Windows
Analysis Report
APEFT-Remit.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7444 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\A PEFT-Remit .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7628 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7836 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 12 --field -trial-han dle=1752,i ,561662513 0128595369 ,995304234 985773419, 131072 --d isable-fea tures=Back ForwardCac he,Calcula teNativeWi nOcclusion ,WinUseBro wserSpellC hecker /pr efetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
72.247.96.179 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430624 |
Start date and time: | 2024-04-24 00:50:21 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | APEFT-Remit.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@14/43@0/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.1.100.158, 23.22.254.206, 52.5.13.197, 52.202.204.11, 54.227.187.23, 23.220.73.15, 23.220.73.10, 172.64.41.3, 162.159.61.3
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: APEFT-Remit.pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
72.247.96.179 | Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.116512001298969 |
Encrypted: | false |
SSDEEP: | 6:whZi+q2Pwkn2nKuAl9OmbnIFUt8hhJ2SmWZmw+hhJ2SNVkwOwkn2nKuAl9OmbjLJ:whU+vYfHAahFUt8hhsW/+hhrV5JfHAae |
MD5: | 91BC546A97EAEE9E89C82601CC3E7A21 |
SHA1: | 52D17F136D62DB3B3F765124AB3464F27CF63ECE |
SHA-256: | 38A6C0676E0EF8820BD268D975802CA5563203AC9B7D84FFC48D1B11624087E3 |
SHA-512: | BD767534250B5DB815705832E770F6AB71EDB2B4BC864106908BF437448895899C0195AD5554BBDB99F31A5DE4D78C77D1A37CA8D2001D50357280E629360493 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.116512001298969 |
Encrypted: | false |
SSDEEP: | 6:whZi+q2Pwkn2nKuAl9OmbnIFUt8hhJ2SmWZmw+hhJ2SNVkwOwkn2nKuAl9OmbjLJ:whU+vYfHAahFUt8hhsW/+hhrV5JfHAae |
MD5: | 91BC546A97EAEE9E89C82601CC3E7A21 |
SHA1: | 52D17F136D62DB3B3F765124AB3464F27CF63ECE |
SHA-256: | 38A6C0676E0EF8820BD268D975802CA5563203AC9B7D84FFC48D1B11624087E3 |
SHA-512: | BD767534250B5DB815705832E770F6AB71EDB2B4BC864106908BF437448895899C0195AD5554BBDB99F31A5DE4D78C77D1A37CA8D2001D50357280E629360493 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.1547856920984945 |
Encrypted: | false |
SSDEEP: | 6:wh9Ak9+q2Pwkn2nKuAl9Ombzo2jMGIFUt8hhrJZmw+hhJ9VkwOwkn2nKuAl9OmbX:whiC+vYfHAa8uFUt8hhd/+hhTV5JfHAv |
MD5: | C4C6281BE40BDC07F378C37D67C6DF15 |
SHA1: | FF7A4AB1A361212DC4B48FFD2B3F276219530F59 |
SHA-256: | 42293846D0655E7219EFD8B8B57CEBAC0CC26EF3CCC00E9C8E53405683937B9B |
SHA-512: | 3202BD0E7FE72F73C5DAECF903E650C2EEC89759E07A7C387B9825520FCCDADB8398DD6671D54EFA2DB5E8E7923B3B4FE8E47FC7C3D561330388094B1742FBEF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.1547856920984945 |
Encrypted: | false |
SSDEEP: | 6:wh9Ak9+q2Pwkn2nKuAl9Ombzo2jMGIFUt8hhrJZmw+hhJ9VkwOwkn2nKuAl9OmbX:whiC+vYfHAa8uFUt8hhd/+hhTV5JfHAv |
MD5: | C4C6281BE40BDC07F378C37D67C6DF15 |
SHA1: | FF7A4AB1A361212DC4B48FFD2B3F276219530F59 |
SHA-256: | 42293846D0655E7219EFD8B8B57CEBAC0CC26EF3CCC00E9C8E53405683937B9B |
SHA-512: | 3202BD0E7FE72F73C5DAECF903E650C2EEC89759E07A7C387B9825520FCCDADB8398DD6671D54EFA2DB5E8E7923B3B4FE8E47FC7C3D561330388094B1742FBEF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4b8d8454-e6e7-49bd-9dc9-8bd3b2925465.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.966215944377013 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZudQ5nsBdOg2H9Acaq3QYiubInP7E4T3y:Y2sRdsLddMH9r3QYhbG7nby |
MD5: | 0B720E75FAF8B754BA978A09F8E573B7 |
SHA1: | B987DB451B39177D4658D3D7A4AE301DE0521856 |
SHA-256: | ED494DE6A86BE7CF086C419DCB78FE5BF642DBA94D298CD7DCA593200FB9C267 |
SHA-512: | D9A743AB96FF5BC8C662AD712F0CFB32E835807AE537BD7D5304B08925DA65A5ED6CB6BB9909DA43CD7AA59CC5D8AC88D499E427C87577FC7B7DC6CB251E046D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.966215944377013 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZudQ5nsBdOg2H9Acaq3QYiubInP7E4T3y:Y2sRdsLddMH9r3QYhbG7nby |
MD5: | 0B720E75FAF8B754BA978A09F8E573B7 |
SHA1: | B987DB451B39177D4658D3D7A4AE301DE0521856 |
SHA-256: | ED494DE6A86BE7CF086C419DCB78FE5BF642DBA94D298CD7DCA593200FB9C267 |
SHA-512: | D9A743AB96FF5BC8C662AD712F0CFB32E835807AE537BD7D5304B08925DA65A5ED6CB6BB9909DA43CD7AA59CC5D8AC88D499E427C87577FC7B7DC6CB251E046D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.258210738128984 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7PZjP2GZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gor |
MD5: | 219561C47CD9C44A9FE018D6194BA72A |
SHA1: | 9D0367F85DE88B50EF00FEE2E2231AA1ACCF716E |
SHA-256: | 81DB9367CCAFC8ACE805A3F8AAFD63B941274288C61A18BCBF404CBCC571B8E8 |
SHA-512: | A4F2C206A13C3C6085E13EC9E7C0B4C3442050CB1351A6669AE918E7EDE5994BE3A8CDA961B2E416FF37477D641DC1602F3F8980B8A727508AE9DB98945D72DB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.187612508643361 |
Encrypted: | false |
SSDEEP: | 6:wh5I9+q2Pwkn2nKuAl9OmbzNMxIFUt8hh5KJZmw+hh5K9VkwOwkn2nKuAl9OmbzE:wh52+vYfHAa8jFUt8hh50/+hh5UV5Jfv |
MD5: | 5FA0B77C074183561C969A0A6EE74EF1 |
SHA1: | 6A9ED2008572A10C7AB2E274CA4B0E3F6E04FB3E |
SHA-256: | 116B90A460436DF07BDCC27AD3D5B72B0E9C97105C310A5380F8E164738B92B4 |
SHA-512: | 148D2DC8B90DA850D45C1FD9C243BE7763C82F8FB55C0BB062473BFE175177FFD6A25DD5DF7EEC4EDC4B36303AED72C054FB45835E3FD88571246096304340C9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.187612508643361 |
Encrypted: | false |
SSDEEP: | 6:wh5I9+q2Pwkn2nKuAl9OmbzNMxIFUt8hh5KJZmw+hh5K9VkwOwkn2nKuAl9OmbzE:wh52+vYfHAa8jFUt8hh50/+hh5UV5Jfv |
MD5: | 5FA0B77C074183561C969A0A6EE74EF1 |
SHA1: | 6A9ED2008572A10C7AB2E274CA4B0E3F6E04FB3E |
SHA-256: | 116B90A460436DF07BDCC27AD3D5B72B0E9C97105C310A5380F8E164738B92B4 |
SHA-512: | 148D2DC8B90DA850D45C1FD9C243BE7763C82F8FB55C0BB062473BFE175177FFD6A25DD5DF7EEC4EDC4B36303AED72C054FB45835E3FD88571246096304340C9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240423225117Z-160.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 0.5277797009859785 |
Encrypted: | false |
SSDEEP: | 48:Wa7b51wwAwj6JoClOvaiPMM+pkrK8yKULg6+qVkH:FIeIlGMMqkWLH0 |
MD5: | 1DA0CC4580C9A5E947232743C61F94B1 |
SHA1: | 0D4BC4E525BA9913BA7CFAAA09D51DD5A5AB1CBA |
SHA-256: | FD81A7F3CA249DA09AD8EF7BBCEA15B01776EDBCF789AD90754A854D6DD70106 |
SHA-512: | A43270B9B1CF1201677F7ADD26608A2FC2575B099938A50DA05A754AE5780F8A22F4364DD13500CE1B378637F7A6FAB660CB132320409DE39D5AF956CB680586 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445054926221518 |
Encrypted: | false |
SSDEEP: | 384:yezci5tWiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rZs3OazzU89UTTgUL |
MD5: | DB3BF951417FCB82E6426265B0516DB3 |
SHA1: | D91BAE9EDF3C4326D54D143405A27F15B16D83AA |
SHA-256: | A7FC8E37AA96DCD3B3BB053D11BFA4A945C98FF565ABD6119566644FB35AEED4 |
SHA-512: | 7A95F87ADECF646434ADC4654A7F2E922AC4C9572E492CD028D390BF1B48C87C77FB18B5E17E521087051B9410BB1527E884970CDEE1FA868488C37EF4FF85FC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7745912569016262 |
Encrypted: | false |
SSDEEP: | 48:7M1p/E2ioyVvDioy9oWoy1Cwoy1qwKOioy1noy1AYoy1Wioy1hioybioy8soy1nH:7WpjuvDF50XKQz+Fb9IVXEBodRBkf |
MD5: | 8E019010E51EEC74220233E3917A85E3 |
SHA1: | E81FB7C04FC274AD94B41D4FEBBD72F848493BA8 |
SHA-256: | 525D1FECDC030867622B39C9EF762B84A8B121FADB698B5C0A8F3A74409DC42D |
SHA-512: | 34DA088783CADE5EB6EEC1429E268274981976C2F89465812F1948D1BC3D325B6F5C8030264369FD83D1688A2E23768CFA4BC1594CAA2A9E5BE2C4975FDD5AC7 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.374617539609132 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJM3g98kUwPeUkwRe9:YvXKX43GxEZc0v2LGMbLUkee9 |
MD5: | AA6FD79F49DA38BBE3C875B972DF4DD0 |
SHA1: | 8649BC5C12E3528E611E9544ED77B4736E34DA34 |
SHA-256: | 374D4BD3C6067C057975292AAB9FEF8A3D1733499AA1B295A29BC1ED48008CBC |
SHA-512: | 7BCC74DA8E577B7D9DBCA3DB58845B407ADCD6CED7A0F52BB6B256D647E6D763B0C9EBB0A95986F0122029A1B292E35186C93274493B3125D0AFB806194B5397 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.324115486998541 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfBoTfXpnrPeUkwRe9:YvXKX43GxEZc0v2LGWTfXcUkee9 |
MD5: | FB3DB93F9569B1220BA2876C2AABCDD5 |
SHA1: | F2197A3123F1E9D2CB57B7C040C9109B7BDBD235 |
SHA-256: | CDDC8F1417431143CA3C1B709DE6D3DC5AA0CB03FB808FCF28EDF6D7AAD233C9 |
SHA-512: | E847D0B571C68F1A1F22988FB9AE613B287A5424995F0E7C3D57BB85CB5F4CA136471F6863AA1A0E4BF6E26ED019834FD58A106E32F802A4BB1519E21949B00E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.302374982356348 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfBD2G6UpnrPeUkwRe9:YvXKX43GxEZc0v2LGR22cUkee9 |
MD5: | 6B006A78EFC2AF7851EDA906638C4B32 |
SHA1: | A3B21776B9B73B548665B7B2076A9BB62604903A |
SHA-256: | BD7B5647EDB7A744E3CF0C643825EA4AA9573B0C79CD5705FE9D22D2772C1A3F |
SHA-512: | D37ADF57B63592376E4CD167799A95D476DB48E66CC7629A6ADA09221FD01DB5EC4D04700FD845427E15BC6EB113B1DC5047CEAA4F01D7E8950FBF9418C13FCE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.362022928375938 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfPmwrPeUkwRe9:YvXKX43GxEZc0v2LGH56Ukee9 |
MD5: | 42016F148F98B1D2AE118C40A11B2CD2 |
SHA1: | AA296D42E408A5B485E42B4BE07DA80470BCDBEB |
SHA-256: | DB537225A4551155F4BA6498C2B109C968D3039CD211E51E69E5A81612FEE3C8 |
SHA-512: | F5FAA0725067BAD0F34F7F02B1C1DCA90E2DBE04523C5B583BF1B0BF9E508689FEF412D3AFC426C46328738FABAF06B2DBE175162BCEC9FF5CA5A2F54C57E7D1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.322533739811728 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfJWCtMdPeUkwRe9:YvXKX43GxEZc0v2LGBS8Ukee9 |
MD5: | EAFBA14CB2EC04A834D039682339A28B |
SHA1: | 9DD742C09A99D2143FC11A06C376530D2979A12A |
SHA-256: | CF9F1DD7143C997252FF3CED90E84A09CF8E3B8AD3D1885F0C75358F1E667C95 |
SHA-512: | AE47AF63126235631191AF4940D897788A2D798ED4F8FE80448A726592766E43A1D8719B821166C1B159E42FD0835E75024A262EE3461945921367D4A2639109 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.309256454056443 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJf8dPeUkwRe9:YvXKX43GxEZc0v2LGU8Ukee9 |
MD5: | D26166CEF142860744632C9FFE2E60C1 |
SHA1: | 2BF340323CC809F968144EC178B615A4F41563FF |
SHA-256: | 7159F094184F8EA37447E2B81E0EF455BF2764AFA859ABD9CCAECDF068070119 |
SHA-512: | 9C04D9AC6AAAFEEE66BE31D34AC03216A0B7BA73AF77EC39DE77F4A82155E689F32C6B9B7411CDCFE9A9B0BBA939B40BC93A5FB1B8D8E6C05D317D9636F88388 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.3130437911393305 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfQ1rPeUkwRe9:YvXKX43GxEZc0v2LGY16Ukee9 |
MD5: | 073371B38AA90A11CCE766FD2607DA2F |
SHA1: | 1DACB42377AEB70A1346044CB2753AACE7F80C60 |
SHA-256: | 61BD3D867A2DA49CF4E496510C4B0A318B9063080AE143EEB18A8D91C2E07F13 |
SHA-512: | EA98915F4E1BA7B2A37375C61FC6FB6F550784FFDC7416ED487837503CE24E4B1F9CD75B906DB00B77A3CD90E8184FA22FBDD587C603FB32E81D283B1CF14E2E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3185595381138535 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfFldPeUkwRe9:YvXKX43GxEZc0v2LGz8Ukee9 |
MD5: | 9480D4B6E2EC3F263A6C0A02EC7E216D |
SHA1: | A9C5C2575B4B30EAE8AC779B4D94659974DC8C1D |
SHA-256: | BF9888B385FD7D90196E592CF0A587C81FA26B3BA8BDD11539B30E436084DD0E |
SHA-512: | 373EEF72811DF713CE7F8AB84832B74F245891049AED79879536856B27449945A20CAE368BB233EE847D6D643871B50DA8E2631A86BDE3DE16985F4C3745F42D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.740915754943822 |
Encrypted: | false |
SSDEEP: | 24:Yv6X4KEzvCKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN4s1:YvT1qEgigrNt0wSJn+ns8cvFJSs1 |
MD5: | 3787E96E376CE9DFCC114BF9963A49B6 |
SHA1: | C0C6398AC365C1214FA62059BC84A3A21EA44D07 |
SHA-256: | 9C5318E1379E8B639DF68D378599792254220DD19D5EA039A9711DA488D8873D |
SHA-512: | 0E9C2942F8EE0B814F9D9E396DA727C516B0C069183ABE29A04B8BC69D0190B0F66A457EF21F1AE8393542095EBFFCFC0A210DB283B2EB46FE7058BF7A6F564C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3158409530045345 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfYdPeUkwRe9:YvXKX43GxEZc0v2LGg8Ukee9 |
MD5: | 4BBB1B878B4B05ECFAF57AE376B5B005 |
SHA1: | 024F6FC62FDEB133A3A36393DE563FF3DBB5B811 |
SHA-256: | C85E95613B8827F623A2F8FC4E9D49E466FF3E5F3E514CAA02BEB397284DCF00 |
SHA-512: | 30E257FEA1E97C26E77871822A79D70AA55C800CD653289B80688C5F95AD6B444F4F756076AB0428D9869828818B2A7772DE71CE683BA9D58F1A639395A1B0D0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.776391436326464 |
Encrypted: | false |
SSDEEP: | 24:Yv6X4KEzvBrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNgs1:YvT1ZHgDv3W2aYQfgB5OUupHrQ9FJes1 |
MD5: | 8F32D33DE23004B9A4907AAF13A374AE |
SHA1: | 961236D84F1FB8ACC5109081E7DDA43B4886D1E1 |
SHA-256: | 40093B6225FE413BEDDD3FAC7BF71E3411F0E581EB204EC7A36A1D4ED765F276 |
SHA-512: | F0ECE7B4C6ABF9FFAFA9DE7EBD2771055D53EF481ECC3E03D2AF55C3F68536502C9ADB493602B3EE275695D3320BF39128FB34C72DF94D54314450C2035F2E6A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.299279178149156 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfbPtdPeUkwRe9:YvXKX43GxEZc0v2LGDV8Ukee9 |
MD5: | 001D7610CE4FB76EC128966C94E3D7B0 |
SHA1: | 6C0514F92EEF4370C0DD91566C6739E06F1A739D |
SHA-256: | 85FFF4300CE0D8CB857CEC71E6FA0EABB0FFD3770F2A8408B70B60137F3AC74D |
SHA-512: | 1EC4B2A8B40380D76106927E55A4992765CFC919E4CD313FAB5A9FD19113F3FEE6D4BBCBCF3618939577B67B012AC84A4B2DF834606FA3BC19803B41C749CE59 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.303835512619937 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJf21rPeUkwRe9:YvXKX43GxEZc0v2LG+16Ukee9 |
MD5: | 397C8CF615E5D0CFF83937B31842ED73 |
SHA1: | A772FCCB9BC84A77E6517A27E34C207F8EFCC30F |
SHA-256: | A16A0B07BBAA3279BD692A5A5134F1CC3F3BE44F197A0CB40E513AB2D074DA61 |
SHA-512: | 9B16355B6218B72BB0F77EE453BA123754C91DB484E2F0388812709773EAEEAFA9E254C34674AE1806CD9F34F6806CEDC11C6DE8D157CBE1680FC995611AEF49 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.322382263688461 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfbpatdPeUkwRe9:YvXKX43GxEZc0v2LGVat8Ukee9 |
MD5: | 4043180C2EC8B92E5629967ED112344D |
SHA1: | 3CB8B75E34FD2DDD8F1B269A7F968846CCC192DA |
SHA-256: | 696BF4251B95BC4F799CBC12D9C4A035C551AEA3DC9B8677E26C9FD626BE4543 |
SHA-512: | 174C5F923A2A7C69EE047B7507C28E55BCAA9ED53B6A496648C256D7086C32667E30491BFEBFE2DD9EC9105307515D9CD46F5635BC20D7AF84013118E1F4F47E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.279550113055859 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfshHHrPeUkwRe9:YvXKX43GxEZc0v2LGUUUkee9 |
MD5: | 71D9E5E367BAF300A3942B339F903BD9 |
SHA1: | A371249CCCA991EE0892D5BFE54E7E01742B80D9 |
SHA-256: | ED862A7E2A33365BBF26F58A16B2798302BBDCBA30F700965BBF09C589BADAE7 |
SHA-512: | 6948F4BF9619BF00511A6A65AA30775CAAC9DFA9016DF19985AFAB8684E53C72E26676FD76160F165AA0046ED06A11EB187E597682A3716A93B3E642817F883C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.370189768516838 |
Encrypted: | false |
SSDEEP: | 12:YvXKX43GxEZc0v2LGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWEs1:Yv6X4KEzvQ168CgEXX5kcIfANhRs1 |
MD5: | BFE934E265011237F99A27B196E5CA11 |
SHA1: | 2879FA620BC487CF0411098A615F0A2F8360A16E |
SHA-256: | ADD23463B6408F3A39BDC7F772DC51DE1931C2985849CFEFD1BF5D319EFABDBA |
SHA-512: | 80B0FFED3A16737405CE4BDFCDF1647C3651F28C48E105B133FE0DE01999F6CE99544F9AEEA83EF8B6838EB2B3583D75CC9A8DA30FF28E7775C1CC5C0C78EBE1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.136924309834144 |
Encrypted: | false |
SSDEEP: | 24:YzX1z/B5CR+iK+T1eRB6sHjqaZayXGRrfNoaaejDQj0SOla2j92LSYzt5W5i9odY:YzXt/vziK+Tcn6whGpFRDilgqztki9t |
MD5: | 3312BBC2D712A888353F5330352E68B8 |
SHA1: | 7BC97CEF4C06ABDFB41B8AE84FC9BFA0C1459DF8 |
SHA-256: | C08FA9BB33BECAD9BA904FBD630ECD626438257B8236FB5110EAC7469F7E86C5 |
SHA-512: | 77DA85C255A0580F4EC24836942F843BA6C1606EABF055D89D3C38D7BA18C41CA71187903166912B905ACD0F8C46FF8B8C5E0504F4D7B49BBD8F176E6A64E5B1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1876887650691321 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUljrSvR9H9vxFGiDIAEkGVvpxjD:lNVmswUUUUUUUUl3+FGSItl3 |
MD5: | 0719F32122084219F442052F9D36323F |
SHA1: | 15EC64BD9D7246EA0F68E1AAF98929B114F3241A |
SHA-256: | 820DA050AF8B9175664872E600113A064826C092C3FADB6356047D6BECD16700 |
SHA-512: | 599411D3F2E190FA04A0DC402D87E13451B5007A94DCDFFBED50ACFB085EC6A6685AFA763689D7B9C06E8903D9965337600A9F02E6746DB975E4B0A6419D76EF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6063345034393857 |
Encrypted: | false |
SSDEEP: | 48:7MFKUUUUUUUUUUlj/vR9H9vxFGiDIAEkGVvXwqFl2GL7msT:7/UUUUUUUUUUlbFGSItpwKVmsT |
MD5: | 33175D7E65BBDF81B6E23061055960C9 |
SHA1: | F50005E1C09A190F382350EE37BB8C98CF5CDACA |
SHA-256: | C83E0F17F088900DB71A31D58C034F62B9B9F5999E51E467D312F1416B9F4C00 |
SHA-512: | 7148DB896D86CC4DDCAC60AB22606B56E36D0BBBDED66C9205343A28CE7362F1E1480EDA255C5FC7D30C32F049C35699D277A7898992BF25C224A48A63C3C0EC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.4985264301455885 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+glYH:Qw946cPbiOxDlbYnuRKHrYH |
MD5: | A7899F5C3F80188730F95574E9EB7FBA |
SHA1: | A378BD6BB2CA724DC9522F863892F4DC187B3F19 |
SHA-256: | F77E5CE050E2F13C3CF2D8857957EE91C14EEC71C0A9B0D5598BD93285C9CA0C |
SHA-512: | EE4139BC42B7CEB8ECA9E0AB0902BA503ED86B44D336A46DD0E1710F0F2B89D019B18E3348F250AD069EEB9B0F4A58F99C4FD5708DA7F4CBC99AB2C4160B4848 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 00-51-15-400.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.3459923546863175 |
Encrypted: | false |
SSDEEP: | 384:b481UIJElGAKfGmCQT0OyUAw/MuLjXkQTCUmS06vRu0GMabLMb0dadg1sKkmxBlw:wKb |
MD5: | 0673D83A039EC5F13903EBB5148B8A33 |
SHA1: | A6CE2EF18DBA673DA6AACAD08548E145E37FA286 |
SHA-256: | 884D6BDAF9199CF416095F552454545F476B94010069A2A9DA07636BA9E411A5 |
SHA-512: | C7AA12DFBE30F72D5BA25346B83AC990A1B6227CB8B0DF3992F45E51E0A0E208B4A90B6806360B1583181AD54DA84385D8F3AA7FA100D1BA7D33D94D49222C00 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.384557467093507 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rx:F |
MD5: | CE186F30E3C43185FD3F3755A6AEB7E1 |
SHA1: | 18F9062F474BF38255240F695A540C11DCD559D5 |
SHA-256: | 37EA90D781C66E5041C762359AC7FEF0E7940C6CC99B851FD72C0F3692A49A2C |
SHA-512: | D9A1010B34ACA6CD89AFD33D49F9413C13685C29548AB579CC274FCD8EB37D1613FB0C8F1594511E4E591500E3B0FFD3A06E2071EDEE9CB3E00EA7AB921AB08C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.798830405891438 |
TrID: |
|
File name: | APEFT-Remit.pdf |
File size: | 8'523 bytes |
MD5: | 2a0dc631f6524b80081e228e32d23249 |
SHA1: | 5f68eac68959003035c87951f2fb60a197ee3996 |
SHA256: | 8c472eef2d4f66ca6d5d6e0492c041313ca57c5760ef27555b0af763ff4b96dc |
SHA512: | 6f7f0ccda910dfd37fc477174076d52255a4f85ade7654d86d1e405426d4668db84b6b61c8633d4830106e66ac4783698a95cf8752a6d508239e7523ad0e5751 |
SSDEEP: | 192:b0UOhdi0E7OW6Th918Hr2SAeGRAJ979o7VEOf04TOULUjxUbf9LtdM:b0JEX7v6l9OL25kzgf0GYjxUb9tdM |
TLSH: | 12027C5B19488EC9F49AC7D93F0A1DD25FCA8310A2257CC739EC4F8B7301D87A88261B |
File Content Preview: | %PDF-1.7..2 0 obj..[/PDF /Text /ImageB /ImageC /ImageI]..endobj..7 0 obj..<</Length 8 0 R../Filter /FlateDecode >>..stream..X..ZYo.7.~......-........#u..TR.E...&QaJ.,......g.rO.9.+..7.83.1...W.#..X.*. .H..".P..]F~'....RR...'...i..5Q.{.$'...&IB...+~.>....q |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.798830 |
Total Bytes: | 8523 |
Stream Entropy: | 7.858603 |
Stream Bytes: | 7280 |
Entropy outside Streams: | 5.201466 |
Bytes outside Streams: | 1243 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 11 |
endobj | 11 |
stream | 3 |
endstream | 3 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
5 | 009c2d2d1c37070b | c25d3da4102f87340f1961ca2b376448 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 00:51:25.988162041 CEST | 49740 | 443 | 192.168.2.4 | 72.247.96.179 |
Apr 24, 2024 00:51:25.988246918 CEST | 443 | 49740 | 72.247.96.179 | 192.168.2.4 |
Apr 24, 2024 00:51:25.988358974 CEST | 49740 | 443 | 192.168.2.4 | 72.247.96.179 |
Apr 24, 2024 00:51:25.988567114 CEST | 49740 | 443 | 192.168.2.4 | 72.247.96.179 |
Apr 24, 2024 00:51:25.988590002 CEST | 443 | 49740 | 72.247.96.179 | 192.168.2.4 |
Apr 24, 2024 00:51:26.475649118 CEST | 443 | 49740 | 72.247.96.179 | 192.168.2.4 |
Apr 24, 2024 00:51:26.478240967 CEST | 49740 | 443 | 192.168.2.4 | 72.247.96.179 |
Apr 24, 2024 00:51:26.478286028 CEST | 443 | 49740 | 72.247.96.179 | 192.168.2.4 |
Apr 24, 2024 00:51:26.479787111 CEST | 443 | 49740 | 72.247.96.179 | 192.168.2.4 |
Apr 24, 2024 00:51:26.479885101 CEST | 49740 | 443 | 192.168.2.4 | 72.247.96.179 |
Apr 24, 2024 00:51:26.481848001 CEST | 49740 | 443 | 192.168.2.4 | 72.247.96.179 |
Apr 24, 2024 00:51:26.481945992 CEST | 443 | 49740 | 72.247.96.179 | 192.168.2.4 |
Apr 24, 2024 00:51:26.482707024 CEST | 49740 | 443 | 192.168.2.4 | 72.247.96.179 |
Apr 24, 2024 00:51:26.482724905 CEST | 443 | 49740 | 72.247.96.179 | 192.168.2.4 |
Apr 24, 2024 00:51:26.526019096 CEST | 49740 | 443 | 192.168.2.4 | 72.247.96.179 |
Apr 24, 2024 00:51:26.643876076 CEST | 443 | 49740 | 72.247.96.179 | 192.168.2.4 |
Apr 24, 2024 00:51:26.643950939 CEST | 443 | 49740 | 72.247.96.179 | 192.168.2.4 |
Apr 24, 2024 00:51:26.644166946 CEST | 49740 | 443 | 192.168.2.4 | 72.247.96.179 |
Apr 24, 2024 00:51:26.644567013 CEST | 49740 | 443 | 192.168.2.4 | 72.247.96.179 |
Apr 24, 2024 00:51:26.644610882 CEST | 443 | 49740 | 72.247.96.179 | 192.168.2.4 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49740 | 72.247.96.179 | 443 | 7836 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 22:51:26 UTC | 475 | OUT | |
2024-04-23 22:51:26 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 00:51:12 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 00:51:12 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 00:51:13 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |