Edit tour
Windows
Analysis Report
Copy of Truworths Daily Rates - 18.04.2024.pdf
Overview
General Information
| Sample name: | Copy of Truworths Daily Rates - 18.04.2024.pdf |
| Analysis ID: | 1428725 |
| MD5: | 23aa6b299aa431b673eee1f6a9098d5f |
| SHA1: | 0fe7eb86074a012ed97e6b5918cd75cd23e51b61 |
| SHA256: | ac9797a8e72e6992a08eab211e48d3e4928b2f56e32582174dbda1d23afdda79 |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 7308 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\C opy of Tru worths Dai ly Rates - 18.04.202 4.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 7480 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7664 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 84 --field -trial-han dle=1708,i ,856131520 4089257919 ,480313331 9008344058 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 184.25.164.138 | unknown | United States | 9498 | BBIL-APBHARTIAirtelLtdIN | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1428725 |
| Start date and time: | 2024-04-19 13:20:26 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 4s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 11 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Copy of Truworths Daily Rates - 18.04.2024.pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@14/44@0/1 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.123.200.169, 52.202.204.11, 54.227.187.23, 23.22.254.206, 52.5.13.197, 23.34.82.6, 23.34.82.7, 172.64.41.3, 162.159.61.3
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 184.25.164.138 | Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | RHADAMANTHYS | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Lokibot, PureLog Stealer, zgRAT | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | DarkGate, MailPassView | Browse | |||
| Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse | |||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| BBIL-APBHARTIAirtelLtdIN | Get hash | malicious | Remcos | Browse |
| |
| Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.140508131696733 |
| Encrypted: | false |
| SSDEEP: | 6:XJRV6WM+q2Pwkn2nKuAl9OmbnIFUt8YJRp1Zmw+YJR/WMVkwOwkn2nKuAl9Ombjd:XfV6L+vYfHAahFUt8Yfj/+Yf/LV5JfHi |
| MD5: | 194F2F59665B6A21F44D3C3DAF38B0CD |
| SHA1: | 3310581CCF8FB98E1B77999E33882AF890446897 |
| SHA-256: | 0FBFB07052CBF149107297D2180A42CE7C0689729486CF84415D7B9C2559A6C1 |
| SHA-512: | B08005DD5F2C0AE801EF6CDFF7976108A5A2144CDAD0014E5F65F4922E6FA53CA76E4E3A4AC69D10826D4AD03FA1CA87006B77A1F972EB44D23817D6E61928B0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.140508131696733 |
| Encrypted: | false |
| SSDEEP: | 6:XJRV6WM+q2Pwkn2nKuAl9OmbnIFUt8YJRp1Zmw+YJR/WMVkwOwkn2nKuAl9Ombjd:XfV6L+vYfHAahFUt8Yfj/+Yf/LV5JfHi |
| MD5: | 194F2F59665B6A21F44D3C3DAF38B0CD |
| SHA1: | 3310581CCF8FB98E1B77999E33882AF890446897 |
| SHA-256: | 0FBFB07052CBF149107297D2180A42CE7C0689729486CF84415D7B9C2559A6C1 |
| SHA-512: | B08005DD5F2C0AE801EF6CDFF7976108A5A2144CDAD0014E5F65F4922E6FA53CA76E4E3A4AC69D10826D4AD03FA1CA87006B77A1F972EB44D23817D6E61928B0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.098053868618333 |
| Encrypted: | false |
| SSDEEP: | 6:X8NOq2Pwkn2nKuAl9Ombzo2jMGIFUt8YUSZZmw+Y6uakwOwkn2nKuAl9Ombzo2jz:X8NOvYfHAa8uFUt8YBZ/+Yba5JfHAa8z |
| MD5: | 8DFF4E00A43057CA99AA49395F0CF12E |
| SHA1: | 7BA32F4F03E4A2225B97A18C2ED050CBE706971D |
| SHA-256: | 180814AF82F045E0F4E32D7980EF3CEA3ADAF3EA0CE37102C43A3D2EFDD93B29 |
| SHA-512: | C2D3F2E8FCD1D3DC393BEF1A4D5C9E67C506F76B2B78F3E4FE8FE1927E181D7124EB940997B572D7D9482A3166821BE834D6A8BC976B07CC6E38A2542079A0BF |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.098053868618333 |
| Encrypted: | false |
| SSDEEP: | 6:X8NOq2Pwkn2nKuAl9Ombzo2jMGIFUt8YUSZZmw+Y6uakwOwkn2nKuAl9Ombzo2jz:X8NOvYfHAa8uFUt8YBZ/+Yba5JfHAa8z |
| MD5: | 8DFF4E00A43057CA99AA49395F0CF12E |
| SHA1: | 7BA32F4F03E4A2225B97A18C2ED050CBE706971D |
| SHA-256: | 180814AF82F045E0F4E32D7980EF3CEA3ADAF3EA0CE37102C43A3D2EFDD93B29 |
| SHA-512: | C2D3F2E8FCD1D3DC393BEF1A4D5C9E67C506F76B2B78F3E4FE8FE1927E181D7124EB940997B572D7D9482A3166821BE834D6A8BC976B07CC6E38A2542079A0BF |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.97643647695022 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZW1KXhsBdOg2H1CAcaq3QYiubInP7E4T3y:Y2sRdsXAXydMH1Cr3QYhbG7nby |
| MD5: | CF4556200F297DB9437F35E42318558C |
| SHA1: | 63E4D28C2FD58E44CC50F1221575B931D47CED9B |
| SHA-256: | 852AAF1B8EF4AE012ADDEDF1AB4798CA5BC0110D2B79DF4432A674F8D8CA770C |
| SHA-512: | DC81867BAE1A1CDD6385C8034884801BA5D226CFC8E330429BAFE14B4180C2F87D157BF12BDC0C7C4A6D6F344A83ACEF9A97EEE7C91C54405042388733515EA3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f56c5979-05e5-414e-ba7a-f8e20cd88dcf.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.97643647695022 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZW1KXhsBdOg2H1CAcaq3QYiubInP7E4T3y:Y2sRdsXAXydMH1Cr3QYhbG7nby |
| MD5: | CF4556200F297DB9437F35E42318558C |
| SHA1: | 63E4D28C2FD58E44CC50F1221575B931D47CED9B |
| SHA-256: | 852AAF1B8EF4AE012ADDEDF1AB4798CA5BC0110D2B79DF4432A674F8D8CA770C |
| SHA-512: | DC81867BAE1A1CDD6385C8034884801BA5D226CFC8E330429BAFE14B4180C2F87D157BF12BDC0C7C4A6D6F344A83ACEF9A97EEE7C91C54405042388733515EA3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4730 |
| Entropy (8bit): | 5.265364848307922 |
| Encrypted: | false |
| SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7IKbttCaZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goz |
| MD5: | DD3BEAA5BEBA1293B0CC8EE9DA0D60E2 |
| SHA1: | D51CC92DC04BDFF6C253DB37F2F19EFAB0BF34D3 |
| SHA-256: | 1A5E9B6462C58C4A2CDBBCBF036B61D3B867B37E7DD0FC441C5190AF04CB1873 |
| SHA-512: | 1D53C66DBFDF289A6F50796748B84CC802B4C45585BCA60E97FE42DC2C3E1DFDC32058C1D2F6847BA6477476C38311B8F031735E9E87D47AACD87997A92B7548 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.168272586663559 |
| Encrypted: | false |
| SSDEEP: | 6:XPRNq2Pwkn2nKuAl9OmbzNMxIFUt8YPpZmw+YPTvZrkwOwkn2nKuAl9OmbzNMFLJ:XPXvYfHAa8jFUt8YPp/+YPTBr5JfHAab |
| MD5: | AF3F97AA573C5AE112CCF2D04E3E2A9F |
| SHA1: | 92142E49B8CC5E3A2543DBAA40C2AE5B694616FD |
| SHA-256: | 7883C1FD77E844E4626F7D786DA8AB33EC814ECD807611C6AB960B4232901DC9 |
| SHA-512: | EBB0FBA6B085D0F2B57039576F7EC6E74F0D9451C39E5E789F6EC55A5B73D7278A5F07DDEE7464C5D90F99CA2ABC05EA102B7DD3841AD55A5BE9671ED96EB060 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.168272586663559 |
| Encrypted: | false |
| SSDEEP: | 6:XPRNq2Pwkn2nKuAl9OmbzNMxIFUt8YPpZmw+YPTvZrkwOwkn2nKuAl9OmbzNMFLJ:XPXvYfHAa8jFUt8YPp/+YPTBr5JfHAab |
| MD5: | AF3F97AA573C5AE112CCF2D04E3E2A9F |
| SHA1: | 92142E49B8CC5E3A2543DBAA40C2AE5B694616FD |
| SHA-256: | 7883C1FD77E844E4626F7D786DA8AB33EC814ECD807611C6AB960B4232901DC9 |
| SHA-512: | EBB0FBA6B085D0F2B57039576F7EC6E74F0D9451C39E5E789F6EC55A5B73D7278A5F07DDEE7464C5D90F99CA2ABC05EA102B7DD3841AD55A5BE9671ED96EB060 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240419112116Z-149.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65110 |
| Entropy (8bit): | 1.193818165417683 |
| Encrypted: | false |
| SSDEEP: | 96:mOTjdc/YsohLna3IeM5SfE0FTRFAPtBKMcEMMj0EQMXMMxupxVk4xJn6xVKMuE4H:mOT5c/YbhLna3RM5AE0pRFAPtBIfA9O |
| MD5: | FAB45823EDE6B331CAFDAE4A9959EEB1 |
| SHA1: | FA941EBE85D6187CC8F31EABEA01EA5ED1CF235E |
| SHA-256: | 78B0798A53E8B316DE34B6FD7AC571205ED1FDB8675C792CCC51B6AC80EF2D81 |
| SHA-512: | 2FE3B4A723ED1031C163DEFFA91661B7ABBA18A8CAB3CF8C975D81FD8E0B436B4FBDE7E0D4B3288732A9B5DA6FA245830C0F714DB9A5AFF8689D6AFEA5DFA93B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.445147294213634 |
| Encrypted: | false |
| SSDEEP: | 384:yezci5tOiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rhs3OazzU89UTTgUL |
| MD5: | 09B927742E3F02FE587EBF1697056BB6 |
| SHA1: | B88BEF9D091C0066BD23A0DED2B99A0164D6387E |
| SHA-256: | 356A0E997F9CCE266A74068168E99B9621175C82B5254A1E5250A566DAFA58ED |
| SHA-512: | DE7B82045C03B797A750AD513CF03E8F31E244B2A73DB2E1173C41086A0BCAFB81D529106F17817A6AF42AB250B823CA4698D4CA44DB87A9A5118C7D5AAFFCF9 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.7763734886940714 |
| Encrypted: | false |
| SSDEEP: | 48:7M6p/E2ioyVOkioy9oWoy1Cwoy1l3KOioy1noy1AYoy1Wioy1hioybioynxoy1nd:7BpjuOkFgdXKQSjKb9IVXEBodRBks |
| MD5: | D892BF15358D691F12D71D69F8D8E497 |
| SHA1: | 05794FA152D7D55199979C01E2122D18398931E4 |
| SHA-256: | 2A7259B1AD94022E2734E4F94FC3054F286EC5065CE753BA4012278C24353540 |
| SHA-512: | 2DD25FEFF36DBFB6F0B8EE8CE3B5028E00BD1F2BDCAF226F06B5F267AF8D18C3889B3B8A03807909B929E5DB5AE499ACD381B96A8D58CC2D746453DF1689A270 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 243196 |
| Entropy (8bit): | 3.3450692389394283 |
| Encrypted: | false |
| SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
| MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
| SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
| SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
| SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.355730761075125 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX4bZITt9VoZcg1vRcR0YdF3UoAvJM3g98kUwPeUkwRe9:YvXKX4b6TtEZc0voRGMbLUkee9 |
| MD5: | 977CCED1B99F4D6D02CCEA69B4C7424A |
| SHA1: | 4B94717BA2B6DE98D472C3196A209495BB827092 |
| SHA-256: | 4C84CD0A4368DFEAE89125CBC33177C27E325DDD0CAEDE6E77E3FAA6FAE5409F |
| SHA-512: | 8B86B09449F1F85C121DD4A7DC5F81457642BF14E1E439EF910553D4A7AE070C3E601FE044FD2F64894A8EBA05E5F95114B50F19127391596DE73694B67F1E52 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.302572138759866 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX4bZITt9VoZcg1vRcR0YdF3UoAvJfBoTfXpnrPeUkwRe9:YvXKX4b6TtEZc0voRGWTfXcUkee9 |
| MD5: | CB157C83D8A75C6C0E15A4571D51B31E |
| SHA1: | 2C17058A3B844AC84080A4D8CE62F7B5BF1A0D12 |
| SHA-256: | 42CFA80DAFAF2EF861C7DBB544DE2C3F73CFD38F97C158D65DA87E3BD24BFDD2 |
| SHA-512: | 0BE21A6B96A2D5A6AECE8F7256CCD62465915AE6F8BA3A08FE784E71E20934C546488D7D544ACB303F1CCA7799C20656A2F61210B230CE8B42E08C32119BABB5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.282058707897269 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX4bZITt9VoZcg1vRcR0YdF3UoAvJfBD2G6UpnrPeUkwRe9:YvXKX4b6TtEZc0voRGR22cUkee9 |
| MD5: | 2C221BE6B7A5A632BF848F83B4F25196 |
| SHA1: | C3C9E8AC63A8A590A3FFE78868DE84212EEA9047 |
| SHA-256: | 4AC22804A9B446A94242280DCEB0FFCE1FB6D9A1307919FA8EB92E248C2CCC0A |
| SHA-512: | 52EB08F3C84B58828C8AE3F08448400DEA06A6AC8DC80F4722B98F42E5CD8900D62D5E743E89FD964E9932F0BC17F372E721E6703D77464124BC632F32CBE569 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.342473455858282 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX4bZITt9VoZcg1vRcR0YdF3UoAvJfPmwrPeUkwRe9:YvXKX4b6TtEZc0voRGH56Ukee9 |
| MD5: | C77343F287C71AA13B97005ADDE79160 |
| SHA1: | 2274921B5823CDB59F9DBF810CC7CC8F14249F05 |
| SHA-256: | 128A0A84C1036721A5BB915386E72A4A719E1A3F98230EDC755CB8F40B155F66 |
| SHA-512: | B3C67827F1EA1D2F995863F5AACC962CBE7D50D8FE5CC9D11D18232D552B482D76BC73E43B7DE403029FE6E9673685BFD07FE3540360ECF03ECDA41453261318 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.303418668432737 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX4bZITt9VoZcg1vRcR0YdF3UoAvJfJWCtMdPeUkwRe9:YvXKX4b6TtEZc0voRGBS8Ukee9 |
| MD5: | 05E0E68823896F529782ED4C15A74503 |
| SHA1: | 3F0EEAC94284AFEBC00BA2355564AE23DBD5FF2C |
| SHA-256: | F0D518B709946491CA17C15AFC76FE84DACBF0AF3C0E734A2075157CA161EB39 |
| SHA-512: | C2D06AFCC99C9E58C186780F817AA21FD49B73EE1EF5E49E71B9EAB3D66C7D3C4DEA90F7C35713ABE7C48380217FE393002A6FEB6C9FA49B2DEFE7A0A6F7D300 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.291292628533745 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX4bZITt9VoZcg1vRcR0YdF3UoAvJf8dPeUkwRe9:YvXKX4b6TtEZc0voRGU8Ukee9 |
| MD5: | E9CD92780138C0E87ADB56FB8C404807 |
| SHA1: | BD2346E12BBF6CCBD875D4059FED19EDC13AE5EA |
| SHA-256: | 8A08C8C05AD19AC103C56F5CC231652026386A840C98EA6BCAECBD437427A4C6 |
| SHA-512: | B539C64B7D6108669CC5904555A46D19BCA747C8D2C80F2FCE0FD3F1464244C73BA15073EAB85A4E181DAFE47D7B2EDC575B184F381FEEA9A3806DC991CB886C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.2949737260725165 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX4bZITt9VoZcg1vRcR0YdF3UoAvJfQ1rPeUkwRe9:YvXKX4b6TtEZc0voRGY16Ukee9 |
| MD5: | 06239699FCB296E6CF05CB107827D463 |
| SHA1: | 88F0FAFDE1D6007DB33330C731D7B8081EC194DA |
| SHA-256: | F4490E034E298E7E7CA5F546609C1E8E4D6F3BD82A9E85C4CA44F5CD7AA53EE4 |
| SHA-512: | 79B5EAC7F98E24C3A8294B3D32F5AD5FB9AD3574BA0DEB90250C1FB82A25E2BC97E1F8AFACAE7B6544B357BFFA6311155320BEC994480C05542CF83AF6AB652A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.300545028204643 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX4bZITt9VoZcg1vRcR0YdF3UoAvJfFldPeUkwRe9:YvXKX4b6TtEZc0voRGz8Ukee9 |
| MD5: | 514661147E2FDAB53320B3E63570935B |
| SHA1: | BA682F6FA8C8DE49CED5A916243FBA15339F8BDC |
| SHA-256: | 7CC7303C14D80E11A773F6617E99B754F109B6DF7237127F9646AF9FB44FD418 |
| SHA-512: | F41F99E7D29E419FC434AFD81DECA49B01A553818C33A27FBBED186491423F92BB36166D1903CCFC26CA3A31023F8FC0151F8C0F71D034C534ABB8A8BD22B625 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1372 |
| Entropy (8bit): | 5.740006030539549 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XhTtEzv4KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNu2q:Yv3AEgigrNt0wSJn+ns8cvFJQ2q |
| MD5: | BEC3DAEA3E0A93678FFF28CB0E24F54B |
| SHA1: | ACC5D6304D451059BF701443024BB001A4E78C54 |
| SHA-256: | 71FCCAEE5493D84B0219482A894CE1F55FD7DC68B812E32CB3DBCD6F4531ABC2 |
| SHA-512: | 837BDDC05CB557C0E8E9AE54D3C736551E66EA54391B5A963ABB07B9C81F6DC61FB401FE26D1B4EA5394D68B931571E28A811E990819DC62E0A10B872CB2C395 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.2965274552790484 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX4bZITt9VoZcg1vRcR0YdF3UoAvJfYdPeUkwRe9:YvXKX4b6TtEZc0voRGg8Ukee9 |
| MD5: | 0F6B253F5D5F6FB93C7138A10F4DC0AF |
| SHA1: | C328E026830994B1C2E43B0A762B18049F227A8F |
| SHA-256: | FD0A22CAE1007B2561A91213550EAB783E0073F7F27D982B86E142D07B49AF36 |
| SHA-512: | 0562020CE5F095F8D91279B3E4190111A81D4DDB3728787412554399FF99A26A4F14A63A26D8DC29F8D413DED2CF364FC1EB80BFAC6983AD4999D368C22BBCAF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.777030499745563 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XhTtEzvXrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNm2q:Yv3PHgDv3W2aYQfgB5OUupHrQ9FJc2q |
| MD5: | DDCA7F656DF4AAD9A67822ABBFABD8FF |
| SHA1: | E13A5EECAD9C663E2CACE733C9C07EE6301B3760 |
| SHA-256: | BAD34FE12DCF88D656807C314EF301E830B832B6CCD31181BBA597BC41F43517 |
| SHA-512: | 5CD10CA62F0FDAF58A42FF6CBF1F2A593BF7DE78709083660F734DD7BA497D3C14D5A18B43B99CA760280C2C5B4B65829192F4BACF86EDC4050BBAFAC8A5D8D2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.280098419239653 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX4bZITt9VoZcg1vRcR0YdF3UoAvJfbPtdPeUkwRe9:YvXKX4b6TtEZc0voRGDV8Ukee9 |
| MD5: | C659113007290F8FFC690E5D25D3794A |
| SHA1: | AE910DE68ED5B78E397840C12192A6D41C5ACF08 |
| SHA-256: | 2132B8715AA5E5F238CFC729108DE2D82A94542C9366C83B219E5311F934A393 |
| SHA-512: | 3DD90022A8EBFE6D6BD05932D2F246018149ACDFCE08C1FD182B9A464E1C6E27E28A8DBE344DD88D02EE0FBA142F479BFCA09A55E2BDE5BEB105BBCA554D4F13 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.284387426060127 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX4bZITt9VoZcg1vRcR0YdF3UoAvJf21rPeUkwRe9:YvXKX4b6TtEZc0voRG+16Ukee9 |
| MD5: | 7F750F084A4361081B5895D7CB28ADF3 |
| SHA1: | 21D84437CEB086F1280272ECDC790252C01A00B6 |
| SHA-256: | A8FF39043E5A79DE5F3292249C5A98A1FBC35BE5680B43968A2750329D497512 |
| SHA-512: | 5EAA4CE8BD721AB6F52F37F246CA9C5DE6BED779F3F9E514B7D55EF65E96D7744CE33055E8AFADD5DBEE3FE406EF210C9A7145358D3C74DC0AB354397393A5E1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.303362584037196 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX4bZITt9VoZcg1vRcR0YdF3UoAvJfbpatdPeUkwRe9:YvXKX4b6TtEZc0voRGVat8Ukee9 |
| MD5: | 0EDFE498D28F4636E8FCB8D51EF575DE |
| SHA1: | 98C5F0694DFC40132BFE1D4276F4945383601799 |
| SHA-256: | EB0310E598DD23A5788536B559A7763E2C9EF855535B302A6683DC9FF6834570 |
| SHA-512: | AD6F55FA08DC6060EA17907B31F2174E4CBC3A6E468170E51B838D87A4A524E680AE030C5199D8BC60B6BBED0E4BC178954599D2E4B9713320770AD7A48920C8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.261346639755993 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX4bZITt9VoZcg1vRcR0YdF3UoAvJfshHHrPeUkwRe9:YvXKX4b6TtEZc0voRGUUUkee9 |
| MD5: | 15F3FEBD8AD9EF8544C740FC6E3F9E69 |
| SHA1: | 75F65793FA750D884DEDCC8632FF6C19D8F73199 |
| SHA-256: | EDF55976A6CC3E59760DCD21003A10E7054684C9F2EAC09D9E45A94D8DA3305E |
| SHA-512: | 5B017F98D940574C5AF1EEB5083DD64FE9E3AB308201DD04AB45BF133181E9A8B77943A5E32F0A73BB6B91C285355137D3C441D2A8295908A2740D454CBBE0BD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.370638440610719 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKX4b6TtEZc0voRGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW6n2q:Yv6XhTtEzv2168CgEXX5kcIfANhh2q |
| MD5: | 6D23597593039170FA720CFA4BB474F4 |
| SHA1: | 067D16248447CE74E8392317B3CD6BEB31486062 |
| SHA-256: | 923408D2C3CAD13ED70EE9F45734829165F76EDA3F141FE79095E5E4B07645C3 |
| SHA-512: | 999B13B7A733DEDCE3EE711F02C7CAA876A3DA8ADEF0CCA2B7DA39C60D53295E499893286BF69D3FA9023844A5FCD6415982B8CF0802085C02B034947A3573E3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.138226170122895 |
| Encrypted: | false |
| SSDEEP: | 48:Y/Rq1BeqUDlgmI4y/NgmvOZnKKpqX2gvl701wj/2Ye9eD3J4:4qaplFI4y/NJvOZnxqXxve1U2XeD3J4 |
| MD5: | 42FE3958503F0DDB8DB3C8BFFBA69665 |
| SHA1: | 45DFE949790B07F02E5A351B9C69517565A89D4E |
| SHA-256: | AFB5B3380346CF4E3E7ECE089E80F331F4DFF8640204F2E6650AEA800BA174D3 |
| SHA-512: | B60518784984BCE1432DE5A959130A76083FCC13F10C5D64773C9A5297029D6683BED218B2FA3BCE8F93D703800AD9AF41BD97FD39E3158A22DC76F17FF84245 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.1876975302481556 |
| Encrypted: | false |
| SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUySvR9H9vxFGiDIAEkGVvpg:lNVmswUUUUUUUUy+FGSIt0 |
| MD5: | 4929D163C5CB4A5A306F2EEECC1E256B |
| SHA1: | 17A794AB1D0A1895B3A472FF52EE72FA40BE58DD |
| SHA-256: | 48162AA5252DAF873DD01CA2B6C8EEBC9C9229DAF6B5D4F2AA8804663E5E753C |
| SHA-512: | 7245CE0F123FF3BECE4DAE94C239C60F21FC79FE7294DEE418B82469428298E2D64B4525ABCE2AEFB0ED0E7E4AD0EAB6FECC29BCC9F4D72A064B738D8A4926C1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.6070007920970908 |
| Encrypted: | false |
| SSDEEP: | 48:7MoUtKUUUUUUUUUUgvR9H9vxFGiDIAEkGVv9qFl2GL7msT:7vfUUUUUUUUUUYFGSItXKVmsT |
| MD5: | 9589B27E81942D735DED58EDA58DC1C3 |
| SHA1: | 8A1E078D7112123A90DC3E01D0301721B681A29F |
| SHA-256: | 8867F684BF8AA61FEEEFE869D3E3B60FF65F63DF752D252F42112A1078B1A6E8 |
| SHA-512: | 4334F47E50529F9B4595DB658BD7BF49A868A09D4B2151137D1EC7067F04B67668B0772069B4476FD1BAD27441FECA49B274029E917AD6D964E4E71158705B46 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.51161293806784 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8m+a1Aw:Qw946cPbiOxDlbYnuRKgw |
| MD5: | C3420DD8A3D5271B9DCB4D247206EB34 |
| SHA1: | 7FCCCDC6541C7BF41726AF6FFAC5F3A81C4DAC4C |
| SHA-256: | 524D4C43A50F057879B9A4EC67154495869A4CD4519F90691BD07409707E6BDA |
| SHA-512: | 993082002AE222D92B8EAA410439F97C24D7B0ECAD4DE8193520EF685E7CF97CA881736C6895A4D1E203431D787A4E1C0D5BBEC956AA61FB6A95693B9C4F66D8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 358 |
| Entropy (8bit): | 5.060248672182676 |
| Encrypted: | false |
| SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOhSCMWqxxRtMWqxUCSyAAO:IngVMre9T0HQIDmy9g06JXxSsqxFqxUR |
| MD5: | 8F5CE9D46B6201CD1C9A7404F6F8C4FE |
| SHA1: | 66990B9E4646DA4DD5050658B3B8A60F8D747235 |
| SHA-256: | F555F6C959C7FDD17379170841783D3612DB85A8A59EA19819F2AB062DA92AE1 |
| SHA-512: | E0CAD35D32E39B5B2D75E09A431FE8A5DBE6DA3463754B6EC4F602FAEA86942A2689A8C39B6EF788FED3396DFB1CA2F96A665F92D48133BCCBCC79E00526AB96 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 13-21-14-541.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.345946398610936 |
| Encrypted: | false |
| SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
| MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
| SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
| SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
| SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.388029357077355 |
| Encrypted: | false |
| SSDEEP: | 384:Sb1uDu8u7u1um9l9e9j9N9O9w9F9CY9D9E2k2Y222yj3jbjkjpjt5zmzGz8G6GZU:SZu7W6nzslPUu7wYh6l7dLLXw9bKywTX |
| MD5: | FA2597155C941B0110F9BA79556E2811 |
| SHA1: | A8E0A5F1381A21A3E565E7176909DFA94F5D1ADB |
| SHA-256: | A914143F682BCDAD215847AF3A730AA9B81FD78023D701AA70825F75357C6FC5 |
| SHA-512: | A3D8D6663E0E7C41ED56579D8E89ECA0514E37521455B143CC0731B7E5EC3AB0D2B75C45A5B7D1AF2034600E61790DD45F520D1CA7C84355BDD914BD609BA484 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29845 |
| Entropy (8bit): | 5.386449040297362 |
| Encrypted: | false |
| SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rX:b |
| MD5: | D60ABFE499D0F883DF10796A5AEDC6A9 |
| SHA1: | D29BFC4BF1443D2BAAEE2C9AB471393B58CA8351 |
| SHA-256: | 9EFA3364A7C8EE09D3D9480CEC8F01C131BABAA11E5C4A3414EBE627383AF7F2 |
| SHA-512: | 802504F2048CFDE33F131543E9181338B46F11F6DEB614EE0702E9A2D41A05CB1E16ED58F9C56B5516C9F1AE03B07737E5A4E6BB13D4894BAEF73A28423ABCC6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru |
| MD5: | AE1E8A5D3E7B2198980A0CA16DE5F3D3 |
| SHA1: | A1DB2C58AFC81E6A114A8EB47BE0243956F79460 |
| SHA-256: | 8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F |
| SHA-512: | 5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje |
| MD5: | 716C2C392DCD15C95BBD760EEBABFCD0 |
| SHA1: | 4B4CE9C6AED6A7F809236B2DAFA9987CA886E603 |
| SHA-256: | DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8 |
| SHA-512: | E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.7949824440923425 |
| TrID: |
|
| File name: | Copy of Truworths Daily Rates - 18.04.2024.pdf |
| File size: | 64'225 bytes |
| MD5: | 23aa6b299aa431b673eee1f6a9098d5f |
| SHA1: | 0fe7eb86074a012ed97e6b5918cd75cd23e51b61 |
| SHA256: | ac9797a8e72e6992a08eab211e48d3e4928b2f56e32582174dbda1d23afdda79 |
| SHA512: | daa80cc2aae1e44f29acdea8c8c7334f92489ceb50d178bad5c91fe91c30d45af30ef75bdc928d1193d21f6355356b5eb1902435d9c3d7d00d5697fcde62a99a |
| SSDEEP: | 1536:x8pMwUJb8DcXwEKrr9NM781Tv30l1eG2ESWStAW6ZnEI:cMtiRbCu0reGSWSeB |
| TLSH: | F2537825489C7DCFC7A567C26A0FBC4E71AE3022F1C42A95372CD7564330A7B9A17A4E |
| File Content Preview: | %PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 9 0 R/MarkInfo<</Marked true>>/Metadata 217 0 R/ViewerPreferences 218 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/ |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.7 |
| Total Entropy: | 7.794982 |
| Total Bytes: | 64225 |
| Stream Entropy: | 7.915228 |
| Stream Bytes: | 57312 |
| Entropy outside Streams: | 4.341777 |
| Bytes outside Streams: | 6913 |
| Number of EOF found: | 2 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 15 |
| endobj | 15 |
| stream | 5 |
| endstream | 5 |
| xref | 2 |
| trailer | 2 |
| startxref | 2 |
| /Page | 1 |
| /Encrypt | 0 |
| /ObjStm | 1 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 19, 2024 13:21:25.689475060 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 13:21:25.689553976 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 13:21:25.689646006 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 13:21:25.690131903 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 13:21:25.690211058 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 13:21:26.010227919 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 13:21:26.010818958 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 13:21:26.010874033 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 13:21:26.014808893 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 13:21:26.014977932 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 13:21:26.017349958 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 13:21:26.017743111 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 13:21:26.017792940 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 13:21:26.017859936 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 13:21:26.067981005 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 13:21:26.068036079 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 13:21:26.114797115 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 13:21:26.132083893 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 13:21:26.132287979 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 13:21:26.132453918 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 13:21:26.132533073 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 13:21:26.132533073 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
| Apr 19, 2024 13:21:26.132572889 CEST | 443 | 49740 | 184.25.164.138 | 192.168.2.4 |
| Apr 19, 2024 13:21:26.132925987 CEST | 49740 | 443 | 192.168.2.4 | 184.25.164.138 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49740 | 184.25.164.138 | 443 | 7664 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-19 11:21:26 UTC | 475 | OUT | |
| 2024-04-19 11:21:26 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 13:21:11 |
| Start date: | 19/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6bc1b0000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 13:21:12 |
| Start date: | 19/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 13:21:12 |
| Start date: | 19/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly