Edit tour
Windows
Analysis Report
Bestaetigungsanfrage.pdf
Overview
General Information
| Sample name: | Bestaetigungsanfrage.pdf |
| Analysis ID: | 1432063 |
| MD5: | eefd99f1a07e5fc5de1df35d1443916b |
| SHA1: | 6851a5630d062b243ff87a3cb056a5b6d7607042 |
| SHA256: | eec6d591b1bb4f40410e1fab78d03e609578add871aaf3beabbef19ff8fee3e5 |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 2232 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\B estaetigun gsanfrage. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 7260 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7488 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 04 --field -trial-han dle=1724,i ,658775101 8619387655 ,436118406 0487084135 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.196.176.131 | unknown | United States | 16625 | AKAMAI-ASUS | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1432063 |
| Start date and time: | 2024-04-26 11:16:56 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 10s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 13 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Bestaetigungsanfrage.pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@14/41@0/1 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.193.120.142, 107.22.247.231, 54.144.73.197, 18.207.85.246, 34.193.227.236, 162.159.61.3, 172.64.41.3, 23.219.155.148, 23.219.155.165
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, p13n.adobe.io, geo2.adobe.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Bestaetigungsanfrage.pdf
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 23.196.176.131 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | ROKRAT | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Havoc | Browse | |||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AKAMAI-ASUS | Get hash | malicious | Vidar | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.24578951170464 |
| Encrypted: | false |
| SSDEEP: | 6:6p+q2PCHhJ2nKuAl9OmbnIFUt81+Zmw+16VkwOCHhJ2nKuAl9OmbjLJ:NvBHAahFUt8c/+c56HAaSJ |
| MD5: | 23FBDAE0E04A7E2BA9269DA4C9DD2BC5 |
| SHA1: | B753AC8DBBE8DEDB972735A69C04FA389149C51A |
| SHA-256: | 1A6D196B00CC2BEB952C977E591D517971FD7641E59C4CFF2B88E3A0B25290B6 |
| SHA-512: | DEDEAC5463EDC5CD0C31DD4A71332442664D5827A36A584C701377A2808F772F7989C9EFAE04123BB0EA57D1823E41E038316DB674F05433F943E70FDB94082E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.24578951170464 |
| Encrypted: | false |
| SSDEEP: | 6:6p+q2PCHhJ2nKuAl9OmbnIFUt81+Zmw+16VkwOCHhJ2nKuAl9OmbjLJ:NvBHAahFUt8c/+c56HAaSJ |
| MD5: | 23FBDAE0E04A7E2BA9269DA4C9DD2BC5 |
| SHA1: | B753AC8DBBE8DEDB972735A69C04FA389149C51A |
| SHA-256: | 1A6D196B00CC2BEB952C977E591D517971FD7641E59C4CFF2B88E3A0B25290B6 |
| SHA-512: | DEDEAC5463EDC5CD0C31DD4A71332442664D5827A36A584C701377A2808F772F7989C9EFAE04123BB0EA57D1823E41E038316DB674F05433F943E70FDB94082E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.215744969535507 |
| Encrypted: | false |
| SSDEEP: | 6:yReq2PCHhJ2nKuAl9Ombzo2jMGIFUt8vbZmw+vCFkwOCHhJ2nKuAl9Ombzo2jMmd:3vBHAa8uFUt8D/+W56HAa8RJ |
| MD5: | 0F6CDE2D7135C67E9C615860CE37BD82 |
| SHA1: | 539C572CF3972BA65F047E8DB09CF68B2EE3BE3E |
| SHA-256: | A60E02A3E53847F772D33F4C060FF076B72A88347C361FA87547841DAF43AABE |
| SHA-512: | D5B33A56905A4BE53DAC204AFEE85CF587D72E3247AE2740B8A0FF829EED2D444430C85D7614E5B2C97F9AF8C685D5EFEBD447C8DE896C241FC9571597AD4B9A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.215744969535507 |
| Encrypted: | false |
| SSDEEP: | 6:yReq2PCHhJ2nKuAl9Ombzo2jMGIFUt8vbZmw+vCFkwOCHhJ2nKuAl9Ombzo2jMmd:3vBHAa8uFUt8D/+W56HAa8RJ |
| MD5: | 0F6CDE2D7135C67E9C615860CE37BD82 |
| SHA1: | 539C572CF3972BA65F047E8DB09CF68B2EE3BE3E |
| SHA-256: | A60E02A3E53847F772D33F4C060FF076B72A88347C361FA87547841DAF43AABE |
| SHA-512: | D5B33A56905A4BE53DAC204AFEE85CF587D72E3247AE2740B8A0FF829EED2D444430C85D7614E5B2C97F9AF8C685D5EFEBD447C8DE896C241FC9571597AD4B9A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.968905002143363 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZ0ZsBdOg2H2caq3QYiub6P7E4T3y:Y2sRdsnKdMHJ3QYhbS7nby |
| MD5: | 99C20B5298B6370EA93FE5EE53CD1702 |
| SHA1: | 988B9E59F33E41B75A82895A13F44A77DA418BE5 |
| SHA-256: | D6C8F778778690D308593DCB758A55CCA8FF120E13B62B639CDDEDC9BF938EEF |
| SHA-512: | 6D8FDA5E176CC10C9BB2E88641DD1B7481AA100D76872E39CD490E43CAA5E00278334C3060309B1A008A990AB3F5DA7CB00E3F44C39BEBFE9B01F67DD1E7940C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c82d34e2-7a62-4a9f-8e9b-80d40cc40d85.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.968905002143363 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqZ0ZsBdOg2H2caq3QYiub6P7E4T3y:Y2sRdsnKdMHJ3QYhbS7nby |
| MD5: | 99C20B5298B6370EA93FE5EE53CD1702 |
| SHA1: | 988B9E59F33E41B75A82895A13F44A77DA418BE5 |
| SHA-256: | D6C8F778778690D308593DCB758A55CCA8FF120E13B62B639CDDEDC9BF938EEF |
| SHA-512: | 6D8FDA5E176CC10C9BB2E88641DD1B7481AA100D76872E39CD490E43CAA5E00278334C3060309B1A008A990AB3F5DA7CB00E3F44C39BEBFE9B01F67DD1E7940C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4288 |
| Entropy (8bit): | 5.226985774917357 |
| Encrypted: | false |
| SSDEEP: | 96:S4bz5vsZ4CzSAsfTxiVud4TxY0CIOr3MCWO3VxBaw+b/zqI0ZFbhcIsDZZ:S43C4mS7fFi0KFYDjr3LWO3V3aw+b/zf |
| MD5: | F69BF2563F495CF1538D0B792244FDCD |
| SHA1: | 37B24597CBE472C68570D03CFFA4EAA46974A474 |
| SHA-256: | EC9B177E423FD4C635C80D14F782E6E3FFEF23D15CF6FBE4160487EF1DBF8262 |
| SHA-512: | 70DB1D9C9CCF058BBE948CFC0AB383E1355E7EB9822C450445061544379EBEF055DCE2781FDD84006106A5B1BF5BAF2D4A76E95CC095281900C7FE71895D48A0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.218137797648236 |
| Encrypted: | false |
| SSDEEP: | 6:01cq2PCHhJ2nKuAl9OmbzNMxIFUt8pHFUNZmw+pB1kwOCHhJ2nKuAl9OmbzNMFLJ:01cvBHAa8jFUt8pHm/+p/56HAa84J |
| MD5: | DA512ECD6A3AE1DD87F599A3A1ECD067 |
| SHA1: | C7C49C026D8AA4DF357470B238299FDF93B6F866 |
| SHA-256: | C160A44BA41AB5780C7ABCC6A69FBDBD20BA847FE5D602C419BE43FAF8495C06 |
| SHA-512: | C7EB97974381C33F173EAB934FD220E37DEBADFFDC2F84C47B7BCDB70EAC7F89D7EDCC332045746DB2C2BAC228BFD7712206AB8642AE516567E79E9CA4BFCD98 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.218137797648236 |
| Encrypted: | false |
| SSDEEP: | 6:01cq2PCHhJ2nKuAl9OmbzNMxIFUt8pHFUNZmw+pB1kwOCHhJ2nKuAl9OmbzNMFLJ:01cvBHAa8jFUt8pHm/+p/56HAa84J |
| MD5: | DA512ECD6A3AE1DD87F599A3A1ECD067 |
| SHA1: | C7C49C026D8AA4DF357470B238299FDF93B6F866 |
| SHA-256: | C160A44BA41AB5780C7ABCC6A69FBDBD20BA847FE5D602C419BE43FAF8495C06 |
| SHA-512: | C7EB97974381C33F173EAB934FD220E37DEBADFFDC2F84C47B7BCDB70EAC7F89D7EDCC332045746DB2C2BAC228BFD7712206AB8642AE516567E79E9CA4BFCD98 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426091754Z-161.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65110 |
| Entropy (8bit): | 1.2192615175664085 |
| Encrypted: | false |
| SSDEEP: | 96:K3sHMMMhSLbL8MzMMdMQMMEMZn4tMEMbW06wGTmiM6JHijJ/8WMYMAMM3MvMyj0J:dbV33XcKcElF7l |
| MD5: | 0FF6A972577BA275B396B8F20097A2A7 |
| SHA1: | A943AA577735C261D8972F2A61E9833BAE2B429E |
| SHA-256: | 74DB72718FBFF484342A31D9FC7F776E0B3EEAC0A184140E41AD21D00259EE6A |
| SHA-512: | 839D8EDFA19AA67256C44AB302CDC837E526A90D2A10EA1D04206D9CCD95F4EF9055074DB0DC91E91BB8B60D0A5F7F41628A7E6581EEBCEB2FC9750C9F568206 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 227002 |
| Entropy (8bit): | 3.392780893644728 |
| Encrypted: | false |
| SSDEEP: | 1536:qKPC4iyzDtrh1cK3XEiv07VK/3AYvYwgF/rRoL+sn:XPCaL/3AYvYwglFoL+sn |
| MD5: | 27094DF6D14B4D6728D59FFC4E31294B |
| SHA1: | CC768A8693F9C122496C2BE949E13F0C36AE7888 |
| SHA-256: | B26846BECCDB3792F05A996D2863C7A1D286BD9F997DBC2112604EBDD206FEAC |
| SHA-512: | 681F8D3F21AF1B1898F6572DB44AE92CF2AF56B3E8C9421C679DF0962A6CABE44753A5327368DAB97BC9AF997EFD86B803847285BB64F427196C65C8B0348BE8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.352003303872756 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX44E52WO2vB3/dVlPIHAR0Y/8goAvJM3g98kUwPeUkwRe9:YvXKX43U2vR/ZwHAorGMbLUkee9 |
| MD5: | D64F1D9EFDA28956A476FD7D88B92FFF |
| SHA1: | A439AE72186ECE90BD92040CA22F59454CD68B7D |
| SHA-256: | 9FF0B45A2203B63528F7FF5B0E547A23EC1FF01E7F90147547892F8A63647A38 |
| SHA-512: | 42745CDF04A9E609B5D6B554CA6329BD839E1A24158F463F2EF8A4C8B5A957E114607035E6B33D918376B02AC3A9FE7FE0247CF1CE0B0CB8F65E4370D52D1AC7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.291648106497895 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX44E52WO2vB3/dVlPIHAR0Y/8goAvJfBoTfXpnrPeUkwRe9:YvXKX43U2vR/ZwHAorGWTfXcUkee9 |
| MD5: | 0012AFDA8D3EFCB2B5358CB54B77520C |
| SHA1: | 4761DCAE773524F1D433EA4C4F473F51F59C5638 |
| SHA-256: | 7B2A2A5208644BAFAD3B1E1D3CBD9EF2DD725449230B6759BA798A0CF6FD11DE |
| SHA-512: | CC696AD9A6DCACECEF07429A83CFBEC7E6563A693676816BAFA623F8016963758C79DCD1617DEFD865A1F8C9FED660AB7D117778D90850B2D7A1A425152D4477 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.269600706497255 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX44E52WO2vB3/dVlPIHAR0Y/8goAvJfBD2G6UpnrPeUkwRe9:YvXKX43U2vR/ZwHAorGR22cUkee9 |
| MD5: | DF24D92DD3E6E976DD24B09F5EC0AE86 |
| SHA1: | DEEE81617A6F0ECDBCC6E15296B35A6D5DD63D8D |
| SHA-256: | 7B7AC1ADFF7E4360B30DDF021093FD26302A31F2994526F1656BF5FBE19E5ABF |
| SHA-512: | 529A2F1374B3CFE1B1906C0127A50BE8BB410FF5BACB15A02715D1C48B7856D4AD04B64E8375CAFBC1E777BB4D71DFB53E42CA422AE4CCBD18723C1ED0853E63 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.3285532510340365 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX44E52WO2vB3/dVlPIHAR0Y/8goAvJfPmwrPeUkwRe9:YvXKX43U2vR/ZwHAorGH56Ukee9 |
| MD5: | 79FF3D51997F6E119A9F257512C1AB25 |
| SHA1: | 5DE5DC5DFB2CD95FFE5CECCB5072AF4E15EAE513 |
| SHA-256: | 2C91A94E7A24603C11F07B03971B14BD36CD5AEBB042DAF77CE0A2665F713146 |
| SHA-512: | B8EFF0F44590EE604FA15735461F273AADB7321B6462332B2E4F8C9FDFA173ADBF47DC66CB32443B139846FA9803DA05BC3022544DDC83BB176AE64CC56BFFB2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.294815684479312 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX44E52WO2vB3/dVlPIHAR0Y/8goAvJfJWCtMdPeUkwRe9:YvXKX43U2vR/ZwHAorGBS8Ukee9 |
| MD5: | DB13470460E8A63779FA5C7E2EDD6D2C |
| SHA1: | 7B55D600EEA781653737E1F838694B72DD6261B6 |
| SHA-256: | E8A8E54DAB77D12EBAF0905935A52DF3B1AA964B2DFE8A7581E6E4EB4AC60337 |
| SHA-512: | EBC6E879912A00405E22831D9A0317B954D88F2F5869045D01E5B8EF7F044EABAB7F4DBDFA74A5742A38596A647953415AF4E7A310C8057A381555967491A2E8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.279391207971392 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX44E52WO2vB3/dVlPIHAR0Y/8goAvJf8dPeUkwRe9:YvXKX43U2vR/ZwHAorGU8Ukee9 |
| MD5: | 9C4B026908A8B9077BCBB3328AFC086E |
| SHA1: | 5CC5CC015A26420A6D51FAAE6F886DAFD93F49E4 |
| SHA-256: | 42069FAADF2755F1518AEE9494FAF29B29193DD9540B6A95D954FD9BA6023A1A |
| SHA-512: | 3684111057C2F8E1DCD5CC1A6B42775096850DEA6DD57AF0E229F90F58307414BE5CCEF7B4552F269FDAD849BA6CF8202BBCF4AE91B904D9021DC170FE8A99D8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.278590907159025 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX44E52WO2vB3/dVlPIHAR0Y/8goAvJfQ1rPeUkwRe9:YvXKX43U2vR/ZwHAorGY16Ukee9 |
| MD5: | 84D52A734862F0E95068F83439D93617 |
| SHA1: | 5952B597D3E4EE9CB5F04FE2CEA5D87562187CEA |
| SHA-256: | 72689B878DF4DDE9021D2613B92CB994CEEB633646D84C1D2F46617379221DC1 |
| SHA-512: | A5184282DB4D0A17FE36187C17E24BFE28951D0358AC93240051DF3E50A35D93A7ACB82BB0F20B1755F11DBBA53615DF63BA8C49119C6A67FD8FE84398EC994F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.29486395410216 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX44E52WO2vB3/dVlPIHAR0Y/8goAvJfFldPeUkwRe9:YvXKX43U2vR/ZwHAorGz8Ukee9 |
| MD5: | 7E15A17223248909E4C8420E169870FA |
| SHA1: | 869DA3313FA48B0AFCD4D839314EBAD27FEC6740 |
| SHA-256: | 6ABA7094414119D5CC2298A259FACD60957D4F6724C10D7288D53FD9B7263174 |
| SHA-512: | 733C64D4BA48E339983603C115290FA8AF0E78483CF3339A4C94BC77547CC903A745A22C25EDBB7E69731657512A7D4F95B80E197DA48BEAF8C93A8BCD645BB5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1372 |
| Entropy (8bit): | 5.744269280993622 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X4LJhkzKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNU:YvFJhcEgigrNt0wSJn+ns8cvFJ6 |
| MD5: | C6B4FFED9CD45AF8B43912864C7D4484 |
| SHA1: | 30A38C2BE646FAFCD61E746A1A1BBFAB2C4A4546 |
| SHA-256: | 4A9D0B600B011E268C7FA28BF189B82BBEE8E726A4E7A6CE8CB529C6B4F20B05 |
| SHA-512: | B33AFE69D18B4564BB674BC547765968313CC287B72E1F3A951879CB9FFD31C93A9BA8923329658ED67757A80DD655EF8D950C7219A10E568DA59E522A3C477B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.288840336735978 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX44E52WO2vB3/dVlPIHAR0Y/8goAvJfYdPeUkwRe9:YvXKX43U2vR/ZwHAorGg8Ukee9 |
| MD5: | BD32C4AA3628DEE5C323EF2D76432903 |
| SHA1: | E4CB41D823913C25DC48A6FD75DA8B0BB70D3CCA |
| SHA-256: | 20AA67F45649397E37AA6025ED39F8E9C567B7983A501B5D8C0F0F2498CB8CC5 |
| SHA-512: | BD7715FB22E1A9C3EAEF0C82B774AC226FD25703F7997C3C353434798522BC2DBB46AEF6596644F69B7060E9C685BE7A94B879E8573BF24BDD39EBD49DB9B2CD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.779513963854262 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X4LJhkOrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNs:YvFJhTHgDv3W2aYQfgB5OUupHrQ9FJm |
| MD5: | 6246F30F685AFC30DC58B3F4EA60B6AD |
| SHA1: | 6A0F42DDC4BBDB3DA620A64A5C2DFF8DCED50FC5 |
| SHA-256: | 7B5A46349F130F922F808D3F3955ABBFFC5DA962D9CE7941AF88C0B3F812F7DF |
| SHA-512: | 1ED715126D4A8353CEF6F0D2EE8EA37833485F64FE6E9D29FE1EA75D0EC074AA4273969B903B7ED2F10DB48CF7E7D3B2AB4FFDE2EAB8F9770956FA18D28B88BE |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.272464133126433 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX44E52WO2vB3/dVlPIHAR0Y/8goAvJfbPtdPeUkwRe9:YvXKX43U2vR/ZwHAorGDV8Ukee9 |
| MD5: | DAC063F105DB3FBB60092D171DEC7E94 |
| SHA1: | 7420AD817980C176B20CF5ACF3C11DB07C8364D8 |
| SHA-256: | 6EF05F5D75D34CA01754647CDE999DE40801BE29170BB31E321817C29C12C870 |
| SHA-512: | A3B7EB66EE68BEFDC936CB24DC3C25A55EB81D3078681D72FB1BD4F3E3CB299A180BB7138EC56EB6DF71EDAB782D8ABA83AD971C254549FD3CD7424A909D791D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.271352615962566 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX44E52WO2vB3/dVlPIHAR0Y/8goAvJf21rPeUkwRe9:YvXKX43U2vR/ZwHAorG+16Ukee9 |
| MD5: | AC6CFE92FDCA5F96AABB9366461EEE4E |
| SHA1: | 27F0A01D603938F6CAA3B73DFA094A3559393812 |
| SHA-256: | 0DDAFA209B349CEA68FA598128A38A3E5ACCB7DE873723E8850205B02D4F2C0B |
| SHA-512: | 82F28F15151A02D43F77AA7FE5D61852CAB962218FFF5D41EC1B82B2D9043E589A8949A534840E0A211CEE1E4FFF866DB4FB9420133F4DE279CED99DB415AD56 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.295069442453179 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX44E52WO2vB3/dVlPIHAR0Y/8goAvJfbpatdPeUkwRe9:YvXKX43U2vR/ZwHAorGVat8Ukee9 |
| MD5: | CD0E1DB4A14E55DA9E0C6AF20D3F550E |
| SHA1: | 2BB54C520B247A0943832842C0A9B4FF7863C44F |
| SHA-256: | E095BF7B15EFB2A0387BFF08F79DEF53FF14275965CA7DE6D1ABCF68BA27744A |
| SHA-512: | 28FCED590F3F6C2F2875A0C0DA275EF66D9829155EB5DCAC687261CA245C506E6E6256764851EB0CEEC6A1FF3FBF102DAE7D2FDDD859A718E7276BF0FEA484CA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.24632268014875 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX44E52WO2vB3/dVlPIHAR0Y/8goAvJfshHHrPeUkwRe9:YvXKX43U2vR/ZwHAorGUUUkee9 |
| MD5: | 60F239995AD0F2E7C0252627FAA084BF |
| SHA1: | 6ADD8EB7D0D57605F081F6DBD84723F0D911853F |
| SHA-256: | D7B533AEC2F131946E3F2DD2986EDF624CCA911E9276C3C94591E0E0F654109D |
| SHA-512: | A1B382B97FCA201341A8D47FC0C1BFB712B29DCE88F8DE015EEDD9FEAFCE6C5BD7E2B49070B899EE918AA145BAF8558A7455B149DE53102DB009C694720A862E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.3720457522028955 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKX43U2vR/ZwHAorGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWy1:Yv6X4LJhkL168CgEXX5kcIfANhR |
| MD5: | 6C3AD3176493A05934470947B931908B |
| SHA1: | B9CD62986F3D27AF56E5FC924084C87F25451C87 |
| SHA-256: | E0C9062A73A03553DCAA47D5C7754E4B3DBB27667C94C69A6A12DF7022BD1C9C |
| SHA-512: | 1CAFA38F62ECEC6A531B4A5BE86EADE039C86760B8FE756B8AF99A52ABE8978052BB6084EB7F687AA288D64195D522C91A751570464A15D7D55CDC807ABA3F67 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.131394607842184 |
| Encrypted: | false |
| SSDEEP: | 24:YvJJzQxC9XaX/VEzaaaMVUEayOudGZu5muzujmO7j0SaEuC2f2LSEUWesMB5ohnA:YQSqeD5405REdXNSSIBeR9UV |
| MD5: | D7C4F5CEAEE364D55DB3AA13A27542CB |
| SHA1: | 848EFA6925AE1972F5D1C788720ABB59D0C915F4 |
| SHA-256: | CBEDD4DBED3FD74C82917863B0EE321EF52CBBB61A5B65E6A06C93B149F21CCD |
| SHA-512: | FC0184345139D23E51405E5A0624C469765B740E2E665D2D09CCAEC82BEE9826CAA8B5792DBD292F3FD499B1AE5C0787ABBDA75B259D998CEA4481A0E82F8FA8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.3184293147949788 |
| Encrypted: | false |
| SSDEEP: | 24:TLKufx/XYKQvGJF7urs9Ohn07oz7oF0Hl0FopUEiP66UEiPbnPnNknNMe5ntqVph:TGufl2GL7ms9WR1CPmPbPah5typilIfF |
| MD5: | CA4A1F4B76E6C2135EFAE03CCC237E6B |
| SHA1: | 9FD019F980E155965D651865D4BDFC37D642C23C |
| SHA-256: | 952F5A3558DD4BF99C18B6D99A8F42BD967B8838AAFDAB671F9F794096CD9E48 |
| SHA-512: | 1A684A6AA3B221C2E320D7C7B1BF679A1B0ECF71A48D6B31EA684ED83A927545414BF876343FED38829C7128B3FE5F7D4F561E921F7F3D20C0F151A5B75B5830 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.78074836919879 |
| Encrypted: | false |
| SSDEEP: | 24:7+tmlhn07oz7oF0Hl0FopUEiP66UEiPbnPnNknNMe5n4qVpaVrScVr0InIqLhx/o:7MNWR1CPmPbPah54ypilI9qFl2GL7msm |
| MD5: | A9304C9D97AC5B36D3890D265614B16D |
| SHA1: | 601288ACA14557B2524788A4A7B255B44E377F65 |
| SHA-256: | CA136C95364D8F43F8DC45AADECC2F2A9265056C189D36479FB29C8559BABEF1 |
| SHA-512: | 369BF902DA98210C56E52A1884AB01262D6B149BB69723E0E56B759B3DC12852970E9E9DA6A767BC9DEB1AE1D0C2050D61933C20C0117B9A658CDD450D5DB721 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5162684137903053 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8mdWag:Qw946cPbiOxDlbYnuRKvS |
| MD5: | E881554E528BAA75B271C92B3E23E2E1 |
| SHA1: | FF085F040BB1E617752C51D03A0C0A736077E2BF |
| SHA-256: | 110750951D72C560BE40F220C9A9E2D7495AAB87E27441AEE79A95E7FCB4E10F |
| SHA-512: | E06CCD07CF19157171BBE11E519B4232B72F663A72B1D5062450F537CE4938B326D52720A27A8D8E1A6BA6B5FCB9C1159B95D1BC360FBE3FE5A4D7E0FF844975 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 11-17-52-338.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.33860678500249 |
| Encrypted: | false |
| SSDEEP: | 384:IC2heaVGJMUPhP80d0Wc+9eG/CCihFomva7RVRkfKhZmWWyC7rjgNgXo6ge5iaW0:X8B |
| MD5: | C3FEDB046D1699616E22C50131AAF109 |
| SHA1: | C9EEA5A1A16BD2CD8154E8C308C8A336E990CA8D |
| SHA-256: | EA948BAC75D609B74084113392C9F0615D447B7F4AACA78D818205503EACC3FD |
| SHA-512: | 845CDB5166B35B39215A051144452BEF9161FFD735B3F8BD232FB9A7588BA016F7939D91B62E27D6728686DFA181EFC3F3CC9954B2EDAB7FC73FCCE850915185 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16603 |
| Entropy (8bit): | 5.331751213559485 |
| Encrypted: | false |
| SSDEEP: | 384:HdhYpNps1Gmx6EX93ZeM7h0kU3+Py1yly3y2y9yfypyjyLyJyaybXPYmg6CY1Iig:FMd |
| MD5: | 29D38D30E272241D6961D02E4C095A90 |
| SHA1: | E95DB59DD54AA0B09C9CD901E086F2AB6FCF107B |
| SHA-256: | D866BE7995E7ABC09FBED18ED766A8B556B3238AE2003AF339AF8CED53CFD5F6 |
| SHA-512: | A19627E927A4032AA371403E8DDDC8195D7A34E961E192C709964D507E7F0E0041D5F3D049500901FDCA7D949233A268FE06CB972D0A4C33AF393E0C74BF6A24 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29845 |
| Entropy (8bit): | 5.413306838979887 |
| Encrypted: | false |
| SSDEEP: | 192:TcbeIewcbVcbqI4ucbrcbQIrJcb6cbCIC4cbycbYI39cbb:ceo4+rsC732 |
| MD5: | A231ADA6081ECC65FD1CA4A19232DF91 |
| SHA1: | 14EC23457BBFF5376F6FA8B7614F1EEFC8BE43C7 |
| SHA-256: | B158A61FB242205A31E69F5C0083E2FBCF50D06C1FB6A10B7965380ABBAEDD81 |
| SHA-512: | 6B861DBAE20125F6901BFA4F4015763506E034CCC57CD9034EAFE1AF676B5446B54E07E35D634492F5012A1DA7749E11A9343C3A99BE829E633C0199A59CEDB5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
| MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
| SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
| SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
| SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.154655157755229 |
| TrID: |
|
| File name: | Bestaetigungsanfrage.pdf |
| File size: | 234'873 bytes |
| MD5: | eefd99f1a07e5fc5de1df35d1443916b |
| SHA1: | 6851a5630d062b243ff87a3cb056a5b6d7607042 |
| SHA256: | eec6d591b1bb4f40410e1fab78d03e609578add871aaf3beabbef19ff8fee3e5 |
| SHA512: | 0b55214e420362372aa8cc32d443749a3675523de2566af3ff3ece4669a67695f6314626e8cf0982edfdd0ff62ecf7a83a2779e264a4520af693d81f662bbbbc |
| SSDEEP: | 3072:rA2CI1AmUAZKf6+clVv2zaBbbX16n8s07rhqw:rAZ2ewX3lVe+5jwn8sS0w |
| TLSH: | D534AD17DC584AC7942D93FCBE025EFC2E0C6B5DE9956FEB44364F827A602279C0B05A |
| File Content Preview: | %PDF-1.5.%......1 0 obj.<</Type /Catalog./Pages 2 0 R./Outlines 6 0 R>>.endobj..7 0 obj.<</Length 17 0 R./Filter /FlateDecode./Type /ObjStm./N 10./First 69>>.stream.x..UKk.0...W.19..e..a....BiBZ......a..^m.....Q.t...z...F....9.Vp.uS..kS4..(.....+.L.Z..... |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.5 |
| Total Entropy: | 6.154655 |
| Total Bytes: | 234873 |
| Stream Entropy: | 6.096651 |
| Stream Bytes: | 229998 |
| Entropy outside Streams: | 4.810015 |
| Bytes outside Streams: | 4875 |
| Number of EOF found: | 2 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 26 |
| endobj | 26 |
| stream | 9 |
| endstream | 9 |
| xref | 2 |
| trailer | 2 |
| startxref | 2 |
| /Page | 3 |
| /Encrypt | 0 |
| /ObjStm | 1 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 22 | 0100000000000838 | b8901ae41fbf4780038b53a71c9410a5 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 26, 2024 11:18:02.904334068 CEST | 49715 | 443 | 192.168.2.8 | 23.196.176.131 |
| Apr 26, 2024 11:18:02.904366970 CEST | 443 | 49715 | 23.196.176.131 | 192.168.2.8 |
| Apr 26, 2024 11:18:02.904459953 CEST | 49715 | 443 | 192.168.2.8 | 23.196.176.131 |
| Apr 26, 2024 11:18:02.904656887 CEST | 49715 | 443 | 192.168.2.8 | 23.196.176.131 |
| Apr 26, 2024 11:18:02.904669046 CEST | 443 | 49715 | 23.196.176.131 | 192.168.2.8 |
| Apr 26, 2024 11:18:03.284708023 CEST | 443 | 49715 | 23.196.176.131 | 192.168.2.8 |
| Apr 26, 2024 11:18:03.285270929 CEST | 49715 | 443 | 192.168.2.8 | 23.196.176.131 |
| Apr 26, 2024 11:18:03.285296917 CEST | 443 | 49715 | 23.196.176.131 | 192.168.2.8 |
| Apr 26, 2024 11:18:03.286336899 CEST | 443 | 49715 | 23.196.176.131 | 192.168.2.8 |
| Apr 26, 2024 11:18:03.286417961 CEST | 49715 | 443 | 192.168.2.8 | 23.196.176.131 |
| Apr 26, 2024 11:18:03.289220095 CEST | 49715 | 443 | 192.168.2.8 | 23.196.176.131 |
| Apr 26, 2024 11:18:03.289295912 CEST | 443 | 49715 | 23.196.176.131 | 192.168.2.8 |
| Apr 26, 2024 11:18:03.289433956 CEST | 49715 | 443 | 192.168.2.8 | 23.196.176.131 |
| Apr 26, 2024 11:18:03.332124949 CEST | 443 | 49715 | 23.196.176.131 | 192.168.2.8 |
| Apr 26, 2024 11:18:03.335297108 CEST | 49715 | 443 | 192.168.2.8 | 23.196.176.131 |
| Apr 26, 2024 11:18:03.335310936 CEST | 443 | 49715 | 23.196.176.131 | 192.168.2.8 |
| Apr 26, 2024 11:18:03.381083012 CEST | 49715 | 443 | 192.168.2.8 | 23.196.176.131 |
| Apr 26, 2024 11:18:03.416750908 CEST | 443 | 49715 | 23.196.176.131 | 192.168.2.8 |
| Apr 26, 2024 11:18:03.416837931 CEST | 443 | 49715 | 23.196.176.131 | 192.168.2.8 |
| Apr 26, 2024 11:18:03.417452097 CEST | 49715 | 443 | 192.168.2.8 | 23.196.176.131 |
| Apr 26, 2024 11:18:03.417608976 CEST | 49715 | 443 | 192.168.2.8 | 23.196.176.131 |
| Apr 26, 2024 11:18:03.417624950 CEST | 443 | 49715 | 23.196.176.131 | 192.168.2.8 |
| Apr 26, 2024 11:18:03.417635918 CEST | 49715 | 443 | 192.168.2.8 | 23.196.176.131 |
| Apr 26, 2024 11:18:03.417766094 CEST | 49715 | 443 | 192.168.2.8 | 23.196.176.131 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 49715 | 23.196.176.131 | 443 | 7488 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 09:18:03 UTC | 475 | OUT | |
| 2024-04-26 09:18:03 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 11:17:49 |
| Start date: | 26/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6e8200000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 11:17:49 |
| Start date: | 26/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff79c940000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 11:17:50 |
| Start date: | 26/04/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff79c940000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
⊘No disassembly