EIGhnVoZcg1vRcR0YFoAvJfJWCtMdPeUkwRe9:YvXKXKJZc0vhGBS8Ukee9 |
| MD5: | ABFD6EF990CBC95ABEC8D67260BE6393 |
| SHA1: | CB351370684B48CBB2BB1C328E27DC32C2C3FDA9 |
| SHA-256: | AEFB580FBE30BF795E5D21B231C06ADDDA7A2CD03D2A6EB45DBF6BD81E54C02B |
| SHA-512: | EAA9C2DAEAB27EE30FEF800CBE9474BFD51449AB8CCA4F6F30343E138223F9ACF0CA6800AEAB145A2E7B88A8FDD752FBD00F70EDFFDBF93AE65A8DCF4B3B730A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.3028908570599524 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHL2EIGhnVoZcg1vRcR0YFoAvJf8dPeUkwRe9:YvXKXKJZc0vhGU8Ukee9 |
| MD5: | ACB240ED807BAC4625A45C55452402E8 |
| SHA1: | A1A050D2B8DDB221A92430FDB3A8ACDA4950C67B |
| SHA-256: | D59624BF3A84DE16C6F1D3626B12827E1A54F885DCE8401D5A2CD0BFD831EEDB |
| SHA-512: | 82E0DAF6D21C65A581DF31CE3FED3A99783B30FD27C88EF7EBB6DF06F83B2242C336F2F0ADEB2808CA768C74C62FDBC24C371509438B3B1D3370BD7053B21FBD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.306452794716604 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHL2EIGhnVoZcg1vRcR0YFoAvJfQ1rPeUkwRe9:YvXKXKJZc0vhGY16Ukee9 |
| MD5: | 27A39A294AC5C702F12916A675DF25A0 |
| SHA1: | 38F49B967D09EA51E19BF2F40F69CB86633973AA |
| SHA-256: | 9D150BE3854E89558FBD1FC22D5563E16413579255BB7FA1A0914C83293B84E8 |
| SHA-512: | E01015598D6CA9090DC1087F4154C8EE2B94123D3B8ECD7F74F35C3F91E57A21ED9A64BC40F3C8B42D3261EEDF6DA4868D9E4AC430D56F63BDD8B20015FCEDDD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.312648388686591 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHL2EIGhnVoZcg1vRcR0YFoAvJfFldPeUkwRe9:YvXKXKJZc0vhGz8Ukee9 |
| MD5: | 64AC1A926D17D1858CCC24CE230CBD87 |
| SHA1: | A972E869DC73F9DDBB8FC699ACA18EF2EBBCE65E |
| SHA-256: | A939144C2E5149E7DFFA94BFF218317327DA3C96A2025D437D38C37526A0E71B |
| SHA-512: | 82AACED14E2640F3D6BBF8C561C1206C7AC2B6C094DDD8777B84291CDF5329407F6CFC7B8B3AD927FDAE8A7C5DE842527315973324BB43EE9A62AF743E45373C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1372 |
| Entropy (8bit): | 5.740428327776291 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X8zv9KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNpTb:YvbVEgigrNt0wSJn+ns8cvFJ3 |
| MD5: | A0A3FFF12EFF8B212D5C6E2A1F84D7E5 |
| SHA1: | 37887B486AB615FB849D5333163FB612C6EAC41F |
| SHA-256: | 90454D2B20D467A094F121F1C6823D48BF05C3F64F024F78B194AFE09A219ABA |
| SHA-512: | CC7DDAAFCF537F83BFE4E115B40C6F034CD2DBD4DC99608391760A896C18939B9E9E1868023AA598C58CC701320D8E19ED893EB015F6D5498CACDC86CFC4C7ED |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.30963598550305 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHL2EIGhnVoZcg1vRcR0YFoAvJfYdPeUkwRe9:YvXKXKJZc0vhGg8Ukee9 |
| MD5: | B34B87731ACB3F1E19A75258B82647F7 |
| SHA1: | DF1699506E89ED694C5D8361CD1810439128A04E |
| SHA-256: | 0A4DEC22D98F83B503A02A5EBCBD49C5B1446A9545B2F48425574AA66A7B31D1 |
| SHA-512: | 5733605BEEEB76A3AA7A68A319959CA681DAAB255DB2CB897D0E27706B968A801606903DE3F0E2C3AD4EEE1F3F0F1C0A953E88ECD9616604DC8EC25F1F858C3C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.777107887292924 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X8zvArLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNxTb:YvbIHgDv3W2aYQfgB5OUupHrQ9FJ7 |
| MD5: | E5FE9B9108D88F34B614EB03264ADA8D |
| SHA1: | 5E34B7B2D2163E73766CCA797C39618D9FDE2713 |
| SHA-256: | BE0FC80CBAEBB0C2E12E6BBE52F362EC5D4BF92F58E2DE7567BB09EC92FF2504 |
| SHA-512: | 9543B48BB2C1B7C8069825D7F658418D4D8B7905C16A4E9D17E84F5FF59CFA02A09E3908FC5D41967F8F20B713C40BC195C3BA2AC7172E1BEEE0FB1332B1E0F5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.293116856472425 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHL2EIGhnVoZcg1vRcR0YFoAvJfbPtdPeUkwRe9:YvXKXKJZc0vhGDV8Ukee9 |
| MD5: | 0045440E3F2A30BAC59871AB84E1C052 |
| SHA1: | 199D30435BC77B055BEF5DF1DC91E9A852AC0B20 |
| SHA-256: | 23BA712BE2A4003BB39C2F05B1E00AF680DE870491483E99B2C42C10CFC9F862 |
| SHA-512: | 081862826100ADD76446B242AC341970A0955842F8B74603DAAA25CA2B9297F242E35B908F95D31D08E9B735C9416FF13D8EFCB9FB5D760E6FD683500E2417A9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.297587304926805 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHL2EIGhnVoZcg1vRcR0YFoAvJf21rPeUkwRe9:YvXKXKJZc0vhG+16Ukee9 |
| MD5: | AD5E434F65E1E1BD1B4722FC21393022 |
| SHA1: | A084466252574707B080F4F5BBCA1EF71D6DB0C8 |
| SHA-256: | EAD0E4BDC20C3983698AC6B245156610DC5A57C2C58A68DC4DA1FF93D66EC0BE |
| SHA-512: | 8AB529285A1921CB5BC2CA2243C5C518EB613DF0BB80341D3CE888D9E40459A9426C299770412C551B16E9B258BCC849E879B764FDCA3D9709D5D01B5840A769 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.316471114261198 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHL2EIGhnVoZcg1vRcR0YFoAvJfbpatdPeUkwRe9:YvXKXKJZc0vhGVat8Ukee9 |
| MD5: | 6FFDD1425CE10151DE84E89E78A04A76 |
| SHA1: | D3297A6FA7F1C4068D00C33ED3E7DF8DDAC15844 |
| SHA-256: | A2F328C5FD0C3FE3EF2E3AF22AC408016874AEF75C9CCD7D18B227F1ACE5D356 |
| SHA-512: | 81959641340281EE0D0766FAD0AE6E4EF274D716E2DBD64CBAA66A17F5B82842BF831A3E3566A1DADFB019372FC0F8F745B840BED38557DE4A9E8CE7D57F8679 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.273576958564675 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHL2EIGhnVoZcg1vRcR0YFoAvJfshHHrPeUkwRe9:YvXKXKJZc0vhGUUUkee9 |
| MD5: | 158A5165FDD93929BF3D2D9063403E93 |
| SHA1: | 24FC94A1970D2821DB2FF3F753F5E54B5ECC23EF |
| SHA-256: | 5E8732EB0C4D772B7ED37121DDDDE7B7920B8CDC8D1408BC1EC72EA19F4B1076 |
| SHA-512: | 18BA54117DD8C6BC1BBB1CD448EF556166C8BDEFE7633E536A47AD8F82EA2974A7508CFEA5C6A0D7CC569ECEB6261962B6A45C4A891EF33703B7FAD18843E05E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.3699409947676635 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXKJZc0vhGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWqmTb:Yv6X8zvt168CgEXX5kcIfANhmTb |
| MD5: | 196BF2D5ED1679958566719D4508778B |
| SHA1: | D455995AB32964DAB6EAA6E4E4596A3E429169F1 |
| SHA-256: | 00CEFDDEB6D719992CCDD6230373C6E2BE883C214002E64FF0446325B7955633 |
| SHA-512: | ECFC07A5EDC4232932760F14DE23E40CB8FD0AEF4CF879F9FDEE227EB30D953B96D408F0040225E48854057EA2BBD58B68E7F75F4297F0ABEE45BBAEAC3CFEA2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.1310268909372345 |
| Encrypted: | false |
| SSDEEP: | 24:YH47zCVyshiSIKFwQa8AM1ayI2uNJWCIkj2j0SMVx1CU2+2LSWfmBM35A99CuSOG:YYXkyswVKFT62kJPIq7/Af2M3y99m |
| MD5: | 02CB45A42D39EDBAEB496C8B01EFEB26 |
| SHA1: | 8097F1C497EDDB2DA16EB27685CD81CBD5D699D0 |
| SHA-256: | 365035C6C27DEDCE6DEF6463DEF3A65DAB22EB7EA567E0CE8981CE698A9ED71C |
| SHA-512: | 65168CCA8D51CD19FF7C5F7D21310BAF0D209C236EBC0EC209101D6F7C1C7B46236BF307C29222F05E3A2AA23A637C14298AEB1F96140EFD418759B25BDF16E9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.1888795510392405 |
| Encrypted: | false |
| SSDEEP: | 48:TGufl2GL7msEHUUUUUUUU4SvR9H9vxFGiDIAEkGVvpi:lNVmswUUUUUUUU4+FGSIt2 |
| MD5: | 8BED37B7814B9F98510847B2DC221804 |
| SHA1: | 42D5099AE8B49D20C71F1C730846C99622309EAE |
| SHA-256: | 5FAB60AE218914732FF089C138928B8CB135016601DCACF7BB3DA928CC1B5767 |
| SHA-512: | 3321CCC7030D45D2F9DD28CD1F9B7FC146976B93A83A7B5D4DD5794E39320DDFB29B4499CA69CF877DFEDF5D64C9F9CEDAA30D51700CCAFA7A91E7FB146D171F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.6078991526621271 |
| Encrypted: | false |
| SSDEEP: | 48:7MyKUUUUUUUUUUavR9H9vxFGiDIAEkGVvZqFl2GL7ms8:7CUUUUUUUUUUmFGSItTKVms8 |
| MD5: | 8656452B35BF5A8403DE95EBD2F261E9 |
| SHA1: | A2D9E5A09CF5C07FABADA3F294979878F7A77EE0 |
| SHA-256: | 7C64CFD7053EAE3F9E6168F89578058C71845FBDC74745468B3556435F81B0FD |
| SHA-512: | 14EE48B5BB7EC41DBDCE3F3AEC0465487892D0AE8D08816D0010BDD3F11DD0062019CA6EFBA763E16826A79C22E7018F86828C2193971FCFB882E8AA232710EB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.4965336456103326 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8eeW+2j:Qw946cPbiOxDlbYnuRKhT |
| MD5: | 678B9BEAED3651C73333619BA11AB937 |
| SHA1: | 2C62E8F1AA34FCC4208F146EBCD84E300FDAC349 |
| SHA-256: | F585D25557AEFD162ECC14D5FD1E22479D7F17C6DB6EF926B94F1E8E147432F0 |
| SHA-512: | 826A6C9D2A9744AEB7F08E20E94E8383924337D1AEB374F04C2DC9481D523D74BAF44B27C5229F88574058BEC53D6708ED7464C022DADC69DE37A78B4FF752EA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-16 21-44-09-044.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.345946398610936 |
| Encrypted: | false |
| SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
| MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
| SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
| SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
| SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.359822689497119 |
| Encrypted: | false |
| SSDEEP: | 384:SLvCHrmXxWmzpcTyMHOOpqWd3YoHRFmjIPzxVhdAWJoSBJaQ5QyQ9QsJLpEsgsBU:pT3Aok2/J |
| MD5: | 84D0F967A539289EFF0501850E70E9EF |
| SHA1: | 081BEB291BE49D0F4C4F77999855348CFB8A4292 |
| SHA-256: | 6332330813CAE7D17B58CC71BF2081B601B5C9AB44897B8C774694F1B79FA9E6 |
| SHA-512: | 18F851D26B5CABC9FAB509EE1435378BB47438AB52937D98E38221A1EB5FE809A2DD30B1AB961EA32C2FC1EB9C745211E6897CADAC9E5E258E5955C0A5D69CCB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29845 |
| Entropy (8bit): | 5.396216000998046 |
| Encrypted: | false |
| SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rB:9 |
| MD5: | F400235CCF5CBCE5D9991C4EBD9A23B6 |
| SHA1: | D3332A6C96BFE2E521760C5C2BEBA16C64DF3647 |
| SHA-256: | 520BB1ACB625472432C6F71D3541511F292465664CF45E26BAAD5070C6C03D5D |
| SHA-512: | F0FF840F974EB9B6DAD117A8791A6CB1BD06C2C9999A160D21040E96FD55D75762D15A00381813097E42134BA1F18B895E692C5DD551CDF51DB5CA6B4053DA3C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7owWLaGZDwUYIGNPrdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDdZGV3mlind9i4ufFXpAXkru |
| MD5: | B655A2FDF42C42DC2317F8DBA1EE9D85 |
| SHA1: | 4B0F8EC41AF81F8FB40608C8762D6A1472C3882D |
| SHA-256: | DD6B59B4D6E459CD472306E66F73019FBD374403EE7526F5984268B8A0419BB2 |
| SHA-512: | 9736F265A90A0B10D6C09BD37753FDAFA1DAC60882DE2F4981E5C76D1ADD0DF53907878B0262454E6B4AFABB7AAD051053363A0196DBD4F1E289063BC237AB9A |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.474027423276764 |
| TrID: |
|
| File name: | BoxManifest[6].pdf |
| File size: | 4'129 bytes |
| MD5: | a526de74701d3e9da6e1e65834e6cf98 |
| SHA1: | 6bd5da2092012f4c7639465722c1baa91b1f39d8 |
| SHA256: | 30612b633ebc4d643259b32ec114de58d783e9b8f28eea447b912c7c7da71434 |
| SHA512: | b4089cfe311ec9aa4a22bb840e2dfdd0800dbf02fc538921c31726b3d8d5c692babb0ce3866d37ee5ad0d4b7821a74fa4d850de1b8bb7c3f4b24dd6129466627 |
| SSDEEP: | 96:2KCMhFvB+E255rpt51M/vleRWTcOGU5HMo1dLlyxoxohO:2KC+vBen9/Y9eKGYHMojJt+hO |
| TLSH: | 4E811C45785F7DFDE9626741AF29F9A3B01AB01615C8F5C13028E087F046FDB2847B29 |
| File Content Preview: | %PDF-1.4..%......1 0 obj..<<../PageLayout /OneColumn../Type /Catalog../PageMode /UseNone../Pages 2 0 R..>>....endobj..2 0 obj..<<../Kids [3 0 R]../Count 1../Type /Pages..>>....endobj..4 0 obj..<<../Producer (Winnovative HTML to PDF Converter 11.18)..>>... |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.4 |
| Total Entropy: | 7.474027 |
| Total Bytes: | 4129 |
| Stream Entropy: | 7.901484 |
| Stream Bytes: | 2698 |
| Entropy outside Streams: | 5.023322 |
| Bytes outside Streams: | 1431 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 10 |
| endobj | 10 |
| stream | 3 |
| endstream | 3 |
| xref | 1 |
| trailer | 1 |
| startxref | 1 |
| /Page | 1 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 16, 2024 21:44:19.997845888 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 16, 2024 21:44:19.997880936 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 16, 2024 21:44:19.997982025 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 16, 2024 21:44:19.998120070 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 16, 2024 21:44:19.998127937 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 16, 2024 21:44:20.318054914 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 16, 2024 21:44:20.318475008 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 16, 2024 21:44:20.318521023 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 16, 2024 21:44:20.322160006 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 16, 2024 21:44:20.322278976 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 16, 2024 21:44:20.324228048 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 16, 2024 21:44:20.324228048 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 16, 2024 21:44:20.324259043 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 16, 2024 21:44:20.324435949 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 16, 2024 21:44:20.375974894 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 16, 2024 21:44:20.376012087 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 16, 2024 21:44:20.422853947 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 16, 2024 21:44:20.429903984 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 16, 2024 21:44:20.430058002 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 16, 2024 21:44:20.430710077 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 16, 2024 21:44:20.430733919 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 16, 2024 21:44:20.430766106 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 16, 2024 21:44:20.433279991 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49740 | 184.25.164.138 | 443 | 7212 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-16 19:44:20 UTC | 475 | OUT | |
| 2024-04-16 19:44:20 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 21:44:05 |
| Start date: | 16/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6bc1b0000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 21:44:06 |
| Start date: | 16/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 21:44:06 |
| Start date: | 16/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly