Edit tour
Windows
Analysis Report
onetreeplanted_14442931519550.pdf
Overview
General Information
| Sample name: | onetreeplanted_14442931519550.pdf |
| Analysis ID: | 1431749 |
| MD5: | ee82ea6920f71f8cfde8e707015b120f |
| SHA1: | d9bbdb48203e6dd4e83c3f27ac04b9cf7c75071c |
| SHA256: | 07ee270ec3cf7ee5e088b38ec7fb7a04657bf49c7b07cf6bb39875351a34090b |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
PDF has an OpenAction (likely to launch a dropper script)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64_ra
Acrobat.exe (PID: 6984 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\o netreeplan ted_144429 31519550.p df" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 6096 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 1876 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 72 --field -trial-han dle=1556,i ,716634070 5170249665 ,129306801 6091037752 5,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 184.31.48.185 | unknown | United States | 16625 | AKAMAI-ASUS | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1431749 |
| Start date and time: | 2024-04-25 17:59:42 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 44s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 17 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | onetreeplanted_14442931519550.pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@15/42@0/1 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.31.60.185, 18.207.85.246, 54.144.73.197, 34.193.227.236, 107.22.247.231, 162.159.61.3, 172.64.41.3, 23.209.188.151, 23.209.188.149, 104.76.210.84, 104.76.210.69
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, p13n.adobe.io, geo2.adobe.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 184.31.48.185 | Get hash | malicious | STRRAT | Browse | ||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AKAMAI-ASUS | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Babuk, Djvu, Vidar | Browse |
| ||
| Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.181518974609722 |
| Encrypted: | false |
| SSDEEP: | 6:mfI2dHN+q2PRN2nKuAl9OmbnIFUt8NfI2dHZZmw+NfIaQVkwORN2nKuAl9OmbjLJ:GHIvaHAahFUt8xHZ/+W5JHAaSJ |
| MD5: | AEAE6F0D275B6A296459A3356AC7A2F8 |
| SHA1: | 50A1E011B67CC84AE6B4A24BB361720C1DD80003 |
| SHA-256: | 48D0D4ED90E4AD636EC0AB0DA78816488E3CED2C5F64D74D633D124A9D65A174 |
| SHA-512: | C60CBB5661D61975269CFCB307B7B43B9C872BFA5B7811FEA9C9612FAECDB9B9130393FEC316C526488BC49F01A857D73FCD65CBEE5DC5A448F8DF82BDD46A59 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.181518974609722 |
| Encrypted: | false |
| SSDEEP: | 6:mfI2dHN+q2PRN2nKuAl9OmbnIFUt8NfI2dHZZmw+NfIaQVkwORN2nKuAl9OmbjLJ:GHIvaHAahFUt8xHZ/+W5JHAaSJ |
| MD5: | AEAE6F0D275B6A296459A3356AC7A2F8 |
| SHA1: | 50A1E011B67CC84AE6B4A24BB361720C1DD80003 |
| SHA-256: | 48D0D4ED90E4AD636EC0AB0DA78816488E3CED2C5F64D74D633D124A9D65A174 |
| SHA-512: | C60CBB5661D61975269CFCB307B7B43B9C872BFA5B7811FEA9C9612FAECDB9B9130393FEC316C526488BC49F01A857D73FCD65CBEE5DC5A448F8DF82BDD46A59 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 334 |
| Entropy (8bit): | 5.162934015148344 |
| Encrypted: | false |
| SSDEEP: | 6:mfXd3+q2PRN2nKuAl9Ombzo2jMGIFUt8NfZc9Zmw+NfRVkwORN2nKuAl9Ombzo23:QdOvaHAa8uFUt8zu/+p5JHAa8RJ |
| MD5: | B352ABE02632D445BB8700A3082BD21F |
| SHA1: | AEC2E2425FB39B4B63B1FA40DBB131A931500720 |
| SHA-256: | 9D429D6E0D84CDAD9B647F26F450725BB9EF7F3ADF17FFB1038C9A0BDEF90390 |
| SHA-512: | 4B62C93A762EEA23686AA8EA4ADCE529A55283A60CD7081D627F7353215CC730326E6249EBF180F92F2E25D79EA22DA4D9815DC2B4ECA6687229A4D84D5295B5 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 334 |
| Entropy (8bit): | 5.162934015148344 |
| Encrypted: | false |
| SSDEEP: | 6:mfXd3+q2PRN2nKuAl9Ombzo2jMGIFUt8NfZc9Zmw+NfRVkwORN2nKuAl9Ombzo23:QdOvaHAa8uFUt8zu/+p5JHAa8RJ |
| MD5: | B352ABE02632D445BB8700A3082BD21F |
| SHA1: | AEC2E2425FB39B4B63B1FA40DBB131A931500720 |
| SHA-256: | 9D429D6E0D84CDAD9B647F26F450725BB9EF7F3ADF17FFB1038C9A0BDEF90390 |
| SHA-512: | 4B62C93A762EEA23686AA8EA4ADCE529A55283A60CD7081D627F7353215CC730326E6249EBF180F92F2E25D79EA22DA4D9815DC2B4ECA6687229A4D84D5295B5 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.953858338552356 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
| MD5: | 4C313FE514B5F4E7E89329630909F8DC |
| SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
| SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
| SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF51641e.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.953858338552356 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
| MD5: | 4C313FE514B5F4E7E89329630909F8DC |
| SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
| SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
| SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a59c001d-bb5e-430e-9b51-506bd6ed3c25.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.967594334962504 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sqZNsBdOg2Hocaq3QYiubrP7E4T3y:YXs5dMHD3QYhbz7nby |
| MD5: | F810756E5463A2040E4D4C41A5ECAD74 |
| SHA1: | 00C517809F74F3568A27F8B0E975D4DB2A1DF577 |
| SHA-256: | 5E2351751C0BCC4A6125B3D66CD847D91BB17BCDBCA08544DD498DEDC986E23B |
| SHA-512: | D9C2B511E6231F3675C2C155A127A6CBFF4D8E1F7521C8C8CBF53C0E47B421D488EB0BC3A6D126529EDED42DB339C8C33C9BE809D5211800EB4001CDE3D88FF2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bb3fb758-f2fc-4a3e-8420-bd41172aa778.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.953858338552356 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
| MD5: | 4C313FE514B5F4E7E89329630909F8DC |
| SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
| SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
| SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4099 |
| Entropy (8bit): | 5.2287388135504225 |
| Encrypted: | false |
| SSDEEP: | 96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xejqZg8U1:OLT0bTIeYa51Ogu/0OZARBT8kN88jqZc |
| MD5: | 22ED9F3AC69B603F662E3B313A42E983 |
| SHA1: | D3420A78EADF35AB886AC3AC571E907DE3B056C4 |
| SHA-256: | 30BFD0598B1FB488146B90C32A1249C13955321BA6C6B8D06BA4CD1077F2E23A |
| SHA-512: | 2079B4E014D442405B2F6175D8E468DDCEC5A0A479DBF1F7AB48D305FC4ACC238725B8177D62D615D8A9ED41EC70CA40C978F95B29C07B8933AFC80D8BDD4C9E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.192750581834226 |
| Encrypted: | false |
| SSDEEP: | 6:mfItq+q2PRN2nKuAl9OmbzNMxIFUt8NfbVuBZmw+NfbX+3VkwORN2nKuAl9OmbzE:tvaHAa8jFUt8NVuB/+NS5JHAa84J |
| MD5: | 2BF74582DA262D04F6F61BC0F5157796 |
| SHA1: | 9E83E7004E8F4C246104DBC71392E29B4CBF950E |
| SHA-256: | 42200A1E9D08C6A157F0C611B0ACED35E027267F5DAF5AD41193669B20596B1C |
| SHA-512: | 2DA7ED163B73E608A3AC4E8755F52A67074C4FC9691CF8A7D23904E11FBFB44205A39C00D2425B98213437A3B768DA78B3C952ECC50EE6A0F29C0820A71E2DB2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.192750581834226 |
| Encrypted: | false |
| SSDEEP: | 6:mfItq+q2PRN2nKuAl9OmbzNMxIFUt8NfbVuBZmw+NfbX+3VkwORN2nKuAl9OmbzE:tvaHAa8jFUt8NVuB/+NS5JHAa84J |
| MD5: | 2BF74582DA262D04F6F61BC0F5157796 |
| SHA1: | 9E83E7004E8F4C246104DBC71392E29B4CBF950E |
| SHA-256: | 42200A1E9D08C6A157F0C611B0ACED35E027267F5DAF5AD41193669B20596B1C |
| SHA-512: | 2DA7ED163B73E608A3AC4E8755F52A67074C4FC9691CF8A7D23904E11FBFB44205A39C00D2425B98213437A3B768DA78B3C952ECC50EE6A0F29C0820A71E2DB2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425160014Z-170.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 76806 |
| Entropy (8bit): | 4.266475416573888 |
| Encrypted: | false |
| SSDEEP: | 768:4dAsxZwYb4C4wwgYlEf4HVSDcSAGGlcCw7UH8xOxij:46sbf/4wnQ17SAGG7H8xO6 |
| MD5: | 424B1130562538F866AB1E0867AD0CFC |
| SHA1: | 13BD9FA62CD71A0EB0300BB0283EDBF42E5EE215 |
| SHA-256: | 4F02943E95FB852C0A0ED3140DA6CAD07A97190930C27066A28834CD7508E796 |
| SHA-512: | 901ACE5CD47BCDAD16809D5F43C66DF1E7495FC86997F15A8F0CEDF32051124E1BB3EA3369C2130FE07E99D8330E4040FED49FE95B5420E1D4E47E432EBF8F2A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 57344 |
| Entropy (8bit): | 3.291927920232006 |
| Encrypted: | false |
| SSDEEP: | 192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP |
| MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
| SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
| SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
| SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16928 |
| Entropy (8bit): | 1.2155683365646877 |
| Encrypted: | false |
| SSDEEP: | 48:7Mtts9nqLmFTIF3XmHjBoGGR+jMz+LhGcaB:71f9IVXEBodRBkk |
| MD5: | 3EB18D4B61B8629972F8C42FAD478BE3 |
| SHA1: | 26C8F049053BE776CA91D6CBCB668B06E480B844 |
| SHA-256: | 88B282603EFAACBD047F0D020EF34D7FF73E0AF4C3A113E73346C7B6F0F5C7D3 |
| SHA-512: | E61BFAFC552AE1E215B4EB6AE212E063E164479462390A02CC92C5B0AB75630016746C0C14FD9098D79E45A3D1E673023F1F48D498739FCFFA327A68054CA5DF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.3601072528844895 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXvhEGxb6e5IRR4UhUR0Y/zdoAvJM3g98kUwPeUkwRe9:YvXKXZv1JWRuUhUfyGMbLUkee9 |
| MD5: | 4CF7079CD562015BEA5C34036244D671 |
| SHA1: | 35E09CDDD355B80FC4B3D29E515D6F6611528A66 |
| SHA-256: | A50539004DBBB945A61BC62FAD7730E77EA57056A303690E39EB9689ACAC7846 |
| SHA-512: | 7A8076D2354B257E83B816E4B46D2254A24DA0BD30903BC2E6894D08502070E135E21651D797CD221FEAFB5A9E5C4E04E88AA42798E875C788527EB4AA02A3DC |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.308077700860712 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXvhEGxb6e5IRR4UhUR0Y/zdoAvJfBoTfXpnrPeUkwRe9:YvXKXZv1JWRuUhUfyGWTfXcUkee9 |
| MD5: | 50E63F647075604A8E21E5EBCCE588C9 |
| SHA1: | A51E1197E548143117686DCD2566898B65BBA1D6 |
| SHA-256: | A2D1934A36733627FF35C9889F35CDF7C56E91CB00AF20B2EDDF939F9F80B4EA |
| SHA-512: | 80E963703DF132FE79D7E18F4041E0B5950ECFCB02C8121AA1229B17C5F3F2D3BF65F2A1CA1E6F0A71A9AA5B474AACE3CA63369B15E0477123EE441EDC046B75 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.286216615605979 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXvhEGxb6e5IRR4UhUR0Y/zdoAvJfBD2G6UpnrPeUkwRe9:YvXKXZv1JWRuUhUfyGR22cUkee9 |
| MD5: | 82FC7D18B1452C0A9808FC103E23F91D |
| SHA1: | 77C99B5A8201DDF1E40255BA02501FD53838D4D8 |
| SHA-256: | A092F9246FCB11C8A6A180799AFC0478A8B1A671E29AFADF57FA1031F7E54B31 |
| SHA-512: | 506B57F337DF1317B17924C4065F550E6E039D3FC0ED406B1187AD77EF8F726FE82644FB67DA4586A60FDAEDDC20EF25C14D97238B3C06AF531610DF3AAE1015 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.348373191329601 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXvhEGxb6e5IRR4UhUR0Y/zdoAvJfPmwrPeUkwRe9:YvXKXZv1JWRuUhUfyGH56Ukee9 |
| MD5: | 9B5F2534830C60CDC0642D08FC15E273 |
| SHA1: | C0699F375FDBDDF174BF9F1BDF76C6EE4ED7EE69 |
| SHA-256: | 431B25D20C627EDE5630B45CCE21AFD7A7CC5A2BEA9D93617CC03DF95BC1331F |
| SHA-512: | B6AD3EF8126FB773CDDE46B45235A9094F4B4F0909DD1644A0606517098F67EEC6912B830C461E3B5E955590603650BBCD2C0D019526CF80785B75BB646B0611 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.311465583863097 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXvhEGxb6e5IRR4UhUR0Y/zdoAvJfJWCtMdPeUkwRe9:YvXKXZv1JWRuUhUfyGBS8Ukee9 |
| MD5: | AD2FC3932302225F22C595264AA9A6ED |
| SHA1: | 7898FFC9CE17D5074C19B29AE3563502608D199F |
| SHA-256: | 31A067D412D35A2A1DB1327123A5B346EB8DCB33E93B568D6918102504D1998D |
| SHA-512: | 9C64FA6C88C0CDCC1124C409601E40249B98F30B457AB0DFCA907DDAA325B6C5BE31CAE1BF174323B73CF7DEC113DA5F308F95483E2A90937BDF185436EDA456 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.297912774260396 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXvhEGxb6e5IRR4UhUR0Y/zdoAvJf8dPeUkwRe9:YvXKXZv1JWRuUhUfyGU8Ukee9 |
| MD5: | 4B0AF0E3F539CD7ED2ACC1C927972FF5 |
| SHA1: | 22CD70D491FD5B77F6FF5F301975D8E7033B1037 |
| SHA-256: | 390EE2E0ADBF07F3798A442471F0AA7D90AD8C380561D014FA7B09270210FBDD |
| SHA-512: | BEAD8828F1044D86B674643147C084F234996F00C35F0346E085E8B705F93A486B4516D486E258BF4A75B5868E36E8A10C9F9DBCBD68F3B623593939A95E7651 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.300586470503289 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXvhEGxb6e5IRR4UhUR0Y/zdoAvJfQ1rPeUkwRe9:YvXKXZv1JWRuUhUfyGY16Ukee9 |
| MD5: | 24B667A57261DF5C8F4858C82C8188A7 |
| SHA1: | 0CEA1FEA413787BD1C49B4949F4ADD3617549F24 |
| SHA-256: | C11311977E53847FCBEDD6EE9338123E52ED6343751B523AA4E1634A9C2B76CE |
| SHA-512: | 9E0C92E3B396F171DF1C65F2ABADACB96E809E94B2C62A29830DEB4FF377293F1D66293F56B2473D4489ED2B5EE4727E3E121E4C0447A90CAD8BD60CF35852CF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.309936818108674 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXvhEGxb6e5IRR4UhUR0Y/zdoAvJfFldPeUkwRe9:YvXKXZv1JWRuUhUfyGz8Ukee9 |
| MD5: | 8ADCABC70A619B4229EAA39451AAA712 |
| SHA1: | 413604548C86C7EAB22B8F8A49862370903EF6FB |
| SHA-256: | 6328FAC0E06AAFA73BB8D373D38AF96F98052AB7959C08E0A0550D62427F34C6 |
| SHA-512: | BBAC258B8A13978DB539946FCEAE980509CB90965B7DF8EBFA870B22925A92F18BDA998C53072CE64E07433DBA87D01B52C9DF6F6E7974FDBA228778FD6D05EC |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1372 |
| Entropy (8bit): | 5.739700372343435 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X7QUfeKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNq:Yv/UWEgigrNt0wSJn+ns8cvFJE |
| MD5: | 6C946763D0BDFF33CC14A8863F40130C |
| SHA1: | 0E17D4F626D8866FF5CC638F55B8B4AEACBC7581 |
| SHA-256: | F27ECC92ABCBD4B146586D8B9CDAD20A7EC52CF960E059D3B7D21CF256A037ED |
| SHA-512: | DCD381DB5D98F60E23D77F8690FCA3C41BD6F2194B4A8424E4EB6ADC6CC5C627BD845ABBF168C3E3998E0F8545CBB14A732CA35A7045684779B97339099A7132 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.304657902703493 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXvhEGxb6e5IRR4UhUR0Y/zdoAvJfYdPeUkwRe9:YvXKXZv1JWRuUhUfyGg8Ukee9 |
| MD5: | 279FEFC8147B50009434CC4B1F0DA969 |
| SHA1: | 52CD79E534110BCAD6598F88E5D398AEC1DBE40E |
| SHA-256: | 6F5D889312ABCDEF5E9213AA72123E2720BD33C7480F5BB060AC91AAB340FA88 |
| SHA-512: | EEA5F9E683161326D561BBA38D2DF8212A5649C96F9A292FB9C841B63BE745F99783C559519C0FA748274E92CB73CCDB949708A06CFFD456AC28E28F413BBD4A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.774882269590777 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X7QUfVrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNy:Yv/UdHgDv3W2aYQfgB5OUupHrQ9FJo |
| MD5: | 46AA0C777E7F4E8824B7A999487A5135 |
| SHA1: | F77CC0B74B4FAF7DF357A5E4725AAD1C0B1ED83D |
| SHA-256: | 53E566A4CA1145076D2B0006093D5C4803A2DFD77BAA9EDBA0EAACB1174FACD6 |
| SHA-512: | B402251312CFEC67051F0D4ECC7CB84092547DA4FA6483119EA3415B1E766E373635AEA0C19F71CA48A7BC614A9812572083759C932BD92B8A834EDE99102EF3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.288172987300357 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXvhEGxb6e5IRR4UhUR0Y/zdoAvJfbPtdPeUkwRe9:YvXKXZv1JWRuUhUfyGDV8Ukee9 |
| MD5: | 6E1CDB81E5F1E15B61E917DC292AF815 |
| SHA1: | 3904E809F482A0F6F4DB2EDF279E8F187D521F2C |
| SHA-256: | EE2532055BDC7B7AD1FCE9F7725FE487DD077D652FD4350C4EDBD1114EDFB98D |
| SHA-512: | C773DC1DFD46FBD0B399BAF92413DB62870DF446BAF389A30E888B0DD2EF030E3B1E7A99E03BC8E76EA4E3BD07F0A6582B8FC8DF330BF2F771ED4D0FE0C77F5B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.291618779943223 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXvhEGxb6e5IRR4UhUR0Y/zdoAvJf21rPeUkwRe9:YvXKXZv1JWRuUhUfyG+16Ukee9 |
| MD5: | AE352F5EE3B0B3D3B612D5ABC7484A8F |
| SHA1: | 3AD8BB62091B3D6B2C609A282EBD2A8BC1614F64 |
| SHA-256: | C64FD83D59F0875A8B3AEFA89F6209EBC019EF4C8E0BEA879011D52CE2860169 |
| SHA-512: | B884676B315DA21237F52B4A25401B390399240CF4FFD5FCB9FCB06189CDA776CF3C56708337F169B7370AC1C6C205AAA10CDCD625E2EDC0F97842D9BF966730 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.311493031461642 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXvhEGxb6e5IRR4UhUR0Y/zdoAvJfbpatdPeUkwRe9:YvXKXZv1JWRuUhUfyGVat8Ukee9 |
| MD5: | EF9E67BC5BA30EDAA49BE10831A2FE58 |
| SHA1: | A5D3F5F6C7F49D4312E020030ECF4F2764231D95 |
| SHA-256: | 555716F73E6330830FB54039E3E848C917DDCD1A92B97EDFCD3067CDB7033F46 |
| SHA-512: | 6DC0DC245935ADD0185861F0D48C30ED79C7FDB2CF82054090EB49CCF21E9B6BD9B55B4CF7DBC05C0EECF676550473AB3A3C4B517F58A77E4E66C327EEAB772A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.26956237159398 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXvhEGxb6e5IRR4UhUR0Y/zdoAvJfshHHrPeUkwRe9:YvXKXZv1JWRuUhUfyGUUUkee9 |
| MD5: | 3553CA905C0333F80C2CE5D550776E86 |
| SHA1: | D7B276446190F8EE7B8975F4DA646F3543AEDD24 |
| SHA-256: | 37AE0AA63B569C1EA2DE3AF9EABC0ED8BE65F86A86FBBD6ED08B69FFFF22F864 |
| SHA-512: | 983FEAD82605E2F2919E2195970B2325CDD53720D8A9602DC76A6BF647CDA0A92C62580FC30EC0696645FB9B6CABBBC1989690805F99E177C1558EB28F06D3E6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.365339333194413 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXZv1JWRuUhUfyGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYN:Yv6X7QUf8168CgEXX5kcIfANhz |
| MD5: | 1125EB67538EADC48511C20E5A9B35F8 |
| SHA1: | E701154C7F3750551C75DED6309A0FE4897AB3DA |
| SHA-256: | 07C50E48B215260EFA4B88C66E61DB4F078C4A2A2E151557A8C31F69C626BEAF |
| SHA-512: | 0C341AEF1DF70A5DB38775A033FE9A0F86C52F883F20C5B25E93E10401BBFB849270A9E3B2DDB9608E9F09EFC64077016C1A086F5F213633D472A8359DACCBE6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.121199874444305 |
| Encrypted: | false |
| SSDEEP: | 24:YXsaUlClcdl4h/BfaAcIh3ayuTgVPSqly9jVbj0Se2vwP2LSNU3MI5V639MkfEqw:Ycpccdl4JHTx6V3K8wPTU3MIb49M5 |
| MD5: | E31CB02E6833BC4D50EFE546E0ED5332 |
| SHA1: | 122199BE1CAB329AD49C81AE084C08C77379110C |
| SHA-256: | BF5AC86EEB5201712F2785061DCC7660B3F4B123FDD08848B116A8363314A6F6 |
| SHA-512: | 7CCECBA989929C61AD5F9F423765AC7165E6CB322822C687563C4CAA349EAAE0D9AA3655056924B3541A40260CBA300AD37F24376ACE5209FB3B0985390A2592 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.9878269153127998 |
| Encrypted: | false |
| SSDEEP: | 24:TLHRx/XYKQvGJF7urs67Y9QmQ6QecvyIcLESiAieUvyF:TVl2GL7ms67YXtrcvBcI8gvy |
| MD5: | 065A813B25F4E7255DF76E7B46BC40D0 |
| SHA1: | D3E5D7E9AD119A48AAB89B8D8E6BFBAF83F3DE76 |
| SHA-256: | 782AA00E0079B0F01DABE17AD864426C6AAF20915F8995668B18AA6A2498737F |
| SHA-512: | 4E1BF7A720A7A8D43C43E6D8A764B564A06700F0A150B2DE0835674878CCA1416BCC2B98D12FBB2082380CAA1B77CB238EB2BE675017E727EB408CE9890AACE4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.3454969112689894 |
| Encrypted: | false |
| SSDEEP: | 24:7+t5tASY9QmQ6Qecvy7cLESiAi0mY9Qz+WqLBx/XYKQvGJF7ursu:7MzlYXtrcvmcI8KYVWqll2GL7msu |
| MD5: | FF55627EE67C57FE15720C1F50586456 |
| SHA1: | D13941FF78F59C866162B0073EA989EAFDC0861F |
| SHA-256: | C0643B03EFDEA515825B0C0D8EC7664CB2FC4CE0CE777484820213BFA0B1F0F3 |
| SHA-512: | C95C0E4A8B73CD3011CD988F97FE326ABF38DCA4F643AFB45D6CB696B373C662907B09BADEDACFC0A88AEAD4FEAE65B51363163BB9244BDA55A82C7C314B0B5C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5177502348333967 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+aF7:Qw946cPbiOxDlbYnuRK6 |
| MD5: | 1C3261C1FEC48BCF73A4DC732CAF687C |
| SHA1: | 5D4034E948DC0C30FFCD63BC67886F70B85CCF06 |
| SHA-256: | D9B8533C54B6264B53BE067DA57C7BDAE417E6284F8773DE564D1F1289082E90 |
| SHA-512: | 937AEF20CEF780E014425FA0FDE0A5AAF63A9A0AA819FCCD200E64C76CED0E1569653581FF70711D7EE3C36D7A5C8144E1DDC3E29DA4510EC0130D43E04A5248 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 18-00-12-332.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.353642815103214 |
| Encrypted: | false |
| SSDEEP: | 384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL |
| MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
| SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
| SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
| SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15114 |
| Entropy (8bit): | 5.384766068100313 |
| Encrypted: | false |
| SSDEEP: | 384:SlxIsYhc1O+H0ijPK3QZ3EllapWOLbVkfNHJka3evoensBo2LW6OP7CTdrhKd1Fz:90 |
| MD5: | 167F736F2F64D011741391B8315A876C |
| SHA1: | A530ADD33D865FA68230B6E01A4A05F43A5F7AF7 |
| SHA-256: | E0BB34D35D242D1CD39C22BB1662E65F8781AA4F314EED6CC022B6D2C6C370C1 |
| SHA-512: | 63F5545C3BC5A68DE927B44E2E4F8149BC2FCA11327603ACC7A75E0EA6F565822AEA12D2A87F918706416823DCA9A9C8A2B36294A7FC9ACC9903C1DC86182F01 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.41450558592234 |
| Encrypted: | false |
| SSDEEP: | 192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbhvcbaI02cbp:fhWlA/TVf0d |
| MD5: | 6E70D327FB5E2D9242DB6CE25466986F |
| SHA1: | 813063B53124B8F0D4A37DDFE824A1349A53D0D9 |
| SHA-256: | 89E46C679D91BFA572C23BC26E3CD9F4EA119BA8B252272574DC2CC71D0B9F1F |
| SHA-512: | 03AA4A8746F4FE9A42F96B6576C3F387CE73AC8ACA06C20332530F714FDCE0CE656BF57A0976F409DCD81CE6305C5A661E31F7D9F8D6E4E0AC8EF8668448EC71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/gWL07oXGZIZwYIGNPJwdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:4WLxXGZIZwZGM3mlind9i4ufFXpAXkru |
| MD5: | AAAAB43627E96B02BC54A78F0EE8E32C |
| SHA1: | 03808205C51BA031BF69F0DF07C9C80835098104 |
| SHA-256: | B9ED5860C1528CAE5717E553381762D9C4ED093E546F7500F55B6B18B5C20CEA |
| SHA-512: | A476038C2BC9573AFA12D831678C0D2A6EFF0C1E065F7D214A0D5684E79AA7F02710DF30524DE0E6EC90CB660E581531DFA57F038EE1BC285B9BC3DAE17D133D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.9908686591924765 |
| TrID: |
|
| File name: | onetreeplanted_14442931519550.pdf |
| File size: | 653'131 bytes |
| MD5: | ee82ea6920f71f8cfde8e707015b120f |
| SHA1: | d9bbdb48203e6dd4e83c3f27ac04b9cf7c75071c |
| SHA256: | 07ee270ec3cf7ee5e088b38ec7fb7a04657bf49c7b07cf6bb39875351a34090b |
| SHA512: | 876d0043eaa0f61a0c21bc6d949ee99263ff474fc938160106361eb8bf9ae05f9fb6db018ccacb0589e25d5814589ed5ec2b62b8246783d4311858acba0a1578 |
| SSDEEP: | 12288:ZIQT/mQwXZ8gxSX9/f7YVAEM3QGbozAA9m1W/qz9XOGh10fL2wFKiEPlmsJG48pN:ZIQT/3wmg0X9/f7YVAEM37bozN9m1W/R |
| TLSH: | 47D423D6DDE94589D7C9C27DF49EA2B74C9A3E22F3C25C7A0EDA075AB84101CC8A074D |
| File Content Preview: | %PDF-1.4.%.....3 0 obj.<</Type /Page./Parent 1 0 R./MediaBox [0 0 793.701 566.929]./TrimBox [0.000 0.000 793.701 566.929]./Resources 2 0 R./Group << /Type /Group /S /Transparency /CS /DeviceRGB >> ./Contents 4 0 R>>.endobj.4 0 obj.<</Filter /FlateDecode / |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.4 |
| Total Entropy: | 7.990869 |
| Total Bytes: | 653131 |
| Stream Entropy: | 7.992480 |
| Stream Bytes: | 644906 |
| Entropy outside Streams: | 5.092588 |
| Bytes outside Streams: | 8225 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 37 |
| endobj | 37 |
| stream | 16 |
| endstream | 16 |
| xref | 1 |
| trailer | 1 |
| startxref | 1 |
| /Page | 2 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 1 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 29 | 7232b3c040606030 | 832c325bdcc3a03845df0d9dbf3db7f2 |  |
| 30 | 2892132582e2c7ad | e9cc993573c2ca44030dcc6b468e497c |  |
| 31 | 01cccc64226aa8c8 | 7072d350654bf15a52852799c155cc78 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 25, 2024 18:00:23.934086084 CEST | 49709 | 443 | 192.168.2.16 | 184.31.48.185 |
| Apr 25, 2024 18:00:23.934117079 CEST | 443 | 49709 | 184.31.48.185 | 192.168.2.16 |
| Apr 25, 2024 18:00:23.934197903 CEST | 49709 | 443 | 192.168.2.16 | 184.31.48.185 |
| Apr 25, 2024 18:00:23.934376001 CEST | 49709 | 443 | 192.168.2.16 | 184.31.48.185 |
| Apr 25, 2024 18:00:23.934396982 CEST | 443 | 49709 | 184.31.48.185 | 192.168.2.16 |
| Apr 25, 2024 18:00:24.269313097 CEST | 443 | 49709 | 184.31.48.185 | 192.168.2.16 |
| Apr 25, 2024 18:00:24.269711971 CEST | 49709 | 443 | 192.168.2.16 | 184.31.48.185 |
| Apr 25, 2024 18:00:24.269741058 CEST | 443 | 49709 | 184.31.48.185 | 192.168.2.16 |
| Apr 25, 2024 18:00:24.272882938 CEST | 443 | 49709 | 184.31.48.185 | 192.168.2.16 |
| Apr 25, 2024 18:00:24.272981882 CEST | 49709 | 443 | 192.168.2.16 | 184.31.48.185 |
| Apr 25, 2024 18:00:24.295921087 CEST | 49709 | 443 | 192.168.2.16 | 184.31.48.185 |
| Apr 25, 2024 18:00:24.296195984 CEST | 443 | 49709 | 184.31.48.185 | 192.168.2.16 |
| Apr 25, 2024 18:00:24.296200991 CEST | 49709 | 443 | 192.168.2.16 | 184.31.48.185 |
| Apr 25, 2024 18:00:24.340136051 CEST | 443 | 49709 | 184.31.48.185 | 192.168.2.16 |
| Apr 25, 2024 18:00:24.350173950 CEST | 49709 | 443 | 192.168.2.16 | 184.31.48.185 |
| Apr 25, 2024 18:00:24.350198984 CEST | 443 | 49709 | 184.31.48.185 | 192.168.2.16 |
| Apr 25, 2024 18:00:24.398149967 CEST | 49709 | 443 | 192.168.2.16 | 184.31.48.185 |
| Apr 25, 2024 18:00:24.406867027 CEST | 443 | 49709 | 184.31.48.185 | 192.168.2.16 |
| Apr 25, 2024 18:00:24.407041073 CEST | 443 | 49709 | 184.31.48.185 | 192.168.2.16 |
| Apr 25, 2024 18:00:24.407098055 CEST | 49709 | 443 | 192.168.2.16 | 184.31.48.185 |
| Apr 25, 2024 18:00:24.408236027 CEST | 49709 | 443 | 192.168.2.16 | 184.31.48.185 |
| Apr 25, 2024 18:00:24.408261061 CEST | 443 | 49709 | 184.31.48.185 | 192.168.2.16 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.16 | 49709 | 184.31.48.185 | 443 | 1876 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-25 16:00:24 UTC | 390 | OUT | |
| 2024-04-25 16:00:24 UTC | 247 | IN | |
| 2024-04-25 16:00:24 UTC | 120 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 18:00:08 |
| Start date: | 25/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6edff0000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | false |
| Target ID: | 2 |
| Start time: | 18:00:09 |
| Start date: | 25/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff68c6f0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | false |
| Target ID: | 3 |
| Start time: | 18:00:10 |
| Start date: | 25/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff68c6f0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | false |
⊘No disassembly