Windows
Analysis Report
ATLAS.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
No malicious behavior found, analyze the document also on other version of Office / Acrobat |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
- System is w10x64_ra
- Acrobat.exe (PID: 4196 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\A TLAS.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6232 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6468 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=15 88 --field -trial-han dle=1568,i ,134294045 4340323647 3,65309931 3419560773 9,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Static file information: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Process information queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.202.56.131 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
23.40.24.185 | unknown | United States | 4230 | CLAROSABR | false | |
54.144.73.197 | unknown | United States | 14618 | AMAZON-AESUS | false | |
172.64.41.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430702 |
Start date and time: | 2024-04-24 03:19:51 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | ATLAS.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@17/36@0/37 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.40.24.185, 54.144.73.197, 107.22.247.231, 18.207.85.246, 34.193.227.236, 172.64.41.3, 162.159.61.3, 23.78.141.147, 23.78.141.137
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, p13n.adobe.io, geo2.adobe.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.1038349788175825 |
Encrypted: | false |
SSDEEP: | |
MD5: | 67EE305C91A873F0C48342937F1A0522 |
SHA1: | 1E3567A6F3ADD6950B56705E5559AFF4C9B4E613 |
SHA-256: | 4D90101EC8D4A704BFC3D104D9D2A1F19CBD38EA9B19BF4B2E2C1ECC47C195F6 |
SHA-512: | 82161A6735F43C993E9F0232823A0B7A638579D727A18C7BAEF08AB2F80B38A4D1538A045BA2DF87BAE764412DA0CDD857757B2E6EE1293FF9C6FD728DB458A2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.155708125591855 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0F0AD4DFBD858307FF72470512DEF5D7 |
SHA1: | 7D0BF7BA56FE0675759772526B95688E921689C6 |
SHA-256: | 544EC576BB50C629728F53B9382A3577760490BD67AE17A668FAA3493A301D3E |
SHA-512: | DCAE705F72D9654D3EFF4593B5E47E1936E996B97679563691AC42739F6847245567125CC6D9AD30493286E113A92CE2309DC3952698D56B2EA4F8851D6578D1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\57eff3b9-c1bb-48e4-8cc1-855ca3ea8864.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.968764232237966 |
Encrypted: | false |
SSDEEP: | |
MD5: | 88C5CD4A438BF99977BC68690132BDC0 |
SHA1: | 0174550AB3556CE4EEA104D02C38DFBC82F1C753 |
SHA-256: | 4E939592583630B8B8C550303E696AF9D011B2A47E18F1F99B8771F9DF23FA09 |
SHA-512: | D9CA1D9171A3B94281803C904172337C488A909DAB9BB1550C7D2D1C0CB05A8F0F45659CAEDC3916A2C22A785BB7FCC269B10D6EA820B53D8836E00256204615 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5bc2d8.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c6f6ff46-19c6-475e-a865-d6aedf251817.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.23478905402373 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9846C599AABA6CD8BBF6C7FA9D838715 |
SHA1: | 260589FF1EE3D1A7A92008FD0C84AF0C2C59AE67 |
SHA-256: | F82CDA5C74562D14C1847D35027DEE089079823A8DFB232E0C46EAAED2D8C4ED |
SHA-512: | 6C7C5EB1F46482A349BF13A8D2A981667CA5133A05EAFA46A33ECC743482EDB6E72202D707998904D6051690CE378CC4E065CF457F551706F7356C2DB237F1DE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.163905886107901 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8E877920E8DBC453209DA6E0791EDF63 |
SHA1: | 7D9D32D0DA5FB500EF274F0146F52AE2E026C199 |
SHA-256: | FF936F3B25D905071AB61FCBF6E782625A54FAED6AA2DA7118BD34CBDD6F15FE |
SHA-512: | 39BAC2F03E513F2C1E13A0FC240CD1D59F5DA53919A9F3920BD216EA8148D3CC911181A93D271D6593B6262A6DCE5DDAF4239ACB215AE90313464A9896E976D9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2146048566684249 |
Encrypted: | false |
SSDEEP: | |
MD5: | 35D665BF50D52D89057123CFF270EC48 |
SHA1: | 3A74E9D3A38CA9130867E307E0B85184588977DC |
SHA-256: | AEF80FF13D5C9033F67B5DD26DCF1DCE8031B75403CEBCFD2620117EE988FC63 |
SHA-512: | 6492552430CCC26383EF31378ADB9B2317C78826E3EF8A53796F01984E958F74DB77F7DD7A9FA265BA4F6FAFC45C14BCC1DF5B0F57577A9AC241EA782F014A3B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.384712493716201 |
Encrypted: | false |
SSDEEP: | |
MD5: | A170C6D71B2FA582D1242CC8FA850F3D |
SHA1: | 54CA5AC78A9A85C352B962B6900D66B06E788508 |
SHA-256: | 53979FB3EE331DBFCC9CD22BAB0398CB3C39F969804ECEC8A2B31560E2E3929D |
SHA-512: | 98AA73D326F50C2B194CE07B1BD099E454D0960EA4A3127D898A0DA4DCC20C08BFD308E2935D9C0CB70BC782667608C035C8830D96D8100123CBA71D75B5190E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.335730858043416 |
Encrypted: | false |
SSDEEP: | |
MD5: | ADB5A882537C202E32BF7A4F3FB8D665 |
SHA1: | 9794A19B82C6B4DA9606267211C5CBD4AC81EB85 |
SHA-256: | BBA46330CEF8588FD8389541C6535FBA85BDFCDDAA911764E6A1346EB1628736 |
SHA-512: | 52110B3D3CB0F2593FBF0A682EE54D888D6A7D1923545A2FD49F3C304E2BB40B5294FE18486DF065A4D9203F6D20EB34138FEA82836DF8B7A5936576937185AA |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.3132740562620375 |
Encrypted: | false |
SSDEEP: | |
MD5: | 176BA283E57851224E7AA82D6A30145A |
SHA1: | 2E37CB1AA0252EB8EF977AECA6A20AB7DD95CD2F |
SHA-256: | 545A7FA5CAEFAFAE1EFABF1A8BC8540BCD407BE48F14544CBB394B9B22E92090 |
SHA-512: | 7C097E9E21E0C5ECB0B6A574EDE725C8F7ED999DE0CC3492FFC4D04227DD927951F0797355B7162572CF7CA6F7D78B925F554F8EB1D31C71E14882C073601D57 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.373841773944881 |
Encrypted: | false |
SSDEEP: | |
MD5: | DFA5B4A3A5C4214EF573BC7D3DC61502 |
SHA1: | A756F7AC470122C149E22BE797AE335E9A6FCE68 |
SHA-256: | 7791EB059C480767CCA487EA61A6BA8BDF6E32841AEA50875818FAFEA9B9391F |
SHA-512: | 5EE8412C2EA1BC2B2B602FD995C42459489DC07B13A588CDD7123307720BD8185496DBEE56FB273E204856EBAB473C0EECED9B08E397CB4E4859EED4D2BADA06 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.337938290888525 |
Encrypted: | false |
SSDEEP: | |
MD5: | F4FD1AC3712B5C37E109C2D14A65AA81 |
SHA1: | F175B8192374161DBAE54352BF113E4486938DD9 |
SHA-256: | F3613BAD5226BB9F09C43C51ED804BC5B976230158E27EEEBD8AF95A56C8FACB |
SHA-512: | 452CFBD21CDEA8458541C481A035E473C818B4030C675F8E28C823D2F060DD4AA44E2E973208951BC86AC8758EAB99BC8EBD4F90008E5D5DF9763980B30D9F93 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.324054261431995 |
Encrypted: | false |
SSDEEP: | |
MD5: | CDF1067E2C8CC3774194BE644D5797B6 |
SHA1: | 85B07C972F8DD3CD7E1E96DC01F3298D03F551A9 |
SHA-256: | 600CF16FB05F770265BA46F624FDDFC100B0F347344CF6254A4C0F9D05FA198B |
SHA-512: | 99C6305F7567945A96EE4F471DCB22406720818B5EF7DB8F8EBFC39315644C17293F1768FBF57DF3660774898C6CD3779B4BE9BDB440C0EB3EBE01374B524E0D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.3267501801472665 |
Encrypted: | false |
SSDEEP: | |
MD5: | 98E60C2D2EFB54D267080971A03E27A1 |
SHA1: | 00692635AD9E04D11953701CFAE6FA24578C8BA2 |
SHA-256: | 67750A69675207F69051229C4AAED03A9DF52EF6CD94E0A24FC651576070C7D6 |
SHA-512: | EC67FF8647A202389BBAFD240E3FB7274D930ED3F38A741823428FE9147E19B5BB087AC76055D25B062DF82A0DEA779C22B342F1C1BC97624FF56765C5DB00F9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.334816962800685 |
Encrypted: | false |
SSDEEP: | |
MD5: | E0287D9C6257F3B2648CD0E44F736299 |
SHA1: | 156C5238B3704B4D4DF45D2AB6840E520172D643 |
SHA-256: | 16AC0C310D1B0FBAFFA0E670969194E0A1F24E7ED5E147EAF49F54BFA9368FC2 |
SHA-512: | 1721B9B9DFA9A65A64DDD6A870CE4966747DC1BF05CC65AEB297C05F830061C0DCC462580583FEEB353B1F089DFC091085EA4FA25365321217B9780519F40BC5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.742248189870189 |
Encrypted: | false |
SSDEEP: | |
MD5: | C9C1F9E7F41241675AADE702FBB15B44 |
SHA1: | 3DE175D8C12DEF24BEFE506181C62769A683DA58 |
SHA-256: | 3F91D564DEE6ACDC1A55433900DE934E4D079ABB0390F40A1E5E41DD9929E983 |
SHA-512: | D1E02503B18ED8FA31F24B35C19C88D7F572A994DCB3FD055B20746AEAAB75254A10566D9923B0B13F4AE84E2093A75FAE4FF962809D63EE031DE36642171B0A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.331405412916038 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7667C13EFEC1E9FA27D2167C4E978BC7 |
SHA1: | 1A9D31095601D5B5A0BD015A4AD8828E2CF25245 |
SHA-256: | 933F9393DA24C9AB80F7BA9B5C554015369B004E242C9BD97E6E847C1CD23633 |
SHA-512: | 8130356E70AC020A06D2C9DBA39106EE532DC7FD922BE66ED34336A182799F4A4078457EE02B1219626C8E900A7F17CE94B3E96AF16BB8ADEEEF7D1691867C2B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.776649587185492 |
Encrypted: | false |
SSDEEP: | |
MD5: | EDD936B02408678D0E6671CC8C3880B4 |
SHA1: | 4211D9928BEB6E0C107651126173D41C6DE20589 |
SHA-256: | 98FC6FC02F2FB27BE71A63CB51AF89C1727686CB7AC6B13334E0B15BED88BBA8 |
SHA-512: | 7DBE4EB6F1C9FE9973AE3BF115084C5D911AA653A17578B79D0D850BCE031717CE92FD157098B0AA1EA9D89D8D7242C64CB47E6BD7615BF675E6B62332CF0445 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.314736665827592 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8FF54DB912A615F0F5C122E42DA77E25 |
SHA1: | 005944CCC1FEF3629B6C49FA01A79CAE9C2CFFBA |
SHA-256: | 711693ED6BA89932393B4E5E3645CF50C9C360BD718467FAC6E6A6CB35E34676 |
SHA-512: | 086DCE9758F80960C011C00F86AAD61E34E442FEA83CC544DCB2001AEC69A42046C9405ADFE75C73E9E69B56F49AB33A962B912CC5DA16041DCA7045F1ED7429 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.318238303344065 |
Encrypted: | false |
SSDEEP: | |
MD5: | FB9944120314198F46FC0C11AD379D16 |
SHA1: | 9ACFF22A863EC5799C6FF89F667625FB8C8DD2EB |
SHA-256: | A22E04C0F52E9949B9F89484014E27475512ACB7F2B047FA49CDEC3BDAFF5966 |
SHA-512: | CE3C011430332A0CBF95782BE6997BC7EF09B3DF7E05A5016A105E7921A56CF67087576152B05045E4F23C508B3CBE92DCC25DA565443E2A431021317531F4F3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.337634518633239 |
Encrypted: | false |
SSDEEP: | |
MD5: | 10E29184A288250A812EA37F4BBB16F4 |
SHA1: | F5F1D0543648CE5EBA8AC10A2537B7EAEC69D94D |
SHA-256: | 039CB2BC3D84D5304F31061B5DBFA348BA7FBD2D03396140FA3C66B7D50DB6AD |
SHA-512: | 1D4B14FDD04BC8A7D21EA958777EA1A1AD80CD6BCFBB5FF7F4D606B48EC2AE4EF614B76E9C52D669E1AE4B6BE3D90ED19445944D5F40D41D24FABF0AEEBD859A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.294703496824719 |
Encrypted: | false |
SSDEEP: | |
MD5: | FDD69A53EE0A9FD614BA985EE461D472 |
SHA1: | D77BA28E7B1FDF52D93B204361C4DCC1640F14CE |
SHA-256: | DA09BF4D03CA48FE9FA69BE9B3874FBD262693C2E21E6D6AF4C7B65756F1647D |
SHA-512: | B02B79F980E7E12FFDC973A72725AC6129683B92E378D08F5E9595FA5B187942FC4EF545750AABEC6813A7042568837B663A499C48DEB0E4D208EC117FA74A61 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.371720312812892 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3B4CC132BF04CB81433678E9D2C73C7C |
SHA1: | A0519FE5A5F27162B2556CE92060A89375E6BE95 |
SHA-256: | 02E893F03640D2501BA214ECFF08EDE70587AE6DDFE877100321E87CB790A636 |
SHA-512: | CE5BDA435CB66732AA99605631A0A68D8648F42EE44F5674E82A03CF7C21A5BEEDA84F74EA57F70E83E6280B7DE61F0CEE9203E02C6D5F66A1550A0AB637B02C |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.135249917411912 |
Encrypted: | false |
SSDEEP: | |
MD5: | C433DFC77BB6EF5E586DBC58740E3075 |
SHA1: | D6FC703653BFCBDFB269E7B056429FE6BE3A1957 |
SHA-256: | 37A74A9F6AFD6A2F1E9D96F6062D137F8C40CE0AC4A95284DFCEDA70C287D3AF |
SHA-512: | E1603BC45BBDA030AF058880E7E9412DB80DFD6B14E3F1DA9E0A1CE49558BD622697462FF326332A1E19E1FFD3E4B5DEF81DA9ECBB8CF3ECB839544F8DAE7EC2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9874776885479593 |
Encrypted: | false |
SSDEEP: | |
MD5: | 478959FD7464E430112AD74EC7FDCFE4 |
SHA1: | 4D581839CD7B2C263DC0F049143D0B4ED443647A |
SHA-256: | F73D07BDD3FA74B8106DF88C2DAFB652C92CB60B6C82FA49CFA0D4DCDFB3A0F7 |
SHA-512: | 4DCD1553E000062BD5748680C2570C5475E502B64260117E329D6B7BB8A695E144E07EF46827F6354541662E38BE6F529994C85E8F7EF291824E7306E710492A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.344255084442598 |
Encrypted: | false |
SSDEEP: | |
MD5: | B1A32902C6E717ED0AF4E36126D13779 |
SHA1: | CB29B2BECE661644AA3C1DE4AF6A77E429693B03 |
SHA-256: | 66A18B56D9691EE450CBDD74AFBC4BE590C06BBB58D522FE0BFC4601D1C067DB |
SHA-512: | 6B2138C1D8E13BC31F062756E01476F96EFB467084A11C21C847701841E00CB3FE184D87B86BC974D3C7C49089C004E276F13DA3E56504B0AF46A8AD7D4485BD |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5085442896850614 |
Encrypted: | false |
SSDEEP: | |
MD5: | 69F4847B88890EFCD6A368F7090D6325 |
SHA1: | E6938BFEE8C5685CF2B0E62A22CCC7CBD394D6BF |
SHA-256: | 54A01793BA47A011BA83169D0CDFA28E2DF4FA5104E40E80B6B1AA5FC455911D |
SHA-512: | D963FD1F0A8B445C740F2D896F76C99051AE8E03DEDA55E1A61D1E3184C7AC5273A36377418573C5ED40788F1CFA332C95721D3611C27B59383A2C8963BFE727 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 03-20-23-506.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.413672706287621 |
Encrypted: | false |
SSDEEP: | |
MD5: | BD1EAB6FB253410F1DC3E26ED09043AD |
SHA1: | AC66D0742433BD8BDD00E8786405E8AD3BBC7569 |
SHA-256: | E59F67E7B86B16E543FF50B97674232360D961FC9CB910DBC3F3C21B23A49281 |
SHA-512: | E5901FB2F87D0D6CA6EA9228531472A2A5B55B7717FD7EE8C1CC326C3878F7E294318A3CF816C98F5F705B56B45EC6DD1837F85FEC27A02AB4E5D6ACE6B72751 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | |
MD5: | F6CACB4A8F3328CA8C06812420C0337E |
SHA1: | 184589C5954FE73E4DF5569A0D0E2F85189917DF |
SHA-256: | 91E9A938AF33129F4DD910E38980BEAC9C64982E76458D75B92CB03B0FBCDFD6 |
SHA-512: | 78D790967B665A9EC54C92ECB89336A67D8ED7B385B25AC465A28F31BF88D7DFC1A2FAE4791BEE33E48CE5EF783C1C9169D1C905E9CFCA090FF54C71335FA0A0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | |
MD5: | 59EE5E2FB56A099CAA8EDFD7AF821ED6 |
SHA1: | F5DC4F876768D57B69EC894ADE0A66E813BFED92 |
SHA-256: | E100AAAA4FB2B3D78E3B6475C3B48BE189C5A39F73CFC2D22423F2CE928D3E75 |
SHA-512: | 77A45C89F6019F92576D88AE67B59F9D6D36BA6FDC020419DAB55DBD8492BA97B3DAC18278EB0210F90758B3D643EA8DCF8EC2BD1481930A59B8BB515E7440FE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.990919007488604 |
TrID: |
|
File name: | ATLAS.pdf |
File size: | 13'631'488 bytes |
MD5: | 04d9a56cf5b5d9b8b5d5371a9e055fa1 |
SHA1: | e2e2b1e05f319e3c7b94cebc919ffe2a332b382e |
SHA256: | a000ec5ff465bb735023ff7fc9762db6200a8174ebe629b2deaa3ba63767bcf6 |
SHA512: | 1cfc7c86c545d296bb15ea455dcb1d8a4a0e06cea06d01ff615ee78882ed110652fa78150397fc01708a47e55a6f0586105727ed3251251748be4da174fccca4 |
SSDEEP: | 393216:w9DV36G+C0JJYZ7HObMUpeohw7j4y4wzaVTkchVOtS:w9jR7HR5A2W1kQVOtS |
TLSH: | 3BD612039D14CB97E41983F4FE075EA95F0B2B59E8923AFA50224ECB3E546215CCE47E |
File Content Preview: | %PDF-1.7..4 0 obj.<<./BitsPerComponent 8./ColorSpace /DeviceRGB./Filter /DCTDecode./Height 110./Length 2938./Subtype /Image./Type /XObject./Width 110.>>.stream.......JFIF.....`.`.....C................!.....(...!0*21/*.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.. |
Icon Hash: | 62cc8caeb29e8ae0 |