Edit tour
Windows
Analysis Report
CITACI#U00d3N JUDICIAL UE (1).pdf
Overview
General Information
| Sample name: | CITACI#U00d3N JUDICIAL UE (1).pdfrenamed because original name is a hash value |
| Original sample name: | CITACIN JUDICIAL UE (1).pdf |
| Analysis ID: | 1428601 |
| MD5: | 50cb062ac5cb59b71776da61cb93d47b |
| SHA1: | 65be60c85b998828ceced3bdc1c4897da456f8b8 |
| SHA256: | c61080e990c67cf2219aac95df3b770d559c6c46c7d91d598da790e441e2f04b |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 7476 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\C ITACI#U00d 3N JUDICIA L UE (1).p df" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 7656 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7876 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 36 --field -trial-han dle=1556,i ,114805620 8567805612 9,14334011 3702269774 73,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 184.25.164.138 | unknown | United States | 9498 | BBIL-APBHARTIAirtelLtdIN | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1428601 |
| Start date and time: | 2024-04-19 09:54:19 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 4s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 11 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | CITACI#U00d3N JUDICIAL UE (1).pdfrenamed because original name is a hash value |
| Original Sample Name: | CITACIN JUDICIAL UE (1).pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@14/43@0/1 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.60.84.177, 23.34.82.7, 23.34.82.6, 18.207.85.246, 34.193.227.236, 107.22.247.231, 54.144.73.197, 172.64.41.3, 162.159.61.3
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 184.25.164.138 | Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | RHADAMANTHYS | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Lokibot, PureLog Stealer, zgRAT | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | DarkGate, MailPassView | Browse | |||
| Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse | |||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| BBIL-APBHARTIAirtelLtdIN | Get hash | malicious | Remcos | Browse |
| |
| Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.199370487076105 |
| Encrypted: | false |
| SSDEEP: | 6:XBfjRq2Pwkn2nKuAl9OmbnIFUt8YBfAKZmw+YBfA2kwOwkn2nKuAl9OmbjLJ:XplvYfHAahFUt8YpAK/+YpA25JfHAaSJ |
| MD5: | B61EA59D1590FFCC34E1EE8D5362736A |
| SHA1: | A4108478A46BCDD08019AFF2110832DBFEA81439 |
| SHA-256: | 1920C4CF537D85781F3282BE4E1AF706D8DA8CA67D691448CCD305AE62898701 |
| SHA-512: | A1960E781F7A586C1982FB50413594F03FA02856C1348A728D5E3EAB4CF41D32B7A3148FAF1DEFF05C2124F7C128C4C9479E36E905C4C840C9732E4E3E005BD6 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.199370487076105 |
| Encrypted: | false |
| SSDEEP: | 6:XBfjRq2Pwkn2nKuAl9OmbnIFUt8YBfAKZmw+YBfA2kwOwkn2nKuAl9OmbjLJ:XplvYfHAahFUt8YpAK/+YpA25JfHAaSJ |
| MD5: | B61EA59D1590FFCC34E1EE8D5362736A |
| SHA1: | A4108478A46BCDD08019AFF2110832DBFEA81439 |
| SHA-256: | 1920C4CF537D85781F3282BE4E1AF706D8DA8CA67D691448CCD305AE62898701 |
| SHA-512: | A1960E781F7A586C1982FB50413594F03FA02856C1348A728D5E3EAB4CF41D32B7A3148FAF1DEFF05C2124F7C128C4C9479E36E905C4C840C9732E4E3E005BD6 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.190339587279391 |
| Encrypted: | false |
| SSDEEP: | 6:XBfsVUi+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YBfsX4WZmw+YBfsTIVkwOwkn2nKuA:Xp0/+vYfHAa8uFUt8YpU/+YpPV5JfHAv |
| MD5: | FDE80D936A848A0827FB40F669E3371E |
| SHA1: | BCBD530699F4879FFADFA2DC25C5D8AB8FA0CA9B |
| SHA-256: | DAACE6B15BD47BE39E7E0396377F5BEA9A6A469FDD794BF4A04A9943DA0C36CD |
| SHA-512: | 4529A4CEBA5785C09A658E028AD26269646F5481CE30411AD9DFD4FE0CE6E8BDD8E21AA090F976840207378BB5313559BB2D03BCDF03B5F8F10C9ABC61ECA712 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.190339587279391 |
| Encrypted: | false |
| SSDEEP: | 6:XBfsVUi+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YBfsX4WZmw+YBfsTIVkwOwkn2nKuA:Xp0/+vYfHAa8uFUt8YpU/+YpPV5JfHAv |
| MD5: | FDE80D936A848A0827FB40F669E3371E |
| SHA1: | BCBD530699F4879FFADFA2DC25C5D8AB8FA0CA9B |
| SHA-256: | DAACE6B15BD47BE39E7E0396377F5BEA9A6A469FDD794BF4A04A9943DA0C36CD |
| SHA-512: | 4529A4CEBA5785C09A658E028AD26269646F5481CE30411AD9DFD4FE0CE6E8BDD8E21AA090F976840207378BB5313559BB2D03BCDF03B5F8F10C9ABC61ECA712 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\7fe5462b-ac40-44ca-b54a-10c6a3317db8.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.9684845159534285 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZ36hsBdOg2HPcaq3QYiubInP7E4T3y:Y2sRds+dMH+3QYhbG7nby |
| MD5: | 3385A54072A247000D0F6EE165A421B7 |
| SHA1: | BE03F04E394A139AF5AAB78A590F88C3BBA59A08 |
| SHA-256: | D93096BDCA0681114982737917EC898A5366E21E7FD1D3499D6BB22562BA22C9 |
| SHA-512: | C2B496A5C194E7463AD4F8154D628E62FB0026DF6707AF47E4DF97361A49AA41AD4CA1CF36EAD752778CA5D50BFF92C4C5E618A7721CB5C401677AB37160AE5F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.9684845159534285 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZ36hsBdOg2HPcaq3QYiubInP7E4T3y:Y2sRds+dMH+3QYhbG7nby |
| MD5: | 3385A54072A247000D0F6EE165A421B7 |
| SHA1: | BE03F04E394A139AF5AAB78A590F88C3BBA59A08 |
| SHA-256: | D93096BDCA0681114982737917EC898A5366E21E7FD1D3499D6BB22562BA22C9 |
| SHA-512: | C2B496A5C194E7463AD4F8154D628E62FB0026DF6707AF47E4DF97361A49AA41AD4CA1CF36EAD752778CA5D50BFF92C4C5E618A7721CB5C401677AB37160AE5F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4730 |
| Entropy (8bit): | 5.264881463330756 |
| Encrypted: | false |
| SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo704d0SfSwIZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goE |
| MD5: | 3A635D7B6D29568A1598E8A153520F0C |
| SHA1: | 505319AF5983386BED92949D6D5218349ABB5939 |
| SHA-256: | BC3036B6DE0D0FF8ADA9AA373F223CB3618395486D9ED6D402AAC060B90B863D |
| SHA-512: | 52BC976327AB50962481CC71F4A21EB4D778423E7D27E56CAF25F3DFC9034AD062B1ADC64BB0FEA1D16FA037555369B243B1363A248F8B7EB7D38BF182488F26 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.230526552594724 |
| Encrypted: | false |
| SSDEEP: | 6:XBfhf3+q2Pwkn2nKuAl9OmbzNMxIFUt8YBfr5WZmw+YBfrfFNVkwOwkn2nKuAl9c:Xp9+vYfHAa8jFUt8Ypo/+Yprf3V5JfHP |
| MD5: | 24D13FE8112F724F0F43B2ADEF206755 |
| SHA1: | EEFCA8A82D624BFFEBD190391450314ECD4F2D25 |
| SHA-256: | 1E1D4AD58B51A893F997E4E783AB8CE3751D1F658CA71C7778E44ED97E2862A0 |
| SHA-512: | 0B6A68C1B096214CE388153110C613DAB1FA016B2AC896EECE3CCEFA3CDEE791E80C78249EBD91B5AFBF1593B6EB41B6B2FFF999C5F6C746C5ECE8D3B9D54442 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.230526552594724 |
| Encrypted: | false |
| SSDEEP: | 6:XBfhf3+q2Pwkn2nKuAl9OmbzNMxIFUt8YBfr5WZmw+YBfrfFNVkwOwkn2nKuAl9c:Xp9+vYfHAa8jFUt8Ypo/+Yprf3V5JfHP |
| MD5: | 24D13FE8112F724F0F43B2ADEF206755 |
| SHA1: | EEFCA8A82D624BFFEBD190391450314ECD4F2D25 |
| SHA-256: | 1E1D4AD58B51A893F997E4E783AB8CE3751D1F658CA71C7778E44ED97E2862A0 |
| SHA-512: | 0B6A68C1B096214CE388153110C613DAB1FA016B2AC896EECE3CCEFA3CDEE791E80C78249EBD91B5AFBF1593B6EB41B6B2FFF999C5F6C746C5ECE8D3B9D54442 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240419075511Z-152.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65110 |
| Entropy (8bit): | 1.7970841992313744 |
| Encrypted: | false |
| SSDEEP: | 768:QAr2C4ky6CQ1OVNZiV19zXzz+FxOUl4uTqS2HYML6M+1orjbKHHbpxmE3ptt9I3r:0ni |
| MD5: | 7B76DE3B41A9C04CABDB8AAE2B93E2B9 |
| SHA1: | 7D04DC28B20E162ACCF2180940CB7427B57C3B31 |
| SHA-256: | 5DAB6D238B0C2C746CD2D0AF699E768D9365A8A8B97F8E4ABB52585E9C582B87 |
| SHA-512: | 758D223385486C9CE0F73AA7423F633CFFA29A62F23B99D4A3ABFC75FDA149731C4F67D462050A1CC6C6F2E0923A109C27DF695AE009EEBE677C8410AF89209E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.445279094481123 |
| Encrypted: | false |
| SSDEEP: | 384:yezci5tYiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:r/s3OazzU89UTTgUL |
| MD5: | F01D9494736F286F53FB9F4B125EE245 |
| SHA1: | FAF1A9A23BF8562DB769C9CDD57D80BF63004AEC |
| SHA-256: | 0D72690C6CC8C6D3166B04BB9A42BB0DC6AB97AC51847AE63208FD9F462799B6 |
| SHA-512: | 0F60E28E18A9985FFB114E1951B2BA9AD5775AAE74735E6BEF908CD08E5B497E828F6D342FDC9C49A297C3D13C1F27B881F7544B91ABC6D36CF0D716D476D55D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.7786118339425045 |
| Encrypted: | false |
| SSDEEP: | 48:7Mdp/E2ioyViioy9oWoy1Cwoy1mKOioy1noy1AYoy1Wioy1hioybioyUoy1noy1t:7qpjuiFZXKQFwb9IVXEBodRBkM |
| MD5: | 5BB7F8C5BDA980E15D517B316AF3F9E1 |
| SHA1: | 6A5A604ABFBAA8563D182C5333DB90D38DBBA22D |
| SHA-256: | 1AD2299DF0B3322030DAACB10A3A6B3D47EA2EE355808C71761F5C8388315A64 |
| SHA-512: | 2895598D6160180639537C1A15D298A4EAB8433E02DBCAA87434183FBF7C1ACF1E92D769AD170FA31454B9DB3CD3AECB2D3E1AB79498CF2FA267534E3F95960F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 243196 |
| Entropy (8bit): | 3.3450692389394283 |
| Encrypted: | false |
| SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
| MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
| SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
| SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
| SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.389843267198874 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDknyS0nHVoZcg1vRcR0YGoAvJM3g98kUwPeUkwRe9:YvXKXgyR2Zc0viGMbLUkee9 |
| MD5: | A75BD72A8EC85890596B6BBA94D3C2BD |
| SHA1: | 8DE6486D456087812830F1EF5AE3163E202195E8 |
| SHA-256: | 8E17D9A992C5C041BAF3F15BD3D6607385C8E55AED0E3CE8D3B33010411993DE |
| SHA-512: | 38B5AD6A79A790E14B9985FA6819D2115D04A7C0B90A09EA0E457185DE0117B005B7A186B9D914E7FA6CDBD4B2BE52C0B245DD6367104C74625D9E97A5972777 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.343480549700479 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDknyS0nHVoZcg1vRcR0YGoAvJfBoTfXpnrPeUkwRe9:YvXKXgyR2Zc0viGWTfXcUkee9 |
| MD5: | 1CA68775A8E38C7497E624A0836E3B87 |
| SHA1: | B52DC9EFB2796384BCB51FD7EC641E0177E0A1FF |
| SHA-256: | 658BF9757ECD775CC30D61CAE9D936887C0AF8C92C02BF6E1581232E852FCA43 |
| SHA-512: | 7F9620762CBE3848D8F717B1B5C1D34449B4431E019930CB69CA8FA7A08DE0C16118970AE10E8EA2803D0C4B6C8124757FEEFCBA894AB84418CD0289D6CEE42A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.322678297669683 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDknyS0nHVoZcg1vRcR0YGoAvJfBD2G6UpnrPeUkwRe9:YvXKXgyR2Zc0viGR22cUkee9 |
| MD5: | 3F1371BCB2728FD5884BFC6A53F6523F |
| SHA1: | 1E58C7D59E7FA0779E5E67BF857788139745E3E7 |
| SHA-256: | 876131D9C0C17677D5CACDB896873E2E479C77DF7232D851B07907D80D372B2A |
| SHA-512: | C99CF75AD3A56996A8F9436B027B200B69C27266C156F4900B3FE23A128EA10A925AF10D03A99FB7BEB14FEB382FE0FE0D3057F4532A20A9481E3E3313FE41A8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.377782892021461 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDknyS0nHVoZcg1vRcR0YGoAvJfPmwrPeUkwRe9:YvXKXgyR2Zc0viGH56Ukee9 |
| MD5: | E6674410FFED3669F3659833564AE08E |
| SHA1: | C079C6A37617EB1CA2C26B56CE674DD5D204140F |
| SHA-256: | 69744FEB36B577D0FF8CB467708D4E846C43CED7DE159F63FAB0CB908094DA6A |
| SHA-512: | A40F1396248288A9589777D312B58E46B65EEC29A9F9CD7AF8A0F30F8377AC6DF478F35833031216ACE46E7ADA9ACBB494460EBC038ED651DBDB9343E5BD2FA9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.337915896109584 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDknyS0nHVoZcg1vRcR0YGoAvJfJWCtMdPeUkwRe9:YvXKXgyR2Zc0viGBS8Ukee9 |
| MD5: | D92C306A00D77FCD1C0470751BFC00BC |
| SHA1: | 94A483A404F95CE8B9947CBC5FBF6C532B108046 |
| SHA-256: | E9DB3016D5A61B1EED344A2D0BB290350F48E2C51E169E1B0AE8805794E9A206 |
| SHA-512: | D64586056353FFD3D122AA8A439442CB2E829424F1328F5933A0EB7B95B640E3B168FA32C48F87D60511D04ADF56C2CC12679D23F3846C39CE8C3DB7EE6582BD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.325854140845819 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDknyS0nHVoZcg1vRcR0YGoAvJf8dPeUkwRe9:YvXKXgyR2Zc0viGU8Ukee9 |
| MD5: | 35583A0D91AB4EFF88D9ECE695C151E5 |
| SHA1: | 6D60CBC610354722CC16FB0BA02515DCA420111A |
| SHA-256: | 5DE667B6FE637AD468EBC9707DEF5064BB7E5402751633D72507F8FB16EC30DA |
| SHA-512: | 824080ADA16AD3D5A50010EFA014620251AE7FFDE14F77DEF92BFB58A0A499610B58568BE8136858B0BEBE779D8EE5348E851F65FC53CB1BA9CE76D86DA3C4F5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.3294709537493645 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDknyS0nHVoZcg1vRcR0YGoAvJfQ1rPeUkwRe9:YvXKXgyR2Zc0viGY16Ukee9 |
| MD5: | 2A1A208580D3A173218ADC2B08CFD970 |
| SHA1: | 0BB93A8E88DF420099A87876591955DE679187B9 |
| SHA-256: | 17D04D8113B1737EC17C74895EFFA9E4F314356A12FD82C8691B20F9EE4BFE70 |
| SHA-512: | A2DBC89852DEF0AF6287480228472FFD9971EAF37BD3CD4491E115AFDD598289875B889AD47099E5A3CE64D93573DB6C1D1F73BCF8FFE7EB4B8D83BF761DAC2B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.334101370774662 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDknyS0nHVoZcg1vRcR0YGoAvJfFldPeUkwRe9:YvXKXgyR2Zc0viGz8Ukee9 |
| MD5: | 297481C0B82D5B0C8F6DC8ED00B937F2 |
| SHA1: | 32182000A59AC511FAA528C7F64B98CB5C584CF5 |
| SHA-256: | F993CF5DCCD0A2A93035FC02A19736298AE41C17087C24715E3BFCBA96575E88 |
| SHA-512: | 654BB3C825C8596CB59CF711F7804F073AFCC5837B711BACA70D4C5F78972C20CA9C852636457BB50BB0A9BAEF71BD225C90A7BA69EE5F499D1521FB584A0050 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1372 |
| Entropy (8bit): | 5.7445961742876595 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XCzvOKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN2:Yv9mEgigrNt0wSJn+ns8cvFJ8 |
| MD5: | 75045EC784A6B749400141237A19A3AA |
| SHA1: | E87A7CA9D88DD2657E23C2935BFA32CD4B92ABEE |
| SHA-256: | 61F521ACBC53D1ED95D1CBE5CD4EA7041281D8CDE58150C30E64F619B8399642 |
| SHA-512: | 191910F0473E62D69F90C149306D176197ECD128540B817623D0DA2002A58F70FCF1C208AA61C7F9C640A39EF9AAE48B11D74BD727C3F9160D8DBE58F781CF40 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.331382785665344 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDknyS0nHVoZcg1vRcR0YGoAvJfYdPeUkwRe9:YvXKXgyR2Zc0viGg8Ukee9 |
| MD5: | AD7E72502FA06DF23F5FF54F14CBF8BD |
| SHA1: | CDF1DB5C27129DAFFF4AD822FB86E9F3B0039B9C |
| SHA-256: | 3F0B7ECB13B2C99F4F01D24A4476369D123A33965A12D65F316D368B9D76F6AB |
| SHA-512: | 9F5D63A87F703731B03BA99114A2B5C5A5E4C51DCF2091FACB3C918DA20DFF406EC0E9C9414D5BA776B372C8CB5929F5BF17CA4D1DC0013E41494DB69D4182CC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.779857986799193 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XCzvFrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN+:Yv9tHgDv3W2aYQfgB5OUupHrQ9FJw |
| MD5: | 6ECDBA47534F7C117B0F752244AEA72C |
| SHA1: | 6E5A75C7437EE221B6DFE4034216488FF8687F82 |
| SHA-256: | 0F256F4B6932D0171EAB55CD56D9DA205DAB12A7CB04B5BC2D35507DF1EBB06B |
| SHA-512: | D3FCFA49BFC9F6CBC7EEBEFF9E93B2621EBDB5D0FF6A3AF6DE04F015BADE5E3D83C7C2EA568D103BE29266A1F290F58B679E97B806AAF59511A21716CAA0324B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.314714194090648 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDknyS0nHVoZcg1vRcR0YGoAvJfbPtdPeUkwRe9:YvXKXgyR2Zc0viGDV8Ukee9 |
| MD5: | C8C7AC7BEDF9D31C5CDD7C3B2553D997 |
| SHA1: | 7DFD722E5CFFD5D87D471E175E7A69FA83483A68 |
| SHA-256: | 06B814C1311A61E3AFD92ADB267A1536986DEF541CCEB598B14910896B50E725 |
| SHA-512: | BC42BB516B76CEBD9CE85471F4DF00037E514A829E04BE1528FF0F63B1A037DDEC90DD133F452FCD687C5C4F89F345188176124787DAE97862C56E08385A688C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.31948565073483 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDknyS0nHVoZcg1vRcR0YGoAvJf21rPeUkwRe9:YvXKXgyR2Zc0viG+16Ukee9 |
| MD5: | D06F952F545AA78F51F9A03BE909F1F6 |
| SHA1: | 3E06F7F24AECDFC118C7073D0DEA90AE076D234A |
| SHA-256: | 5656CAA5DE8685A128638539E940B2AE2122BC4253D9996DA41E5F575DF0F26A |
| SHA-512: | 542E0FF9F75DEE77AA7C5F1FF811A3601125F06CF8134A378CC0B3E56DD98968AE29B0ECC6851C7BBD8BA0DF0341C3B881E7A17D678FA2E369516E23A13C2196 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.337924096349269 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDknyS0nHVoZcg1vRcR0YGoAvJfbpatdPeUkwRe9:YvXKXgyR2Zc0viGVat8Ukee9 |
| MD5: | B413B1C54074A1E52ECF51B6A429BBE9 |
| SHA1: | 111F75E5191B62B17BA02F51DE16416502744858 |
| SHA-256: | AD8A8769E95C9D2180B83E5A92E82C3AEC596AB1673852AFF7CA1177D01EB2CA |
| SHA-512: | B0DB7987E881C750F0D067E2FC2D1CA4FEF78AC999AB9F7A7FC2B9C42C7B1FBDDE33F07CB995B9F2561498A072C49C99EF7E28EB04C170487BD47E1BC74BB60A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.2952549719333915 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDknyS0nHVoZcg1vRcR0YGoAvJfshHHrPeUkwRe9:YvXKXgyR2Zc0viGUUUkee9 |
| MD5: | 34528EDE8CEA2C0ADB6A6FD9576FF233 |
| SHA1: | 1E52E7702BD02FF49C0686C11BF24B41BD90F55E |
| SHA-256: | F40578405DE381D0DB79391D75D3F94F690E118DE734E4474C287AC628AB1CAD |
| SHA-512: | FDCCE5338FB8AF424432F55317A456705F39F185E311B01ED0B225FF20263EC833D8E40E915890BCE508102615B39C323B08BF9E83F85CFDDB538B547B835327 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.377974225903438 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXgyR2Zc0viGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWq:Yv6XCzvs168CgEXX5kcIfANh7 |
| MD5: | 024B024768C39C3B05C40181228B9B0A |
| SHA1: | C64953E498D582128068010317D93EFA4C032540 |
| SHA-256: | 254EC27F63D3764FFD494B61FAC117DDC52DAADBEA211A53C5B61477CDEE0119 |
| SHA-512: | 1FE149A55F6F19F48DB5CB424B56D32FECF60217CF85B0E7C1814393EEA595075383FEF0A53D6147506D9B165239E581CFC160C48887944C8DE94F321FA24B71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.133786360107891 |
| Encrypted: | false |
| SSDEEP: | 24:YzAScqjCpHCafcgKTafoayxa73nSDHgjPmj0SwQ3CE2b02LSqP4QD5sR9huNOG:Y0ScAWX0p6CsPP43vNsbD2R9o |
| MD5: | E8A9D5F8DCC0AC8CB03B40DBED73C6C5 |
| SHA1: | 46CA9BCF6FE7301F85DD522AB7A3366B8C0B6C77 |
| SHA-256: | 01D7A65DE4A9317D2BB07DFC127A02F70634F99C23E858FBA1B0B26519249E28 |
| SHA-512: | E716D882099A157426B94F441018985C377268DFC94299B781C310BBD7ECF6EA710EB86E9883F90752AAE73434B908695059C187B7429F65019D4ED68BD3D6D8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.1867450899283296 |
| Encrypted: | false |
| SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUNSSvR9H9vxFGiDIAEkGVvpRU:lNVmswUUUUUUUUNS+FGSItNU |
| MD5: | 249EE2FE1E036BB962D4EC3B620AAE0E |
| SHA1: | 51238E1FC42857B411DDD0065DDCDE425F4A41AC |
| SHA-256: | 136781FD107D19DF53C2CDB7A5508EB0CD0C0642E53370B23515C90E9763FE46 |
| SHA-512: | B6E2236708B387CCE71887F9C950FA3ADC2AFEAA3FF71F25A1389CAF65D49F52C01883A9565F915BA9CA5BD9D668CE4DB79AC70CAF33B7258ECEC1B3CF16CB73 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.6076339490682314 |
| Encrypted: | false |
| SSDEEP: | 48:7MfKUUUUUUUUUUNAvR9H9vxFGiDIAEkGVv8qFl2GL7msqw:7NUUUUUUUUUUN4FGSItiKVmsqw |
| MD5: | 7306DCF870F9D5D46A725F2BE5E4EE69 |
| SHA1: | 481D7891965E51E0F619AD236C2E70B613DC1282 |
| SHA-256: | B0FE69F0F51A5BF8E86AEBF1436671C8F861934404F89E9BC2278AA9E4483E1E |
| SHA-512: | 2C27F53583650884C08CAAE4214B02C58351C156D8BC0FEDC374BF6DE8E04DDBD8E241A8F0D083CA931B575314CE18D4FD661C93FC5B52658D477D863B998353 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5248044522866877 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8m+qNpH:Qw946cPbiOxDlbYnuRKR |
| MD5: | BB7FF9A2DBABF885BA45A49675794BC9 |
| SHA1: | F8CB1C8F06F9ADDB2B4F8E52CE6A348B801D853F |
| SHA-256: | 8FA6BD468475DF4172BA324852CBCDF957082C61214DB73D54150D0D39E08D48 |
| SHA-512: | 4FDC3B2EBB070E68B153D56E5AA6AAD73A874F2B8D5196FDBC166AD9D27FC0F0EACFB6076D747A8EBD01F2F8A70506DDD845AC580668F19D841B3A1C08E34FD9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 09-55-09-448.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.345946398610936 |
| Encrypted: | false |
| SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
| MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
| SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
| SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
| SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.359209635387273 |
| Encrypted: | false |
| SSDEEP: | 384:GzPqffWD3YqWhpYdHMbW0DeWV2cdSa/96dxzr75ghXv1TaQWLU8DyD2X5nVjW2uJ:kc1 |
| MD5: | 198D0C85F611833404825F274C8FB2BD |
| SHA1: | E00B035702F6FA0F687F95BFCB254A23B961667A |
| SHA-256: | 47272BC4616DCD9B46B59353BE1065D7E1FD72C40E1835D8799D9CA13F8AA7A7 |
| SHA-512: | F013754CB8D4CD8936684C2089DCCA817CAF0C5947CF6FA7F765050264EBF94FD721E857ABF4D33610FEDF9576287FD06F0E87DC8F4D2AF8C7006FD0FE2EE506 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29845 |
| Entropy (8bit): | 5.393348354990422 |
| Encrypted: | false |
| SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rF:R |
| MD5: | 3FCC8C482E194D1A6CD58030CBFEF186 |
| SHA1: | 62B2FFB8A081F8FA8BDD73891B9FD42382557535 |
| SHA-256: | F684B3108DCCF061A7F2338F5C23030A7D476DC7407FCF5B21C08491D2F80F52 |
| SHA-512: | 4D0F3255634561268558679ECE30058A3A73BB78EFA9EB9B18C4B03F3FC06F08FEF7F30EB4C776AF646BBF815E344EB3C5AA07ACB75AE4FC596DC477D61F89ED |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/rwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TwZG6bWLxBGZN3mlind9i4ufFXpAXkru |
| MD5: | 95F182500FC92778102336D2D5AADCC8 |
| SHA1: | BEC510B6B3D595833AF46B04C5843B95D2A0A6C9 |
| SHA-256: | 9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9 |
| SHA-512: | D7C022459486D124CC6CDACEAD8D46E16EDC472F4780A27C29D98B35AD01A9BA95F62155433264CC12C32BFF384C7ECAFCE0AC45853326CBC622AE65EE0D90BA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.989712012014312 |
| TrID: |
|
| File name: | CITACI#U00d3N JUDICIAL UE (1).pdf |
| File size: | 60'669 bytes |
| MD5: | 50cb062ac5cb59b71776da61cb93d47b |
| SHA1: | 65be60c85b998828ceced3bdc1c4897da456f8b8 |
| SHA256: | c61080e990c67cf2219aac95df3b770d559c6c46c7d91d598da790e441e2f04b |
| SHA512: | 36bc25d5eead2bf4724518f82f900334bdd8e1c884b08f46a01124b90d105a460ee44ff78b0dc3152415d771afd83e062fb8a5058cc372f821b5045be1173866 |
| SSDEEP: | 1536:i6M7ekO1Y53Cl/RdADOG8gsj7dDiSrqFfm9v8uoR/Lfv:i6M7LO1ws/RdAa5dDGYtKbv |
| TLSH: | CD530203B921155C98606935725DC4D408EBD09FEAC5B016323DCB277A0BFB6A1B5FAF |
| File Content Preview: | %PDF-1.5..1 0 obj.<</Type /Catalog/Pages 3 0 R/MarkInfo <</Marked true>>/Lang (en-US)/StructTreeRoot 69 0 R>>.endobj.3 0 obj.<</Type /Pages/Count 1/Kids [4 0 R]>>.endobj.9 0 obj.<</Filter /FlateDecode/Length 3996/First 1033/N 116/Type /ObjStm>>stream..x.. |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.5 |
| Total Entropy: | 7.989712 |
| Total Bytes: | 60669 |
| Stream Entropy: | 7.994882 |
| Stream Bytes: | 58738 |
| Entropy outside Streams: | 5.177421 |
| Bytes outside Streams: | 1931 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 20 |
| endobj | 20 |
| stream | 18 |
| endstream | 18 |
| xref | 0 |
| trailer | 0 |
| startxref | 1 |
| /Page | 0 |
| /Encrypt | 0 |
| /ObjStm | 2 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 67 | 6801080808001002 | d9a4e2864d7bb13a81f59ba4fd76e476 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 19, 2024 09:55:19.801876068 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 09:55:19.801961899 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 09:55:19.802068949 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 09:55:19.802263021 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 09:55:19.802299976 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 09:55:20.118525982 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 09:55:20.119159937 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 09:55:20.119223118 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 09:55:20.122842073 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 09:55:20.122936964 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 09:55:20.124989033 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 09:55:20.125190973 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 09:55:20.125303984 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 09:55:20.172126055 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 09:55:20.180171013 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 09:55:20.180228949 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 09:55:20.227077961 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 09:55:20.229655027 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 09:55:20.229829073 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 09:55:20.229897022 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 09:55:20.230345011 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 09:55:20.230345011 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 09:55:20.230410099 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 09:55:20.230472088 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49740 | 184.25.164.138 | 443 | 7876 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-19 07:55:20 UTC | 475 | OUT | |
| 2024-04-19 07:55:20 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 09:55:06 |
| Start date: | 19/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6bc1b0000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 09:55:06 |
| Start date: | 19/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 09:55:07 |
| Start date: | 19/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly