Edit tour
Windows
Analysis Report
infos.pdf
Overview
General Information
| Sample name: | infos.pdf |
| Analysis ID: | 1427213 |
| MD5: | 8d3ed8c018f17c1345bf4200f624b6ea |
| SHA1: | d7bc35d7857b867ac6e163423b1be89ce3b4991f |
| SHA256: | b8b836a9e447fff8c0a5c40a8495c91807c703431e965c7b92b737d85c9a3e5e |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 6632 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\i nfos.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 3788 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 3636 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 28 --field -trial-han dle=1652,i ,150028334 5263875887 ,150936496 1670034398 6,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | Initial sample: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 184.25.164.138 | unknown | United States | 9498 | BBIL-APBHARTIAirtelLtdIN | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1427213 |
| Start date and time: | 2024-04-17 09:31:26 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 10s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 9 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | infos.pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@14/41@0/1 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.220.188.152, 23.22.254.206, 52.5.13.197, 54.227.187.23, 52.202.204.11, 162.159.61.3, 172.64.41.3, 104.76.210.84, 104.76.210.69
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 184.25.164.138 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Lokibot, PureLog Stealer, zgRAT | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | DarkGate, MailPassView | Browse | |||
| Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse | |||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| BBIL-APBHARTIAirtelLtdIN | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CobaltStrike, Ducktail | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.241003099904382 |
| Encrypted: | false |
| SSDEEP: | 6:ZNddjL+q2P92nKuAl9OmbnIFUt8WNt41Zmw+WNtuLVkwO92nKuAl9OmbjLJ:FFyv4HAahFUt802/+0uR5LHAaSJ |
| MD5: | 13C82AE7346F40F1E8B4AD4FCA76504E |
| SHA1: | 7E33473896B0A36FB23A4AC3555FB914F4C4E0B8 |
| SHA-256: | 0C42839C66D2D9425C901A2AC4F91034808B3F6F8689A994CECEB041228DF0C9 |
| SHA-512: | 2191EB76CEA4B627016626E43DD08337D2E3B07EFF067621B532A862E7A4F59F9DEBDB76E602AA827256D3D64E03FFC8184E237415E514A25648D42AB3853B9B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.241003099904382 |
| Encrypted: | false |
| SSDEEP: | 6:ZNddjL+q2P92nKuAl9OmbnIFUt8WNt41Zmw+WNtuLVkwO92nKuAl9OmbjLJ:FFyv4HAahFUt802/+0uR5LHAaSJ |
| MD5: | 13C82AE7346F40F1E8B4AD4FCA76504E |
| SHA1: | 7E33473896B0A36FB23A4AC3555FB914F4C4E0B8 |
| SHA-256: | 0C42839C66D2D9425C901A2AC4F91034808B3F6F8689A994CECEB041228DF0C9 |
| SHA-512: | 2191EB76CEA4B627016626E43DD08337D2E3B07EFF067621B532A862E7A4F59F9DEBDB76E602AA827256D3D64E03FFC8184E237415E514A25648D42AB3853B9B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.162603084227332 |
| Encrypted: | false |
| SSDEEP: | 6:ZNrAq2P92nKuAl9Ombzo2jMGIFUt8WN6VXZmw+WN6VFkwO92nKuAl9Ombzo2jMmd:Ev4HAa8uFUt8V/+H5LHAa8RJ |
| MD5: | 3B3FB9278EC247ED887864F59D5E6D98 |
| SHA1: | 81755AE9CEEADF37FFF3DD71F882D21495E68486 |
| SHA-256: | 81CD7D05DED8B3B34B154D7CC2B0004D6BCE2B5D422BBE4DE911FE7EACA2A9C9 |
| SHA-512: | 59CFB36488A9F9311E6D01AE992A32A877F3C16D0D45F33E61CB29CE206226A0B0D2BD8C25D769BB4D80BAEFC9325877A4B14E0B3C77BD7BDD31EAAD6CF87EB8 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.162603084227332 |
| Encrypted: | false |
| SSDEEP: | 6:ZNrAq2P92nKuAl9Ombzo2jMGIFUt8WN6VXZmw+WN6VFkwO92nKuAl9Ombzo2jMmd:Ev4HAa8uFUt8V/+H5LHAa8RJ |
| MD5: | 3B3FB9278EC247ED887864F59D5E6D98 |
| SHA1: | 81755AE9CEEADF37FFF3DD71F882D21495E68486 |
| SHA-256: | 81CD7D05DED8B3B34B154D7CC2B0004D6BCE2B5D422BBE4DE911FE7EACA2A9C9 |
| SHA-512: | 59CFB36488A9F9311E6D01AE992A32A877F3C16D0D45F33E61CB29CE206226A0B0D2BD8C25D769BB4D80BAEFC9325877A4B14E0B3C77BD7BDD31EAAD6CF87EB8 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\79941a28-2e5a-442b-8591-175ce01037ca.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 508 |
| Entropy (8bit): | 5.057469265871315 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZjsBdOg2HqZcaq3QYiubxnP7E4T3OF+:Y2sRdsDdMH/3QYhbxP7nbI+ |
| MD5: | E29381FB056C9B50DEF6E87FE7B32240 |
| SHA1: | D42076551A23C5046184368C75085BE7A285A0C6 |
| SHA-256: | 13975B01FC05C3AD72990BA85707FB8EABEA64E55FD63EBAA31C19B56667C978 |
| SHA-512: | 68F30BFCF343C76AF719D7CA005BA3CC94CCF4629EE1D36BD72324617570D83C4077C1226A88F89FEA164F503303C6AA2579A36D32F3E34FE9EDDA02D579CFAC |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 508 |
| Entropy (8bit): | 5.057469265871315 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZjsBdOg2HqZcaq3QYiubxnP7E4T3OF+:Y2sRdsDdMH/3QYhbxP7nbI+ |
| MD5: | E29381FB056C9B50DEF6E87FE7B32240 |
| SHA1: | D42076551A23C5046184368C75085BE7A285A0C6 |
| SHA-256: | 13975B01FC05C3AD72990BA85707FB8EABEA64E55FD63EBAA31C19B56667C978 |
| SHA-512: | 68F30BFCF343C76AF719D7CA005BA3CC94CCF4629EE1D36BD72324617570D83C4077C1226A88F89FEA164F503303C6AA2579A36D32F3E34FE9EDDA02D579CFAC |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4509 |
| Entropy (8bit): | 5.232234301598041 |
| Encrypted: | false |
| SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUAvNDrG2Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLF |
| MD5: | A529982DAF4F8426835CAFA39485E66A |
| SHA1: | 21D7843FB6FF0951656E2DB4AF410FF7C3835B59 |
| SHA-256: | 86229DA05CD04099925B4F909111BB261C14AAA1DB028E9D212B5252E7EC198A |
| SHA-512: | 029023B8DBFAD82A81653FA3CD12D265C846FCD0E38004D026AD6880F33D10870A4653F0437FC72341B00969E082C0E63DA88209FDAEF5767BEE8A6312956FB3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.201478528889114 |
| Encrypted: | false |
| SSDEEP: | 6:ZN2vIq2P92nKuAl9OmbzNMxIFUt8WN2cqZmw+WN2OOzkwO92nKuAl9OmbzNMFLJ:Lv4HAa8jFUt8B/++W5LHAa84J |
| MD5: | 198B5F5BA0EB40121BACED70BD23BA67 |
| SHA1: | 5628C92F221603E92BAB9DC9B968DF88E524A9D9 |
| SHA-256: | 3558BEDBA2926ADAF99CF2E31D54E7F1F3D81BA6AC2E1B2147D897FF792ADDD1 |
| SHA-512: | 63955392487EF556E90D4D1E17564502DE5A672BA44F13208EC55093534223E6BAC174AD60BA16CC5AE709FB38121436E286BC4E81940E697131929F2BE9AF89 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.201478528889114 |
| Encrypted: | false |
| SSDEEP: | 6:ZN2vIq2P92nKuAl9OmbzNMxIFUt8WN2cqZmw+WN2OOzkwO92nKuAl9OmbzNMFLJ:Lv4HAa8jFUt8B/++W5LHAa84J |
| MD5: | 198B5F5BA0EB40121BACED70BD23BA67 |
| SHA1: | 5628C92F221603E92BAB9DC9B968DF88E524A9D9 |
| SHA-256: | 3558BEDBA2926ADAF99CF2E31D54E7F1F3D81BA6AC2E1B2147D897FF792ADDD1 |
| SHA-512: | 63955392487EF556E90D4D1E17564502DE5A672BA44F13208EC55093534223E6BAC174AD60BA16CC5AE709FB38121436E286BC4E81940E697131929F2BE9AF89 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240417073223Z-154.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65110 |
| Entropy (8bit): | 3.979120211878643 |
| Encrypted: | false |
| SSDEEP: | 768:yyFDbGHau7lSLhFMX+DbRU0DVxEj7SD38:yOnGHau7lKFhDdU0DVxEj7Y38 |
| MD5: | F727DABCB7F4FAC31C77EAE0C69AB75F |
| SHA1: | 37F3D14EF8194D102594399E36307579143E4496 |
| SHA-256: | CA0B5B2DCB5458C74ADE75B5F7F13D1C30CA712D4424E148690F45A96AC1BF7A |
| SHA-512: | 8519026C1F720BD5EFD097763069813A34710571BBEC14D642830D26265CD991EE0FF6EE0F08817B5297BDE84625954589797C59EAEF21BD5E73262C4C6F4244 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 227002 |
| Entropy (8bit): | 3.392780893644728 |
| Encrypted: | false |
| SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
| MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
| SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
| SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
| SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.322085093609185 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXey6a9jRZK7+FIbRI6XVW7+0YZeoAvJM3g98kUwPeUkwRe9:YvXKXey59GyYpW76GMbLUkee9 |
| MD5: | 47B9DFE99540B9B8F0AE1266DD66E4C9 |
| SHA1: | 79834A86B57F768A34AEE2F98F4F822DCA68EFD1 |
| SHA-256: | 3C3DE0274B550495A919F0BEC176BB0ABE5681E221108D620B1C56A54D62569A |
| SHA-512: | 07A23E07C76597A472211A473DFE2BF1D2EA118C0251F657F1B5B76EE17D4B5B684B3B1ACA9A64D7DEC9D436ED65D28FB55202891CEF06FB368AC3FD07431051 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.257970119447963 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXey6a9jRZK7+FIbRI6XVW7+0YZeoAvJfBoTfXpnrPeUkwRe9:YvXKXey59GyYpW76GWTfXcUkee9 |
| MD5: | 88200E61417BE0800161E66872BA8AA6 |
| SHA1: | 94F405130520AB0114D23FF661F065FD195CB0AA |
| SHA-256: | 1B72E8BFBA901B6FA95FA7FE803C5FE05A840975305F2375CEF25B21FCCE1324 |
| SHA-512: | 8F38AC8FD740729F1404CA5AF1E64861F2D9DF363D1E838EA629C2766FAD23620C1EF0FAE91DB8551200271EF595F35C6EB931B13714FB90DCA1B81507B5BBA6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.236518435973967 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXey6a9jRZK7+FIbRI6XVW7+0YZeoAvJfBD2G6UpnrPeUkwRe9:YvXKXey59GyYpW76GR22cUkee9 |
| MD5: | A0F73D589FBDF3DF3E4AB566A407D710 |
| SHA1: | DE2619920789DC8A761D528F073ABFD96273658A |
| SHA-256: | 90E89BAB1CACB46F100D345745B3D38E5675254E73A70CD2D04F24EC899701EE |
| SHA-512: | 30C22D0095F78FAA32997BF3ACC81EE36CFA8654E1F6A1006CDC9F57CE5C93D877545CA23ABF44DF096786BE10C38A975EAC4583471CAF8B33C16044EAD01DA6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.299529610115472 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXey6a9jRZK7+FIbRI6XVW7+0YZeoAvJfPmwrPeUkwRe9:YvXKXey59GyYpW76GH56Ukee9 |
| MD5: | 1248D9783DE9961CDA7AACEBEFACFACC |
| SHA1: | F41B6BB392A9E573835844B79864D19956AFD612 |
| SHA-256: | 6928EB15F24F33BA31A094FB13D9CC464C9B2C38421E60F8A1D8E00B084D1E06 |
| SHA-512: | C2CBF33AF7FE6C9B954CC7C89B66AC3D2DAA235226FF7366A8C510AC5589B8D76F694087E4068035009981FCB69CDB6557FDEB351C308FCB3388091E7B082D3A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.257981516377152 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXey6a9jRZK7+FIbRI6XVW7+0YZeoAvJfJWCtMdPeUkwRe9:YvXKXey59GyYpW76GBS8Ukee9 |
| MD5: | 69028AAE966A420AE9F77408209BC19F |
| SHA1: | FFF96FFB50D25C38D9E09C501FE6F9C3A93510C1 |
| SHA-256: | E26F113A3630C9D5B9F113425208CF5C2BC1DA7954FAA1263EC9426121AE29D9 |
| SHA-512: | 6FC68A39EDC469E909CC24D5986AA90ED34732DB9AA19870475AECC82E9021800B9789714A8751385A57F15FD05F97DFDA3D1125D88BDED6FF03E8884E502E93 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.243651633729339 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXey6a9jRZK7+FIbRI6XVW7+0YZeoAvJf8dPeUkwRe9:YvXKXey59GyYpW76GU8Ukee9 |
| MD5: | 41214194072E975377D6735B93350C1D |
| SHA1: | 0507FEBB56CCEFB8DBF1A011C3B0FDF77F00B04E |
| SHA-256: | 8C678B9D06F1C2E1BCD3DFA4954FF4F39F67EDFC2703A927C7B4140F9300350A |
| SHA-512: | 26BEF4FD5E6EC984A4B507FAC99F45A57B92E8364B8B19232631FA6C5CCAE21FC4B2C5F733BF6A74FFF75CF82E7252528CC085963CE79C0D1FD05CF49FEB57C6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.246029539790667 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXey6a9jRZK7+FIbRI6XVW7+0YZeoAvJfQ1rPeUkwRe9:YvXKXey59GyYpW76GY16Ukee9 |
| MD5: | B31A1B8E8BAFB923090225CC0A4A0ABE |
| SHA1: | 8A532803A35D93A74587FA56D4483DD92181FF3B |
| SHA-256: | 2BABB19F15D1629AB01720EDDA1EC0C875289974827E2B7C3B3EBFD4506212A6 |
| SHA-512: | BB9863046A0EEA5F8E3C4F083E4E20F6CB6DC36F3F15D37B74C609E743F26487E901F88D0EF810ACD8E833D750B82F7089CCDE031DA236A446CFD4296C7BBBD7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.265173862659264 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXey6a9jRZK7+FIbRI6XVW7+0YZeoAvJfFldPeUkwRe9:YvXKXey59GyYpW76Gz8Ukee9 |
| MD5: | 45C515BE269C5E73300D4E9276324CB1 |
| SHA1: | 06510164B4FE2C5266F83BEFED9DB3360A4BA247 |
| SHA-256: | 475FB80F33FF7B011A329C56E44672237FCD05DB0FFAFC38F0AE2BAF73C12190 |
| SHA-512: | 251AF7C6D9CE7C3B02342EEC3B18BEF8E7FE8F0B219B40CA1BD4E2C623B4C64ED813FFDDD21943F25BAEC8F7BC95AF2EBD1FA2AD0685BF64D94989F64AE98817 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1372 |
| Entropy (8bit): | 5.730844004691427 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XjbGXiWKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNiw:YvAqyWEgigrNt0wSJn+ns8cvFJZ |
| MD5: | 1329595B7B670241914D99459433D837 |
| SHA1: | 293A689E4D9C31AC21F37ACCC56EB8062475AF63 |
| SHA-256: | 19C4A778E85B186123ECA235EBE1AD16A80214C904F1A09C95505910B49AEFAC |
| SHA-512: | 4A5B196637471CBB7D222880C05C648312180564DB1B4749687EB1A3D7DEBA55C5D255DF30CA6F39276C318B656650A6A3AE3A456515DBB755F5B9A9EE69FD3E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.251623807027222 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXey6a9jRZK7+FIbRI6XVW7+0YZeoAvJfYdPeUkwRe9:YvXKXey59GyYpW76Gg8Ukee9 |
| MD5: | 70A6CDDC5394588931E04040F6DDFC19 |
| SHA1: | DF6767997414EA575A932261CDB968A553D5D109 |
| SHA-256: | D018294D7E2C0C4D0CB069A1F041C534DBC69C3A74F6C7B7DF73CDBB4EA4399C |
| SHA-512: | A8777AE1E016B32CA493851804FEE9082921685FA5184873343147D13E2B4F5E96C55EF54A846FFE9F086699CC29B5E23FED8B936292EB2CC87663EC3438904A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.76586022007542 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XjbGXidrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNK6:YvAqydHgDv3W2aYQfgB5OUupHrQ9FJL |
| MD5: | F8E64E98A1F21AFBFD06B9AAD377E682 |
| SHA1: | 98CCBDC4C646EF19B56FDEE31694EFD86A8781FC |
| SHA-256: | 9D8EFF403CE6C945369975AFFFF37A06C2E28FBE5DF15FA85CECF14D33B321F6 |
| SHA-512: | CD5AB6AFEAC654C4FC6D0F3531F40B4FC53D82512B341B6CD07BC6CFE0C72D9534CB1372A5A7641649E5795B4C75F4F2A6CA31939E6BCDB3B2150E095BB1DADB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.235503387127015 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXey6a9jRZK7+FIbRI6XVW7+0YZeoAvJfbPtdPeUkwRe9:YvXKXey59GyYpW76GDV8Ukee9 |
| MD5: | 5B47D9067699EC7508B88AD50D1E25F2 |
| SHA1: | B2F57775BEC08C7D06AB013A17010B32D1BB0ECC |
| SHA-256: | CCC095C02DC1FF3A44BECCA1EA682974490B600A4DD4314FB5D512FB5AC08E79 |
| SHA-512: | E348061DF6DC29D5AA1E8BFA45D6460880C16F3B9C26A62A4CB00415B982F0041CD022B9A61EE44AE671DF0FC9CAA8DAB6D37538307E1F56195AB2E558C5C627 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.237346975744433 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXey6a9jRZK7+FIbRI6XVW7+0YZeoAvJf21rPeUkwRe9:YvXKXey59GyYpW76G+16Ukee9 |
| MD5: | 3EA0DAE724B1DD562E357F23A91BE4E1 |
| SHA1: | 6585A5AA93F74A501CBB29166C4A502B55B41707 |
| SHA-256: | BE7490E478EA2F2A3209F4BA49092679D15AD58C9F11C1C588AE8F9B524CBA01 |
| SHA-512: | DDE9CFC8F88E9AD10BD341B2D55BB5F446A7328F709EDAEDCCDEC082613497D5A63702B9887FEC14AA48EFB384141186629C50900E83A8620C67820AF3ACE819 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.258458935785369 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXey6a9jRZK7+FIbRI6XVW7+0YZeoAvJfbpatdPeUkwRe9:YvXKXey59GyYpW76GVat8Ukee9 |
| MD5: | A313DFC54D4BA388ACA32B3BB1A2752A |
| SHA1: | 135F0FF05768F85370EE5719F3710C855E1650B3 |
| SHA-256: | 514947F47DC8ED8EA82EC12024FB8ECCF23F0C16FDEDD202CB376F878DA420BB |
| SHA-512: | C3ACEB120ABA10701DCAE01C92C9D30131BC61E441D62DB2C3694EC919A61D0D73B8D933E264A3263C6F8893180D45895563B13ACDF3436F2305B7F5785F41D3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.211967613978004 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXey6a9jRZK7+FIbRI6XVW7+0YZeoAvJfshHHrPeUkwRe9:YvXKXey59GyYpW76GUUUkee9 |
| MD5: | 116E7313B1CA6846823C6AD920A71DA6 |
| SHA1: | 80F76216CD2D4C51B6F81BBE1AEDE60AAE41B1A9 |
| SHA-256: | 43D300EBAD251FC8388119676C179033EBC2FAC545A3355256C4C889CC437C23 |
| SHA-512: | 515E8E64270E1AE501EBA89582403E08346DE356BEB7C5BB15F7313A96914064DF8AEC71421B79F667A7FED92AADD9D6979E13A17D3BF1A71E1AA0B94ED2F556 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.353806692232851 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXey59GyYpW76GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW2w:Yv6XjbGXiU168CgEXX5kcIfANh5w |
| MD5: | F79D6E80D4AC49B7C0373F4C966A20F7 |
| SHA1: | 8412A705CB157909B4FCB5FB611BFE013334EC23 |
| SHA-256: | 25C622BE29AC20B9DD185F1C000B66F7B19B4C44FA4B3A134BD38ED25CFF68F3 |
| SHA-512: | F37734B6D91DF90532C33241FFF67152D47152A6CE084A4598DB913028D1A8048D4D8BCD05713034BD8778EDF99151DFA8CB559F9199D6525A141AAB84523369 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.126517278154154 |
| Encrypted: | false |
| SSDEEP: | 24:Yoi5OuC8bwpfU5GlqUpa2ayB/K/AxjjjKj0SBkp27Km2LSD0W9ERBli5ra9juyOG:Yz5xHbw9U18KmACqBgBli5a9N |
| MD5: | C262C146E401203A0EF007942F22580D |
| SHA1: | F3CA38CA172ECA600E57E7D66B46360E68B73B36 |
| SHA-256: | 3C3DBC6C37C60BA57D11D25DF9B2CFB11E525E997A0053870039A67041FAC37A |
| SHA-512: | D73286DF6E8AA14E593DA237DB77E4E6401AA69F508657C6C57162D0DED935C292180C256A7AC22F4A2E31158C44B4F3B164612D4C4E6FD5BF84DFA2B183AA57 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.9844524915523913 |
| Encrypted: | false |
| SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpRii4zJwtNBwtNbRZ6bRZ4SiiF:TVl2GL7ms6ggOVpRiFzutYtp6P/ii |
| MD5: | 619E8747FB2CDB4BE04670DABB35B37D |
| SHA1: | 90E54A85B498571196B2C813BFD55B43FB5F9318 |
| SHA-256: | E866CB9CEDA299D17C8FB9FA9E149EBEA9EAF16DE9E36EACC3EF7DF56530D366 |
| SHA-512: | 1FF6D91D3F7CE8F96083143493F6605BCE118060DCA93E2B7AF92C216D67D2C2F01F6AF58AFA39DDECCFFCD7E1E55FE573C141C2DFC03D9B79FA3839E38916CD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.337780241191711 |
| Encrypted: | false |
| SSDEEP: | 24:7+tPAD1RZKHs/Ds/SpRiiPzJwtNBwtNbRZ6bRZWf1RZK4qLBx/XYKQvGJF7urs8:7MPGgOVpRi+zutYtp6PMVqll2GL7ms8 |
| MD5: | 8D69BF25226A80F49D0C0BDC8DFBE0ED |
| SHA1: | B6B0BA4CE9087DAE3209FD18F24F7E4CB575A499 |
| SHA-256: | 1CAFAF8D4F18D3F830A17CDFD72957C5C2BD2D71D8B5F0FBEC8ED465DCE78A09 |
| SHA-512: | 23F4E7F3956FDB6BDDF754225E612B0639703EC0C1A72566E904100B1F73E62E9D8AF0AF5202BBE94457321826E35D50B6585CE378EB5D8938B89B10CEC055F0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.518261198325562 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8nqUNo9:Qw946cPbiOxDlbYnuRKgQ |
| MD5: | 66B649B1F0E825DCC2A777359ECB5106 |
| SHA1: | 02AC0A1DF199D7ADE650C283CA086E33744083AF |
| SHA-256: | BEA4438FA91AA036A48AF8672D9E6E610D3F18CB947202EDBCC1AEFA3CC6D2C6 |
| SHA-512: | 3AA7082B24EA28FD46B38EE762FFDD0358614F1A4F3AE72F0F913D4E8C49637C9EBCCB12913ED97496DF6FC67555AA3B8D25350752124E31D234207BB61ADAE4 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-17 09-32-21-587.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.376360055978702 |
| Encrypted: | false |
| SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
| MD5: | 1336667A75083BF81E2632FABAA88B67 |
| SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
| SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
| SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.349682622720681 |
| Encrypted: | false |
| SSDEEP: | 384:gsiBK8Ts7fhoyxD+on6pXO3jACVZ2mtsXDPVNdBXZywKjliM1YS8B8lwbN0G3P/O:RD9 |
| MD5: | B9826D1C5D103050FEEBD358575070CC |
| SHA1: | 61AFF8DBABAE70DDE4AAED542543D1A5CB5D8E58 |
| SHA-256: | 7967C541BD94AC1D619990A9F0B7F48832272488A6643D5873C6DD1BAB4003F1 |
| SHA-512: | 9AB8541AEBD95B696CC09B8FF0C5AADDEAF44A94C7D0B2F302D096FD4068A43977CED84A43AB3EE19D5A5491B4C7A3A9238DC890E3ACA5A7926CE8DC8C8D0B4A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29845 |
| Entropy (8bit): | 5.39723123546097 |
| Encrypted: | false |
| SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGb1:x |
| MD5: | 97D03EC5F6B2C2AA228BBC446CB502EB |
| SHA1: | AA85BD5A6283DC18CE98613E20AEB7F417242496 |
| SHA-256: | 2C415EB3B8E5C11DA8086BF6F17AC74F25106D1E43525E71CD32FD4AB927633B |
| SHA-512: | 2167FD2DF00CBD66CE61AD30DAB9091A5DEA92CFCEC6B476E7D140D181126324581EB2E011A8175890237F4E05C673B09163F1E35CA59ADA5AC2B62117CD26F6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7owWLcGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLcGZtwZGk3mlind9i4ufFXpAXkru |
| MD5: | A46246FAEAB95D87F5B4FE236C2B3D3E |
| SHA1: | 7F018DB9238A63FEAD8D11A92297E7366058A75A |
| SHA-256: | 7E822FECC47177C5A7F4C250E7D53509D104DE68B0D0CE9445877B508400988E |
| SHA-512: | 8AAB79958BF39F014FBA7F69287FE0C357746E63FA3482DE3231BDF4A97B964A0815DAF7BFE9751C55BA6BE618E0A964CEB23FC30B4FA9DFEB284F42EBA897BF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.965186533064107 |
| TrID: |
|
| File name: | infos.pdf |
| File size: | 173'391 bytes |
| MD5: | 8d3ed8c018f17c1345bf4200f624b6ea |
| SHA1: | d7bc35d7857b867ac6e163423b1be89ce3b4991f |
| SHA256: | b8b836a9e447fff8c0a5c40a8495c91807c703431e965c7b92b737d85c9a3e5e |
| SHA512: | 0861aa904564768055c44770aca1265def96e0f6fb0b4aa43d8ecee4bebd23aee7de2e858a8a61d1fcbdbea535e8cff66d750ee7fdaf20065f7942ece077c0f1 |
| SSDEEP: | 3072:WrCMk2Zy/pGd0bUZbJJ756bqdpE2Qqj5EVNA7ul9xOjLSNZdchgRV2d2spp2MKCR:uFZ0pnobuqTQqj5GsL4d3/eHqsC3O |
| TLSH: | E504011860ADA6FCF44A43836F00AD955BDEF1367ADA8AA13C2C548357C4D1DFE63728 |
| File Content Preview: | %PDF-1.7.%cleaned_by_fortinet.1 0 obj..<<../Type /Pages../Kids [ 5 0 R ]../Count 1..>>..endobj..2 0 obj..<<../Author (pro11)../Keywords..(www.Neevia.com, Document Converter Pro, Convert to PDF or Image in batches!)../Creator (Microsoft Word 2016)../Creati |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.7 |
| Total Entropy: | 7.965187 |
| Total Bytes: | 173391 |
| Stream Entropy: | 7.993898 |
| Stream Bytes: | 162042 |
| Entropy outside Streams: | 5.009877 |
| Bytes outside Streams: | 11349 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 47 |
| endobj | 47 |
| stream | 16 |
| endstream | 16 |
| xref | 1 |
| trailer | 1 |
| startxref | 1 |
| /Page | 1 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 1 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 9 | 4c9c72eac8b1c2c4 | aaad6e5e89875520a0669c95ffbeafe3 |  |
| 12 | f080a2a2a2a280d0 | 11d2441532ec93a252675509d5567ba5 |  |
| 14 | 9e76ec70c2dc9082 | da40bc97a96ff34760acf5bca0f9ed7c |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 17, 2024 09:32:32.595030069 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
| Apr 17, 2024 09:32:32.595093012 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
| Apr 17, 2024 09:32:32.595233917 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
| Apr 17, 2024 09:32:32.595421076 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
| Apr 17, 2024 09:32:32.595442057 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
| Apr 17, 2024 09:32:32.917222977 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
| Apr 17, 2024 09:32:32.917783022 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
| Apr 17, 2024 09:32:32.917843103 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
| Apr 17, 2024 09:32:32.919312000 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
| Apr 17, 2024 09:32:32.919389009 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
| Apr 17, 2024 09:32:32.921379089 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
| Apr 17, 2024 09:32:32.921474934 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
| Apr 17, 2024 09:32:32.921614885 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
| Apr 17, 2024 09:32:32.921634912 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
| Apr 17, 2024 09:32:32.972595930 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
| Apr 17, 2024 09:32:33.026659012 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
| Apr 17, 2024 09:32:33.026818037 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
| Apr 17, 2024 09:32:33.027401924 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
| Apr 17, 2024 09:32:33.027403116 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
| Apr 17, 2024 09:32:33.027403116 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49714 | 184.25.164.138 | 443 | 3636 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-17 07:32:32 UTC | 475 | OUT | |
| 2024-04-17 07:32:33 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 09:32:18 |
| Start date: | 17/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff686a00000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 09:32:19 |
| Start date: | 17/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 09:32:19 |
| Start date: | 17/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly