Edit tour
Windows
Analysis Report
Invoice INV-06765.pdf
Overview
General Information
| Sample name: | Invoice INV-06765.pdf |
| Analysis ID: | 1431289 |
| MD5: | 6fc0a38af5eb50d380874c74ec6b19dc |
| SHA1: | edf86d6f34d39b5d09041889a7d3abb7e55c9527 |
| SHA256: | 45b3c59e3bb5e2a9b10dfddd6cf937efe93b5ef0d147e1610d0f81e5c384eb8c |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 7260 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\I nvoice INV -06765.pdf " MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 7432 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7616 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 64 --field -trial-han dle=1668,i ,162635884 5279823294 6,70478953 9184736039 9,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.62.176.141 | unknown | United States | 3257 | GTT-BACKBONEGTTDE | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1431289 |
| Start date and time: | 2024-04-24 19:36:47 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 10s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 10 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Invoice INV-06765.pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@14/44@0/1 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.202.56.131, 52.5.13.197, 54.227.187.23, 52.202.204.11, 23.22.254.206, 23.199.47.144, 23.199.47.150, 172.64.41.3, 162.159.61.3
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Invoice INV-06765.pdf
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 23.62.176.141 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Gamaredon | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| GTT-BACKBONEGTTDE | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | NetSupport RAT | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.208735922003362 |
| Encrypted: | false |
| SSDEEP: | 6:/BkVq2Pwkn2nKuAl9OmbnIFUt8gBkgZmw+gBkIkwOwkn2nKuAl9OmbjLJ:mvYfHAahFUt80/+05JfHAaSJ |
| MD5: | C9ADF7EB6EC263F3C397666E776092B7 |
| SHA1: | 23D230C6C6C5646C82FFE3A5EB93B6EF14792404 |
| SHA-256: | CAEC834D709CA2B16229506E3FEAF9D4D1A2E3F0BB25EE434608F26A3E593BCD |
| SHA-512: | 718549EA38063FEA4AE3C56888EBDDB03FF03B2337C13F04E40B41CF9C4FC70A37B206D7CD96B40EA31D62738900903BA6B59CB746A92ABF7F6EF6424D3D04B3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.208735922003362 |
| Encrypted: | false |
| SSDEEP: | 6:/BkVq2Pwkn2nKuAl9OmbnIFUt8gBkgZmw+gBkIkwOwkn2nKuAl9OmbjLJ:mvYfHAahFUt80/+05JfHAaSJ |
| MD5: | C9ADF7EB6EC263F3C397666E776092B7 |
| SHA1: | 23D230C6C6C5646C82FFE3A5EB93B6EF14792404 |
| SHA-256: | CAEC834D709CA2B16229506E3FEAF9D4D1A2E3F0BB25EE434608F26A3E593BCD |
| SHA-512: | 718549EA38063FEA4AE3C56888EBDDB03FF03B2337C13F04E40B41CF9C4FC70A37B206D7CD96B40EA31D62738900903BA6B59CB746A92ABF7F6EF6424D3D04B3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.166212214627004 |
| Encrypted: | false |
| SSDEEP: | 6:/lBFIq2Pwkn2nKuAl9Ombzo2jMGIFUt8g/ZNZZmw+gEFkwOwkn2nKuAl9Ombzo23:9cvYfHAa8uFUt8K/+FF5JfHAa8RJ |
| MD5: | 937F3499ED6B218B41DFF3E793B49366 |
| SHA1: | 1A16AF0F679D94389B752954D8BAC90B6344BFF8 |
| SHA-256: | E8A6922A791A19D12254FAFBE06402BC8650CBDD8820B127362DFC8C5BDF87F8 |
| SHA-512: | 61A6E8AF76886E5A75FE6A1DCB30DC8124E52370C203812FE0141CE7D6289DEC527979EA89658F60E7490059518782DFBBA0AFB4778D676F6CED6FA30423F9D1 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.166212214627004 |
| Encrypted: | false |
| SSDEEP: | 6:/lBFIq2Pwkn2nKuAl9Ombzo2jMGIFUt8g/ZNZZmw+gEFkwOwkn2nKuAl9Ombzo23:9cvYfHAa8uFUt8K/+FF5JfHAa8RJ |
| MD5: | 937F3499ED6B218B41DFF3E793B49366 |
| SHA1: | 1A16AF0F679D94389B752954D8BAC90B6344BFF8 |
| SHA-256: | E8A6922A791A19D12254FAFBE06402BC8650CBDD8820B127362DFC8C5BDF87F8 |
| SHA-512: | 61A6E8AF76886E5A75FE6A1DCB30DC8124E52370C203812FE0141CE7D6289DEC527979EA89658F60E7490059518782DFBBA0AFB4778D676F6CED6FA30423F9D1 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.969516568575897 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZRhsBdOg2HKAcaq3QYiubInP7E4T3y:Y2sRdsXdMHKr3QYhbG7nby |
| MD5: | 9741C7CF2CBC59446478653BDF4AE9E8 |
| SHA1: | F4CA0CE956832D808AB47C08DA6280DEE32AD47F |
| SHA-256: | 7C21A9412FA99AFF415E23B1BFC3100E56EE51050ED9D7C10765CEC3A0569CD6 |
| SHA-512: | 6BF4EEE97F079233BC71660A03661BACE1877C94CBC8F65129C4E5590645C2007A3955542E23EF3799E1DEB4514D4BAF3340EEFF2E261D040B9C4F03EB04F5ED |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bb136336-7609-4182-b816-64603bbc6329.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.969516568575897 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZRhsBdOg2HKAcaq3QYiubInP7E4T3y:Y2sRdsXdMHKr3QYhbG7nby |
| MD5: | 9741C7CF2CBC59446478653BDF4AE9E8 |
| SHA1: | F4CA0CE956832D808AB47C08DA6280DEE32AD47F |
| SHA-256: | 7C21A9412FA99AFF415E23B1BFC3100E56EE51050ED9D7C10765CEC3A0569CD6 |
| SHA-512: | 6BF4EEE97F079233BC71660A03661BACE1877C94CBC8F65129C4E5590645C2007A3955542E23EF3799E1DEB4514D4BAF3340EEFF2E261D040B9C4F03EB04F5ED |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4730 |
| Entropy (8bit): | 5.249414421746943 |
| Encrypted: | false |
| SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7ttc7wlZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go9 |
| MD5: | AD2D0B0E033C44654AD610C0E51AC1D9 |
| SHA1: | 28C93EAE9FD210FA51397CDC3B8B03BE0BDC04B9 |
| SHA-256: | AADDB295D20EB267346955FE78D2EEE157BA679617D1D9B58C42CACCAC8B3503 |
| SHA-512: | 37DAB6B991089EE8BB273848E091B59039880DA011BE8BCCEECC9BA6F834F207E501DD97FB0E9D8CDD6E8EB77E638EB5079ED51677A072D50E42C41AFB5BB87C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.164788611109315 |
| Encrypted: | false |
| SSDEEP: | 6:/xvIq2Pwkn2nKuAl9OmbzNMxIFUt8gmUAVhZmw+gYAzkwOwkn2nKuAl9OmbzNMFd:SvYfHAa8jFUt8ff/+FM5JfHAa84J |
| MD5: | 2BBCA859C2179196B3658987661D158F |
| SHA1: | E0D23AB99E07090927C206CBA47DD9CD10CAD705 |
| SHA-256: | 8DB9E05327BEE135F6E4A7422E37E62BA7244E72A3CC825F0AD6E288FE2CD545 |
| SHA-512: | 09A2E4233FB5DCEACC15B0CAEF31C8BA6D6E2F0D98139ABC85865A3554E99DA6E526DFE37D4CEE8F9F9548912DBE72CFC754FD877ADF5E6CD071C2371BC3C1D0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.164788611109315 |
| Encrypted: | false |
| SSDEEP: | 6:/xvIq2Pwkn2nKuAl9OmbzNMxIFUt8gmUAVhZmw+gYAzkwOwkn2nKuAl9OmbzNMFd:SvYfHAa8jFUt8ff/+FM5JfHAa84J |
| MD5: | 2BBCA859C2179196B3658987661D158F |
| SHA1: | E0D23AB99E07090927C206CBA47DD9CD10CAD705 |
| SHA-256: | 8DB9E05327BEE135F6E4A7422E37E62BA7244E72A3CC825F0AD6E288FE2CD545 |
| SHA-512: | 09A2E4233FB5DCEACC15B0CAEF31C8BA6D6E2F0D98139ABC85865A3554E99DA6E526DFE37D4CEE8F9F9548912DBE72CFC754FD877ADF5E6CD071C2371BC3C1D0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424173740Z-155.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 0.9115517986426381 |
| Encrypted: | false |
| SSDEEP: | 192:bl+tZSs5phkyBhCAFs77T0bvrvuEjrZVPBxISy:bl+XSs5phvBhCA60OEjrZVPXBy |
| MD5: | F5748049781DF801C0D0ADDB9FDBFB83 |
| SHA1: | D3F8CBB77F4A2B1F573EA1CFD6310818F0576A2D |
| SHA-256: | CEFC8019C77EE55729822918D09F4A732F0F0512E1FAA9C48DE351E66AAE8EB9 |
| SHA-512: | 347691DA893258D112ECFF5EA5F8D769C06E38D6A8F099C416B96B1FB1967BA789B55A5AB5B48F9EC9DBD9934583F124142E3A181F6116D44717A987D5DB9413 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.44534983638152 |
| Encrypted: | false |
| SSDEEP: | 384:yezci5tEMN2oiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rEMN2Ps3OazzU89UTTgUL |
| MD5: | 0B493808096AB973520BD6A1C9A8D5AE |
| SHA1: | 57CA3BB20152D705945F1397525E0F4B8CBE315A |
| SHA-256: | 9177F52A25A02ABCD3FC3655E785A989A07B571C50C79485F85B80AF0D5EC3FB |
| SHA-512: | 97D64EB60D4601DE8EB4F6121EC3AE97C0C73D0C48FA8990A434749C926E24EC1CAE2D544496029819418FC9E52165F00A8A4AA9D9317FB334D01A01A7225DED |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.7719312768137483 |
| Encrypted: | false |
| SSDEEP: | 48:7MWp/E2ioyVTBioy9oWoy1Cwoy1KqKOioy1noy1AYoy1Wioy1hioybioyk+oy1nd:7ZpjuTBF1iXKQv8ub9IVXEBodRBko |
| MD5: | 096B925B34CCFEE2C5E71EB7BFE83EE8 |
| SHA1: | 31255C6201DEA9F4BC25FC82909E99E8BAC21B0E |
| SHA-256: | ADC2E8DD2E149095818B81FE6F457363919172367BC0C0D9AB31C9D5325B43A4 |
| SHA-512: | 064C606CAEA353481F2F293AABF4850541D1DE76DC8BF80518776821AE1752B77428FFADD883A572954D2CB65285C7E093E447AE541C5CA82322D0098384C3BA |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 243196 |
| Entropy (8bit): | 3.3450692389394283 |
| Encrypted: | false |
| SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
| MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
| SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
| SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
| SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.339066813998915 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXYs9VoZcg1vRcR0Y2oAvJM3g98kUwPeUkwRe9:YvXKXYsEZc0vWGMbLUkee9 |
| MD5: | 96E238202E8F4A1358109F186C3A74CF |
| SHA1: | A69392A73514E35DF40610C67624939F12FCA7E1 |
| SHA-256: | 44373C7BBC9E65F8D746C9F91BDF66EE4BD37F6103FF8F2299328E6E6DA7F09B |
| SHA-512: | FA5B1C978355C3C0C5D9DF81E1E304C31D95567C8D71789B6A4B77962A0DF0D29F13775C4C28968EF9D2D737075BC507C66216C1B575E3699F0AE67CFCC59541 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.283147500799135 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXYs9VoZcg1vRcR0Y2oAvJfBoTfXpnrPeUkwRe9:YvXKXYsEZc0vWGWTfXcUkee9 |
| MD5: | 69B22BC97BC80625A83B595FFB32ACDC |
| SHA1: | 84A48660941EE5D238B32534FC037657A2AE08B5 |
| SHA-256: | B4B48198759FAC41F520A7D57BD011BA994B13DF90D805CA9BB4972E04C768E4 |
| SHA-512: | A649F7C73CBA3F83414892A288F925562384CA22C010EF38972964A15D53AD19A530466548E3B89BFEE228E1ED48B58BB2A499BD9F864E0B42E6FDA4F35E23CA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.262472423637727 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXYs9VoZcg1vRcR0Y2oAvJfBD2G6UpnrPeUkwRe9:YvXKXYsEZc0vWGR22cUkee9 |
| MD5: | DA62940A60251F6AB44888236A124519 |
| SHA1: | B687FCE8D291C8BB3C6C9CE91259AA80DB469F88 |
| SHA-256: | 389864676A497C7BE812DCCC579C535374FAD440218AFC0D3AC1BD8694DEC366 |
| SHA-512: | A7BC1F40468C319DFB43E5E64A0F5580CCFC8B85A8E7016CAB9FFCD564284A3BA3A67A916462D91F078CFAC8761F0FC6440827CAF1EC3564472B5260A63AAB4D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.32522480888466 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXYs9VoZcg1vRcR0Y2oAvJfPmwrPeUkwRe9:YvXKXYsEZc0vWGH56Ukee9 |
| MD5: | F2E8505DE1F8FB45285000E1D7310928 |
| SHA1: | 8E0C77D9D43DF5F940E98713D2D4F9B2AFC72BAA |
| SHA-256: | 77C72110E0D9511C385F0B16D36DB373745E560850E14D1F23620888205B5C0E |
| SHA-512: | EA3C1A84D2E757E81597C8EABC7F295F62DC2C5722CDEF3F7BBACED8A7D10D5A5734BF0EF67456EE86325A2D7D190711CE18650B99D90F382883146C62A2E459 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.283612590396711 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXYs9VoZcg1vRcR0Y2oAvJfJWCtMdPeUkwRe9:YvXKXYsEZc0vWGBS8Ukee9 |
| MD5: | 4A8C6770BA37EBA1C2E013FC983B32B8 |
| SHA1: | 7CD30AF55B4A47BFF14428502E88B9DBB48D1A5B |
| SHA-256: | BF2DC3C2EFCB99E32745E8F773D44297C96C1515A6DF0F1B55FAB478E554433C |
| SHA-512: | D4CF9C10C24BE09CED4B044B1FDF13AD4D943497B9D77C8DAD4F3C5BE0C95B54BAABBA8DA50ED5B9434A0DC844990FABD9645A505E81DB7595D66960A8478E4E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.271015139351133 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXYs9VoZcg1vRcR0Y2oAvJf8dPeUkwRe9:YvXKXYsEZc0vWGU8Ukee9 |
| MD5: | A878EFC69F957DF91E2A18E3AC46D0B7 |
| SHA1: | EA968CE7309D1583405015FF3054684F8D374460 |
| SHA-256: | F7C47681C66C22FDF2105C135F3AB5C90EAE51900C5D0DF1A79C8C54961FE2F6 |
| SHA-512: | D8CF79D0C93648688B44167A2F875C25E7EAF125AA23B93CF4CFB710A30BF71C214890DDA93D3E64D9BF7BAFE4FC8F053CED22910C87174B491C9765699F9F98 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.274722438501138 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXYs9VoZcg1vRcR0Y2oAvJfQ1rPeUkwRe9:YvXKXYsEZc0vWGY16Ukee9 |
| MD5: | 3F30D6BC412B0743A8DA304BAFC2E802 |
| SHA1: | A90932CCA9D3560F53E1D687F25A0D7799572147 |
| SHA-256: | 72948AD045F3AA77E8B9A59CA56A22AC93D03A0AF7A6FFAEC0E8EF313B2B27DB |
| SHA-512: | 8672FCC495A53EF54B7CFBCED715F15F704F7064EA05822D2A4364C155E7598A9151BA920CCA629BF40E705CC25E9BBE4442DF89CF0B0690AAB65059002E9316 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.2825847356301825 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXYs9VoZcg1vRcR0Y2oAvJfFldPeUkwRe9:YvXKXYsEZc0vWGz8Ukee9 |
| MD5: | 8B29DFBF3D3E3805990EAB97CAB51685 |
| SHA1: | CEB3F17C155BD6FC68B20D5DAAA5C817D38C36B7 |
| SHA-256: | CA07D69E01D2635C8F3F6194319FDFF916D7C33AC06699E00512EF06D999FF9A |
| SHA-512: | 6853A432F23D8553DE7DF5EA92556DC36A9CBB300D7467EAE93D648EA56EF0EC6C531E2DF2C3E7069719A191D97376F9302E6602EBF551CE9DDCB41BF40CED6F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1372 |
| Entropy (8bit): | 5.735639276423234 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XY3zviKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNM:YvBaEgigrNt0wSJn+ns8cvFJq |
| MD5: | AA5AE1D20C2AAA741637CF2427ABB913 |
| SHA1: | DAA5E35DF75D7E6375CEECD07C0C06B96C1064EC |
| SHA-256: | 9C64E1111C29CBBCE869666BD10CB1D3FEAFAF051631F89C9A87DEFFF3B27440 |
| SHA-512: | 9A650C296505E00C8672C51ACC3C96C50880991459A856202F1CF34F713FBD8AABB56DFBE783933621FAE7C5DB132C679625B2E553964B63725F8714FB4E3406 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.276515777817041 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXYs9VoZcg1vRcR0Y2oAvJfYdPeUkwRe9:YvXKXYsEZc0vWGg8Ukee9 |
| MD5: | 05EA103EE444D5E3C0EABA48A54E2E0D |
| SHA1: | E8B5A370788DE7987732397A1FCE5F63A5B8CD43 |
| SHA-256: | B69A3F89446BED4CB6E49A08A19BCB740859A3C139DEF7A2F433AE5D9617E8E6 |
| SHA-512: | 644ED7BDAC37A4A685AE9548A426541815C638B020BEAFA6BE31209CB2AF9F607E44E56B565F1BFFDBBD1633373D4FD0123C370D9E0FFFCA5886189DBEC89CA1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.776237419194219 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XY3zvhrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNE:YvBJHgDv3W2aYQfgB5OUupHrQ9FJe |
| MD5: | B59B62711F25FFF1B9AE8CFE775238DB |
| SHA1: | 4A933485B9E5BC10D9CD3ACB0F09A4B866B59840 |
| SHA-256: | A96AFABEFE36AD28D90AD157A3671DE6BF9E83F7DE737853A584A5ED69FF08F6 |
| SHA-512: | F0790242F37B4D2E396470702E91D8AF9E06D0C350F434DCB179F480762B02D685938E3391217E7CE1E0B89FAD2B56CCB96BB874DBED2CB6339F3E064546B922 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.260224279079791 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXYs9VoZcg1vRcR0Y2oAvJfbPtdPeUkwRe9:YvXKXYsEZc0vWGDV8Ukee9 |
| MD5: | 38205A611B942677381DA427B064E8E1 |
| SHA1: | A1B26B5040A78DB04C17E9999C57D31D34B2D25A |
| SHA-256: | 5E1A5D2177F8521E4B8FA60B5C145ACCFDC57B2E7946AADE9AE9EF3DDC403501 |
| SHA-512: | 0563B2D6C5F30D503A3055C126F425955D42E7BF8DE0157B1C0E8EB212E64BB7BD49C8DECFE67F4B43C35F6343673E5A8E5EF34AE88808832936F0C89AFB883E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.264846540597806 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXYs9VoZcg1vRcR0Y2oAvJf21rPeUkwRe9:YvXKXYsEZc0vWG+16Ukee9 |
| MD5: | 566629A9DF136E4011ADC5DA6E2D7D31 |
| SHA1: | A5AA255A2EBC1106D8D2F3DAB7263595C06B3A63 |
| SHA-256: | 954886E89050D80375909128C06C75BAF3B242CC29FECB58EFADC9D1A087ADB3 |
| SHA-512: | E94699AC1870083EF02C9F61FB0FD0A43F9C63100ECE9F12C79ECCEDFE4C05CF85EBFB6FA9CA5B722AE03E81484A5FA53550C5F696243CAECCD4C2E0F4FA42F1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.284140948983151 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXYs9VoZcg1vRcR0Y2oAvJfbpatdPeUkwRe9:YvXKXYsEZc0vWGVat8Ukee9 |
| MD5: | CC891DBA9A7AD4D68FCB1ADF581FB527 |
| SHA1: | 5009FA674F4B28689484C365B2FDEB092FBE1A54 |
| SHA-256: | 9668A1B12B177365B6177F164FDC5B9F204E3E34A41D67D736EB0714EFC5B2CC |
| SHA-512: | 6B15C63D21951DBDC960B6577EA597A1FAB28D144078481ED6245B4B8E2F08990737F368EA23CA7E49836AC2656587E814FCFF17174D1E2B90FE6112227910E2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.243197952504177 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXYs9VoZcg1vRcR0Y2oAvJfshHHrPeUkwRe9:YvXKXYsEZc0vWGUUUkee9 |
| MD5: | 9B2FFCC71F4EDB715C02B26CACD5A675 |
| SHA1: | 439603B20439C7F8FDB16062F2EB1EEC2807660B |
| SHA-256: | BA35CC77E138A48D4582D0D3E6152674F3539455C9F07B725B8EED79D9DCE350 |
| SHA-512: | 014100FBD1450E3396BBBA6A49FD95C4C674DF3224AF0B1D9EA6599756AF8FE55B53DAC3472A690D603C74BA6B078452165266EF1EEA33BE137042C76D8A6CEF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.365188082686943 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXYsEZc0vWGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWw:Yv6XY3zvw168CgEXX5kcIfANhV |
| MD5: | DD1E41D1D6AA98AD41FB141589533E0B |
| SHA1: | 7C0887D5D901F1CDD412D48606EFA4A250A66EE5 |
| SHA-256: | CD8B06CF5269F9D5DD591B1734F5F23B3B3CE49260159E17460866F75698B101 |
| SHA-512: | CC39E67B6448287BFD7B101F48381712D244A528C7D2A5AA4AE22745E60A48B49EE103A0090D3D5B78C6A9C90CBAE920EEFBFE4D2E73175572FDE49389430849 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.131530681263055 |
| Encrypted: | false |
| SSDEEP: | 24:YYkyOOZ0C7qskxSL1pYm6617brDa8M1ayK75d9fk9jvgMj0STmSXC32i2LS9zo52:YgOFYXtRpYj6AOIvgeXkjjzovXh9oQE |
| MD5: | 05E1E48B4EA9BBA09E571C3DA45E2726 |
| SHA1: | 309C0170ABCF2933206941D1A06ABC5D63DF73C8 |
| SHA-256: | 3735353D4622A781D8FF9C44F0C2A327B0CD7F76BC2CCEFD6148E44C046DC590 |
| SHA-512: | 1E1D22949F21F95AAF0FD56F35798891FDEA121855BF99D78760691C06BE4A3467F4DEC92B0943F726EDFCBF498358A63DA596898A97D28E8BD15A7FF050B78B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.1871896585194606 |
| Encrypted: | false |
| SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUD+SvR9H9vxFGiDIAEkGVvpvY:lNVmswUUUUUUUUS+FGSItU |
| MD5: | 4250B6AA11149EBEC3D262ACD45FE49C |
| SHA1: | 45427D944EE5EB0478958469A4BDDB3C21671F87 |
| SHA-256: | CD9F8666A6194C9C52D1884902B2207081B58EC544BCBB62FBA4D242D9D095EE |
| SHA-512: | C77B09F06EF79063D933FD00F39BBB40C8DAE797805220DDF70E46C1BFE8C26B8F83280012BBCA7DFA65676FE5ED639820BFF20F5C0D5C58C38D5868618269A5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.603796524533358 |
| Encrypted: | false |
| SSDEEP: | 48:7MSKUUUUUUUUUUDsvR9H9vxFGiDIAEkGVvLqFl2GL7msE:7eUUUUUUUUUU4FGSItNKVmsE |
| MD5: | 21B8DE5C793E84C3780B59CFC18DC661 |
| SHA1: | 6684B3EA19D1992ED9792C66AF86A705B4A73CD5 |
| SHA-256: | 89FB506957C29F7380CB8CB4CFA3F2096D55C69AB29B264927873443B566638B |
| SHA-512: | F5B86F365A4BC3EF8B8722D95846A868E6B2E5B83B9441D616F3AA4768E9121B60ABF9BAE50FE3F09DCA2FD70A10DD480AAE7FA9AAF72D17F4A2F430D26C5DE6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5162684137903053 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+aw:Qw946cPbiOxDlbYnuRKHk |
| MD5: | 85E02029CE824DA7C56D6FABC58B5DD8 |
| SHA1: | 1A46986921540E1A9F42DB0577410A5C84DF5436 |
| SHA-256: | 8FB38B4385C7216BE3CDE82AEC29D043339F0B836DE1E9E68B07E5D7214875AF |
| SHA-512: | E6B0631F6D54907C281B96404E2E72D86A4087305ED8B0E14C6FAA4D79D8EE47B14554AD154EFA50699B955722EED6E1E239A227D4ACA6FAE937F9CF3A06DF50 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 358 |
| Entropy (8bit): | 5.041429053557045 |
| Encrypted: | false |
| SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROO84iqhWrv4iqhWubMTCSyAAO:IngVMre9T0HQIDmy9g06JXfWrvaWUMTR |
| MD5: | 800B88850D13CF93D5ADC76507279579 |
| SHA1: | 711A5CFEF8349B555D0891CE2BD9ADDD17A05F83 |
| SHA-256: | 18D15890A6AC227AF37F905C0EEE6E9FDF80106395F30094234C8F2C7EA9710C |
| SHA-512: | 7FEB7FC39E57331611868C849CFE3CFF37C86E4B6A58A1551C293D263BC40FF355DCAED1C650906776941F87729490DC8ECA40D59BDCCDBA0DF2A013A4E8E17F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 19-37-38-325.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.345946398610936 |
| Encrypted: | false |
| SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
| MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
| SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
| SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
| SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.353875389750655 |
| Encrypted: | false |
| SSDEEP: | 384:D9BwRBHOjQoBjiN6pZPpHeTDUrQTtVj3EG06ik1NZoGUUPPJkYfZIZ0VP1Ehmme4:+oj |
| MD5: | CE9D3263FCDE731CCB65DBC76E0393D6 |
| SHA1: | D7A5A35FD07EE68EA03CD9D4FCCA59118C716078 |
| SHA-256: | 47A5B928D4FB72AA2A931926C07EADB61628372C7EB37A9CC40CC8B8C3C25E5D |
| SHA-512: | 030D23943639CBC569A459285239038496E38351C34C189F4A4240EE52334850D7882C3B092AA71648794C151B5E0A621CE0333926DA83D13D1CB4BDB4C01691 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29845 |
| Entropy (8bit): | 5.391529320634055 |
| Encrypted: | false |
| SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rV:J |
| MD5: | B8A703B5978FA61E1AD2DFFB6977256B |
| SHA1: | FBCEDD6BE02ECF6E6A6FBD495C7263A14576E282 |
| SHA-256: | 9BF147DEBC32542E7DD9FECB9381222F2C2FD758E5FD0A0508136C74A345B4DE |
| SHA-512: | 95D67B62A26C10056968A001EEFF716CB8462CEF88EABA2466A3FE3F719F4D37650BBB2F4C6EBF44E5D2DF94AE82ABEE45A9A585D52038CC1BDE7004D4899DCF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xaWL07oFGZswYIGNPJwdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JaWLxFGZswZGM3mlind9i4ufFXpAXkru |
| MD5: | E8C0E02FD4DCB83BF3EC95A987292D88 |
| SHA1: | B2FC5004CA22C6EE65B66AD6AF29F7EDC745A3B4 |
| SHA-256: | C665BF4A480724AE9C6ECB6450C3AC538DF2102B7988E25675516772687222B5 |
| SHA-512: | C103FE7A6FAE4B175395AA57E2052CA5125CFD05539C92F363E72C638776430154C369E34979FE84227930D5876BA50F1A538E9D05E4B38A58ECE75F8AFCFCC8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.397751240635249 |
| TrID: |
|
| File name: | Invoice INV-06765.pdf |
| File size: | 55'552 bytes |
| MD5: | 6fc0a38af5eb50d380874c74ec6b19dc |
| SHA1: | edf86d6f34d39b5d09041889a7d3abb7e55c9527 |
| SHA256: | 45b3c59e3bb5e2a9b10dfddd6cf937efe93b5ef0d147e1610d0f81e5c384eb8c |
| SHA512: | 776e878f83a6b4f865eb049261a9422f318f301a23c6fe8fa6ad34a6b89100026372a8bfc6de0c587cebd4f42fc0f978daeca1a7fa92b8f1308005322681a6ba |
| SSDEEP: | 1536:PWG4gMzOj301xkUYP5JFkF35KpRsgDzkt:zFMzOTSkUYPPFkp5GWGU |
| TLSH: | 0543BFC8F2A6EE5CEC11DEB4705A3A1481EDF0C397CA45B775C88A8540C0A7DBEE15E6 |
| File Content Preview: | %PDF-1.7.%........1 0 obj.<</Version/1.7/Names 8 0 R/Outlines 2 0 R/Pages 3 0 R/Type/Catalog/Metadata 26 0 R>>.endobj.2 0 obj.<</Type/Outlines/Count 0>>.endobj.3 0 obj.<</Type/Pages/Count 1/Kids[9 0 R]>>.endobj.4 0 obj.<</ModDate(D:20240424145834+00'00)/A |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.7 |
| Total Entropy: | 7.397751 |
| Total Bytes: | 55552 |
| Stream Entropy: | 7.383742 |
| Stream Bytes: | 51013 |
| Entropy outside Streams: | 5.267551 |
| Bytes outside Streams: | 4539 |
| Number of EOF found: | 2 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 28 |
| endobj | 28 |
| stream | 13 |
| endstream | 13 |
| xref | 2 |
| trailer | 2 |
| startxref | 2 |
| /Page | 1 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 20 | 0000000000000000 | 9999f3db39aa2e904fb3a4478b9c842b |  |
| 21 | 4040003101004000 | ebe4230aabaf5d3752909388b4790d24 |  |
| 23 | 0000000000000000 | 51c57068e116cfe054c2bb1a9573d1fa |  |
| 24 | 0000000000000000 | fd0fcd59cfb56e6eed54283408124833 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 24, 2024 19:37:49.342853069 CEST | 49740 | 443 | 192.168.2.4 | 23.62.176.141 |
| Apr 24, 2024 19:37:49.342936993 CEST | 443 | 49740 | 23.62.176.141 | 192.168.2.4 |
| Apr 24, 2024 19:37:49.343039989 CEST | 49740 | 443 | 192.168.2.4 | 23.62.176.141 |
| Apr 24, 2024 19:37:49.343436956 CEST | 49740 | 443 | 192.168.2.4 | 23.62.176.141 |
| Apr 24, 2024 19:37:49.343509912 CEST | 443 | 49740 | 23.62.176.141 | 192.168.2.4 |
| Apr 24, 2024 19:37:49.831453085 CEST | 443 | 49740 | 23.62.176.141 | 192.168.2.4 |
| Apr 24, 2024 19:37:49.831806898 CEST | 49740 | 443 | 192.168.2.4 | 23.62.176.141 |
| Apr 24, 2024 19:37:49.831835032 CEST | 443 | 49740 | 23.62.176.141 | 192.168.2.4 |
| Apr 24, 2024 19:37:49.833514929 CEST | 443 | 49740 | 23.62.176.141 | 192.168.2.4 |
| Apr 24, 2024 19:37:49.833596945 CEST | 49740 | 443 | 192.168.2.4 | 23.62.176.141 |
| Apr 24, 2024 19:37:49.836246014 CEST | 49740 | 443 | 192.168.2.4 | 23.62.176.141 |
| Apr 24, 2024 19:37:49.836505890 CEST | 49740 | 443 | 192.168.2.4 | 23.62.176.141 |
| Apr 24, 2024 19:37:49.836518049 CEST | 443 | 49740 | 23.62.176.141 | 192.168.2.4 |
| Apr 24, 2024 19:37:49.836570978 CEST | 443 | 49740 | 23.62.176.141 | 192.168.2.4 |
| Apr 24, 2024 19:37:49.879687071 CEST | 49740 | 443 | 192.168.2.4 | 23.62.176.141 |
| Apr 24, 2024 19:37:49.879741907 CEST | 443 | 49740 | 23.62.176.141 | 192.168.2.4 |
| Apr 24, 2024 19:37:49.926609993 CEST | 49740 | 443 | 192.168.2.4 | 23.62.176.141 |
| Apr 24, 2024 19:37:50.101921082 CEST | 443 | 49740 | 23.62.176.141 | 192.168.2.4 |
| Apr 24, 2024 19:37:50.102011919 CEST | 443 | 49740 | 23.62.176.141 | 192.168.2.4 |
| Apr 24, 2024 19:37:50.102202892 CEST | 49740 | 443 | 192.168.2.4 | 23.62.176.141 |
| Apr 24, 2024 19:37:50.102710009 CEST | 49740 | 443 | 192.168.2.4 | 23.62.176.141 |
| Apr 24, 2024 19:37:50.102771044 CEST | 443 | 49740 | 23.62.176.141 | 192.168.2.4 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49740 | 23.62.176.141 | 443 | 7616 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-24 17:37:49 UTC | 475 | OUT | |
| 2024-04-24 17:37:50 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 19:37:35 |
| Start date: | 24/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6bc1b0000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 19:37:35 |
| Start date: | 24/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 19:37:36 |
| Start date: | 24/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly