Analysis Report Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim

Overview

General Information

Sample Name:	Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim (renamed file extension from none to pdf)
Analysis ID:	324342
MD5:	fb9dca5d3e122cae28166f3e3be7bc43
SHA1:	76ed2e8f2c876cd8da438f19c8fe96d4a695918e
SHA256:	c679efb245b1ce95aeaad0cae3c4809a4e84b567bc03916c92b20a8adf07d71d
Most interesting Screenshot:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

High memory usage for Adobe Reader (potential heap spray)

IP address seen in connection with other malware

Potential document exploit detected (performs DNS queries)

Classification

Signatures

Exploits:

High memory usage for Adobe Reader (potential heap spray)

Source: Adobe Reader

Process Stats: High memory usage

Software Vulnerabilities:

Potential document exploit detected (performs DNS queries)

Source: global traffic

DNS query: name: cdn.onenote.net

Networking:

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 80.0.0.0 80.0.0.0

Source: unknown

DNS traffic detected: queries for: cdn.onenote.net

Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/)5)
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/ER)
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/s
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/:
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: http://www.gettyimages.com
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: http://xmp.gettyimages.com/gift/1.0/
Source: AcroRd32.exe, 00000001.00000002.441850255.000000000D7DA000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000003.422898356.0000000013203000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000003.422898356.0000000013203000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/C-
Source: AcroRd32.exe, 00000001.00000003.422898356.0000000013203000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/E
Source: AcroRd32.exe, 00000001.00000003.422898356.0000000013203000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/c
Source: AcroRd32.exe, 00000001.00000003.422898356.0000000013203000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i
Source: AcroRd32.exe, 00000001.00000002.441850255.000000000D7DA000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/s
Source: AcroRd32.exe, 00000001.00000002.440603712.000000000D390000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000002.440603712.000000000D390000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comRL8
Source: AcroRd32.exe, 00000001.00000002.431108735.0000000009593000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000001.00000002.431108735.0000000009593000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.comQ
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/1041876728?utm_medium=organic&utm_source=google&utm_campa
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/1041876744?utm_medium=organic&utm_source=google&utm_campa
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/1191103531?utm_medium=organic&utm_source=google&utm_campa
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/1201459640?utm_medium=organic&utm_source=google&utm_campa
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/1204352280?utm_medium=organic&utm_source=google&utm_campa
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/1213863567?utm_medium=organic&utm_source=google&utm_campa
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/635460660?utm_medium=organic&utm_source=google&utm_campai
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/655527090?utm_medium=organic&utm_source=google&utm_campai
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/eula?utm_medium=organic&utm_source=google&utm_campaign=iptcurl

Source: classification engine

Classification label: clean2.winPDF@15/48@1/2

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6128

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rmv474c_105ehxy_4q8.tmp

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf'
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf'
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15540169491933176135 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15540169491933176135 --renderer-client-id=2 --mojo-platform-channel-handle=1660 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=5895458359813356849 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=2668593196950910738 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2668593196950910738 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5586481229821336722 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5586481229821336722 --renderer-client-id=5 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13996197876522443299 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13996197876522443299 --renderer-client-id=6 --mojo-platform-channel-handle=2144 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf'	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15540169491933176135 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15540169491933176135 --renderer-client-id=2 --mojo-platform-channel-handle=1660 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=5895458359813356849 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=2668593196950910738 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2668593196950910738 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5586481229821336722 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5586481229821336722 --renderer-client-id=5 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13996197876522443299 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13996197876522443299 --renderer-client-id=6 --mojo-platform-channel-handle=2144 --allow-no-sandbox-job /prefetch:1	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	Initial sample: PDF keyword /JS count = 0
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf

Initial sample: PDF keyword stream count = 286

Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf

Initial sample: PDF keyword endobj count = 451

Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf

Initial sample: PDF keyword endstream count = 286

Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf

Initial sample: PDF keyword obj count = 451

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Anti Debugging:

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 1_2_00EBC1D0 LdrInitializeThunk,

1_2_00EBC1D0

Source: AcroRd32.exe, 00000001.00000002.426127469.0000000005BE0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000001.00000002.426127469.0000000005BE0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000002.426127469.0000000005BE0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000002.426127469.0000000005BE0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
80.0.0.0	unknown	United Kingdom		5089	NTLGB	false

Private

IP
192.168.2.1

Contacted Domains

Name	IP	Active
cdn.onenote.net	unknown	unknown

Exploits:

High memory usage for Adobe Reader (potential heap spray)

Source: Adobe Reader

Process Stats: High memory usage

Software Vulnerabilities:

Potential document exploit detected (performs DNS queries)

Source: global traffic

DNS query: name: cdn.onenote.net

Networking:

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 80.0.0.0 80.0.0.0

Source: unknown

DNS traffic detected: queries for: cdn.onenote.net

Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/)5)
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/ER)
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/s
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/:
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: http://www.gettyimages.com
Source: AcroRd32.exe, 00000001.00000002.443897570.000000000DE8D000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.426758262.0000000007D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: http://xmp.gettyimages.com/gift/1.0/
Source: AcroRd32.exe, 00000001.00000002.441850255.000000000D7DA000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000003.422898356.0000000013203000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000003.422898356.0000000013203000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/C-
Source: AcroRd32.exe, 00000001.00000003.422898356.0000000013203000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/E
Source: AcroRd32.exe, 00000001.00000003.422898356.0000000013203000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/c
Source: AcroRd32.exe, 00000001.00000003.422898356.0000000013203000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i
Source: AcroRd32.exe, 00000001.00000002.441850255.000000000D7DA000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/s
Source: AcroRd32.exe, 00000001.00000002.440603712.000000000D390000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000002.440603712.000000000D390000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comRL8
Source: AcroRd32.exe, 00000001.00000002.431108735.0000000009593000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000001.00000002.431108735.0000000009593000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.comQ
Source: AcroRd32.exe, 00000001.00000002.429636794.0000000008BED000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/1041876728?utm_medium=organic&utm_source=google&utm_campa
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/1041876744?utm_medium=organic&utm_source=google&utm_campa
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/1191103531?utm_medium=organic&utm_source=google&utm_campa
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/1201459640?utm_medium=organic&utm_source=google&utm_campa
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/1204352280?utm_medium=organic&utm_source=google&utm_campa
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/1213863567?utm_medium=organic&utm_source=google&utm_campa
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/635460660?utm_medium=organic&utm_source=google&utm_campai
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/detail/655527090?utm_medium=organic&utm_source=google&utm_campai
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	String found in binary or memory: https://www.gettyimages.com/eula?utm_medium=organic&utm_source=google&utm_campaign=iptcurl

Source: classification engine

Classification label: clean2.winPDF@15/48@1/2

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6128

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rmv474c_105ehxy_4q8.tmp

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf'
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf'
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15540169491933176135 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15540169491933176135 --renderer-client-id=2 --mojo-platform-channel-handle=1660 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=5895458359813356849 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=2668593196950910738 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2668593196950910738 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5586481229821336722 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5586481229821336722 --renderer-client-id=5 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13996197876522443299 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13996197876522443299 --renderer-client-id=6 --mojo-platform-channel-handle=2144 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf'	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15540169491933176135 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15540169491933176135 --renderer-client-id=2 --mojo-platform-channel-handle=1660 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=5895458359813356849 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=2668593196950910738 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2668593196950910738 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5586481229821336722 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5586481229821336722 --renderer-client-id=5 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1684,2245332663126947271,2796270942385178651,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13996197876522443299 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13996197876522443299 --renderer-client-id=6 --mojo-platform-channel-handle=2144 --allow-no-sandbox-job /prefetch:1	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	Initial sample: PDF keyword /JS count = 0
Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf

Initial sample: PDF keyword stream count = 286

Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf

Initial sample: PDF keyword endobj count = 451

Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf

Initial sample: PDF keyword endstream count = 286

Source: Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim.pdf

Initial sample: PDF keyword obj count = 451

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Anti Debugging:

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 1_2_00EBC1D0 LdrInitializeThunk,

1_2_00EBC1D0

Source: AcroRd32.exe, 00000001.00000002.426127469.0000000005BE0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000001.00000002.426127469.0000000005BE0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000002.426127469.0000000005BE0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000002.426127469.0000000005BE0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

ID:	324342
Product:	CloudBasic
Start time:	09:50:48
Start date:	29.11.2020
Sample:	Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim
Cookbook:	defaultwindowspdfcookbook.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	fb9dca5d3e122cae28166f3e3be7bc43
SHA1:	76ed2e8f2c876cd8da438f19c8fe96d4a695918e
SHA256:	c679efb245b1ce95aeaad0cae3c4809a4e84b567bc03916c92b20a8adf07d71d
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0	data	B5AE2AC994F18305C33BAE4C13129F4F	4F167CDA07E09B7223A19160932F40FE798DC5D5	8E497D345F46D0D89A91616F343FAEC1B6ADC24935B5F5220B3B348B1B809393
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0	data	8A79018FE72FC215E5197B4D9759D48A	D0F94EA107E5143E89047544D5131640326A0800	026EFDD7C36D43394A88FDD73D39EBA6D18E09A6D440DD6031CC5942B0CE3ED1
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0	data	D8E3F64636F669D4C28C82A9AB0E639A	89BB9C276D287B850E717A25FE9471767D659F77	A512F92E4ACF12036B1C9222F9E4DE3BD7593940128D38D4C5F4E68D81563B8E
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0	data	8BD4B725BE5A882C3452035D44AE7FCB	320E706947C863DF2A9FD4CA3B2FB99AF5DF0FDC	8775BE498085DB49579EE502ADDE24605213BDEB99E4E218D3CFC15A2CC699AF
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0	data	226ACB456F660B47A717355EA142065D	5C2EF11CCB3B6CBCA8CB5B27D2816D4325AD48A6	7B200DA5D82BE7557B9B2CA498DDDEBA0F03EB72781127AC8432CC5A1E480D0D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0	data	5F4B2FD6AD9CC0F72C37B4A9BEF64C93	DAAA7AC9DA5336095712788A3340D3BB27CAE73D	675B35E7021E87C82E44F48B8D42F19D72A166546CE9FCCEFF8DF716A060A2F7
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0	data	EBED28894FD8A1489EE5FB658A923723	32F3ABD45CE52CBF9110B7C8F0493B91828D2E5F	735BC4B0A1FF8C9B6A4A81CC71A9A0704711A65BCE5E6FC52ACEEDE39FCAF49B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0	data	E247BBEB135760FCBBEA2FD06E329E42	95DB58A49342C9D4FEA4B93028698F3054438E7D	808447C180BBB4ED05E3187C6AF8607B66348B20C7BA0E58CC2E1832E0CE58BC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\39c14c1f4b086971_0	data	C7748EAE35C4EBB965CCB401F4D97247	12A44CEBC564F6E77C312A559F685221A2618F35	7C447E175643A0C6A895F780550B1EE74103B85B3BEBED6952E40CACE2C4FABC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0	data	1517252D66548BB370EB6A85791102A3	8C168FB15F9E38C6C7DF5ED79DFA58C4F956A9C2	82643A596235254DE1CAD724102D172191E06C69ED4937853325597F9D161C32
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0	data	9292C0DA9C8CFD1D78F8B04434BC4EAC	0368F7B5FEAC1062BDDB4A484CB1E302E62B9A68	457918AA171D768713030DC0689005C86481161E446E19DA2EB383EBC3DADE8B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0	data	363143A3DA799368A54B792377E52CF1	89172024DAF5CEC939C26C10631F33ED0A0B5852	8E23F23D79B11B7C5A03ABE7D7F5648EBAAFE822A8100AB840BF3C8F15E1EAE9
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0	data	748808B1DD2873063C6299A02DE037A2	C4CA10B5B7511F25662852F5863F9E811A688E76	4E1FEFD442B8434695B03AC4AB6EB036BDD758407978273DFE6BA6CEB46C13D4
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6267ed4d4a13f54b_0	data	9D8129E5F5076A83CFB45FB152C509C4	B6EE196D032E217B8C932027EB99199054F9A8A0	EE721EAA1329F9F61E5D1246C31549BDD3DAC4FE22B34E19B61DA6EBA32E0627
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0	data	097B27E0FFF19D2A1446921BA432247A	1185E05F57B58D77D01BB901EADCE31B1875E8B6	11C1B31E30B7CE2680C2CB19204FB56A69C780B5E09F466A7939160B098334F6
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0	data	A7AF7EDC0F96829575B8823FCBA09856	9649ACA39B021F895EE26F75BE501BA71D36115B	F42DFE862D12C76D5E98FFA80DC36152CE621C226DF1E6357EADB4BA4AE24154
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0	data	D9B32122F6337011C1BB6C1F7E6D61F9	8EE265CA8D9182DDFCA375BDB9EDED671B5E907F	EEC7BE90014CDB90AE274195E511254472EC033D93F2AE06CF88B8195424DAC7
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0	data	35224B025216D721243E432ED8F1CF79	E4C9B4C5D0E2A1062B6615F92F45DD94C36817B4	4445E171A8134DC219C4BBF535063C3356D4E70C5CBA337926DC91623273B0F8
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0	data	F52B0B2A4EDA2465EA7A360C7884DB2F	C70DA31CA5C546FB8632A6FA743E6FC4E5C706CB	7BE137C7C6E7AD9276DA4CC583BDD67F32639910BE950A628EC6BC50B1054652
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0	data	1B40024B6A3BC34AA5391449491FD24C	7D868AD8AAB1C4DDA9153199341C8D0DC295E62B	F996F62DC78649953480A8BB6E89714A8D782973719E51ED9A70D39F96BFDDD8
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0	data	4C57CDF158204A587FCFC385755FB866	40EA32DE80142243ADCD0DA8B8B002BC5BB5684D	9238F1D20534958A4C3C8843ADD1527A35E67A14719DF69A446FAA03A3C17778
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0	data	498553A7BEE03C2288899651915F90F6	74EDD4CEB23FB92413F81AD5119F2B871C05490F	47CB54DD3B3500CFDD0DE2D7693939ADD34A577C35BD924E616B7B71685F9EC6
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0	data	EE4B97EB4FE1DE37DC8C225885B5E6ED	C6DCEFFEC203AD12D7F5F81F05E6F4BF86F8BF2B	345CC187DEE0132BBFA39C1F73B007C3AECC73A055469253062B4EAB88F1C5BB
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0	data	BBCCA2D7FBCD4A97FE5603B2062AC3FA	8F0B1A3F5A6DAEFF05D1FB40326D3DF6361CF3BD	63A9D977147D5330F43A912C0B02CB71646AA37FD5229043864DBB4A2F18ACF3
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0	data	B52CB9CC4E600CFE00F9717245883E9F	6A724772E8BC7304AF2DD5A66DCD1DA005C1FA80	1424EB0C189DD590A5968BFA4ABFF631EEB75451168AB5445527796DC2E0B8E9
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0	data	5D553FD0FA05E022E4D586D6E4D88F79	39BC4D851584011E053F9844A2BD2F9AFA2B2B3A	FFB1F9C611BDB65729ABC7F52397A638E4DF80DE1FAE4B50A7BD5C79D49D2C67
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0	data	C5F94AE11F0B70300B023A56EA95B18F	6FF9291260C65254ADE9B30A6A3C948FF6AE19A1	A89A0F70BC57B749DB63E45F017246E5A2BED6D6376FCA934E3716B1D0CEB6A6
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0	data	35FCAE91CA71E55359490672CD212CDB	68B5808FC09FA546AA27D1FED19FB2373970E75B	252E4530CE827CC95EA2DB023B4D77CA469D756430537BE4B76BF5F647DEF891
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0	data	737EA1EDF56375AB86CDCA4179E5AA10	940E91D0BCC8AD5E812107CF453C01D25E90A4BC	8EFF7CD96B3C3FCDDAD04ABB51D11756904B2471D8E669A54ACBCC4C00017861
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0	data	01935B0BD4C153A078F50E4224C32F49	A50E103DFE958A8AA30BE039BE78CCFCFFBF7500	7B258DD82281DCD516A1E779FC260F753B4B34F54B5588332A2B80E23BAF50DD
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0	data	5DFCBF8806441C6C8559C41F429CCD38	EE8F11347B61339ACD28DCF20563748C6870ACC2	ADE3F73529A202CC737BFCBC8B38EA72F19D05305F7398128A2359DFE7FF89B6
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0	data	6F7CBA4DF11724A45EA13097EC8863A7	A248153C13F0235005FB7DA6479ACDEB313C8858	4595A8B1E96A2E5DF14D42E18D2FE4654F3FFEDC2BECA7056750C7997ADFEC59
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0	data	47D6B05E9E2B04E1FCAB8490F72643C2	F5E4418667D3F26952B6A2A6D0B48A33C64B64D6	0C9B4F2A1CBF6DAA05600DE455232E9200A4233FA6B80954E9DA79E16B68AE24
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0	data	6092A114A096C0D53E065AC9B5797E8F	552117F60E2C352567AA2A4110EAC449AB0C7627	335288F4DC15ABFBE0E45034C24C76113378B1A786EAACE190BCD99E6322C76F
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0	data	8965EE82114796F295FA896D3C266740	C4500AB0181AC4D569CB00686DFB78647D69E073	56A11400C63907F059932D235E7029E15B70CC7EE0943123E29F027D222877A9
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0	data	8600C4C4EF6630106E31C6CDED88ED17	FE5AEE6513E54A672405F526670FA409448596C6	B881BCFA6AB0802CF8E497D449EE8ECD23CA542C5C4523097F49E8C00B5AB2A9
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0	data	94AAE51E96F4F2C6D9CD0DBE9CD4D1BC	FC47121DEAA213A36A5FCCA2E7545947A2292C52	5E8EBA92D571D9ED9E9FDD37B22E563EA9D480F6FBBB5E9C617A8B13F6A3368E
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0	data	A4D4B11F11A55CA1BE4C54779C4E796A	4107112FCD8187ED03B0AA21D66518A2544B05EE	C23FD814E050441BDD4E382A61664C52D2976E5B27C8B8B416DC51391F976A7D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0	data	29F0FA8BC467BDF48C12DA2FB3FDBEF2	3AE85E77AC8ED43C704D91F0C761A4723ABB5197	4C7D31E73C9457A46F0902240596FE1083E38CB94EB6BA41675D61C2D8A9C0AC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0	data	643EDA76C7CCBD75A3E69604646F007A	6DADE3E34B5C271212984957E5031F904DCDA7C7	D6F2C7EFD7026C3AC8F663314DEABBA64B6C9632E59018A0FF3A7F8053B309DE
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0	data	9C5837E57DF4F1A5B1B907F468527ECA	346206488984B91CD40E61AD2C2C45445D7B9CD5	E2019789829DF28A851421028DB4232825F8A516693E722663FAC3C2FDAF7B45
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index	data	AF164EAEBD7F80B505DD80EB8F0E7F2D	38FB375F342889ED3E6A4D46C0F1608CD93B0BCF	FEEF0FDC49CCD71A158A874CBD51AFE81E5B467F5AEF3144BFF386423FA07B26
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	4F80D22D6354A376B01362747D174D99	FB4F886F46CCF458703D767E86AFDD524EA73798	72580E317B35477B5BE46247AC6C4C2EA890272471A7A090D903655F9B8AB0A2
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links	data	7992D0F5EDC35AC96CDED773CAEFBCEE	BC918CF4D77D516DD25CCEB974192DFDC147FF56	99E8308BCBBC6C7EA91E369C6C8686344277CA206819362EAD3D6D778381E992
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-201129175144Z-225.bmp	PC bitmap, Windows 3.x format, 164 x -55 x 32	4DE5BD6C29CB5D30F6B4089047218102	140B447010980C1DA8F61A8335E17F9C3F68530F	76BE9C9D721374BB80A5F69DB97C7CE1B4319D41066A6FBFF99EDC2B423449CD
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3024000	317C9CA9D3FB67AD53B85A24D083CD02	985EB403A77E18277F14877E4CBC495E2039150D	F9780FC0BC47F90435FA3BE5072831EE8FA199CFCE5374B02C0A73F4775B5042
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	data	5A10560EC96B0B6BB575CDFF30B65085	AF541F9ECA5CEE53A4AA9756C961F57DCCD16BAA	44DA079F2F6AF9C2811809A52B2F25CCF4992132BE887E4D776C152DEE00AC35
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6128	PostScript document text	A2C6972A1A9506ACE991068D7AD37098	BF4D2684587CF034BCFC6F74CED551F9E5316440	0FB687D20C49DDBADD42ABB489C3B492B5A1893352E2F4B6AA1247EFE7363F65

Analysis Report Celebrating the Achievements of Benjam#U00edn Netanyahu - Prim

Overview

General Information

Detection

Signatures

Classification

Signatures

Exploits:

Software Vulnerabilities:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains