Edit tour
Windows
Analysis Report
._Obaid_WFH_Check.pdf
Overview
General Information
| Sample name: | ._Obaid_WFH_Check.pdf |
| Analysis ID: | 1431809 |
| MD5: | 135aea7d3ab6368acc4401188bb632cd |
| SHA1: | 52d383cc3b8a105da7e3f41bf079200ed934f3ec |
| SHA256: | 9e4dcd1447cd76cb8f455f24e53942f6d84c65ce0c826f863ee84a8fec91e395 |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 6684 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\. _Obaid_WFH _Check.pdf " MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 1828 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 3048 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 48 --field -trial-han dle=1508,i ,393935115 2005013275 ,434697740 5158916798 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 184.25.164.138 | unknown | United States | 9498 | BBIL-APBHARTIAirtelLtdIN | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1431809 |
| Start date and time: | 2024-04-25 20:04:44 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 10s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 10 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | ._Obaid_WFH_Check.pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@15/41@0/1 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.31.60.185, 23.22.254.206, 54.227.187.23, 52.202.204.11, 52.5.13.197, 162.159.61.3, 172.64.41.3, 104.76.210.84, 104.76.210.69, 96.7.224.9, 96.7.224.59, 96.7.224.48
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 184.25.164.138 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | RHADAMANTHYS | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Lokibot, PureLog Stealer, zgRAT | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | DarkGate, MailPassView | Browse | |||
| Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| BBIL-APBHARTIAirtelLtdIN | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 298 |
| Entropy (8bit): | 5.162776646701706 |
| Encrypted: | false |
| SSDEEP: | 6:3luLp4q2PN72nKuAl9OmbnIFUt8MltvJZmw+MltvDkwON72nKuAl9OmbjLJ:1PvVaHAahFUt8ath/+at75OaHAaSJ |
| MD5: | 025BDF3E33F0B4160E38BB075D6BF3CF |
| SHA1: | 78D35F5348897732B4F203FF79412602C84B639B |
| SHA-256: | 1A23854268823676FFDAD41DE9F6068DDC1B0D427DB6A712726BA6A4746981A6 |
| SHA-512: | BB7CFBFB89F60B8CE13DE5789CC1440D28A48E678009788FB9B89CED6992D4943B69311EDC3A4FF7AA0DF5753111136629ACF975336ED073FC4D4666C48BB3DD |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 298 |
| Entropy (8bit): | 5.162776646701706 |
| Encrypted: | false |
| SSDEEP: | 6:3luLp4q2PN72nKuAl9OmbnIFUt8MltvJZmw+MltvDkwON72nKuAl9OmbjLJ:1PvVaHAahFUt8ath/+at75OaHAaSJ |
| MD5: | 025BDF3E33F0B4160E38BB075D6BF3CF |
| SHA1: | 78D35F5348897732B4F203FF79412602C84B639B |
| SHA-256: | 1A23854268823676FFDAD41DE9F6068DDC1B0D427DB6A712726BA6A4746981A6 |
| SHA-512: | BB7CFBFB89F60B8CE13DE5789CC1440D28A48E678009788FB9B89CED6992D4943B69311EDC3A4FF7AA0DF5753111136629ACF975336ED073FC4D4666C48BB3DD |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 342 |
| Entropy (8bit): | 5.171670497057831 |
| Encrypted: | false |
| SSDEEP: | 6:3lasq2PN72nKuAl9Ombzo2jMGIFUt8MlzZmw+MlpkwON72nKuAl9Ombzo2jMmLJ:1BvVaHAa8uFUt8az/+ap5OaHAa8RJ |
| MD5: | 92184698E1F374EFDF34B25C18B227EC |
| SHA1: | 952251A945011DBAD3E821E9930939BF6018ECA8 |
| SHA-256: | 15CDA84F02D777046A22D4844DF8371CA0E1CF3529357E33955624F013ABC8F1 |
| SHA-512: | 589D6CBD126FC7B12F313853C11616578DA28FE0F5AF0BDD55F9716E855CB3405455080B0137130EF0A3D9C1F6380DF454137313EB321A2367E0A6A54D605AA2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 342 |
| Entropy (8bit): | 5.171670497057831 |
| Encrypted: | false |
| SSDEEP: | 6:3lasq2PN72nKuAl9Ombzo2jMGIFUt8MlzZmw+MlpkwON72nKuAl9Ombzo2jMmLJ:1BvVaHAa8uFUt8az/+ap5OaHAa8RJ |
| MD5: | 92184698E1F374EFDF34B25C18B227EC |
| SHA1: | 952251A945011DBAD3E821E9930939BF6018ECA8 |
| SHA-256: | 15CDA84F02D777046A22D4844DF8371CA0E1CF3529357E33955624F013ABC8F1 |
| SHA-512: | 589D6CBD126FC7B12F313853C11616578DA28FE0F5AF0BDD55F9716E855CB3405455080B0137130EF0A3D9C1F6380DF454137313EB321A2367E0A6A54D605AA2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\821e4e2a-f686-4111-9116-0aa03178361b.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.970372088484459 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZaesBdOg2HGcaq3QYiubcP7E4T3y:Y2sRdsPDdMH53QYhbA7nby |
| MD5: | D7B5B8934AA0E89B13C65A2A4A7D7BF5 |
| SHA1: | 8C7547FE8102D11F555391FCD559B7A5F3A9AF05 |
| SHA-256: | 6B3E76A9DD3ED775DA544F5EF86FC4309905A264A0DADCB18F5FD2F26314729D |
| SHA-512: | 0DA81E87C78DEF32C21A17D5511418E50A3F048A637B53F5F5C03F6390FACD52E6FF76F034135788BD466B748AF1D3FE35FF6B264211CB3860103A953BDC245A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.970372088484459 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZaesBdOg2HGcaq3QYiubcP7E4T3y:Y2sRdsPDdMH53QYhbA7nby |
| MD5: | D7B5B8934AA0E89B13C65A2A4A7D7BF5 |
| SHA1: | 8C7547FE8102D11F555391FCD559B7A5F3A9AF05 |
| SHA-256: | 6B3E76A9DD3ED775DA544F5EF86FC4309905A264A0DADCB18F5FD2F26314729D |
| SHA-512: | 0DA81E87C78DEF32C21A17D5511418E50A3F048A637B53F5F5C03F6390FACD52E6FF76F034135788BD466B748AF1D3FE35FF6B264211CB3860103A953BDC245A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5449 |
| Entropy (8bit): | 5.249469621261036 |
| Encrypted: | false |
| SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7saY0I:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhu |
| MD5: | FCE8A772D7926B1D61A3725284652CE1 |
| SHA1: | 22972AE3B584BD2FFF6D2CFF2A13C6319976CFAE |
| SHA-256: | DD979995A83D36F2B1F37200FF8E66393707946E0AFB70BB46026AF50B90CC51 |
| SHA-512: | C81CD54C05A79E35D06CFE6621DDEA2A818FC404D79EF1443A5CE43A339F9C7B3AD3E946714B6EC84C8E696451DB82D891A16C27BCCDC139E73CC9EC2A67E32F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 330 |
| Entropy (8bit): | 5.195565490825127 |
| Encrypted: | false |
| SSDEEP: | 6:3lbIq2PN72nKuAl9OmbzNMxIFUt8MlOZmw+MlgdxFkwON72nKuAl9OmbzNMFLJ:1bIvVaHAa8jFUt8aO/+agdv5OaHAa84J |
| MD5: | 90D33CEE1FECD736F5BC1993EC2E07A1 |
| SHA1: | D33DBD1026809526B091E9AFE709F62F3828E56B |
| SHA-256: | 0BBABEEF9F323AE4291AFAC6B8B367431A39D9BA9C3CEA0346770CD68672D025 |
| SHA-512: | 414D341AC86C8DA5DE8A7F4BA39D9CCD77B4BD60CD7E8CFABA55EB6EC53AE6AF79F70BB122B678E92B768BF6D7CE74C10B5F33117A238C85532F5F93F5F8D823 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 330 |
| Entropy (8bit): | 5.195565490825127 |
| Encrypted: | false |
| SSDEEP: | 6:3lbIq2PN72nKuAl9OmbzNMxIFUt8MlOZmw+MlgdxFkwON72nKuAl9OmbzNMFLJ:1bIvVaHAa8jFUt8aO/+agdv5OaHAa84J |
| MD5: | 90D33CEE1FECD736F5BC1993EC2E07A1 |
| SHA1: | D33DBD1026809526B091E9AFE709F62F3828E56B |
| SHA-256: | 0BBABEEF9F323AE4291AFAC6B8B367431A39D9BA9C3CEA0346770CD68672D025 |
| SHA-512: | 414D341AC86C8DA5DE8A7F4BA39D9CCD77B4BD60CD7E8CFABA55EB6EC53AE6AF79F70BB122B678E92B768BF6D7CE74C10B5F33117A238C85532F5F93F5F8D823 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.444918312717584 |
| Encrypted: | false |
| SSDEEP: | 384:ye6ci5tjiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mws3OazzU89UTTgUL |
| MD5: | BAF8277F4B434A42A4DA131FF134C3F3 |
| SHA1: | 2BE7ED85A8E72100F22BD0FF13509D234A431257 |
| SHA-256: | 5855FA6FB7F1263B14047CA166EE9BB5314D1A3ABF40D1E5F504DB9C8D3FEEB5 |
| SHA-512: | F27F100879D9D0B734D3DDB404486F2CDDAE8E4E118CFE216A3FB5685B35D3E8B7C0B3230BDD9F43026527A7F0534AC69ED924CA1CE99900CA355A66B750A76F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.767408295305936 |
| Encrypted: | false |
| SSDEEP: | 48:7MWAjioyVdioyUoy1Cioy16oy1dKOioy1noy1AYoy1Wioy11ioyeioyBoy1noy1F:7tqud0TX2jixpb9IVXEBodRBk1n |
| MD5: | 7B0A8775CD88F3BAC9833EAC5D86CBDC |
| SHA1: | 9FA572CF110A267CBB182F0F4AA841E50BCD76ED |
| SHA-256: | 5E349C7FA2207A016DE7DE03A9D5B8294FF2303260998767EC6A8449851B2D9F |
| SHA-512: | 40760D0BDF0AA1E1128A2528D62FE8DAB6B58966239D9699DEEB36DDD2B68DF700CAC6C0A0D0C1B1F88401082724944C69C0EAE1E519E4BEF52F2AA186F4DF70 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.3688226042038885 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX7ByZnGnZiQ0Y/73KoAvJM3g98kUwPeUkwRe9:YvXKXZcSGMbLUkee9 |
| MD5: | B3011C247BD1EE4C090E936D878C8C65 |
| SHA1: | F898BE187D7DB6A2A926CC8B7F0A97F06B881553 |
| SHA-256: | 9DC57E0CE323B731691FB2D43A8FBA377F1AEB655AE0918789A95CD5F8CBB7C9 |
| SHA-512: | 4A5E72B3B334E9BBB1247553C32A8057B9EF36B5C70E92FB24CDCA77AF6CF6BDE7A2B639B08B5072D2ECACAAE00675017B045F60983060C9A98D7BC51F1716C3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.321350490426068 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX7ByZnGnZiQ0Y/73KoAvJfBoTfXpnrPeUkwRe9:YvXKXZcSGWTfXcUkee9 |
| MD5: | 9E4E892DB4F84450C6C039181C302E52 |
| SHA1: | 0D2FCE3C14ECDF974D0E49B6859F91816A4A6096 |
| SHA-256: | E09BBA65D37A5A1C6C38DAF345B9EFCB1F0BC25DDEDECF619EC5755F3741CB76 |
| SHA-512: | 50D020A58EDA003E636D8BA4EE275CFC8EC6D26F09734DED6B020681404EA3FD2733E45B560AC033D468CA659A8FBAD84E9D4FAEDA748B13946D451BC4CA9D64 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.299609985783875 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX7ByZnGnZiQ0Y/73KoAvJfBD2G6UpnrPeUkwRe9:YvXKXZcSGR22cUkee9 |
| MD5: | CB1110D297E13AC5DDED1E23B1870D97 |
| SHA1: | 68294D8EE1E0D567BB221EFBBC3F999710815B5C |
| SHA-256: | 5B0564BAA4F1362BFF2D05A32A708CC61D3332FDE6F408EED724CCD40026E62E |
| SHA-512: | BFB1CF3D01187F0270818CC7863461331D856348A99C6728D6ECE0F04CE249F23834278FBAA19F76C31576D987AE854321DEA9FA288EDC446213CCB08C1D9C53 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.349036731372621 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX7ByZnGnZiQ0Y/73KoAvJfPmwrPeUkwRe9:YvXKXZcSGH56Ukee9 |
| MD5: | 6D04874A018B7F004883D671872E54D8 |
| SHA1: | 0AA4B143C0C825AC1C392E7419216DBDDCCDA328 |
| SHA-256: | 7702AF4A1778D5933238055288C20B71441759FE3EC7BF63F06EDD7D71092FF9 |
| SHA-512: | B054C5E5E7BF63CA72136B48603CCA78DF9EB9183B91D8AC91F9EFC7D4C75E4A64D5B064E52B9EC204F6EEF851BF42E664B98227815BF4DAE1C0D5817C2389DF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.3144024141454285 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX7ByZnGnZiQ0Y/73KoAvJfJWCtMdPeUkwRe9:YvXKXZcSGBS8Ukee9 |
| MD5: | AB55CEAA7797CED804508DDD9C86661A |
| SHA1: | 327FDF47410E2BA6FEB4A522C4C8B88F29D70843 |
| SHA-256: | F1873120611A99D3C3CA2E46F177909E84447073AC533288BCBB19A4C413BE9A |
| SHA-512: | 0EC79EDBD52DD2B287E3372BA35E14D11B35AC8EBA9894EC235C00092384E0A4411B44B21216B74AA77AEEEB9755432DEF52C7B5DE02CC9713ABDAA57E4E2CA3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.298597923047945 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX7ByZnGnZiQ0Y/73KoAvJf8dPeUkwRe9:YvXKXZcSGU8Ukee9 |
| MD5: | 5F2DBF5F8BFFDE2E344C98064501C34C |
| SHA1: | E9254B1DD63E0E945023C2CAD586B002D0883AE9 |
| SHA-256: | D3CE579FD2D928861AC75F09B0B8D55E2CA52F60CD631F23F0EBEB1A9A21BAF5 |
| SHA-512: | 0300B892162C7FC05C633851E094D79019258E82A2FCA86E2DAD5751BEC1920E49D5C5A470039D95D46A679E845A7E75B14E377D970C3EBC24AA1D3B0F6B3014 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.301246382104891 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX7ByZnGnZiQ0Y/73KoAvJfQ1rPeUkwRe9:YvXKXZcSGY16Ukee9 |
| MD5: | E75E9D0F20AB32C760BEC1539065CDE0 |
| SHA1: | 2523668C1570BE088156B386502EE0D76A1297C8 |
| SHA-256: | D07398A3A0A5D8E39D7B3451D92CC4C9F0B9EDC35D7E63E35C1318DCC9917D2D |
| SHA-512: | 02D9C9D6EAB3A865B28A2B2B02EAC8ACA2ECB0148AEB974FDB69640550AF64DC0580F21F24528F22F12E18CB47C2F6A542C50907FE4AA29CDA1FBAD3FCD8483E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.308246562365251 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX7ByZnGnZiQ0Y/73KoAvJfFldPeUkwRe9:YvXKXZcSGz8Ukee9 |
| MD5: | B44840BD6A2FC2E4BBECBCAD11EC77E2 |
| SHA1: | DBD2560ADCBCF59895E8BEAC5058A3AE2439ED2B |
| SHA-256: | CBA2D5DAED9EBBE1CD30FFA34B8CFDB445E46859A004F281EB96B0F67CCFD05D |
| SHA-512: | CF740C0E25C86342B4A3CB9A98F5A4EA8E660392A523E657DD68D17ED4A2DB23229539C854C431F8B697C6BB332839F37E579429D3A0FF1704F7E8EB55FC1C09 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1372 |
| Entropy (8bit): | 5.738865721842693 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X++KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNX:YvcEgigrNt0wSJn+ns8cvFJF |
| MD5: | 36C2F5C1994F6149926687AB8FCA6A30 |
| SHA1: | D71B466DC1D7E50653FF5BFA5AC94815478BEE22 |
| SHA-256: | 0ACD5D8D59FD5A6BBF7B3B19DCBFC2FF503554D873A7E4F6B75BDC64273A12B9 |
| SHA-512: | CC5D006A6995CA65D9938BADF19577699BA57243DD9CD54EC3CE81EDEE576E9A77638940DFFE3C267D4F6B7167755F60547A1C0E8058B2874BCD3A5357ECAC4F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.306363876633738 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX7ByZnGnZiQ0Y/73KoAvJfYdPeUkwRe9:YvXKXZcSGg8Ukee9 |
| MD5: | 7883AD374B52CCDC8C6DE165C0B14422 |
| SHA1: | EFB8C2B7748942EE0231ECCB6C81116DB0FEA35C |
| SHA-256: | B5C3C4C97281BD3618CC0ADD71CACE98934EBF98B166B463C5EF9F57DF95AB2D |
| SHA-512: | 6B3537FB70CADB1EA38E221D9FDCE5F112DD448D2D10775313AF9FD6A71F0AF6E6FF0DF5E834B87C889EC53ABEE94B81764ED800F4559C5B579A7912E1D19380 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.776647564570322 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X+1rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNv:YvTHgDv3W2aYQfgB5OUupHrQ9FJR |
| MD5: | 78C365EF5A092205B4D37E8ED21729DC |
| SHA1: | E08554B9DC8B985E9B54F70A967370BD154A364F |
| SHA-256: | 51134ACD8397CDB4903F2B8F08DFFA3CBDC918D4B414838D445FDCCFC5F398DB |
| SHA-512: | D3CE15B228C6A1287E34F83732B820CD15BD1C9C9E364501A8EA37C856E183A30081452DC271EEA35E05DA291127898687232992A16C247F54E00EC9A4CB6B0F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.289867236323864 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX7ByZnGnZiQ0Y/73KoAvJfbPtdPeUkwRe9:YvXKXZcSGDV8Ukee9 |
| MD5: | 5D44AD8484A201CB2BB4E9F7DA7EDF7C |
| SHA1: | E6588E1A19B6B01EC571DEE8DECAA65890C94C68 |
| SHA-256: | 06C0FC270CC38DCC2FE0379E5E4E0C1D668A894B5764F80C0A9DC4F5EB1D3B36 |
| SHA-512: | B57E98D68232BA61561235D9E1A885CB39AA4CE9825F58240EBB6F73AB4070C3ABF4E49D0EE5F5494E82A53E4203089F4749DDA4771E0F7E6D874B0AF3DE776A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.293022261582445 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX7ByZnGnZiQ0Y/73KoAvJf21rPeUkwRe9:YvXKXZcSG+16Ukee9 |
| MD5: | 5842FCC01F0F0C209088790C8DDDEA67 |
| SHA1: | 77F1DA6C9FBBFAD8094AEE6DB1A6384A3D7CA636 |
| SHA-256: | A81F3FF5262CD033EBEEAC0669119D64E1A8A5BBB35A63270344DEF3FF1A431D |
| SHA-512: | 82777FA98908149B6D366D81CCE0EB3B716AE2CD6B76329BFC33F635627396C69890AA5FDA0A3DE811A34FCFCABE7B429D73F9710ACF6CDFCF6DDA5060378C24 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.312905187317665 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX7ByZnGnZiQ0Y/73KoAvJfbpatdPeUkwRe9:YvXKXZcSGVat8Ukee9 |
| MD5: | 0CC93035EB8F4B7D4FA832AE31658B07 |
| SHA1: | E0A727EF2AF1F28D4C2D157CBF4F8CB2B008835D |
| SHA-256: | 33802A687D21D54288E380A4C4A5CC006889A91CA1ECF3D5F53AED49B3F6EDC4 |
| SHA-512: | A7683235F2D8EC68E024A77EDFA8DD1288DFC91B83208F8DE2D196B4D06F43C616FF3608249A8055104781A64FE3ABD88499758CCC840EE096B5FC42273E1095 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.269128959239964 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX7ByZnGnZiQ0Y/73KoAvJfshHHrPeUkwRe9:YvXKXZcSGUUUkee9 |
| MD5: | 54A7A1B61120FB558321E5162451DFCA |
| SHA1: | 8790200A60B5093F4E0DB7D235E5B73AA859187A |
| SHA-256: | 32B4FDA81E597A250A06211C712F02421703288D809C6F50EFA46D3080CE742C |
| SHA-512: | ED43C1894A8BD9890F6B4CC8EF443CF2BB6539BBBDA28C438714F89146162C26A2F59C980363C98965D144E5A1E41D05EFAA3910F55FC5E905AF96340BA2EDE9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.366800279794571 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXZcSGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYAn:Yv6X+c168CgEXX5kcIfANhy |
| MD5: | 1278FE88FC3E3132E7E0B111AA00142F |
| SHA1: | CE3B7C6B26D19A82E035C8F8A315AF401E35A984 |
| SHA-256: | E32DDF24A4418206446669B639D011A15D22E7D35E9BA5FC5AB6C892034D02D8 |
| SHA-512: | 3FAA1E01D0AD23BDDCE0E47D6E463FDD7408CB28FEAE0424B74D308C765C0C009BE289533ACEBC0E8D468F1AFF2B2F90A6CE3156627AC4A86A999CEFAF9C9B55 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.134564303751403 |
| Encrypted: | false |
| SSDEEP: | 48:YyXzkUNDQ4GOuajgwrQpDGgFoMCvMecuk9UPd3:RNNDVGOuajgwrQpDGgF4vXcrUPd3 |
| MD5: | A4B87D2EE5DA1543F8EC1C72F88CBFCF |
| SHA1: | F353E1588750ADF738D35BC1A7F8E91FA2D541EC |
| SHA-256: | 6547A3EE43FAD75A38F5356A35F659016AE89C7ED50D4AE25D9D75190C0F678D |
| SHA-512: | 50340A8DF5C546482495364867B1038A5E933B2D0F691E561E08432F7068671B07EB5AAC8863CC70C2E4A058C7831DD812ADC946F832AFCEE21726E70913A222 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.1460718766523519 |
| Encrypted: | false |
| SSDEEP: | 24:TLhx/XYKQvGJF7ursjOLRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudG:TFl2GL7msjOPXc+XcGNFlRYIX2v3kwOh |
| MD5: | B59770DC33DB124C85960C2CE0D61B6E |
| SHA1: | 51130F455AC8A192D52EB62022F1B922E62DFB04 |
| SHA-256: | E75F699FE028BC556F1563650EB416BA39C0EA96D262C7BC94B5BC815A8CCC82 |
| SHA-512: | 19ECEF2BA0622B363D86DB53D754C6A6167905C8DC4C08C0ED42ED011158136675EB8243061344E5FEC5AB565D67FC6B2B201D6900EE08BF234E5380586CE3A8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.5523796704408075 |
| Encrypted: | false |
| SSDEEP: | 48:7MkO4Xc+XcGNFlRYIX2vmVqVl2GL7msrf:7RO4Xc+XckFPYIX2uVaVmsrf |
| MD5: | 34EF303CD44C038DAF216E6147623194 |
| SHA1: | C62F466C4CA37525BCD99C8370EF6E646798E689 |
| SHA-256: | A78A3E211F440B058D31B07EA5FBADACFACAA6D6DF014C9327EF0C02A11CB505 |
| SHA-512: | AD92FD9984857ADBDA013280DA17B8944B74C53C362C2EC6DB774FEF3A290E5A1981D14143182F5E9A4ED0B7A029F7E2E243ADFB00308EF85032CD4A4D4C54C8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5162684137903053 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+WlNDWNlH:Qw946cPbiOxDlbYnuRK8O9 |
| MD5: | 6D73762BF9343D533B9168B452DD2024 |
| SHA1: | 78298AAC75595F1A620BE2317745FACC2D321587 |
| SHA-256: | 7EF33D4C68623F61BF43FDB76900DA9CE55E4FB98CA61562D933719CA6B5B578 |
| SHA-512: | CC375A6E4FF1DEE02690215486E20054DE1CB2FBFF58D029039B97030C1F53C49191FEF094FF1FE32EA6EE1F337C9AB58EBD8AAC44663FAA2C469B3C3E0C591E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 20-05-35-364.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.338264912747007 |
| Encrypted: | false |
| SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
| MD5: | 128A51060103D95314048C2F32A15C66 |
| SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
| SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
| SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15114 |
| Entropy (8bit): | 5.35047910748454 |
| Encrypted: | false |
| SSDEEP: | 384:izHyPDG/i1VQBY5SZ20mKvfkLuutYyKtUTUm4gGvsKsDMDbDIDbD9D0DyVD1DwDB:Z1pwnMnxoiZkZ0RZPA |
| MD5: | 74EC8EB0EE03168ABC490F067BFE94A8 |
| SHA1: | 4642C64E73BA55CD9BCC645E2687D21CB1FB9474 |
| SHA-256: | C773F05BFAB045004048E19D9F62249CB640DCB75F70FD78FF0024A367FE8136 |
| SHA-512: | A286F166292D897655A5FDE49551A5DFACAE0C6D3E56FB26F55907AB3986D7E0242552D0042B92EA72351126617C3948766DD690ABBBA8A31CB69B26603EF7D7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.391680177731578 |
| Encrypted: | false |
| SSDEEP: | 192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbVDcbGIAycbF:V3fOCIdJDeIAN |
| MD5: | E5E9698F7D3769201B04D56E57BE79D7 |
| SHA1: | 3067AABE8DDE3B82DF8B41B7102FBEFFECD4CB70 |
| SHA-256: | E12481D61E8CF31ACA303749AE15A631C195469E1B8C74BE9798DE5DFE6DEB3E |
| SHA-512: | 000F544069BD19F0C331AA116D7DE999647875A871374C0BEC93A55D40DA9DF73DC6171008B1D5ACA1352C703F32EA05915D0C8CFF001A05A661232B7CCC3FDD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
| MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
| SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
| SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
| SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/n5ZwYIGNPzWL07o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tGZd:xZwZG5WLxB3mlind9i4ufFXpAXkrfUsb |
| MD5: | E78E4D1CA18BE28748F65C3A192DAFB2 |
| SHA1: | 78AD6025CB470EFB9ECA8FF1ED41F617372D1F9F |
| SHA-256: | F4B25F5C5BE48E151080D9CC24C8A4662CBB591A6B32037DB8D7ADE1828D8849 |
| SHA-512: | E170C9BD3B6BB575244FCD380334D763C30352586F60824A67868EAE8E895BE0601D51670FCC304724BDF321CE8EF64881E606C9CF4C18C5817DFB5A679E44D6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 5.506408771390335 |
| TrID: |
|
| File name: | ._Obaid_WFH_Check.pdf |
| File size: | 798 bytes |
| MD5: | 135aea7d3ab6368acc4401188bb632cd |
| SHA1: | 52d383cc3b8a105da7e3f41bf079200ed934f3ec |
| SHA256: | 9e4dcd1447cd76cb8f455f24e53942f6d84c65ce0c826f863ee84a8fec91e395 |
| SHA512: | 4be12b9afa98591e3a1fcadad8de141364f4a895f405d845843c0f22bb563512b1731fea97d29171498a837d8e558790c91b884677f8ecefe2962188fc1ddc2c |
| SSDEEP: | 12:Pgq/6wziv1xOicCRiELMdu4EELaGQeN3e5cSzgqbF3cqxhPZX0SX1UKVDbYB:Pg5l9x9csTQGGQF7zfJ3ZxXv/DQ |
| TLSH: | 2A018374AA4000B0CE46C3F650833DEA2D738A79CDD1AA52BDFBED080E807C62BA0142 |
| File Content Preview: | ........Mac OS X .........2..................................................ATTR...............:.......................H...com.apple.macl......,......%com.apple.metadata:kMDItemWhereFroms............com.apple.quarantine.......|SOc..... ........... |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 25, 2024 20:05:47.146153927 CEST | 49710 | 443 | 192.168.2.6 | 184.25.164.138 |
| Apr 25, 2024 20:05:47.146194935 CEST | 443 | 49710 | 184.25.164.138 | 192.168.2.6 |
| Apr 25, 2024 20:05:47.146323919 CEST | 49710 | 443 | 192.168.2.6 | 184.25.164.138 |
| Apr 25, 2024 20:05:47.146735907 CEST | 49710 | 443 | 192.168.2.6 | 184.25.164.138 |
| Apr 25, 2024 20:05:47.146749020 CEST | 443 | 49710 | 184.25.164.138 | 192.168.2.6 |
| Apr 25, 2024 20:05:47.479700089 CEST | 443 | 49710 | 184.25.164.138 | 192.168.2.6 |
| Apr 25, 2024 20:05:47.480426073 CEST | 49710 | 443 | 192.168.2.6 | 184.25.164.138 |
| Apr 25, 2024 20:05:47.480463982 CEST | 443 | 49710 | 184.25.164.138 | 192.168.2.6 |
| Apr 25, 2024 20:05:47.481527090 CEST | 443 | 49710 | 184.25.164.138 | 192.168.2.6 |
| Apr 25, 2024 20:05:47.481585979 CEST | 49710 | 443 | 192.168.2.6 | 184.25.164.138 |
| Apr 25, 2024 20:05:47.485790014 CEST | 49710 | 443 | 192.168.2.6 | 184.25.164.138 |
| Apr 25, 2024 20:05:47.485882998 CEST | 443 | 49710 | 184.25.164.138 | 192.168.2.6 |
| Apr 25, 2024 20:05:47.485997915 CEST | 49710 | 443 | 192.168.2.6 | 184.25.164.138 |
| Apr 25, 2024 20:05:47.486005068 CEST | 443 | 49710 | 184.25.164.138 | 192.168.2.6 |
| Apr 25, 2024 20:05:47.527523041 CEST | 49710 | 443 | 192.168.2.6 | 184.25.164.138 |
| Apr 25, 2024 20:05:47.596396923 CEST | 443 | 49710 | 184.25.164.138 | 192.168.2.6 |
| Apr 25, 2024 20:05:47.596458912 CEST | 443 | 49710 | 184.25.164.138 | 192.168.2.6 |
| Apr 25, 2024 20:05:47.596525908 CEST | 49710 | 443 | 192.168.2.6 | 184.25.164.138 |
| Apr 25, 2024 20:05:47.598177910 CEST | 49710 | 443 | 192.168.2.6 | 184.25.164.138 |
| Apr 25, 2024 20:05:47.598196030 CEST | 443 | 49710 | 184.25.164.138 | 192.168.2.6 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49710 | 184.25.164.138 | 443 | 3048 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-25 18:05:47 UTC | 475 | OUT | |
| 2024-04-25 18:05:47 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 20:05:31 |
| Start date: | 25/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff651090000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | false |
| Target ID: | 1 |
| Start time: | 20:05:35 |
| Start date: | 25/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff70df30000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | false |
| Target ID: | 3 |
| Start time: | 20:05:35 |
| Start date: | 25/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff70df30000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | false |
⊘No disassembly