Edit tour
Windows
Analysis Report
JBSA NAF LAK-21.pdf
Overview
General Information
| Sample name: | JBSA NAF LAK-21.pdf |
| Analysis ID: | 1428405 |
| MD5: | 0fff65a8eaa75dec7d2e04bd3732a275 |
| SHA1: | 85b3dbf5daca61fc5a3df1f7c3c31df2410ac785 |
| SHA256: | 4ab929599125e5dba5dfcb7de8c293ae6dde138be7bfc35140845fc745d93362 |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 1976 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\J BSA NAF LA K-21.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 2220 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6284 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 32 --field -trial-han dle=1572,i ,100087308 5540176149 5,99494375 4392750942 6,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.46.240.131 | unknown | United States | 16625 | AKAMAI-ASUS | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1428405 |
| Start date and time: | 2024-04-18 22:13:35 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 0s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 9 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | JBSA NAF LAK-21.pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@14/41@0/1 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.31.60.185, 107.22.247.231, 54.144.73.197, 34.193.227.236, 18.207.85.246, 172.64.41.3, 162.159.61.3, 23.209.188.149, 23.209.188.151
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- VT rate limit hit for: JBSA NAF LAK-21.pdf
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 23.46.240.131 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | XWorm | Browse | |||
| Get hash | malicious | PureCrypter, PureLog Stealer, RedLine | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | SugarGhost | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Jupyter | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AKAMAI-ASUS | Get hash | malicious | Dynamer | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.143972995874122 |
| Encrypted: | false |
| SSDEEP: | 6:Pmz+q2P92nKuAl9OmbnIFUt8imDZmw+imzVkwO92nKuAl9OmbjLJ:Pmz+v4HAahFUt8imD/+imzV5LHAaSJ |
| MD5: | EB6E240AED20D9AD18592CBA8550F98C |
| SHA1: | 9D43C96D2682252DEA7AF3F2E2AC579FB37B0BBC |
| SHA-256: | 1AFFFFB71673461AB7F02AEE889635003A0D5F3879CBABACEDF689D8FA72CC9E |
| SHA-512: | 49D08FE1215DB46F99312C3603FB67ADCE6D73C10DB7B6FC6B798064AA28179D7948E848A40DCC0A5B5A4F1AA104100E0634C65797A96B5F6FFDB5CC855BB5F7 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.143972995874122 |
| Encrypted: | false |
| SSDEEP: | 6:Pmz+q2P92nKuAl9OmbnIFUt8imDZmw+imzVkwO92nKuAl9OmbjLJ:Pmz+v4HAahFUt8imD/+imzV5LHAaSJ |
| MD5: | EB6E240AED20D9AD18592CBA8550F98C |
| SHA1: | 9D43C96D2682252DEA7AF3F2E2AC579FB37B0BBC |
| SHA-256: | 1AFFFFB71673461AB7F02AEE889635003A0D5F3879CBABACEDF689D8FA72CC9E |
| SHA-512: | 49D08FE1215DB46F99312C3603FB67ADCE6D73C10DB7B6FC6B798064AA28179D7948E848A40DCC0A5B5A4F1AA104100E0634C65797A96B5F6FFDB5CC855BB5F7 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.155355851162909 |
| Encrypted: | false |
| SSDEEP: | 6:PvU0SVq2P92nKuAl9Ombzo2jMGIFUt8iXsYgZmw+i74IkwO92nKuAl9Ombzo2jM4:PvUFv4HAa8uFUt8i8h/+i7b5LHAa8RJ |
| MD5: | 7EDE932386095D84B636A6B82CA4C1B6 |
| SHA1: | 24F9F3D413B5519B1B7989655B2ACD874DF072F4 |
| SHA-256: | E81500C22FAD8CD22DAA89D7D44A9677E66E8025410B657A94D71842F2686D77 |
| SHA-512: | E792A63B0D264548D277BCBD35B304E559BAC7841EEC377D8C8574BF5047B8FACFCB2C28B5AA05CE860161FB94518195036B47CDC8AEA1184CC19BFB8A215F02 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.155355851162909 |
| Encrypted: | false |
| SSDEEP: | 6:PvU0SVq2P92nKuAl9Ombzo2jMGIFUt8iXsYgZmw+i74IkwO92nKuAl9Ombzo2jM4:PvUFv4HAa8uFUt8i8h/+i7b5LHAa8RJ |
| MD5: | 7EDE932386095D84B636A6B82CA4C1B6 |
| SHA1: | 24F9F3D413B5519B1B7989655B2ACD874DF072F4 |
| SHA-256: | E81500C22FAD8CD22DAA89D7D44A9677E66E8025410B657A94D71842F2686D77 |
| SHA-512: | E792A63B0D264548D277BCBD35B304E559BAC7841EEC377D8C8574BF5047B8FACFCB2C28B5AA05CE860161FB94518195036B47CDC8AEA1184CC19BFB8A215F02 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4ee80947-fd34-4641-a66a-f29dac43e980.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 508 |
| Entropy (8bit): | 5.05846579623879 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZDsBdOg2Hacaq3QYiubxnP7E4T3OF+:Y2sRdsvdMHV3QYhbxP7nbI+ |
| MD5: | FA999EB4B5DB5BB3BB027E547C6621CB |
| SHA1: | 2CC38A4C261AEAE6FEBEAACF2EFDA2282BEB8049 |
| SHA-256: | 92DC5EFCE18BE754D350F61A1D9276D4CE3365CCB36E1F226B3A02DCFCEA2FC4 |
| SHA-512: | 7424D41A21581DBEF6EA1D7402A970ED8BF703BF2B24B95522F74892ED4E093D18A72F3E5589A3A4C376DE859B645F051C2CB0B07CABF9A9F2DAEF20E3F598D0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 508 |
| Entropy (8bit): | 5.05846579623879 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZDsBdOg2Hacaq3QYiubxnP7E4T3OF+:Y2sRdsvdMHV3QYhbxP7nbI+ |
| MD5: | FA999EB4B5DB5BB3BB027E547C6621CB |
| SHA1: | 2CC38A4C261AEAE6FEBEAACF2EFDA2282BEB8049 |
| SHA-256: | 92DC5EFCE18BE754D350F61A1D9276D4CE3365CCB36E1F226B3A02DCFCEA2FC4 |
| SHA-512: | 7424D41A21581DBEF6EA1D7402A970ED8BF703BF2B24B95522F74892ED4E093D18A72F3E5589A3A4C376DE859B645F051C2CB0B07CABF9A9F2DAEF20E3F598D0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4509 |
| Entropy (8bit): | 5.238297776477234 |
| Encrypted: | false |
| SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUgADYa/qDYDUa81:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLP |
| MD5: | E08ECDAFFC3B2A0CA8506A5DABAA9B0F |
| SHA1: | DB1C0F1DCCD47BE7A885FB7E3E584009CC59252B |
| SHA-256: | D1D9FEC37C2C263CC72F989B465C7EAC8AD8481A94CDB8489935C339AFFB9CE4 |
| SHA-512: | A879A4C420DCF3A46CBCDCACF230547D337156B33109CCD0A7C078B9A92F63249D3817140B0FC182F7C62327D0648CDFDC89A47AD7CDFF1EC55D550AD10C9B88 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.168032261796825 |
| Encrypted: | false |
| SSDEEP: | 6:PB3Vq2P92nKuAl9OmbzNMxIFUt8i2gZmw+i+IkwO92nKuAl9OmbzNMFLJ:PLv4HAa8jFUt8ir/+ip5LHAa84J |
| MD5: | 64FA449FA964C298719B49675051BE25 |
| SHA1: | 89F79EEEBF48CF8E49A8C97A0000BC777DBCFB94 |
| SHA-256: | A5B80A9782574C8A2CDC1F01743791E61E761576A252D9FE6B6109A24C1EEA03 |
| SHA-512: | C14211AFF3B42D44791D7D961769289345CB876AB298F0F51E0F8326A6FE107D2E5FDA3D81F5FDED92C1897CABB9E69063E43C32699499A8FB62BF08A2AC751A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.168032261796825 |
| Encrypted: | false |
| SSDEEP: | 6:PB3Vq2P92nKuAl9OmbzNMxIFUt8i2gZmw+i+IkwO92nKuAl9OmbzNMFLJ:PLv4HAa8jFUt8ir/+ip5LHAa84J |
| MD5: | 64FA449FA964C298719B49675051BE25 |
| SHA1: | 89F79EEEBF48CF8E49A8C97A0000BC777DBCFB94 |
| SHA-256: | A5B80A9782574C8A2CDC1F01743791E61E761576A252D9FE6B6109A24C1EEA03 |
| SHA-512: | C14211AFF3B42D44791D7D961769289345CB876AB298F0F51E0F8326A6FE107D2E5FDA3D81F5FDED92C1897CABB9E69063E43C32699499A8FB62BF08A2AC751A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240418201429Z-151.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 2.424797537184996 |
| Encrypted: | false |
| SSDEEP: | 384:ZFYUHHXIVsVUIjcOxMSZbJypPwroW/dzi1+1F2jtv:4PVsFcOWSZmP9W/41+1F2xv |
| MD5: | 501B797643BCEF1FE4B3818D40BA19D6 |
| SHA1: | 247486FFED0052FEC231CFC97A0C36E005DA161E |
| SHA-256: | B37CA6DDCE2AA2C157CF81CDEF186491B2387874AD793092641D8683FFA67756 |
| SHA-512: | FDA550ECFC4D0C5439ABB1D74C55463213F83A6F9B9F271B0F03FC726A8F5CED3A49575C732DD79D9D626727989F05C7AF0A56AD6B73CDBA10025A016B5C8BF0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 227002 |
| Entropy (8bit): | 3.392780893644728 |
| Encrypted: | false |
| SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
| MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
| SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
| SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
| SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.345110213401999 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXocGRIjtqn+FIbRI6XVW7+0YDcYxoAvJM3g98kUwPeUkwRe9:YvXKXohIRXYpW7pGMbLUkee9 |
| MD5: | 85005BA153EBAACD944AADF23D627345 |
| SHA1: | DED3C25971149B85DDAE056C924AEEB8D0B97964 |
| SHA-256: | C399301675CCE71BE38B34180157DF4A64D493241C1C7C7E2ED9FAAC8F39093E |
| SHA-512: | AA04F90D50C08F837BBDBF50848C46428046DA3902A9C69146DD0AA3C75CCD265A2B74D31B80F3BB51953D76AF6B86BE7417596F4785E53ED6250E0401119798 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.282173504304654 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXocGRIjtqn+FIbRI6XVW7+0YDcYxoAvJfBoTfXpnrPeUkwRe9:YvXKXohIRXYpW7pGWTfXcUkee9 |
| MD5: | 8BE62C337BE6E66DA6C347A117AF34CA |
| SHA1: | C5849592D5B0D9A3B63D6DE2B524B3D7202F2644 |
| SHA-256: | 932DF26DB2C6327C955416A573B5B4ECD4EEB923255ED556778D730A5E819D93 |
| SHA-512: | 12AC3E4F8501954C507F9F0DE51A0523D856310C6958BB8D485B3F4D9D63C51FCE1D32EDBFC3C920765FB5E8A083672A320E836BE2C0A9DBE67821459110CC83 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.260312419049922 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXocGRIjtqn+FIbRI6XVW7+0YDcYxoAvJfBD2G6UpnrPeUkwRe9:YvXKXohIRXYpW7pGR22cUkee9 |
| MD5: | 79979130E16ADD8FDE699BBC9F67A69D |
| SHA1: | 1D2AE38F7763FB0F8B41FE3925D73DF2DD1E4845 |
| SHA-256: | 15D5A221038183BC773167489B4E62661E1470EE889B9205D4577C23DD42C552 |
| SHA-512: | DA2FE479D1C92981AD9AE598B9313D71A924AAEB245BD680E3F4C588FC2592925F7EEBA7842CBB40E6DA3B564686D31FD1E71F47B36A511CC3EFA2B62CCD082F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.3233626288483835 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXocGRIjtqn+FIbRI6XVW7+0YDcYxoAvJfPmwrPeUkwRe9:YvXKXohIRXYpW7pGH56Ukee9 |
| MD5: | 9289F659EB1688E379EDE6BC403B9B3B |
| SHA1: | 7FF265D53266A98494B551972DC3A61EC41D91EE |
| SHA-256: | B58B4133576C75D30129C660ED745D2876FAA4395A45ABEC036DE1C45405EF69 |
| SHA-512: | 795DB1C065BCFDCA105160EA6507AF4CB079AFC6D7B852866CE6135FA9003C7EBD1D259D81229EC09315E761C338AA900AAC86A356772E7F3D6DFAE062DF9FB1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.28202143959742 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXocGRIjtqn+FIbRI6XVW7+0YDcYxoAvJfJWCtMdPeUkwRe9:YvXKXohIRXYpW7pGBS8Ukee9 |
| MD5: | 2ADE57D8531C73DBF12EE67B14AC3487 |
| SHA1: | 6E35BA7B7E504AB588D416C0E0CF962CE3C213C8 |
| SHA-256: | E34FE5ACAB9B374FF07E8AD33718F90151BD036F818B0C316B01C30DB022BDBF |
| SHA-512: | 178509EC73E02AE3BCB49B02FA706EBDF2AEBB340873C87CFB89FC9322DF8927E5427CAA7AFE7DE04850AFA4B56CAAB169DEA234F97CCC1D3914AF0FB62F1810 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.267486658756368 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXocGRIjtqn+FIbRI6XVW7+0YDcYxoAvJf8dPeUkwRe9:YvXKXohIRXYpW7pGU8Ukee9 |
| MD5: | 166E99FB7F466DE58F971CE64CD016D1 |
| SHA1: | 00BCE6A7123373ECAC46A698399B46644AE47DB9 |
| SHA-256: | 9147A56098CB87841A5D69A478BB718E866FC6CBC86F27BB3A39EE99D0291553 |
| SHA-512: | 05C955C38F3D6DF58F3B09DE7D1515EF913FD762B4CF2A837237D55A8376D61DF4DD72DDB37B8EC4134C55D822EAF744354329C300C9B2E78831F6070480788B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.268155475118796 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXocGRIjtqn+FIbRI6XVW7+0YDcYxoAvJfQ1rPeUkwRe9:YvXKXohIRXYpW7pGY16Ukee9 |
| MD5: | E34F4F0E1C87ADD7069DB02CD1392380 |
| SHA1: | 4AB06A5223B1EB7776A301E49A4CEB097A8C5AF0 |
| SHA-256: | FB1AB5CFC9F72F356E3DF90A8193D28407F16D26E928863B7ABBC131FDF15E90 |
| SHA-512: | 8C525CEC0EBA22C71D152531B6EE5134F648010C7AC87D717F193965916EAF40B5D9944F7A998A37BC197CC2C31AD9F41A091A8826E934CD7E5F4BE6FA04C9DB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.287622266135661 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXocGRIjtqn+FIbRI6XVW7+0YDcYxoAvJfFldPeUkwRe9:YvXKXohIRXYpW7pGz8Ukee9 |
| MD5: | 72C959EB80822EABC43D0E8CC9FF9DD9 |
| SHA1: | 8FF020B61D2AAC885BFE011A34E5789F297C939E |
| SHA-256: | C4C6BC7A5FAAC6D12294C9CCAD144BFD91CA95FF0BAD5865A9DDEBA917BA6951 |
| SHA-512: | 39F03A47B14196243B369E31A115577895E74D95E1365EE1069A8440C597AB228D1873FC04C813B7DBBE4FCAF0052834D7019CC915295FA082A56D306F02915D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1372 |
| Entropy (8bit): | 5.736608123558186 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XBRUiVKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNt:Yv8rVEgigrNt0wSJn+ns8cvFJb |
| MD5: | 10FB6EE23C67B051ABAC5717ADAC1CD0 |
| SHA1: | F4F9388519B595E4A322DFA1CE29E4BEAA168488 |
| SHA-256: | 55BC0EC0EA51601CB8D5B783B871883C18A89AD950E013AE73111DF2F3091BDB |
| SHA-512: | F382ABBF349048B1D8925B971EF6D568538D77E473C65E63C7A293BD9D4CC8FEEDBFF0D923FBF195875D4913BC710CCB40EB62F485C62BB3ADD1C286E14734E1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.275913279623479 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXocGRIjtqn+FIbRI6XVW7+0YDcYxoAvJfYdPeUkwRe9:YvXKXohIRXYpW7pGg8Ukee9 |
| MD5: | E052EFB0E7357CBDABF11AA60DC44AA6 |
| SHA1: | E856D922EECB79F59F0AAFF93D83FA70B6B4163F |
| SHA-256: | 85EA012EDFA0FF58C0187FB756BD0435B9AF4FD4398FB8F4DB193C79AB7EBD6F |
| SHA-512: | C1C3D23529AFE5B865CD08672A47A803D11306ED32109AD56C9472A7DA3874C3E701DB5E0F12C0F1F94128F8E827B6930EAF19AA4D0B541494F7FE2B73E4368D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.772735806103606 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XBRUiIrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNq:Yv8rIHgDv3W2aYQfgB5OUupHrQ9FJY |
| MD5: | 4E9E77717F65A7FC310D4CA457641D36 |
| SHA1: | B015D49F3AC747AD2C878A99278FBCB4E0116F29 |
| SHA-256: | 7551CA6B2F8E69DEFD3C18FDFAEA96F503BC54CE8E396C150690D5AE518EE49E |
| SHA-512: | 125BB109172B8748118572E40CF2243F982C263EB19BE285F8BB33BB7A2886F4B4E67C63257A7DC0E1E38AD29AD98B8168D1B4B2141A264E9736DFC56044EFE9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.2596259217672845 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXocGRIjtqn+FIbRI6XVW7+0YDcYxoAvJfbPtdPeUkwRe9:YvXKXohIRXYpW7pGDV8Ukee9 |
| MD5: | 3FF6CD3B5FA0B225D9182F8F3095DA0E |
| SHA1: | 381359AB66BD4E3E3872209A5A2E862C790F849D |
| SHA-256: | E8FCDF9EE0E916E9472A8F35AA1DB8FEBE3395F2F3DC6937BC2C0ACF9994B216 |
| SHA-512: | F10BC08AD8975C6B67DF3E2D04840A93661AFB13FC26C2A3965CCF70CDAE24975B89A251C9F4EE54733A1DE6ABCCB586079F4F77EA3032BF5AE30EEA6662F1E7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.260315994780394 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXocGRIjtqn+FIbRI6XVW7+0YDcYxoAvJf21rPeUkwRe9:YvXKXohIRXYpW7pG+16Ukee9 |
| MD5: | 56F0B1129FCEDF8AC2EFE13449137748 |
| SHA1: | ED9942235A88A8E9D6068FBB872FB781E4FFD7C0 |
| SHA-256: | 19200F2043A5DB853445AB9E75BED5D728496D8BEA89600C67CC9D5D1C53C956 |
| SHA-512: | FA07968EEBEE6180A9B349C36182749400264B51AFAB66B0280B33FB2A72CDF4F1A3259EE0A80349DA71F891AE2F8844F75155E6B34C632AD90B10B1D3285126 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.282748408381627 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXocGRIjtqn+FIbRI6XVW7+0YDcYxoAvJfbpatdPeUkwRe9:YvXKXohIRXYpW7pGVat8Ukee9 |
| MD5: | 2B56F14367AA4AF3539E0ACF5C266BA0 |
| SHA1: | 7DA6B30B745AE3D4DC509F2FAE70377688C84CF5 |
| SHA-256: | D4A2140A9F5095E9D16D4E8845CB037B98938540E97799344AA70F2FB07B0817 |
| SHA-512: | 2C237F59C959E8657C76AA96CE04EE6738210BBC19D7B751E25F85BB84A427543521C9C23319D907A09CE742AFB7B2F974B2F86F7298D413F29CE37FAD5DF3D4 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.234651490218141 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXocGRIjtqn+FIbRI6XVW7+0YDcYxoAvJfshHHrPeUkwRe9:YvXKXohIRXYpW7pGUUUkee9 |
| MD5: | 3FCBA4E20A63290FA01534A003768AAF |
| SHA1: | F19B582B68E67771112EBD03277A451F22890313 |
| SHA-256: | 3F5D72725DB6BCF17D0922209AD54C8B91D3F62C9D5B22D152D86A14C48EE40F |
| SHA-512: | 068F23281D995D97661D33C552CF8E33091CE7D22058D747033EE310FD5295EEF5ECE6665F78BB7CA64E928763B25F5C374627765B36D50035977F226397ED85 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.3629584243559485 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXohIRXYpW7pGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWZ:Yv6XBRUiF168CgEXX5kcIfANhM |
| MD5: | EE77638007A907960E044690F1CFB167 |
| SHA1: | F30BD711EB879F48BAA4998B790F3D77B2D72431 |
| SHA-256: | B37A974F4D158B41A4E2757C17E3497FC1E6932E6F94B79F7D1666C18582F474 |
| SHA-512: | 1478031CAF75DAD109CC04F4FC40F086DC5395D3E958704023211FDFDF80D9F4AD2DA0560F2979D55423CC052D44C10A49074CA7594512BC9101D25220B68FD7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.1427667838274855 |
| Encrypted: | false |
| SSDEEP: | 24:Yb8SFckr5RCgkPSrOUVWjsJUqi2BxFGaXsayF/DRFFGKPjSj0S0f4LW/ZC2kx2L3:Yb81knDkKrOEWIjtB9OkjNjseerV9j |
| MD5: | B9769980C84F04005CA491466AFD0111 |
| SHA1: | 68FADA1CFF5CA83431B779B6A8AC97F532D57CB2 |
| SHA-256: | 7C552D69EEDED570399DE60DD654237896CE789C7D4E1F620B43F761D415D85E |
| SHA-512: | 21B8FE4014BE6BF5D8D3F6D5F5F13430963E48177DD2BD72D15F985ED180D1BCF9AD80F58F214A0939BD6C65232773FE234ECDB20B3F6E98CEB28D5F607D6E65 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.9846964628907628 |
| Encrypted: | false |
| SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spegx4zJwtNBwtNbRZ6bRZ4ngxF:TVl2GL7ms6ggOVpehzutYtp6Pwu |
| MD5: | 5D1C5F95E43AF80BBE16178AB59AD033 |
| SHA1: | 017C9E14FF9A7204A6C6F9691AFC2192DF0D52E5 |
| SHA-256: | C799CA55D1048AFB98AB08766FD615FC6754FE0EC67D234AA8573F0CC25AE6A6 |
| SHA-512: | F1CF7E5E52ACEC1F7ED100AC7A37CDD8819DFF86A28E4DED6072C59518959B2DA55DE5E609CCF0D8FFA1A5F45BE25BBF53BF689853CC96231196F4A2BE6956C0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.3393315700343664 |
| Encrypted: | false |
| SSDEEP: | 24:7+tMAD1RZKHs/Ds/SpegxPzJwtNBwtNbRZ6bRZWf1RZK2qLBx/XYKQvGJF7ursq5:7MMGgOVpe6zutYtp6PMvqll2GL7msq5 |
| MD5: | 4ADD87F3DC4B18E92E9BE807DD0E0407 |
| SHA1: | E6FD2965723D73BA24DB8BA81885841AF2FD3E18 |
| SHA-256: | 8D23B9F6D3B3EEFF5781271ABE1510B2C59B6552AC3B27896ED25880CD6E1F03 |
| SHA-512: | 3B73F233BF9523DE69BC9EB1FB3F06453AE23879EDA62FFBA713B7FB4FA6B9130C9EA7B5887628E2AB837BCFF6C7943A003D43842BAA45245C163EAF6E95FAC0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5085442896850614 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKkIlOflH:Qw946cPbiOxDlbYnuRKSROflH |
| MD5: | EF34433DF67B6371DDD8FA05C6A7297F |
| SHA1: | 1062B8F92A45739409E2BEB08C4F1D0413788F93 |
| SHA-256: | 5DAE2D5207278517B5B863595B4A80E9A44500951DC36ACA1B88205952C21041 |
| SHA-512: | 164BFAB3C14DBC4D2BB70A37984B4D4C6429FDC510A7B9E4507320B94F89E300C1E5E009E3268496D6C57B1CDB4914C0031EDADE4806AE3E9F76A658F5637AF6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-18 22-14-27-097.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.376360055978702 |
| Encrypted: | false |
| SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
| MD5: | 1336667A75083BF81E2632FABAA88B67 |
| SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
| SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
| SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16599 |
| Entropy (8bit): | 5.374682803879802 |
| Encrypted: | false |
| SSDEEP: | 384:6sDPeHTnqb8c1TpYfab3K8PSiJm++ssxNCE2goGUUSgDTstLHCCPfuf+HMGwjIgV:6bX |
| MD5: | C08928281FB838EF826AF0D88FA9B089 |
| SHA1: | 44FD8776D244EEF72A0232C9A83CF77EB8E1BCAF |
| SHA-256: | 6EC704F0C238AE33A395F16DD7E0E56F60CB3DB00FE6839BD680A4B4E7534EC3 |
| SHA-512: | 4021F0CF39049270621CB120A830712DC81A5FDEC4694138052EDC65828C7DC38C950B673EA41229190D69A7BCC726C415D8A99FE31AA7C774C8EDCD096ACD1A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29845 |
| Entropy (8bit): | 5.393623214278859 |
| Encrypted: | false |
| SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbe:a |
| MD5: | C9438A34B9E42C8D2339B77B9F7E9D96 |
| SHA1: | E83C2DCF1FAC17DA5F0462E1AAB1B4F3400EF132 |
| SHA-256: | 541B915D63E7257EB283878FAC8A8C3C2DD08F2153B54111CBB2740D3A198DD1 |
| SHA-512: | 3F2A53486C7694368E917BCA3C83DF53CF2575AA9875E54FA9D9024B2BC00EABECCB533CCB7CFECEB9BB4B0D220A6B35093E8D7215913231E9C7B5690040F695 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru |
| MD5: | AE1E8A5D3E7B2198980A0CA16DE5F3D3 |
| SHA1: | A1DB2C58AFC81E6A114A8EB47BE0243956F79460 |
| SHA-256: | 8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F |
| SHA-512: | 5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.905380948002659 |
| TrID: |
|
| File name: | JBSA NAF LAK-21.pdf |
| File size: | 512'486 bytes |
| MD5: | 0fff65a8eaa75dec7d2e04bd3732a275 |
| SHA1: | 85b3dbf5daca61fc5a3df1f7c3c31df2410ac785 |
| SHA256: | 4ab929599125e5dba5dfcb7de8c293ae6dde138be7bfc35140845fc745d93362 |
| SHA512: | 70a34e92b06ee330ba38d00d6a89fafdb935536f6eff8a7b2d86e1353194cee67e37531edeffff8595fa3a3d00a08ee171e45bf2253b0a3bb15e680e64fbdedb |
| SSDEEP: | 6144:tP7wYiSJeGIzOfz7WLtnVARIb485ImviRgTJhQZYbzUjRWkkYx5l699qE0IKmdKo:0IXGe248/vimQKbwkQKh0cUToxwxlU1 |
| TLSH: | 8CB4A0134D185B83E42583E9BE171EAC2F097F5CE98236FF11625ECB3E656211C9E42E |
| File Content Preview: | %PDF-1.3.%............3 0 obj.<< /Filter /FlateDecode /Length 55 >>.stream.x.+T.T(T..H-JN-()M.Q(......)......4PH.U...5Tp.......a...endstream.endobj.1 0 obj.<< /Type /Page /Parent 2 0 R /Resources 4 0 R /Contents 3 0 R /MediaBox [0 0 526 680].>>.endobj.4 0 |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.3 |
| Total Entropy: | 7.905381 |
| Total Bytes: | 512486 |
| Stream Entropy: | 7.904523 |
| Stream Bytes: | 510655 |
| Entropy outside Streams: | 5.081584 |
| Bytes outside Streams: | 1831 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 13 |
| endobj | 13 |
| stream | 5 |
| endstream | 5 |
| xref | 1 |
| trailer | 1 |
| startxref | 1 |
| /Page | 2 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 5 | 63f3fb53df000000 | ca4e67b1b9b16b421e28d6df7ed5cb2d |  |
| 11 | 6d6f7c7b37056934 | e444b71ee25d2b10a32b630b6c9ba87e |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 18, 2024 22:14:38.069937944 CEST | 49715 | 443 | 192.168.2.5 | 23.46.240.131 |
| Apr 18, 2024 22:14:38.069983006 CEST | 443 | 49715 | 23.46.240.131 | 192.168.2.5 |
| Apr 18, 2024 22:14:38.070054054 CEST | 49715 | 443 | 192.168.2.5 | 23.46.240.131 |
| Apr 18, 2024 22:14:38.070266962 CEST | 49715 | 443 | 192.168.2.5 | 23.46.240.131 |
| Apr 18, 2024 22:14:38.070276976 CEST | 443 | 49715 | 23.46.240.131 | 192.168.2.5 |
| Apr 18, 2024 22:14:38.389338970 CEST | 443 | 49715 | 23.46.240.131 | 192.168.2.5 |
| Apr 18, 2024 22:14:38.389743090 CEST | 49715 | 443 | 192.168.2.5 | 23.46.240.131 |
| Apr 18, 2024 22:14:38.389765978 CEST | 443 | 49715 | 23.46.240.131 | 192.168.2.5 |
| Apr 18, 2024 22:14:38.393330097 CEST | 443 | 49715 | 23.46.240.131 | 192.168.2.5 |
| Apr 18, 2024 22:14:38.393424034 CEST | 49715 | 443 | 192.168.2.5 | 23.46.240.131 |
| Apr 18, 2024 22:14:38.395412922 CEST | 49715 | 443 | 192.168.2.5 | 23.46.240.131 |
| Apr 18, 2024 22:14:38.395586967 CEST | 443 | 49715 | 23.46.240.131 | 192.168.2.5 |
| Apr 18, 2024 22:14:38.395592928 CEST | 49715 | 443 | 192.168.2.5 | 23.46.240.131 |
| Apr 18, 2024 22:14:38.436125994 CEST | 443 | 49715 | 23.46.240.131 | 192.168.2.5 |
| Apr 18, 2024 22:14:38.446132898 CEST | 49715 | 443 | 192.168.2.5 | 23.46.240.131 |
| Apr 18, 2024 22:14:38.446166039 CEST | 443 | 49715 | 23.46.240.131 | 192.168.2.5 |
| Apr 18, 2024 22:14:38.492978096 CEST | 49715 | 443 | 192.168.2.5 | 23.46.240.131 |
| Apr 18, 2024 22:14:38.514238119 CEST | 443 | 49715 | 23.46.240.131 | 192.168.2.5 |
| Apr 18, 2024 22:14:38.514414072 CEST | 443 | 49715 | 23.46.240.131 | 192.168.2.5 |
| Apr 18, 2024 22:14:38.514895916 CEST | 49715 | 443 | 192.168.2.5 | 23.46.240.131 |
| Apr 18, 2024 22:14:38.514911890 CEST | 443 | 49715 | 23.46.240.131 | 192.168.2.5 |
| Apr 18, 2024 22:14:38.514928102 CEST | 49715 | 443 | 192.168.2.5 | 23.46.240.131 |
| Apr 18, 2024 22:14:38.514957905 CEST | 49715 | 443 | 192.168.2.5 | 23.46.240.131 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49715 | 23.46.240.131 | 443 | 6284 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-18 20:14:38 UTC | 475 | OUT | |
| 2024-04-18 20:14:38 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 22:14:23 |
| Start date: | 18/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff686a00000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 22:14:24 |
| Start date: | 18/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 22:14:24 |
| Start date: | 18/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6413e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly