Windows
Analysis Report
Enertia Standard ACH Remittance - Email.PDF
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7092 cmdline:
C:\Program Files\Ado be\Acrobat DC\Acroba t\Acrobat. exe" "C:\U sers\user\ Desktop\En ertia Stan dard ACH R emittance - Email.PD F MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6372 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6012 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 88 --field -trial-han dle=1652,i ,137692767 3816829580 5,94955180 8815667000 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.47.168.24 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1411163 |
Start date and time: | 2024-03-18 17:21:08 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 4s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Enertia Standard ACH Remittance - Email.PDF |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/49@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.76.104.172, 3.219.243.226, 3.233.129.217, 52.22.41.97, 52.6.155.20, 172.64.41.3, 162.159.61.3, 23.55.243.199, 23.55.243.210, 23.40.179.35, 23.40.179.19
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, time.windows.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Enertia Standard ACH Remittance - Email.PDF
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.47.168.24 | Get hash | malicious | RHADAMANTHYS | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | DBatLoader | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 300 |
Entropy (8bit): | 5.290321770037113 |
Encrypted: | false |
SSDEEP: | 6:F2AVq2PcNwi2nKuAl9OmbnIFUt882YkSgZmw+82QOIkwOcNwi2nKuAl9OmbjLJ:/VvLZHAahFUt8ag/+6OI54ZHAaSJ |
MD5: | 97A674A8C31174C799F7E5932E640A75 |
SHA1: | F530DE5A5DC2EF59E7220E89AA5C1B5EA332E922 |
SHA-256: | 1E77ADE03D6D751C7BACAA9FDADEB3FDDFF0B2DD0CDB00449F8AED2F22699578 |
SHA-512: | 37F4E2F3B266AFC2C5F374285D8E94BC4AE01DE32200F6F9BD18C4069BE234F8A42D8551426C2C68AD3AA86D61845DFA3A19506B32B54A35CFCBCC2D413DC3CD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 300 |
Entropy (8bit): | 5.290321770037113 |
Encrypted: | false |
SSDEEP: | 6:F2AVq2PcNwi2nKuAl9OmbnIFUt882YkSgZmw+82QOIkwOcNwi2nKuAl9OmbjLJ:/VvLZHAahFUt8ag/+6OI54ZHAaSJ |
MD5: | 97A674A8C31174C799F7E5932E640A75 |
SHA1: | F530DE5A5DC2EF59E7220E89AA5C1B5EA332E922 |
SHA-256: | 1E77ADE03D6D751C7BACAA9FDADEB3FDDFF0B2DD0CDB00449F8AED2F22699578 |
SHA-512: | 37F4E2F3B266AFC2C5F374285D8E94BC4AE01DE32200F6F9BD18C4069BE234F8A42D8551426C2C68AD3AA86D61845DFA3A19506B32B54A35CFCBCC2D413DC3CD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 344 |
Entropy (8bit): | 5.281998283412503 |
Encrypted: | false |
SSDEEP: | 6:F2OwL9+q2PcNwi2nKuAl9Ombzo2jMGIFUt882Ok3JZmw+82Ok39VkwOcNwi2nKuA:/I4vLZHAa8uFUt8Mk3J/+Mk3D54ZHAaU |
MD5: | 96294725BF95CBBBF11FD6DBE6DAA885 |
SHA1: | 0D9C1DCDA305155AAED29B2948455556D1BA3403 |
SHA-256: | E2A2B6738423C22ACF287A80CFED45E07CECC59BC069E8C0AF34435F0681EC50 |
SHA-512: | DFD1129507FE72D4F926EB01F89909F2AFE2AB16E77F629C4FFFA26D16AAAEDCF22EC368C9B6983BE29B05034A06FC49FB7CDB242F21EEA6DFE8900F8965A941 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 344 |
Entropy (8bit): | 5.281998283412503 |
Encrypted: | false |
SSDEEP: | 6:F2OwL9+q2PcNwi2nKuAl9Ombzo2jMGIFUt882Ok3JZmw+82Ok39VkwOcNwi2nKuA:/I4vLZHAa8uFUt8Mk3J/+Mk3D54ZHAaU |
MD5: | 96294725BF95CBBBF11FD6DBE6DAA885 |
SHA1: | 0D9C1DCDA305155AAED29B2948455556D1BA3403 |
SHA-256: | E2A2B6738423C22ACF287A80CFED45E07CECC59BC069E8C0AF34435F0681EC50 |
SHA-512: | DFD1129507FE72D4F926EB01F89909F2AFE2AB16E77F629C4FFFA26D16AAAEDCF22EC368C9B6983BE29B05034A06FC49FB7CDB242F21EEA6DFE8900F8965A941 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\812df807-492b-48ae-962f-423f334c4d57.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 474 |
Entropy (8bit): | 4.963925009588243 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZQqYhsBdOg2Hlzcaq3QYiubSpDyP7E4T3y:Y2sRds5q7dMHlK3QYhbSpDa7nby |
MD5: | 5C794C7995BFF997998A272F6661FE86 |
SHA1: | 3E101D4F405192CA9F7C33CC950CBB86E50DF398 |
SHA-256: | 41558FF23025054C3B7A3C96E4B1E7166152A3AF7E3B995A15B8797FD0CE02CD |
SHA-512: | 084F64C978FC1509DD1C775A4A78D1C0F705CE34ED00253116DAF6F92E0FE51673767FCF2A073FEB2AFD379AA769F00B6908A41850CE85C585557B5C0B06470C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.969814904260269 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby |
MD5: | 7BE9C8316EB1B7252CB363207744A145 |
SHA1: | 57861355BE6541501AED40F896891579DCF473BF |
SHA-256: | B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D |
SHA-512: | 2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF3c82e7.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.969814904260269 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby |
MD5: | 7BE9C8316EB1B7252CB363207744A145 |
SHA1: | 57861355BE6541501AED40F896891579DCF473BF |
SHA-256: | B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D |
SHA-512: | 2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c1cc108d-d9a4-4f64-9d25-ad7f8ac1692a.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.969814904260269 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby |
MD5: | 7BE9C8316EB1B7252CB363207744A145 |
SHA1: | 57861355BE6541501AED40F896891579DCF473BF |
SHA-256: | B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D |
SHA-512: | 2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.227737480920388 |
Encrypted: | false |
SSDEEP: | 96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPsy2fthZ/2YftTZ:CwNw1GHqPySfkcigoO3h28ytPsy2l3/v |
MD5: | F628B42FC128C31FD4652BD91324133A |
SHA1: | 38AF0100083633C7277C2FDEE049C2CED1C47ACF |
SHA-256: | B87BE30F0C6DD192A570EB29118F8BBEE9FBD80591DDD3FE8772A553E93AFC0B |
SHA-512: | 0014AA71EFAE23E788AB6C4D4988E77CD2B1D7D54CFBE2E08F4F25D17635C55CA877FD5AD4E2AA37C298D9C22E4CD59EE8DCAF4902ABF3FF029B427ED59DF619 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 332 |
Entropy (8bit): | 5.29607611121007 |
Encrypted: | false |
SSDEEP: | 6:F2I39+q2PcNwi2nKuAl9OmbzNMxIFUt882UFNJZmw+82Uy9VkwOcNwi2nKuAl9Ob:z34vLZHAa8jFUt8CJ/+PD54ZHAa84J |
MD5: | 56663BE2B6F668ABBB11CE32B175901A |
SHA1: | E5B2F05F3796330A49DAB22F40BE446D6C3C471D |
SHA-256: | C84654BF29A59DF87CA03B1BF1410F691B3EF6D503F3BCE8FE276207ED0DEE73 |
SHA-512: | F472BE7BAFEAAFE14255D64C49D238DB581D00BB36F081A232EDEF929FEE40ECF7168E976B28752C734129AEC953C2FED8803409A6CF6EA85B0953848E0BC6B4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 332 |
Entropy (8bit): | 5.29607611121007 |
Encrypted: | false |
SSDEEP: | 6:F2I39+q2PcNwi2nKuAl9OmbzNMxIFUt882UFNJZmw+82Uy9VkwOcNwi2nKuAl9Ob:z34vLZHAa8jFUt8CJ/+PD54ZHAa84J |
MD5: | 56663BE2B6F668ABBB11CE32B175901A |
SHA1: | E5B2F05F3796330A49DAB22F40BE446D6C3C471D |
SHA-256: | C84654BF29A59DF87CA03B1BF1410F691B3EF6D503F3BCE8FE276207ED0DEE73 |
SHA-512: | F472BE7BAFEAAFE14255D64C49D238DB581D00BB36F081A232EDEF929FEE40ECF7168E976B28752C734129AEC953C2FED8803409A6CF6EA85B0953848E0BC6B4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240318162202Z-164.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 0.8812871900872205 |
Encrypted: | false |
SSDEEP: | 96:8MMMMAM8ITsM2TMxBMe/KhlMnNM2MgKiMFit2KqifOxg4OiEMMM4rMMpHMRsbAm:vriAKqifOq4Nk |
MD5: | 33F92D89A0C53BB4735C39F616E2698D |
SHA1: | 39FCF82FB503D731AF61C42F535120A43D2BC5C9 |
SHA-256: | 30C22304FB9F5F5E72199A62C61E2E241E96FF0B62732D26CDFEC0BEBB767CC2 |
SHA-512: | E84E851610728D2FA66E897DC6AC09AE2CB0AC5D25DB1F72C679577B7E16A0C2A567873CD47E13694DA04F2BE56B728CC2420ABB513F2168961676283013E7A5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.438892899809622 |
Encrypted: | false |
SSDEEP: | 384:yeaci5GyiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:1iurVgazUpUTTGt |
MD5: | C8D7824F81C0249885E7F235333A3446 |
SHA1: | 4AB38949A34437BD04785EED56732D52E6E68D48 |
SHA-256: | 108AAC377C7539E81ACD9CD9B5F24552B224088D9028E992D2FC377F53741D57 |
SHA-512: | 850A3F6A3713BFCE6603E0EC0B5A4766DFD9FAF2E0FE1E737DBECB4F38749613198F930FF4D5B80236EA7859DF8D5F5C6D2D8CC84EA1A1896691D30263D208F0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7746125805803756 |
Encrypted: | false |
SSDEEP: | 48:7M7p/E2ioyVEioy3DoWoy1CABoy1kKOioy1noy1AYoy1Wioy1hioybioy+oy1nob:78pjuE0iAMXKQ/db9IVXEBodRBkK |
MD5: | 9785C6454493C66D9E6F327DC1BA6905 |
SHA1: | A1A0EA4B1BDC7F0B7A4F032D6EA509FF7C990A01 |
SHA-256: | A6C5594090DF88644FDB27C7BA988A09D22A21B63A8D365F1ABEABEEA245B6A3 |
SHA-512: | 8AB8D7786384F3CACD6075AE3BF0C4C267CBA9CC5051C15EE7362465B3DC594A542F9676DF4222C3D9D1DD45ACD29A9937C8BB206C7355F0F311604C09C257E6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:qMKP+iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:FKPoJ/3AYvYwglFoL+sn |
MD5: | C11248DE3EDEB5F39EE8D1E2C1FFE7D8 |
SHA1: | 7EC6B85BDB7C99BA691BB08A051EF7C4D4A43231 |
SHA-256: | 57612AEEE8F8E8471B730963F8E111C9890F83D8120380A6FF0676A3814A4B41 |
SHA-512: | E13FD658A42EE8BA3CDE3DE5912C3BF3F1A5D720D6C47C3FBCB9C529208DC2860A64B3C41F08660A76CAF5482CF8FDA5EEB62ACC719860AE05EE5C8369C24D9F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3626516529284585 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDACUvpkYUWWsGiIPEeOF0YSmoAvJM3g98kUwPeUkwRe9:YvXKXHipuRsdTeOQGMbLUkee9 |
MD5: | E8EDFA686508CFAD7BE7DB32C67C90EE |
SHA1: | 8E5178097081553FF956B14BD32C32F2EBAE35F8 |
SHA-256: | D8BB2F5391AD5BA46BD77A1AA5E2759A4A53463E076601D0FB8BC03CCFBDDA60 |
SHA-512: | 0A104893F0373D57283D8167C50EC8D639C31F42B6B825EA83DB632920F17FF35086854028462D6448A446B4FC1999B0DB3F91F6EBB15DB9D0C1D3784FF00221 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.292843008578524 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDACUvpkYUWWsGiIPEeOF0YSmoAvJfBoTfXpnrPeUkwRe9:YvXKXHipuRsdTeOQGWTfXcUkee9 |
MD5: | 671DCE4426F904CBDA85E4EC0F8D69F2 |
SHA1: | 61578FBAC1A1CD44F80F4921B8CCFD93DF49A02F |
SHA-256: | F3386EFFED2EC6134ADDCE2FDE74F8480AE4FF65E86EDC4C666E892ADF7E57D9 |
SHA-512: | 47B30746FB5F68842584483B824A31A68976FD63FFABCB0B0552801C480359E11BE338142BB767F790329DC6D07567FC32559592CE2D5846C4B136E409E4C90C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2726146502861875 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDACUvpkYUWWsGiIPEeOF0YSmoAvJfBD2G6UpnrPeUkwRe9:YvXKXHipuRsdTeOQGR22cUkee9 |
MD5: | 46E6580BEBC246DFA1D689898B73F520 |
SHA1: | 5649F9B50AEA275981986E9CE97643E08F90FE36 |
SHA-256: | DB7D2A9428D1DF33A53F8825AC1FCDB08BAE0045275A70D85C5489769EBA66DF |
SHA-512: | D52D6F0E4CC39DD71994B6BC4F721F199FE5AD3283FEAA87867FAEAA2266638DB9953993B5A43A3EC7B3A05BAEE4E21E567385ECFE5DE2AB6E69A87C262F0500 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.349504982981915 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDACUvpkYUWWsGiIPEeOF0YSmoAvJfPmwrPeUkwRe9:YvXKXHipuRsdTeOQGH56Ukee9 |
MD5: | 87C26D1928B9F8E5B8780C1C67F26DFF |
SHA1: | 6B97818FD0396657BBF553EE23460A244A8FDC51 |
SHA-256: | 5F27DBE8FD1B01572FDBB6254C841AA5C23284778557CEE1BD8BACD88B140858 |
SHA-512: | FF7D03B7C929C37FC977B15A3E386757F79C0365D5DFB1BEB7D49A24E2AEFC08DEA42CD1CA3BB94E20F66E196CFC95BD3E4C8647CCA39B542D034B4A28AC7CEE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.294924693095272 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDACUvpkYUWWsGiIPEeOF0YSmoAvJfJWCtMdPeUkwRe9:YvXKXHipuRsdTeOQGBS8Ukee9 |
MD5: | 881FD01C0001AAAA94BDB5F02176B33B |
SHA1: | E77C065DD29103BAD6A4B06448CC42F2543BFDF2 |
SHA-256: | 28649EFD5E21A756F402E8A86A7A0B66F598CEB8A0F992C6BCF2F6A5D1C694A2 |
SHA-512: | F7DD7470A8B8851149CFB1F56D32261DCC673C4A5D76E3B3BC2BAC31DA44250F5D869033FF7A89F84659B699A5B763C0F0E632C146D178E5DA22E7EC6E5C7C88 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.28231906821217 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDACUvpkYUWWsGiIPEeOF0YSmoAvJf8dPeUkwRe9:YvXKXHipuRsdTeOQGU8Ukee9 |
MD5: | 526441D5000ED90C612171810B68021A |
SHA1: | EF58C5849E53AB174C0EB6E9DB446B89931BF29D |
SHA-256: | D7AB1ACE711410AB6745F210A9BE5ADA66CB5104ADD60AD20E97C95053FB8EE9 |
SHA-512: | 994D909BEA00DB228406E18ABE3EF8C9E0D873C95DA1F2284563284CCC0F9132C90A5EC2612597C65333534378C621F1FC79E2C229712058EDDCDD37C311F81B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2859102311067545 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDACUvpkYUWWsGiIPEeOF0YSmoAvJfQ1rPeUkwRe9:YvXKXHipuRsdTeOQGY16Ukee9 |
MD5: | 1C206CBC12885EBC0F334FDA662D322D |
SHA1: | B76006F18D787E2F734CC0F66B4B43063F9C3E74 |
SHA-256: | 42EFE071A8E75DEB2427493230BF74A6EE75FEF5A5D9887BBC28DDB338C8060E |
SHA-512: | A1D853AD9CE751AF19A4343B9B753A7816FFBCB816441C5D19069A140D1B2C4021A8D16B2FECDA173C4B6F4B58322BE7B21921DCDE496FF8C5ACF52E8886251C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.301280235485165 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDACUvpkYUWWsGiIPEeOF0YSmoAvJfFldPeUkwRe9:YvXKXHipuRsdTeOQGz8Ukee9 |
MD5: | D976704A43A6E6642F87A870A46B0A1F |
SHA1: | FB6DEAD32FE5C26FFABCEDD168058E5195D8F984 |
SHA-256: | 75B44228DB61D2D3EE73ADEF4B735AA8BBF57694462C4BCBC95D79329D641DD4 |
SHA-512: | A0548110A14AA7EB92F08A3EA4964EA5F0909DA944AA7DD9223CC7CD919B06AEBDDC72D8A31508B4B498839A3D3501D7C743B24D56DFEE8F8E28182DCBBE8EF0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.307275060461898 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDACUvpkYUWWsGiIPEeOF0YSmoAvJfzdPeUkwRe9:YvXKXHipuRsdTeOQGb8Ukee9 |
MD5: | 9D1196669C79F0DF5A2CB78A8371A677 |
SHA1: | 44B27965BBDBC33B9255C13CBBB47F225DED2E8C |
SHA-256: | 2371A3E7CAE1B9745B3BF32AF195A20745C4E5E1AE34DF4559452867ACE16D3B |
SHA-512: | 8E28E8720214CAA2FB67C946D35EEEB8642E0383BDDC24ACDE6E10A30EAE411C068F7356EEAF29A2540768E5372C3A7F9AEB26CF0F257363AD276E22F2E4EA29 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.287945307187214 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDACUvpkYUWWsGiIPEeOF0YSmoAvJfYdPeUkwRe9:YvXKXHipuRsdTeOQGg8Ukee9 |
MD5: | DDB33DD6E2D9EF051C5BEFE27CA7E758 |
SHA1: | 30F4818A0BB3FB0E0663E838CF026C0380BBC66F |
SHA-256: | D12934A747ED3C238A23332802B2ECEBA451BEE3826F0677556F06C9A2B2CBAD |
SHA-512: | 6A1C7425E2EEBFFB18B48DFD085AD06E86CDEA73AC8388F22F6198A185739882764F8B2913360C693AAC04BE1F06BF4F7C85A11FC6D51174DD4660336E2FFF2E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.770565261381753 |
Encrypted: | false |
SSDEEP: | 24:Yv6XHyuRmeOnrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNK:YvSyuseYHgDv3W2aYQfgB5OUupHrQ9Fi |
MD5: | 686167836DFE47CBEEDBFF7366C37383 |
SHA1: | FB8443400F67508F53C82B98756438B57702B7D2 |
SHA-256: | D6D2EB7BA0E6FE9601DC6899A9CBF48CDF5A40C86351FF3A9CC7B3605333E48D |
SHA-512: | 61CD785D71344DA032451EE5D895DD0EA57A04B2F98F11F0F5C24292B3DEF1AA6F74A76E89C6C86FD4411FEFAE5340EB8F3F4F19696D83FEC2C9977B73807651 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.271575254983502 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDACUvpkYUWWsGiIPEeOF0YSmoAvJfbPtdPeUkwRe9:YvXKXHipuRsdTeOQGDV8Ukee9 |
MD5: | D5962555B1C3F7696B056F9D53614DD7 |
SHA1: | E41156D77BBED0301CFCA27A4C5772D8E9F10F6C |
SHA-256: | 1856EC09F5BE98241EBAF90DE6A3BBDE47BFE924C0112C5F375B5300829439BA |
SHA-512: | 4289CAFE7A60BE7B04BC5F7FD137F7AB924306CD224161F6C5E66861D01EDAF149E59D12DEE4C90839FDEFD408DEDC70E54E3C9062C81C872E87359A7C5F4A54 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.276355718256273 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDACUvpkYUWWsGiIPEeOF0YSmoAvJf21rPeUkwRe9:YvXKXHipuRsdTeOQG+16Ukee9 |
MD5: | 8146ADF89C6DE681C9A8C5DCF97C0529 |
SHA1: | 1A7D769C64519D2B2E6ECDE2106219246795F946 |
SHA-256: | 93EBE617A5C4B8A032895EE692567AA3338189401E0654547377D73733C5C08A |
SHA-512: | F5819D5AA61F8346E7FC0EF834613DB9B0CBC701F08DC8356A3826C118ABFD84EF9218F319F7D66E480C3C9444BF81B42638AEC73A33551FF6899AB47B9C0DAB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.295570478353324 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDACUvpkYUWWsGiIPEeOF0YSmoAvJfbpatdPeUkwRe9:YvXKXHipuRsdTeOQGVat8Ukee9 |
MD5: | E7A8AB9BB3B45CAF5C58183132AFA892 |
SHA1: | D9174D54B4A85D5C2E0FC1DFCA8D10F29BD56FC0 |
SHA-256: | 3EA0BDF82F5B5C8DDD4F1261C02C7A3560638D8CB391B51D05ABB9FCBC029A04 |
SHA-512: | 7188CF7C249A195F8520270D4163C7A41F5DF20D12D3F7A8F73126D46178E6578C2B4A4DF99C811A8CA7947DEA131A84EAE58A67F7C021748B98F87ECBAC8FD9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.252457085217208 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDACUvpkYUWWsGiIPEeOF0YSmoAvJfshHHrPeUkwRe9:YvXKXHipuRsdTeOQGUUUkee9 |
MD5: | 8E8E4A4C7229C4F65A6EC562FBBFBB9D |
SHA1: | 87D2573208491288AFCFAC8F74C1E4B03104E1EF |
SHA-256: | F04926F26FD6FE6418FABDC3894395E72C6C3C409B72B5A2221574333719514E |
SHA-512: | C606AF995A91159EB38434850FB93CA5D71605535AE8ED258C1817C8D9F6ECDF91575BB8D0FEF130FD50C154FFB546928540AC83A108827509FC5FF6011F06E9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.372659766070061 |
Encrypted: | false |
SSDEEP: | 12:YvXKXHipuRsdTeOQGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWO:Yv6XHyuRmeOG168CgEXX5kcIfANhn |
MD5: | 5BFA8EC44F84FDC96706D1E04C243756 |
SHA1: | 9F07A4F1DAC84BEC94CE8AD83526CE6BC0F54D2C |
SHA-256: | 031D47C94068492EFF28C92F375E43EA392CFF21A129D63C350C09FE27CC9DFB |
SHA-512: | 8944B8A18756EF04B4A4FAD136788A214D612145C3E36ED97D52251E219B720A3D92653DC20A339602956CC26DCF8EA79E328B66BEFD7C557760E29CCCA0C400 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2813 |
Entropy (8bit): | 5.1291394443399705 |
Encrypted: | false |
SSDEEP: | 48:Ywbz2XW3c9ogPhIlfuXQ1am2d2dVKvT9etO:x32G3ihAuA1q+VsBek |
MD5: | E6B7620C971B3DD261FCA1AF456D5E18 |
SHA1: | 2DD57A8134EC4AB9467B487F594A9ADEEBCC3254 |
SHA-256: | 6B19E945DAC654D988B8A336246BF3535654F4B755E59F0FC7F371682675B4E3 |
SHA-512: | F03B6CB2A4DD95095917F2577EEF80A62D3D9D8CDB6587A0FE062A9AC9E4732D8A45BF997A7482868EE44E56C56A0A25A655D1994BA6C33B10D92BE601046DE6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.4526350559651988 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsvpl9V:lNVmsw3SHtbDbPe0K3+fDZdQ |
MD5: | B3B72D34AABDD7A207EA6D01ACB1FED7 |
SHA1: | 44FF9A27E3BABCADC95F0901999CB872A360A15D |
SHA-256: | D5698D1214C83524F15F4A374D494F9475F80DA5EA89EF5A6D389A377F2E52CA |
SHA-512: | EA1F26778B4DF733A3E66E58C3BE5AAF86A17587F68C2DEB357FEF788B0A49C2F2BE7692FAEC5B7AA012929490EF1C9BDAA32DF8CE5219328747148631672769 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.9552377773118939 |
Encrypted: | false |
SSDEEP: | 48:7MIrvrBd6dHtbGIbPe0K3+fDy2dsv8AvqFl2GL7msL:7x3SHtbDbPe0K3+fDZdavKVmsL |
MD5: | 900B83AD0D454D2DD85EABF68C2D1288 |
SHA1: | CB9929CBA7C87E36AF8A78422E69D43FB9F661CB |
SHA-256: | 591CDEC082465B6A4FB9D3BFF5B2E5EE9722A8E8E0BBFC23243FC2A8C97D98B0 |
SHA-512: | 41AB5FB81203E00FBABE259A0C29A380D4B5D6404A42BBF4E27507D52E6566AACD828B2B9CF6F5AD85F56CBAAF596F33DDE536708E1EFE291134936F767064B4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgwR2uqPsK9zNd0O2vtQHSYxOHMw/6Yyu:6a6TZ44ADEwR2uc9zNmOtH302K |
MD5: | 8FDBF5165E526756A83B91BAD0E7391F |
SHA1: | 9EC49EE52DD53D4477707968C8BB398D64ACEE06 |
SHA-256: | 4E73F2E27E6996EC1E1C1EF02B1328104DD749B029F22DEE51071FD53C1248E8 |
SHA-512: | 3397B730B665FF6A7DB9EF172B4E38CB1CAB60FC01056739EDC7F4195E26858E6BFA941190A3FE8F1B469A8ADE09DC5F7DD506C7C14F20B269A8CE061F999EA6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.524398495091119 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKUFTle:Qw946cPbiOxDlbYnuRKSUi |
MD5: | 8A34AE6A711B2972A4ED7C78EDEDD929 |
SHA1: | 89B99EFA8B73E883BC4148AD5FB0EECD08D8266D |
SHA-256: | A565CCD0BDF3B5B86C4676F4616A45291F6986AAFA6EB9DB5CBF0F81A20D9549 |
SHA-512: | 8A770214446E7C40B284A89076346F04C31BD371F5598AF40E2345D5045B251B1EBBA41611D3B46868E999DAAEDEF24BF354021CC652FF689554548BC3224B38 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-18 17-22-00-322.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.386483451061953 |
Encrypted: | false |
SSDEEP: | 384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID |
MD5: | F49CA270724D610D1589E217EA78D6D1 |
SHA1: | 22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3 |
SHA-256: | D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D |
SHA-512: | 181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.361559302719306 |
Encrypted: | false |
SSDEEP: | 384:euRrDrSrrrlrwr9rIw7whIw2wpw9w4wGw9yyyuPIP0kDkXkOkdkPbu4ucuWrQkF9:ek3OvZEpMQsIX4uX5m13AsCybO8VlTEw |
MD5: | 6ABAAD8AC22CD944B9391145BB66A342 |
SHA1: | 88BFE73851C4F650BD0148160AAE1F74A70EA0BF |
SHA-256: | D40881C6DBF5E1B7370B1332FDCFDE52CF8C4FD53D8FDBA453C8283C5066F18B |
SHA-512: | DADACDD41D5BF7C9CDB9167DF22B9590CFED180EE62BD250C1950243A26B5A565D7D4D9C9B66A7A8DFEE1A6EEF82E6936876EAE9000BA2FFE8144419696A36F9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35814 |
Entropy (8bit): | 5.404607078310031 |
Encrypted: | false |
SSDEEP: | 768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRG:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRI |
MD5: | A4379671E59FF15AAB3EC0B5E3387FF8 |
SHA1: | C34F9ABC777619572D8FDAA1ADF76A4B8DBCEE28 |
SHA-256: | DC621CF94285DBA4FA1A05C7DD7262757484D51AD106401F6281AD3C43F1E6D2 |
SHA-512: | 0BCDBCFB1BD48813579A20EC43AA2B38EE12CA397B8FB4177A34406A8F2AB0BBA71531286151D3E617730B5B114B96D99D762C28FCF6936B93944E78B4400606 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.906079745513204 |
TrID: |
|
File name: | Enertia Standard ACH Remittance - Email.PDF |
File size: | 17'261 bytes |
MD5: | 0fedc11a6b55c699922aa9dfc45e5dd9 |
SHA1: | fe0c2afd0276a0ab6424681aa3cfbee4ec910a88 |
SHA256: | b5d036d428b0321dca1034a1970154adfde2332c7aad294eb98fb18f4cef914c |
SHA512: | 529c005ee44b5b3773c30b3827b74961375512187c0ed37d989b743946b9f4d00574869c84182056eb793249fa7f9bac6c4bc7858c1951ba2ffe7d49bfdabb73 |
SSDEEP: | 384:blYxgEj+q6DgWICTWTXO64tKvFdK3mmLG4543CYs777KBkZMsaZM4HjGChUUHEKz:BjBTWT+tKAllKWP7bZMsahd |
TLSH: | 8A72BF16CA8D59E8B0CE9541BF58B6A3E8B0B15E56F0BC90405CD0EF14C9F92BD3536B |
File Content Preview: | %PDF-1.7..2 0 obj..[/PDF /Text /ImageB /ImageC /ImageI]..endobj..7 0 obj..<</Length 8 0 R../Filter /FlateDecode >>..stream..X...mo.7...W.;X......i..*$...R...RU}A..i{.M.".}...f.......h.l.g.?...s.....\0..a.,sFp....Wvy..U....1p...H..c.r#\.......0)y..-.3Q.^.` |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.906080 |
Total Bytes: | 17261 |
Stream Entropy: | 7.982415 |
Stream Bytes: | 15034 |
Entropy outside Streams: | 5.167495 |
Bytes outside Streams: | 2227 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 16 |
endobj | 16 |
stream | 4 |
endstream | 4 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 18, 2024 17:22:10.603631020 CET | 49709 | 443 | 192.168.2.7 | 23.47.168.24 |
Mar 18, 2024 17:22:10.603657007 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.7 |
Mar 18, 2024 17:22:10.603805065 CET | 49709 | 443 | 192.168.2.7 | 23.47.168.24 |
Mar 18, 2024 17:22:10.604293108 CET | 49709 | 443 | 192.168.2.7 | 23.47.168.24 |
Mar 18, 2024 17:22:10.604302883 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.7 |
Mar 18, 2024 17:22:10.877552032 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.7 |
Mar 18, 2024 17:22:10.878010988 CET | 49709 | 443 | 192.168.2.7 | 23.47.168.24 |
Mar 18, 2024 17:22:10.878026962 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.7 |
Mar 18, 2024 17:22:10.879091024 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.7 |
Mar 18, 2024 17:22:10.879193068 CET | 49709 | 443 | 192.168.2.7 | 23.47.168.24 |
Mar 18, 2024 17:22:10.881587982 CET | 49709 | 443 | 192.168.2.7 | 23.47.168.24 |
Mar 18, 2024 17:22:10.881653070 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.7 |
Mar 18, 2024 17:22:10.881823063 CET | 49709 | 443 | 192.168.2.7 | 23.47.168.24 |
Mar 18, 2024 17:22:10.881834984 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.7 |
Mar 18, 2024 17:22:10.935228109 CET | 49709 | 443 | 192.168.2.7 | 23.47.168.24 |
Mar 18, 2024 17:22:10.971760035 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.7 |
Mar 18, 2024 17:22:10.972002029 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.7 |
Mar 18, 2024 17:22:10.972063065 CET | 49709 | 443 | 192.168.2.7 | 23.47.168.24 |
Mar 18, 2024 17:22:10.972475052 CET | 49709 | 443 | 192.168.2.7 | 23.47.168.24 |
Mar 18, 2024 17:22:10.972489119 CET | 443 | 49709 | 23.47.168.24 | 192.168.2.7 |
Mar 18, 2024 17:22:10.972502947 CET | 49709 | 443 | 192.168.2.7 | 23.47.168.24 |
Mar 18, 2024 17:22:10.972562075 CET | 49709 | 443 | 192.168.2.7 | 23.47.168.24 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49709 | 23.47.168.24 | 443 | 6012 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-18 16:22:10 UTC | 475 | OUT | |
2024-03-18 16:22:10 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:21:56 |
Start date: | 18/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff702560000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 17:21:57 |
Start date: | 18/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c3ff0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 17:21:58 |
Start date: | 18/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c3ff0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |