Edit tour
Windows
Analysis Report
FEFR237_f090161469300000000ED.pdf
Overview
General Information
| Sample name: | FEFR237_f090161469300000000ED.pdf |
| Analysis ID: | 1430407 |
| MD5: | cddb06f6ef3ce9ce2c7056d5f55ad7bc |
| SHA1: | 7d8dac629cb54440f00974428c7751fe2b206a98 |
| SHA256: | 7bb5d08f5bc407547f7f865ff4f31206bbcbcf2f0611db8e19bd80baca404c52 |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64_ra
Acrobat.exe (PID: 6972 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\F EFR237_f09 0161469300 000000ED.p df" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 6260 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 3908 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 64 --field -trial-han dle=1552,i ,184178242 3628460908 3,17962959 5889784271 3,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.48.8.182 | unknown | United States | 20940 | AKAMAI-ASN1EU | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1430407 |
| Start date and time: | 2024-04-23 16:21:19 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 2m 43s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 15 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | FEFR237_f090161469300000000ED.pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@15/45@0/1 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.204.76.141, 54.227.187.23, 52.5.13.197, 23.22.254.206, 52.202.204.11, 172.64.41.3, 162.159.61.3, 23.53.35.7, 23.53.35.4, 23.221.212.219
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, p13n.adobe.io, geo2.adobe.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
- VT rate limit hit for: FEFR237_f090161469300000000ED.pdf
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 23.48.8.182 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | PDFPhish | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | XWorm, zgRAT | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AKAMAI-ASN1EU | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Glupteba, Mars Stealer, Phorpiex, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 290 |
| Entropy (8bit): | 5.20602236029838 |
| Encrypted: | false |
| SSDEEP: | 6:sfJHUUq2PRN2nKuAl9OmbnIFUt8ZfJHU1Zmw+ZfJBkwORN2nKuAl9OmbjLJ:sfJUUvaHAahFUt8ZfJU1/+Zfr5JHAaSJ |
| MD5: | 5D649AECBF03AA6EF452B287916D9DEE |
| SHA1: | 16FBF040364EE7460CE2C61A3ACDDE7C3CCE3CA3 |
| SHA-256: | F15DF804D5F2A0A688DF07622C9B596A92A9C819A8077AE1B0A1184E6077E5CE |
| SHA-512: | 23838123E3AD6BB2D6E1D1E0CCC18C3A61A0CDF623CA3908FDB86237544B14256CBFAE3D6DF3E0A291F2C89C5FCF211BBF4EB4844B8D77F6441A92EE5D1201AE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 290 |
| Entropy (8bit): | 5.20602236029838 |
| Encrypted: | false |
| SSDEEP: | 6:sfJHUUq2PRN2nKuAl9OmbnIFUt8ZfJHU1Zmw+ZfJBkwORN2nKuAl9OmbjLJ:sfJUUvaHAahFUt8ZfJU1/+Zfr5JHAaSJ |
| MD5: | 5D649AECBF03AA6EF452B287916D9DEE |
| SHA1: | 16FBF040364EE7460CE2C61A3ACDDE7C3CCE3CA3 |
| SHA-256: | F15DF804D5F2A0A688DF07622C9B596A92A9C819A8077AE1B0A1184E6077E5CE |
| SHA-512: | 23838123E3AD6BB2D6E1D1E0CCC18C3A61A0CDF623CA3908FDB86237544B14256CBFAE3D6DF3E0A291F2C89C5FCF211BBF4EB4844B8D77F6441A92EE5D1201AE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 334 |
| Entropy (8bit): | 5.111456489527606 |
| Encrypted: | false |
| SSDEEP: | 6:sfWq2PRN2nKuAl9Ombzo2jMGIFUt8ZfsXZmw+ZfNkwORN2nKuAl9Ombzo2jMmLJ:sfWvaHAa8uFUt8ZfsX/+ZfN5JHAa8RJ |
| MD5: | 235B35B03FE8FD02EED2E72222D1365C |
| SHA1: | C6BB2D37586D87C10845DE2EF6AE48AA0D0D109A |
| SHA-256: | 6B8932FE9D98C32391D81FC58B33ABAA37E7299BC6687B3F2D6E5F97864791FC |
| SHA-512: | B04D14ADD1D46523DDE6804F56E64135A0953D73D673102899985B9630227B73966C6856D5006C846359336201AD7E742A4E6F1922CB4DA5515EFA304A3FAC41 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 334 |
| Entropy (8bit): | 5.111456489527606 |
| Encrypted: | false |
| SSDEEP: | 6:sfWq2PRN2nKuAl9Ombzo2jMGIFUt8ZfsXZmw+ZfNkwORN2nKuAl9Ombzo2jMmLJ:sfWvaHAa8uFUt8ZfsX/+ZfN5JHAa8RJ |
| MD5: | 235B35B03FE8FD02EED2E72222D1365C |
| SHA1: | C6BB2D37586D87C10845DE2EF6AE48AA0D0D109A |
| SHA-256: | 6B8932FE9D98C32391D81FC58B33ABAA37E7299BC6687B3F2D6E5F97864791FC |
| SHA-512: | B04D14ADD1D46523DDE6804F56E64135A0953D73D673102899985B9630227B73966C6856D5006C846359336201AD7E742A4E6F1922CB4DA5515EFA304A3FAC41 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.953858338552356 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
| MD5: | 4C313FE514B5F4E7E89329630909F8DC |
| SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
| SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
| SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6a4070.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.953858338552356 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
| MD5: | 4C313FE514B5F4E7E89329630909F8DC |
| SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
| SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
| SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\eb47be62-ab09-45c0-81f2-4dde5ca78183.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.98101842809952 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sqZnIsBdOg2HhAcaq3QYiubrP7E4T3y:YXs+ddMHhr3QYhbz7nby |
| MD5: | F8C7494B6CDA324AA68A9AA27C4C8CDB |
| SHA1: | 2D16BC3C8C57B461B15EB1B24D348C7264F5C4A3 |
| SHA-256: | 3F4346BB2CBD93EAAA91DB8A02D25459C7589A7131F00FDEB5FCB28CC09782BF |
| SHA-512: | 798D211A7A975D4D34AB05014E745935F4795A9A67A64E88CC9209FD9169FE4257A84E0B4209C52FA21A213F91615574080C6E7EDDCCB2F23D2BB46B669E3B10 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\fdbf1166-0c26-4580-b69c-7a8d9f1a83fa.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.953858338552356 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
| MD5: | 4C313FE514B5F4E7E89329630909F8DC |
| SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
| SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
| SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4509 |
| Entropy (8bit): | 5.231217620009938 |
| Encrypted: | false |
| SSDEEP: | 96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xe9NdMg/oNHg/Z:OLT0bTIeYa51Ogu/0OZARBT8kN889NdT |
| MD5: | 2F6F93170B9F350763FC6EE5CE704840 |
| SHA1: | 3BA7D994DF36302562EE443AEA30427301937313 |
| SHA-256: | 781D7156C701E7DF4406EBAD9E82A79143ABFF0FA55B119719832BFB1A94E48D |
| SHA-512: | 5846D18292C4E01F7531E70E51DE9DFC9A25EB3E44FF72F86286EB4527B5D1906228DFAFF203D76E2BE21FDA590DB373C500CC77F41DA7BCD755CC2252216389 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.176611755341307 |
| Encrypted: | false |
| SSDEEP: | 6:sfCAROq2PRN2nKuAl9OmbzNMxIFUt8ZfQQZmw+Zf2YkwORN2nKuAl9OmbzNMFLJ:sfCAMvaHAa8jFUt8Zfz/+Zf2Y5JHAa8E |
| MD5: | 4AE97C678D3818B12031EACF768AF7BB |
| SHA1: | 506AAE5304C55AF8E5DFFCF3C8A8569B1F4D264B |
| SHA-256: | C06E51FF9518321081CE899DFFB525C657821A37DE13E1132EA5D22DDA08B711 |
| SHA-512: | 3BCF6AB178C2990D5BCE2A1F337FCFADCD4AC97248F709DD33D2269AFFDFD9621C8B32E6338C22963304916BB56E019550D1337A4608507C9AE8D35E3965232D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.176611755341307 |
| Encrypted: | false |
| SSDEEP: | 6:sfCAROq2PRN2nKuAl9OmbzNMxIFUt8ZfQQZmw+Zf2YkwORN2nKuAl9OmbzNMFLJ:sfCAMvaHAa8jFUt8Zfz/+Zf2Y5JHAa8E |
| MD5: | 4AE97C678D3818B12031EACF768AF7BB |
| SHA1: | 506AAE5304C55AF8E5DFFCF3C8A8569B1F4D264B |
| SHA-256: | C06E51FF9518321081CE899DFFB525C657821A37DE13E1132EA5D22DDA08B711 |
| SHA-512: | 3BCF6AB178C2990D5BCE2A1F337FCFADCD4AC97248F709DD33D2269AFFDFD9621C8B32E6338C22963304916BB56E019550D1337A4608507C9AE8D35E3965232D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240423142150Z-170.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 1.9824940484827291 |
| Encrypted: | false |
| SSDEEP: | 192:4mzm9E7AQyr/Md6RuIPGWiuLBABaZGafasaw:4mzm9E7ABMdQuIPSuLBABaZzasaw |
| MD5: | 463827E61EF66A539F09F0E057C59607 |
| SHA1: | 0AF8878C5C57C3847A6EDB7DA82975B110ADF33D |
| SHA-256: | E6A16E6F1327C6765DD690BADCB82139CB8F8E16996FB19E3332D0A2275C0ED0 |
| SHA-512: | 90A3440883F5EDF5DB643DA32FCAA4C42646DC1436AC30BEFA74F3E8B4E49E934F7A33058046A4F280FBB78A9B6F2C0B1762A77C3083BDF7A2DEBFE75CC0AF93 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 57344 |
| Entropy (8bit): | 3.291927920232006 |
| Encrypted: | false |
| SSDEEP: | 192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP |
| MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
| SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
| SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
| SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16928 |
| Entropy (8bit): | 1.2119462281523423 |
| Encrypted: | false |
| SSDEEP: | 24:7+tc/qLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+Ze:7MwqLmFTIF3XmHjBoGGR+jMz+Lh/ |
| MD5: | 9FBC96E5C36FAE06376F3F234058D44A |
| SHA1: | 4F82D7CB355AC787D61CDFBA7A4CEDEEE3719738 |
| SHA-256: | C0B57168470783BF65B077F8C62E53EF73209D2A35C4201BD87842EF1AFF77EB |
| SHA-512: | BFF211D9670B0A27747903F37A77D938EB136A8938C3EA12F636E3DD0C3477D9BF723895607D7D042BDE8D648484CED63923ABE11372F77B4712E748ED0B9F8B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 231136 |
| Entropy (8bit): | 3.372805631169117 |
| Encrypted: | false |
| SSDEEP: | 1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgFyrRoL+sn:XPCaJ/3AYvYwgwFoL+sn |
| MD5: | 38108919D6491AF19A968FD2CBA7BB1C |
| SHA1: | 1127AD5A81B08F52520E4D0004BD62EE7891D34F |
| SHA-256: | 1782A62CAF6859C2D44EB5B9D63571315E5F6B547473D2EDD4D83BD33B58CC30 |
| SHA-512: | 50A6B40922B527E18484D246BB0747024975E574AF121AA7745F7AC41C9497844BC435F23DAB15FC86A0A071DA9B808EA269E53D175419AFAF808F80CB0223DA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.347445091889542 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXaXcEMG4+5IRR4UhUR0Y9F2DeoAvJM3g98kUwPeUkwRe9:YvXKXcM+WRuUhUZFUVGMbLUkee9 |
| MD5: | E3A75A91C1091E6CC450A2AB4E3F4B72 |
| SHA1: | 8757B82E74A97012B93CD264F0E4B19C5025419B |
| SHA-256: | 57AEFB7C4B430621DB61A1066B8FEA4962E7FC7AF880DC6F24674E3B7C62D3D5 |
| SHA-512: | E832CF941CA7A6E513DFEFAF392B6B1DDB9D5A793D3A6CBBD26D38B77630AECC1D858125D3DAA0BC6ACBA20FD164D98D2559F91C052F3C50A321239A5407BEF7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.296305467009376 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXaXcEMG4+5IRR4UhUR0Y9F2DeoAvJfBoTfXpnrPeUkwRe9:YvXKXcM+WRuUhUZFUVGWTfXcUkee9 |
| MD5: | EBD2CF38C903DBD5A1631E40A44D8BA6 |
| SHA1: | 949CF00C4F6F3687E11215F86677826A4445123D |
| SHA-256: | 16D3AA45EAFEEBA437E4DD4ED7FAE1186DC1CE8D8A2D4F51D82C5807AFCF4161 |
| SHA-512: | 2C0DF1F38788848B4E2FB705801FFDBAD072E253DDFE35CF80344BD36CD120D79A3A3231896544349E584C1A7F2D0B61081401A771165E61758539A6846F0E74 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.274444381754644 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXaXcEMG4+5IRR4UhUR0Y9F2DeoAvJfBD2G6UpnrPeUkwRe9:YvXKXcM+WRuUhUZFUVGR22cUkee9 |
| MD5: | 393C7CC335C89DCE5E6AD9104F1306E6 |
| SHA1: | 97442527F84291C5600CE9EC829A4AFB413C9CD2 |
| SHA-256: | 2E156907938FDF8F1992C39529F0210201D7C2DE5A2B59692C0EC1D90914A379 |
| SHA-512: | 05F81946D8BB7AD24DFB545106C1C17614990D0F0FAE1898AF8DA11AF738782D2E61152B23A4CA3A8839D3DDA4DB3627C841C38C85F63A3B2FC0BC8A0F5969DA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.3352667439839525 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXaXcEMG4+5IRR4UhUR0Y9F2DeoAvJfPmwrPeUkwRe9:YvXKXcM+WRuUhUZFUVGH56Ukee9 |
| MD5: | 4326C22BED6DAEA4E72EF0029551AE7A |
| SHA1: | F4445A5C12C148F74E6F0860EB40C5121B555D77 |
| SHA-256: | 5E9889CEF51C81855B5B8179C79AF96E247D71A383ED5C38133F5899DAFCBC37 |
| SHA-512: | 1354B1A9D34C4AA4BC8A0C1B777F144CF37DEF55DE76450BACC7BC17DE0784E94C8A071BC941F12E484CE05F3E520A890DFD6212ACE464BD84C69ED05FBD4B49 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.295146299189753 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXaXcEMG4+5IRR4UhUR0Y9F2DeoAvJfJWCtMdPeUkwRe9:YvXKXcM+WRuUhUZFUVGBS8Ukee9 |
| MD5: | A5D6982310CE54551EF3E9F33C76180C |
| SHA1: | 052F060F77C6225511CA01749BCC3247348AE323 |
| SHA-256: | 4C98A50C86345170FF76C9AF423E3F4DC11FC0C8CE6A5D2750455E95536B8CE9 |
| SHA-512: | 326377F35223BD7B09CC4DDBF289D6E907B0ED4CD40A2E9B65591CE4D5632B14581EC414F0C910BBE8B50CD4790ED43759429CC0126FDE9B74F4444174B16390 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.281424085247882 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXaXcEMG4+5IRR4UhUR0Y9F2DeoAvJf8dPeUkwRe9:YvXKXcM+WRuUhUZFUVGU8Ukee9 |
| MD5: | F681E32C0304DEC08C61D3BBAD54F638 |
| SHA1: | A506BF0A60924B4BF4CACF1A46D6C454B38A40AC |
| SHA-256: | E9C1EF885B9ED30B036F13454F735754E9F4327BD4F825F66B7A21287A430472 |
| SHA-512: | 8BB8E8BF1764DB6789C69BAC8BF0815C58FFAD560A5789E7D1043C6F4088BAB27B2320A16901BE72466926D745625A3D60D1FCBC5FD90C973D848D7569FA1331 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.2845579852253195 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXaXcEMG4+5IRR4UhUR0Y9F2DeoAvJfQ1rPeUkwRe9:YvXKXcM+WRuUhUZFUVGY16Ukee9 |
| MD5: | 0C6A2EB3255D6FF9AEDCBA310512FC40 |
| SHA1: | 9686DE31195925DCCCC0B579388FC606B1321F1C |
| SHA-256: | 0409C4079BDB1C2B9BC01491C988DD4A0745C0A4BF3761FC66E9D56FFC217AA2 |
| SHA-512: | A29E7F34C72872F9B4AD6D5ABDCA07807849D4C022EFF4B3CD1E3BE1A17CCFD2EEB3F16D6730235B474B6C907F918096A202B3F9EC6EE09C4756928938AF780E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.29118161687452 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXaXcEMG4+5IRR4UhUR0Y9F2DeoAvJfFldPeUkwRe9:YvXKXcM+WRuUhUZFUVGz8Ukee9 |
| MD5: | EDDC114F517531A831507B2F68C6250F |
| SHA1: | 42715163EFEFC8EB0DB8A29D9E37665AA731369C |
| SHA-256: | 80A989154BE3AB3CFB336726D5BA532BD1333994E5729CF6CF63EB5605D64638 |
| SHA-512: | C40F1511865C6C21F8DFFF44E22E4B97EDE1EFD24EA8A8CC0130402AF4119DCB31ECE5C1C184C3BD0C3D6569C22585C007AC7603A6241C413347D86919C4DCA1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1372 |
| Entropy (8bit): | 5.737592694572342 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XcM7UfUBKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNZ:Yvo7UfEEgigrNt0wSJn+ns8cvFJP |
| MD5: | 71723B098676E26EC433F4A4729866DA |
| SHA1: | FB96268F1740D87CBB9F748B6692EA7755A4AB81 |
| SHA-256: | ED379D951687A31AED36DC1FB6EE796BAC914889360B7ED8C0C8933741BC42AE |
| SHA-512: | 4EA8E0ED0EE39FEBFC306CA7C4BBF4DB825812123BF3A958EEB49BBFA74A0AA4DEEC3CEA177255B161AC3D11779F28F2355D2F163D514C813009CF033A6C2569 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.2881692136909795 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXaXcEMG4+5IRR4UhUR0Y9F2DeoAvJfYdPeUkwRe9:YvXKXcM+WRuUhUZFUVGg8Ukee9 |
| MD5: | 5B1769EEC8A26CC4661B0563946BB5E1 |
| SHA1: | 6696BAEA22213F2467D8937801B27A3B7FE30784 |
| SHA-256: | BFB0FF13D5A4D9EBBEFD57B6A70D111E569CED73151B26D94AD02FA7AB6782D5 |
| SHA-512: | F429FBA365761899441BBDD3DDEE314ACEBB0C0AE3E12E582CE20D99259947AFD5F46A1C431B75D33CC8313EB48829BAC7622DC8B5BFFF75A56F6953E45232EC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.772331542865433 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XcM7UfUMrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNh:Yvo7UfrHgDv3W2aYQfgB5OUupHrQ9FJr |
| MD5: | A20F24D8B68842B5FCA3F38CF55BB3D2 |
| SHA1: | 45315F9C53CFCB109BC016A9A992ADA57CC42194 |
| SHA-256: | D83C2EEA7F80B98618BD47C7E788FD4BD4150DF5199D40227A8302AC9D5356BC |
| SHA-512: | 0FC55CFD5C336A9A8C17875CC08451E49031B44395C8C771810892DCBC558357ADB8B24E0113F10B1E04DD4DFDF5145E362ECD8B2AEF0C863EB4163AFCDB112A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.271797622610955 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXaXcEMG4+5IRR4UhUR0Y9F2DeoAvJfbPtdPeUkwRe9:YvXKXcM+WRuUhUZFUVGDV8Ukee9 |
| MD5: | BD78948C0B4298DFECAE209F444F2651 |
| SHA1: | 182FCACD4D458DDD4B0F064776F8FB9C53E508DE |
| SHA-256: | 235188E3F596452D81279A187FB2A311E83D29311E75DBA130F34945899A5D92 |
| SHA-512: | BC25B884D8129E7B04DC3E4E6081DF4CBA81BADFDC9FA10910FA2C1BC8B84BC63978634EFBDC9734726BFE3221B777CF0A7439E02523F0CAD04F9981F62EB4FB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.275311052761458 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXaXcEMG4+5IRR4UhUR0Y9F2DeoAvJf21rPeUkwRe9:YvXKXcM+WRuUhUZFUVG+16Ukee9 |
| MD5: | C0B11D4381E36FB09389B69E0BD0DED1 |
| SHA1: | 6E8C4221330E9AA1DDDE483AB7C851DD5232B28E |
| SHA-256: | ED5706A761B3C2987AB50641E02BF95A0A383DD0946743840CBCB23452BD215E |
| SHA-512: | A265955302E078734D04B94DCCECC739D0C63329A89AD9E3D91972F07E146FBE62011B733DB674EF2E9C6432A2F1477A64824084E372B7357AF34835ED92D08D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.295004342449127 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXaXcEMG4+5IRR4UhUR0Y9F2DeoAvJfbpatdPeUkwRe9:YvXKXcM+WRuUhUZFUVGVat8Ukee9 |
| MD5: | D723A457EEA759F8866653D2C4A29AE0 |
| SHA1: | B780312AC810B79102E0D21292A1D0E94CA253BD |
| SHA-256: | ACA9D36F67CBF77CB8A91FB30F29049E781C108172FE7F1644F61C5EE8C3E4D8 |
| SHA-512: | 36F567AD48933429EB0B16F8DD0C66D3EDAE7D4CB3ED7047EC88F7EF21BCCEF4375E341389D2FECE5D9478BC9CC3474A01B8539860432F74D3275971218F1D07 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.250610437479748 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXaXcEMG4+5IRR4UhUR0Y9F2DeoAvJfshHHrPeUkwRe9:YvXKXcM+WRuUhUZFUVGUUUkee9 |
| MD5: | 1162103BC3DF6C4B3856761ACBC3F724 |
| SHA1: | 419865BBC48A86B0E9F22B25E74ADBD510589449 |
| SHA-256: | BCC532EFC44F0221A49C480C2C574AAF76950229770BF481D842A4479A6161BB |
| SHA-512: | 07025548E8C5A3A9D87A626CCFEE37965AF2A2ABB25B8AE129BC7C86DC072D3C9116C4A1A9305B8E70FDF4015B243F8046468354CCCB7E2944781AD351A6C2D8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.359285292073672 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXcM+WRuUhUZFUVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW1:Yv6XcM7UfUx168CgEXX5kcIfANhg |
| MD5: | 88DE7405F193B4E813D01DCE5E975223 |
| SHA1: | 2FF5AB153FF958CE5A4D0B80A48260841ED535D1 |
| SHA-256: | 780A2DE9FB85912585CC69421EAB63337D9A62235147C6A5F6B400E8DE900150 |
| SHA-512: | BC757C86143A8567FFA06D27FBC336A5C1E4160A66456B66C4FFAA241B760C7C671D09C881A2FD56C52D3F45CD5A2E15EDC593E0241D8F8B94C2F3A7B9C2ABCF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.11871237830416 |
| Encrypted: | false |
| SSDEEP: | 48:YPC2P7Gc7fObIVdX16ruPTYBfAhPtw1TPRniq8T2b97VpK:qC2iOfObIVdXkSPTYBohPtMTZnJ8Tw7W |
| MD5: | 4BFCA9570C655FBEB0A60B008D0616CA |
| SHA1: | 68DD52540EB2FBD2241AC3375375D59E57F6893A |
| SHA-256: | 7F1D51B645736FC0001C9072CABEF8B0F964F7ACC75A8C8A6FFD6090D763499D |
| SHA-512: | 66A06B4564FF008C7381D09F8A6B0F6DB50597ED134BB32A7EE9C8F6DF47A30D488D27A9B4F37FAC8B10BECDFA82E55F4825681CF99956F313B3972CCDA3E8CB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.9859381489938799 |
| Encrypted: | false |
| SSDEEP: | 24:TLHRx/XYKQvGJF7urs67Y9QmQ6QeKTIcLESiAieSTF:TVl2GL7ms67YXtrxcI8G |
| MD5: | E8B305B6A7F1037A22A814BFA5C945E7 |
| SHA1: | 15308BC5C733F7A492035716F053C7CCB8F7E52D |
| SHA-256: | 6613F44DF7BBB51FAA8ED7F1BCC9BFF9FC5E8ACCFD47F160E533F9CE19A6E21E |
| SHA-512: | 41786062E6069C899CD2BF36559CBEE9C9F704555B4AFAB15E99E569528FC495229BC291BF4C872300339B31AD45F1FAFF02E50F4831B9E2B34A2037F1253FA2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.3437972128546098 |
| Encrypted: | false |
| SSDEEP: | 24:7+t2ASY9QmQ6QeKT7cLESiAi0mY9QvqLBx/XYKQvGJF7ursJ:7M2lYXtr2cI8KYOqll2GL7msJ |
| MD5: | 2DCD01EC4234FA333467F22F25D8DEC1 |
| SHA1: | F2CDB134D524CF4B874AFD2FDE6A2E337414540C |
| SHA-256: | FC6B3429E804C5DCDFE78619C5E23BDB0D3E8A2E375B522ABB536B339F75978F |
| SHA-512: | 0E324442A092E1079393501584D60EA2ED5AD73072B8FB1AF648B57060FB08FF7134A61BCD14B94F6B6D9C59FEC7445CF6FC4B97E8E46CFCFDA08F2DAEDB2EB8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5274671434738973 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rkarNcDH:Qw946cPbiOxDlbYnuRKWNQ |
| MD5: | 4A3C6F469D73A2A9B5306ECC9795F920 |
| SHA1: | 8D4978BE2B26159FC83E641BDBEC297D192134FC |
| SHA-256: | EA16AD7FB3B92828D169B142F983C072AB210D2B8FED0BE050208C76EF7888D4 |
| SHA-512: | 750EC0E73BBD52BE1D21251A3918FF6B255CB2B94788F89C53F75BD0C67A48879F51000FADC72E18072FFF5FA5813579F49FBFC01DFB0C68591D43F4E973F3B6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-23 16-21-48-109.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.353642815103214 |
| Encrypted: | false |
| SSDEEP: | 384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL |
| MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
| SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
| SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
| SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.3164542606540595 |
| Encrypted: | false |
| SSDEEP: | 384:W40xsAQxcHfikU0ezvsNrw1Nu5yVeOBBOvD1t9n62WZQWvt3auD/e/u3ISaGXP/S:CZP |
| MD5: | EE2F26D9D7AD9B83BF35A2BA055F0E5E |
| SHA1: | 14D3F27A51688EE5D77DEB30A29075E240CD18CC |
| SHA-256: | 32DE9E06118625369DD60CEFF5E280E507780FAF1F06AA7D3C9CF447DA2F5F39 |
| SHA-512: | 1789C6B89AF503860259FCC3B592F2EBA441B8758CBF89A11C3E4DD08B0B8A6CCAC204E64BE032FD9E735299FCE75D422E80D7DFADEA6D0FE4FA9946352D506B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29845 |
| Entropy (8bit): | 5.4163433892247115 |
| Encrypted: | false |
| SSDEEP: | 192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcblR//7+fQd2OFOR8pORPGZitwcbTf:fhWlA/TVDIK |
| MD5: | A683F7E4FD28A779A00C2DDE20EE6BF0 |
| SHA1: | 86DD5CE6F2025B125328D535F2B10A25B5B955B5 |
| SHA-256: | CF447EBDD21196364DFBD4E054F1CEA8A3F313B6AACECDB3F1B37A97C87BC572 |
| SHA-512: | 5A411646415C2E538B89D904A10B28F1324B5A9347FBE67BFEF28C498F0700FE94611A2E5476F768D6555E944756D3F0DB912946AFF7616FC79A08A19D9CC550 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/gWL07oXGZIZwYIGNPJwdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:4WLxXGZIZwZGM3mlind9i4ufFXpAXkru |
| MD5: | AAAAB43627E96B02BC54A78F0EE8E32C |
| SHA1: | 03808205C51BA031BF69F0DF07C9C80835098104 |
| SHA-256: | B9ED5860C1528CAE5717E553381762D9C4ED093E546F7500F55B6B18B5C20CEA |
| SHA-512: | A476038C2BC9573AFA12D831678C0D2A6EFF0C1E065F7D214A0D5684E79AA7F02710DF30524DE0E6EC90CB660E581531DFA57F038EE1BC285B9BC3DAE17D133D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLaGZ4ZwYIGNPS:RB3mlind9i4ufFXpAXkrfUs0kWLaGZ48 |
| MD5: | 1D64D25345DD73F100517644279994E6 |
| SHA1: | DE807F82098D469302955DCBE1A963CD6E887737 |
| SHA-256: | 0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC |
| SHA-512: | C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.933631183061793 |
| TrID: |
|
| File name: | FEFR237_f090161469300000000ED.pdf |
| File size: | 59'305 bytes |
| MD5: | cddb06f6ef3ce9ce2c7056d5f55ad7bc |
| SHA1: | 7d8dac629cb54440f00974428c7751fe2b206a98 |
| SHA256: | 7bb5d08f5bc407547f7f865ff4f31206bbcbcf2f0611db8e19bd80baca404c52 |
| SHA512: | 855538744f7b973dedb8c4f3c33d1f32fc519113d4179cdab7585118a1c3f3483cfc4243ecc36f19f383561f73059e9af89b6ce8ce7562baa9874b8841412925 |
| SSDEEP: | 1536:G8MXKVdrv9zIZ8ezNZl5CZ/l5GgDyor6eRgWUXn/F:IX8veNVvgD9me5U |
| TLSH: | 1543E15099C2D88CBD9B2ADE3F947550879CF7B173E9E1859C2C8E28E143FD8E51B10A |
| File Content Preview: | %PDF-1.5..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(es-CO) /MarkInfo<</Marked true>>>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 7 0 R/F3 10 0 R>>/XObject<</Im |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.5 |
| Total Entropy: | 7.933631 |
| Total Bytes: | 59305 |
| Stream Entropy: | 7.964927 |
| Stream Bytes: | 54964 |
| Entropy outside Streams: | 4.913626 |
| Bytes outside Streams: | 4341 |
| Number of EOF found: | 2 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 17 |
| endobj | 17 |
| stream | 4 |
| endstream | 4 |
| xref | 2 |
| trailer | 2 |
| startxref | 2 |
| /Page | 1 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 9 | 6179f9e9696987a9 | 6c3a324edcdb758538077eb77ced1701 |  |
| 12 | 29575b6d1949673f | 467d81019eabd671b5b228c6fd866073 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 23, 2024 16:21:58.996828079 CEST | 49705 | 443 | 192.168.2.16 | 23.48.8.182 |
| Apr 23, 2024 16:21:58.996876001 CEST | 443 | 49705 | 23.48.8.182 | 192.168.2.16 |
| Apr 23, 2024 16:21:58.996946096 CEST | 49705 | 443 | 192.168.2.16 | 23.48.8.182 |
| Apr 23, 2024 16:21:58.997122049 CEST | 49705 | 443 | 192.168.2.16 | 23.48.8.182 |
| Apr 23, 2024 16:21:58.997140884 CEST | 443 | 49705 | 23.48.8.182 | 192.168.2.16 |
| Apr 23, 2024 16:21:59.347577095 CEST | 443 | 49705 | 23.48.8.182 | 192.168.2.16 |
| Apr 23, 2024 16:21:59.347919941 CEST | 49705 | 443 | 192.168.2.16 | 23.48.8.182 |
| Apr 23, 2024 16:21:59.347968102 CEST | 443 | 49705 | 23.48.8.182 | 192.168.2.16 |
| Apr 23, 2024 16:21:59.349467039 CEST | 443 | 49705 | 23.48.8.182 | 192.168.2.16 |
| Apr 23, 2024 16:21:59.349545956 CEST | 49705 | 443 | 192.168.2.16 | 23.48.8.182 |
| Apr 23, 2024 16:21:59.368969917 CEST | 49705 | 443 | 192.168.2.16 | 23.48.8.182 |
| Apr 23, 2024 16:21:59.369127989 CEST | 49705 | 443 | 192.168.2.16 | 23.48.8.182 |
| Apr 23, 2024 16:21:59.369177103 CEST | 443 | 49705 | 23.48.8.182 | 192.168.2.16 |
| Apr 23, 2024 16:21:59.416596889 CEST | 49705 | 443 | 192.168.2.16 | 23.48.8.182 |
| Apr 23, 2024 16:21:59.416626930 CEST | 443 | 49705 | 23.48.8.182 | 192.168.2.16 |
| Apr 23, 2024 16:21:59.463591099 CEST | 49705 | 443 | 192.168.2.16 | 23.48.8.182 |
| Apr 23, 2024 16:21:59.492489100 CEST | 443 | 49705 | 23.48.8.182 | 192.168.2.16 |
| Apr 23, 2024 16:21:59.492707014 CEST | 443 | 49705 | 23.48.8.182 | 192.168.2.16 |
| Apr 23, 2024 16:21:59.492770910 CEST | 49705 | 443 | 192.168.2.16 | 23.48.8.182 |
| Apr 23, 2024 16:21:59.493748903 CEST | 49705 | 443 | 192.168.2.16 | 23.48.8.182 |
| Apr 23, 2024 16:21:59.493791103 CEST | 443 | 49705 | 23.48.8.182 | 192.168.2.16 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.16 | 49705 | 23.48.8.182 | 443 | 3908 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-23 14:21:59 UTC | 390 | OUT | |
| 2024-04-23 14:21:59 UTC | 247 | IN | |
| 2024-04-23 14:21:59 UTC | 120 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 16:21:44 |
| Start date: | 23/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff792d10000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 16:21:45 |
| Start date: | 23/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7e2560000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 16:21:46 |
| Start date: | 23/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7e2560000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly