Edit tour
Windows
Analysis Report
Mental Health Services Provider Cover RFP 2024013- CC Family.pdf
Overview
General Information
| Sample name: | Mental Health Services Provider Cover RFP 2024013- CC Family.pdf |
| Analysis ID: | 1428425 |
| MD5: | 1f1c94dc25e8dacecaecc125de1706ba |
| SHA1: | 64d97b4c81e249d87350ee1f4508c901422705c0 |
| SHA256: | d43ead01155de2720b57ec936661612de86794a375ec0dc379d41fb39a7f3c1f |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 7304 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\M ental Heal th Service s Provider Cover RFP 2024013- CC Family. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 7488 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7680 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 00 --field -trial-han dle=1596,i ,170973830 0652807028 2,10288752 1370204087 86,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.46.240.131 | unknown | United States | 16625 | AKAMAI-ASUS | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1428425 |
| Start date and time: | 2024-04-18 22:54:06 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 58s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 10 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Mental Health Services Provider Cover RFP 2024013- CC Family.pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@14/43@0/1 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.31.60.185, 107.22.247.231, 54.144.73.197, 18.207.85.246, 34.193.227.236, 96.7.224.9, 96.7.224.59, 162.159.61.3, 172.64.41.3, 23.209.188.149, 23.209.188.151
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Mental Health Services Provider Cover RFP 2024013- CC Family.pdf
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 23.46.240.131 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | XWorm | Browse | |||
| Get hash | malicious | PureCrypter, PureLog Stealer, RedLine | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | SugarGhost | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Jupyter | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AKAMAI-ASUS | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Dynamer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.248398902319459 |
| Encrypted: | false |
| SSDEEP: | 6:P1QL+q2Pwkn2nKuAl9OmbnIFUt8iLO3G1Zmw+iLO3QLVkwOwkn2nKuAl9OmbjLJ:PayvYfHAahFUt8iLOQ/+iLOgR5JfHAae |
| MD5: | 6059B0E5C6E96F8C0CC6F5469E2A6BF5 |
| SHA1: | 7D8687C0DC2B018F7A71BF1E89751B29605A0A12 |
| SHA-256: | FFEB46BC1918C7AFE9F45227D5B86A07C8361BADB7121958DFE538A868DC0A27 |
| SHA-512: | A40750CC5753D2DD38316A399AE454343B04F1656C8411456AB299F591A2B0995919917E98AACDEA50D65439BA61E54B6FCBDA8080729823E4D35FA1D76066ED |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.248398902319459 |
| Encrypted: | false |
| SSDEEP: | 6:P1QL+q2Pwkn2nKuAl9OmbnIFUt8iLO3G1Zmw+iLO3QLVkwOwkn2nKuAl9OmbjLJ:PayvYfHAahFUt8iLOQ/+iLOgR5JfHAae |
| MD5: | 6059B0E5C6E96F8C0CC6F5469E2A6BF5 |
| SHA1: | 7D8687C0DC2B018F7A71BF1E89751B29605A0A12 |
| SHA-256: | FFEB46BC1918C7AFE9F45227D5B86A07C8361BADB7121958DFE538A868DC0A27 |
| SHA-512: | A40750CC5753D2DD38316A399AE454343B04F1656C8411456AB299F591A2B0995919917E98AACDEA50D65439BA61E54B6FCBDA8080729823E4D35FA1D76066ED |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.169481030526052 |
| Encrypted: | false |
| SSDEEP: | 6:PKL4q2Pwkn2nKuAl9Ombzo2jMGIFUt8iKcZZmw+iKczkwOwkn2nKuAl9Ombzo2jz:PKL4vYfHAa8uFUt8iKw/+iK45JfHAa8z |
| MD5: | 66ADEBF8F20F5054B0545FC777325127 |
| SHA1: | 513BD1105A7D78D04AE1465391D3BB75F99A0773 |
| SHA-256: | 71EFBD646DC34549C772C2676452197158CC8A0A1483C86CD8A51E6D29DA5A30 |
| SHA-512: | 1F101AF4B56CAAD05642CE50EFD466251804D0FBB8BB746EFF68C5012198F910E13FDB6912975EF88AAA652EB4490BAB2FC899DF45ACB206BAE4F05CC712E874 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.169481030526052 |
| Encrypted: | false |
| SSDEEP: | 6:PKL4q2Pwkn2nKuAl9Ombzo2jMGIFUt8iKcZZmw+iKczkwOwkn2nKuAl9Ombzo2jz:PKL4vYfHAa8uFUt8iKw/+iK45JfHAa8z |
| MD5: | 66ADEBF8F20F5054B0545FC777325127 |
| SHA1: | 513BD1105A7D78D04AE1465391D3BB75F99A0773 |
| SHA-256: | 71EFBD646DC34549C772C2676452197158CC8A0A1483C86CD8A51E6D29DA5A30 |
| SHA-512: | 1F101AF4B56CAAD05642CE50EFD466251804D0FBB8BB746EFF68C5012198F910E13FDB6912975EF88AAA652EB4490BAB2FC899DF45ACB206BAE4F05CC712E874 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.971873232741717 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZkusBdOg2Hicaq3QYiubInP7E4T3y:Y2sRdsFdMHt3QYhbG7nby |
| MD5: | B851B982354890E84C813A2437D7747E |
| SHA1: | 52D94BEC30C0E14B62C61DA00AF82D51E1C5B0BE |
| SHA-256: | AC6A342978590EA49703DA2EF61885C0EFBF2FAD505EE4C1FBE2F1E7B2FABFC8 |
| SHA-512: | D8C67CE31CC28F1552F7F386B3E89538A3651F1E0AA6C1381BC2CFEEFB765E573F4D3CE91B2363E437754527DA0683CC73F1234DEB243AB341846F15BC3D6389 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\be32c16e-fe30-4718-a094-0fecee59a6d5.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.971873232741717 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZkusBdOg2Hicaq3QYiubInP7E4T3y:Y2sRdsFdMHt3QYhbG7nby |
| MD5: | B851B982354890E84C813A2437D7747E |
| SHA1: | 52D94BEC30C0E14B62C61DA00AF82D51E1C5B0BE |
| SHA-256: | AC6A342978590EA49703DA2EF61885C0EFBF2FAD505EE4C1FBE2F1E7B2FABFC8 |
| SHA-512: | D8C67CE31CC28F1552F7F386B3E89538A3651F1E0AA6C1381BC2CFEEFB765E573F4D3CE91B2363E437754527DA0683CC73F1234DEB243AB341846F15BC3D6389 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4730 |
| Entropy (8bit): | 5.250348356524762 |
| Encrypted: | false |
| SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo74Uz4GIzZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go+ |
| MD5: | 09228C1371C72DF230C92891B6488DF0 |
| SHA1: | 75AAEAB3AFB913774FF4D3429D59D343D5A87787 |
| SHA-256: | 874BF4A015504C0AF8E04D716D06C8BE357B33666FC4AA432969FC6A4C79D253 |
| SHA-512: | DA7CDF759A5926C8D637CF1285A87D31A82C3DD303337489E205F14A87128D1A821AA7DA24C82D8D4F7BCBB5E0EAB42E946A6B06FEB46777F2159D0A9E865675 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.211638707462796 |
| Encrypted: | false |
| SSDEEP: | 6:P7bAq2Pwkn2nKuAl9OmbzNMxIFUt8i7hrZmw+i7WDkwOwkn2nKuAl9OmbzNMFLJ:P7bAvYfHAa8jFUt8i7t/+i7q5JfHAa8E |
| MD5: | 07F865BBAB87A7327A7B3940EF5244AE |
| SHA1: | 067119B00A48A0B56DBB3AC71B440742CDB7F8A5 |
| SHA-256: | 9B319DA484A570F08EDF018B0B9AFE55ED06C9571A11CB9CB7E9F21D0AACF46E |
| SHA-512: | 04A4BA9A68C9C48E6D3B012E7932EA692065EF329D0F82B4B2F660B81555E5C981DC642B10CA597FFE6089496ED96341AE10C97D8263E66950E5B45E141E6586 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.211638707462796 |
| Encrypted: | false |
| SSDEEP: | 6:P7bAq2Pwkn2nKuAl9OmbzNMxIFUt8i7hrZmw+i7WDkwOwkn2nKuAl9OmbzNMFLJ:P7bAvYfHAa8jFUt8i7t/+i7q5JfHAa8E |
| MD5: | 07F865BBAB87A7327A7B3940EF5244AE |
| SHA1: | 067119B00A48A0B56DBB3AC71B440742CDB7F8A5 |
| SHA-256: | 9B319DA484A570F08EDF018B0B9AFE55ED06C9571A11CB9CB7E9F21D0AACF46E |
| SHA-512: | 04A4BA9A68C9C48E6D3B012E7932EA692065EF329D0F82B4B2F660B81555E5C981DC642B10CA597FFE6089496ED96341AE10C97D8263E66950E5B45E141E6586 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240418205500Z-153.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 1.982378618783049 |
| Encrypted: | false |
| SSDEEP: | 192:RF1ASHsomWAKKQXcYjhKgeMODcjRRZD0BrKL9:RFxMqxdJRRZD0BrW9 |
| MD5: | AA5D29D4DAC0DAEF0B6232C51F21E111 |
| SHA1: | C0777BCFE3E2845573FAA1033959AA0C77931960 |
| SHA-256: | C465865F3CD1AF91B656B2EFF69852A2BB4480FBF59FC74B1EB8501D61CBEFBC |
| SHA-512: | FA5293A09A4AE7E579C2232F53777D7663B6699A1076D6BCDF280063ADAC359A42E252B040A4494626D33EA549560830852DA7006CCF645EFFA6C1122F53EDD3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.445191040298815 |
| Encrypted: | false |
| SSDEEP: | 384:yezci5tciBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:r7s3OazzU89UTTgUL |
| MD5: | F3FC615D3141AF9B514306DA69F9C0C8 |
| SHA1: | BF7C4ABDF8B48974BE3B187198DAFDA9974413CD |
| SHA-256: | 475F76B6E48584B1545970D9F77BE41FB7469D295E0FB6DD22D4C323DCC1F94E |
| SHA-512: | 0FED1A4B01CA1984795C34A9581A2A01138CAF275B82B864BC488D3C0FFAC7C2EA9A70755C56DF0F9192122B57224DB7FD257919191C4808EEF1163E0D509889 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.7754524609555022 |
| Encrypted: | false |
| SSDEEP: | 48:7M7p/E2ioyVwioy9oWoy1Cwoy1oKOioy1noy1AYoy1Wioy1hioybioyCoy1noy1T:7opjuwFLXKQbtb9IVXEBodRBkZ |
| MD5: | 8E9EAADDB8BF0B1F71A3B7CA3DCA2B03 |
| SHA1: | 09A5B99954EB497D0BC398C5B514C4657BA55853 |
| SHA-256: | 8C069D901F20A246D48EAE3D46DD943367517C004B91648CFC25A0973E9EE667 |
| SHA-512: | A6294E54598F93A58C94BF81629327D527D4EEBB60804CD73BB8DDBEA40A74743A954F95EF973590480078A6AA8BEAB945EF839EE00B4607D8F6C454FAC1BD77 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 243196 |
| Entropy (8bit): | 3.3450692389394283 |
| Encrypted: | false |
| SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
| MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
| SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
| SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
| SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.362268201625423 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXSdjyeTc9VoZcg1vRcR0YlXXYREeoAvJM3g98kUwPeUkwRe9:YvXKXSdjyeTcEZc0vgHYiVGMbLUkee9 |
| MD5: | 0D8467F66855E11A75E250467067C7E0 |
| SHA1: | 3DC41EDD6A014134DCEB268A7A10BD9B6B00A00D |
| SHA-256: | 4C6951DEC14BF204624214DC6BCA91F58CBBDCEEE94399FF1851BE32EF4E9D5B |
| SHA-512: | F7EF9BA0BDD9755779E5A2F255950B50F227390C6EC52057F153E84E65AE163404858CEF95810A14D6153005BE246588DA972D61148CE779F33CBF15F9ACDE35 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.309219938998778 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXSdjyeTc9VoZcg1vRcR0YlXXYREeoAvJfBoTfXpnrPeUkwRe9:YvXKXSdjyeTcEZc0vgHYiVGWTfXcUke6 |
| MD5: | E908E9905EA46E7602E5FAC4D440A32E |
| SHA1: | 96D5CD56F492C90A8F4D3E976B0EE8ACBB1345F3 |
| SHA-256: | F4A18565DAC49140C7BE4A303B499780D531B931B510E159DD396CB8E64F6CDA |
| SHA-512: | 23D2017AA3ED8D03E8F81FF7B5C9E2845050659AAE6B98099A2B8F73F2E8F7E6D46CE34C8D5FD8CB17226E34AE16A3B4930988E673215525E8ABA36DD1FE1329 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.287253767890197 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXSdjyeTc9VoZcg1vRcR0YlXXYREeoAvJfBD2G6UpnrPeUkwRe9:YvXKXSdjyeTcEZc0vgHYiVGR22cUkee9 |
| MD5: | E9369BB1E78154CDCAC6D80872D576B8 |
| SHA1: | CCA94F154FF49D64E580C35D77149353B8A217DB |
| SHA-256: | 85990CD4361B91EFFD3DC2924C4889083458D35BA9717CC4ED5241297245FDDB |
| SHA-512: | 53ED0C748AA7D5709A9DFE0DB66F006E7449679A3A17526B959DA016BD684008501E4924F68C34CC67D698187120C9BCC54A9A4200CE9DDCD6C503333E0FC45E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.349240280287538 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXSdjyeTc9VoZcg1vRcR0YlXXYREeoAvJfPmwrPeUkwRe9:YvXKXSdjyeTcEZc0vgHYiVGH56Ukee9 |
| MD5: | 141E298960A0AE56AD04535167D10D3C |
| SHA1: | C37AF89AC758EBCB8BEBAD8F3C456F7632AA04FE |
| SHA-256: | 68DFE8518BD8D5A6D10E8E951CDB159B234F5C4626C6952EE4D245DB00C5C35B |
| SHA-512: | 33BEB866796472993CA117BCC9EDF32D5E1E85DEA1100124316B38EEFC7EFA5F3BD923D9B5823AF27EEB5B0DB43C9D25479E804FB6310284F2E601FF2E440AED |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.30574868660381 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXSdjyeTc9VoZcg1vRcR0YlXXYREeoAvJfJWCtMdPeUkwRe9:YvXKXSdjyeTcEZc0vgHYiVGBS8Ukee9 |
| MD5: | 904C3B1C319D7850960372D989026DDB |
| SHA1: | 6160C732F5115CC1920E2D6D0610387D61CE71E9 |
| SHA-256: | FCF5F02B8FA251F85C8E3F438189EBC4DE5F3FA646234B7E88CF8D98251FCD05 |
| SHA-512: | F5B711ABC491E008256E9E01FEBF88AA81E823D92626D052D330838565D5B27B9911E2FC4E247A45B0DE090EE642F793079244F659351FF8D8C1DB9EE2BEBB59 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.291997524715456 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXSdjyeTc9VoZcg1vRcR0YlXXYREeoAvJf8dPeUkwRe9:YvXKXSdjyeTcEZc0vgHYiVGU8Ukee9 |
| MD5: | 094D44FEB29704E4B7980C852602DBCB |
| SHA1: | E76BAB5B7366BB14B8E669235DD2A7B0FD43F573 |
| SHA-256: | 8A92B7BEE4B9F21C5AFB94ED28E37877DB12F57C1E49331F64D04F5902985A76 |
| SHA-512: | B1EFA50C8531F76D91DE2837603192FA97A2DB04A7F02B08145D71468DD50A9BE21386F53A08524C018EC2D6C5ADAD4B329AF41DD5A3709F0DAA1F001620FEFC |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.295396753441535 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXSdjyeTc9VoZcg1vRcR0YlXXYREeoAvJfQ1rPeUkwRe9:YvXKXSdjyeTcEZc0vgHYiVGY16Ukee9 |
| MD5: | 39C2BE42B027809141AC41E174CA4BD9 |
| SHA1: | E2C1F83937D4AB1C0172013BAC83E6F96681A392 |
| SHA-256: | 97C2357598DF094F9DE459D7ECE78E46C7211C4615ECA12AADF33A096DA6AF70 |
| SHA-512: | BC2A729904C4C6702AB30AA3648DF44318513F4190A8568FC17955C6D09B5E2343FE28D6FBB9BB6EA01B1D96D4372D0D11FAC675F182D5A3CADF43B83925A84B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.300620049794794 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXSdjyeTc9VoZcg1vRcR0YlXXYREeoAvJfFldPeUkwRe9:YvXKXSdjyeTcEZc0vgHYiVGz8Ukee9 |
| MD5: | DA733C745A213F56CD1E166C30F79AC4 |
| SHA1: | FAA0A8B2878CD26DB23A3EB6A2E2A1D0C3AC9262 |
| SHA-256: | 02C80E7F0EEAEA03705D1909CF19DE8D0C0179CC23D22D86997C7449CF314F8C |
| SHA-512: | C712E3413A6D45714F5E488E2A78B2BFE3BFAE13CAAAFC2832AD70AB051E450F8CC4E46FAAFD686CAFFAC9DFA82AD2DA091E1B51CB7D00EF4C2B6B32F37DE941 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1372 |
| Entropy (8bit): | 5.736573911797398 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XSdPLzvgHYiBKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNd:YvXF3oH/EgigrNt0wSJn+ns8cvFJ/ |
| MD5: | 832044FBE504779C425C96BAEE4569E6 |
| SHA1: | 15B783FCBD67C0A6589A2E388AF46EAAA5375E54 |
| SHA-256: | ECE4F20C9A57821F32C656B044DC3D0D4DF1C703EF7DD38058344983767BDCB6 |
| SHA-512: | C9AF006DE7359EB03DBEF757014512EE08D1FACFAB38B12A7207BF44C055BB280E49F3E85A053A204612441A695374FB9B99D364296007CBEC566DC47FD2BD6A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.2988816604899585 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXSdjyeTc9VoZcg1vRcR0YlXXYREeoAvJfYdPeUkwRe9:YvXKXSdjyeTcEZc0vgHYiVGg8Ukee9 |
| MD5: | E872ABD42BF3624EDDEB49C673813516 |
| SHA1: | DFE1951DAC17F9DFD0555783C18DC2450068F0C6 |
| SHA-256: | B6EC1A2529399967FA7049D5443A991F2575004688E251C7DAF5289E381E8064 |
| SHA-512: | 46602B32ECBEAD95FC98F8D33CC6C70EAC7581552A2C9F5FA4660893D0A52C3656D5D545FAC123176E361B11550FD3B15021ED025704D10B02078AF298EA880F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.775298066534486 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XSdPLzvgHYiMrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNF:YvXF3oHCHgDv3W2aYQfgB5OUupHrQ9Fd |
| MD5: | 65D60E51A29350E9C41A6420A21450B5 |
| SHA1: | DB6622A2532072D3314968E3000881BAF733053E |
| SHA-256: | F349D382D6F69A6EE623A3FD528759CE04CE92DF1655CD44650130E6313FE691 |
| SHA-512: | B28C2FAA60E0326D114F4CD826E8EEDA07CBA24E4D57A8541EA248CA328312A3CCD9E0047F68E67D22180A2DBD6A31E02C6693E774BEAE98A3ECE6B582E42FA7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.282436444346022 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXSdjyeTc9VoZcg1vRcR0YlXXYREeoAvJfbPtdPeUkwRe9:YvXKXSdjyeTcEZc0vgHYiVGDV8Ukee9 |
| MD5: | FA95A6495080758C80055862461B2112 |
| SHA1: | A5091ADE64107F5DCA4F156CC045CA5EC4216182 |
| SHA-256: | 18C39AC0F0E4A1161737FA5078CD521C5E257FD2F788F2C45C72AF130EFD29FE |
| SHA-512: | 187846D38F9673C0AA0102573C81CBF2FCED1774374CFD614B49B7EE9D43F13F52413275A5338C2388CB0CE58C83F471585DCC38A1AAE5B37D26EBD35FF1A53B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.286758036882264 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXSdjyeTc9VoZcg1vRcR0YlXXYREeoAvJf21rPeUkwRe9:YvXKXSdjyeTcEZc0vgHYiVG+16Ukee9 |
| MD5: | 894E84009DF87FC402E94359D7A4E333 |
| SHA1: | F3E5C835A710804FA13F0A0BA653894489183A1E |
| SHA-256: | 48A408BD1B3C6F21B36906FA921BA76D4E50AE0CFB1B14A78DBA58F8FFBFFFCD |
| SHA-512: | B4C551DB49DC2588B00EE8797D165AF8DB7463205FB11BEEDDCF28CCAB7A0E774A1C3FCD737F9274A12057550DF180CCFA4C873185F27280C325EFBA2FC61BAC |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.30599426677323 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXSdjyeTc9VoZcg1vRcR0YlXXYREeoAvJfbpatdPeUkwRe9:YvXKXSdjyeTcEZc0vgHYiVGVat8Ukee9 |
| MD5: | 3148755843FA35B0F1BDFF6983174AD3 |
| SHA1: | 968923D3EACA7F451A6F647A809114A192F2FA5C |
| SHA-256: | B2AC820264D2A191EE639B07E9FBA0CCAB7EF7606AEA60350E1B5434830A76D9 |
| SHA-512: | 5AFB8AAE0E030D67866A3E32428811A2A618F21303517E88CDD87BA9741DCBFC8CE38D518866D7DAD67131FC417B1519FAAC5C0E8D16298C75C16B06C422EAC3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.261422448285901 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXSdjyeTc9VoZcg1vRcR0YlXXYREeoAvJfshHHrPeUkwRe9:YvXKXSdjyeTcEZc0vgHYiVGUUUkee9 |
| MD5: | 94852897EFC112FA0852A8EDB6CA6C54 |
| SHA1: | 145299DEE6E756FEA595FFD5F368D9B4029A80C5 |
| SHA-256: | 55FDA0AA99F4897652F316AE41E5B0D2158F11A7A478DEE3B706FFEC69C1C1DA |
| SHA-512: | 006D1D9E567F7EB069B1FF406E6AA68BB34D2B1AAB1224886782C293C39F96BE53B8A20008C103E60A17B242B72AE736D1FEB94AC16FACF467C2C6874D24A956 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.3655090644200705 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXSdjyeTcEZc0vgHYiVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uC:Yv6XSdPLzvgHYix168CgEXX5kcIfANho |
| MD5: | B5AAABA77E9902C84A146A812E5CAB1E |
| SHA1: | 0AABF798778AFD44B08F00BCC5724F2FD4501FBC |
| SHA-256: | C2AC04067E093EBCF9E71CD66FA9F288DEA47591AB8F1F1F6FDDFEE399299A4B |
| SHA-512: | B78A32A73A70572A81E7B0FAC2C79FE5D887490C46DAF7DBA429321654EB182638836CEB7BC936552BF3A71C8553C8327F64618ACDDA8EEEDCB93AD8252502DF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.128859755612693 |
| Encrypted: | false |
| SSDEEP: | 24:YMJYFylIkOkM1MCoRcNquLRHPynaBV03ayya2G7RyoDcjKldsj0StS0Wu/2a/2LZ:YryTuUuFB6nQ2+dH/UI3DkU9PkX |
| MD5: | 7936D38D742D9A23979FDEF672F5A10E |
| SHA1: | 9EFAB642CB21CA473E5C6241A86867EE649584D0 |
| SHA-256: | CD9236BAC03FA92B3C99348A7D88E705522FAD97C4A79C27D8DFFD961CD5D25C |
| SHA-512: | BEB6FE24B323103CA1932371528F3BED1AD1E021EF560ACB908C5083D27FD0A9F4666A0FC9841204470806B15D5BCC7A05ABF030190AD5FCE8FCF7FFEC2E1BC6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.1886203613680317 |
| Encrypted: | false |
| SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUACSvR9H9vxFGiDIAEkGVvpkk:lNVmswUUUUUUUUR+FGSItV |
| MD5: | 12F7FD87739E6301B6AAF70DE847DD92 |
| SHA1: | 8AAEAE78EA21A2C3A7D457F0E7D507E917F2BC18 |
| SHA-256: | C90EE06E20221948E367ED60050D3ED868612E0FF9543AF483794908A20C0DA9 |
| SHA-512: | F972DA8F1ABB4F67BDE5431F2C56195566D22E07DE4CAF3D0F6B47C8AA5F0887BB3B967786A06B2C8E215CABF4957052F3EA74857225C0E2F98950AD37916C22 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.6089818018922701 |
| Encrypted: | false |
| SSDEEP: | 48:7MQKUUUUUUUUUUAQvR9H9vxFGiDIAEkGVvcqFl2GL7msF:7kUUUUUUUUUU9FGSItmKVmsF |
| MD5: | 9926C20FC0814D014C45C47944A6F628 |
| SHA1: | FB98AB1926FE672D67D157478A922D0927109895 |
| SHA-256: | 067EAAA8C5796869380311F87520F3378864849A33AB89D14AF802E12EFB2D15 |
| SHA-512: | 684C2746E88A55E7675FBC27385C4E76FE7363A8B3DBF01E1E5985D0DF4B0F4AC823AFFBCB4251E443C71F381ABF3EC73F6220F90E467AA6CCA27FC43DCE0325 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.529459928009153 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKkMl+iwCH:Qw946cPbiOxDlbYnuRKSdLl |
| MD5: | EF7B68E6347063A42154AE8BDE021508 |
| SHA1: | 4CD5B068C8BEC5B25BC1894C7EDBF075D47B6767 |
| SHA-256: | 9E2EE5DF6FF0301EB96898CEF52C7F9E1E95F71E9FF87D960F336D88E695EE63 |
| SHA-512: | F830D0C51F8F9C6E2D5D2BDEA3D0621DEF9E828B6490E710873A85BCFD72A0F455C18859049E75A03DFAC2917709BF13964125CF54AC012A2F6CA63C883A690E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-18 22-54-58-052.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.345946398610936 |
| Encrypted: | false |
| SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
| MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
| SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
| SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
| SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.3797365711802 |
| Encrypted: | false |
| SSDEEP: | 384:SuQT4GyF671S8KOfPbDXAs59Orh6vjKJK+CYsYGz/XGQ+BKsleY0J0ZMqgH5ksgw:S9X |
| MD5: | 2FA101928931225649F65FDF480A8B85 |
| SHA1: | BAF77B9F21EC6707DA503F8F73AECAC862CE6A5E |
| SHA-256: | DDE22B227371D283E415D7972353D36ACD8B6AEF24397809D3E33E1E98A66D21 |
| SHA-512: | 8DD0ECAD6D04C1B5CD64E83523F5B7B68B1A77717E90C10AE1EFEB88F0C46023646E9242D34710A080A6CAC539B863EF047294EDF7553ED7C370B3F2A7791393 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29845 |
| Entropy (8bit): | 5.389466278403755 |
| Encrypted: | false |
| SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rc:Q |
| MD5: | 82AE3EF18645CEB765A6ECFCE18F12B4 |
| SHA1: | 1CE31FB5BBE75E35D5B30408ED0496F167D719AE |
| SHA-256: | 289C4AFF7B252AD4ADF3E9649405EF2C4EBB3FFB1C265873DD418925F61AD646 |
| SHA-512: | 4BDD84D56FEB2B84E62D6D14E8436BCFDB82615B52BE1409DBFE358E2A6F3494015602DBC5924067E239F97C4C050103F3590CC8244A66EB4883D93CC1701BA4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
| MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
| SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
| SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
| SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.82466843578202 |
| TrID: |
|
| File name: | Mental Health Services Provider Cover RFP 2024013- CC Family.pdf |
| File size: | 118'395 bytes |
| MD5: | 1f1c94dc25e8dacecaecc125de1706ba |
| SHA1: | 64d97b4c81e249d87350ee1f4508c901422705c0 |
| SHA256: | d43ead01155de2720b57ec936661612de86794a375ec0dc379d41fb39a7f3c1f |
| SHA512: | 9ebcc6f04677783958ec267ce1d6642e99bb281d375ac90840f5d1644e76bf9a799505e19fb7625c48822ade0a84eafd8de167c283fd9b2d31226945b92f3025 |
| SSDEEP: | 1536:kbeJBshmY72iQmkIMLunODffjA7FyzVe1dTTXP7QNVeG:JBIxQmBOD0IBeP8Nj |
| TLSH: | ECC37D327D64EA52503A46045EB85E3CE4369B13B52FBF61B9DE4EBF9B20E83114B341 |
| File Content Preview: | %PDF-1.5.%......10 0 obj.<</Linearized 1/L 118395/O 12/E 113976/N 1/T 118091/H [ 495 172]>>.endobj. ..26 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<6818E8286CFF76C4B76820E717F0BC4C><EB237977CF04134FBF7AA3FB62BCF5D |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.5 |
| Total Entropy: | 7.824668 |
| Total Bytes: | 118395 |
| Stream Entropy: | 7.823834 |
| Stream Bytes: | 115806 |
| Entropy outside Streams: | 5.262125 |
| Bytes outside Streams: | 2589 |
| Number of EOF found: | 2 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 23 |
| endobj | 23 |
| stream | 20 |
| endstream | 20 |
| xref | 0 |
| trailer | 0 |
| startxref | 2 |
| /Page | 1 |
| /Encrypt | 0 |
| /ObjStm | 4 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 22 | 00009890e0286060 | 45bfbfef616656791ae2f8a9eda7f3ec |  |
| 23 | 6860000000000000 | 74587a4b9e871d3738738f1147c119b1 |  |
| 25 | 0000008209a0a651 | 41b3862cf158db3263d102655c34c40c |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 18, 2024 22:55:08.364231110 CEST | 49740 | 443 | 192.168.2.4 | 23.46.240.131 |
| Apr 18, 2024 22:55:08.364279985 CEST | 443 | 49740 | 23.46.240.131 | 192.168.2.4 |
| Apr 18, 2024 22:55:08.364351988 CEST | 49740 | 443 | 192.168.2.4 | 23.46.240.131 |
| Apr 18, 2024 22:55:08.364600897 CEST | 49740 | 443 | 192.168.2.4 | 23.46.240.131 |
| Apr 18, 2024 22:55:08.364619017 CEST | 443 | 49740 | 23.46.240.131 | 192.168.2.4 |
| Apr 18, 2024 22:55:08.689205885 CEST | 443 | 49740 | 23.46.240.131 | 192.168.2.4 |
| Apr 18, 2024 22:55:08.689560890 CEST | 49740 | 443 | 192.168.2.4 | 23.46.240.131 |
| Apr 18, 2024 22:55:08.689580917 CEST | 443 | 49740 | 23.46.240.131 | 192.168.2.4 |
| Apr 18, 2024 22:55:08.691289902 CEST | 443 | 49740 | 23.46.240.131 | 192.168.2.4 |
| Apr 18, 2024 22:55:08.691399097 CEST | 49740 | 443 | 192.168.2.4 | 23.46.240.131 |
| Apr 18, 2024 22:55:08.693538904 CEST | 49740 | 443 | 192.168.2.4 | 23.46.240.131 |
| Apr 18, 2024 22:55:08.693634033 CEST | 443 | 49740 | 23.46.240.131 | 192.168.2.4 |
| Apr 18, 2024 22:55:08.693732977 CEST | 49740 | 443 | 192.168.2.4 | 23.46.240.131 |
| Apr 18, 2024 22:55:08.693743944 CEST | 443 | 49740 | 23.46.240.131 | 192.168.2.4 |
| Apr 18, 2024 22:55:08.737257957 CEST | 49740 | 443 | 192.168.2.4 | 23.46.240.131 |
| Apr 18, 2024 22:55:08.799186945 CEST | 443 | 49740 | 23.46.240.131 | 192.168.2.4 |
| Apr 18, 2024 22:55:08.799299955 CEST | 443 | 49740 | 23.46.240.131 | 192.168.2.4 |
| Apr 18, 2024 22:55:08.799372911 CEST | 49740 | 443 | 192.168.2.4 | 23.46.240.131 |
| Apr 18, 2024 22:55:08.800018072 CEST | 49740 | 443 | 192.168.2.4 | 23.46.240.131 |
| Apr 18, 2024 22:55:08.800035954 CEST | 443 | 49740 | 23.46.240.131 | 192.168.2.4 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49740 | 23.46.240.131 | 443 | 7680 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-18 20:55:08 UTC | 475 | OUT | |
| 2024-04-18 20:55:08 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 22:54:54 |
| Start date: | 18/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6bc1b0000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 22:54:55 |
| Start date: | 18/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 22:54:55 |
| Start date: | 18/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly