Windows
Analysis Report
Exhibit 7 - Catalogue Mattress-Jan 2024.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7116 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\E xhibit 7 - Catalogue Mattress- Jan 2024.p df" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 764 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 4800 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 08 --field -trial-han dle=1596,i ,976593150 1288519504 ,154964602 6296255911 4,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
x1.i.lencr.org | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1559724 |
Start date and time: | 2024-11-20 21:19:31 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Exhibit 7 - Catalogue Mattress-Jan 2024.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/48@1/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 162.159.61.3, 172.64.41.3, 52.202.204.11, 54.227.187.23, 23.22.254.206, 52.5.13.197, 23.195.39.65, 199.232.214.172, 2.18.64.223, 2.18.64.220, 23.218.208.137
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com, crl.root-x1.letsencrypt.org.edgekey.net
- VT rate limit hit for: Exhibit 7 - Catalogue Mattress-Jan 2024.pdf
Time | Type | Description |
---|---|---|
15:20:41 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | AsyncRAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | JasonRAT | Browse |
| ||
Get hash | malicious | PureCrypter | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureCrypter | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.143746234024927 |
Encrypted: | false |
SSDEEP: | 6:HHQdSyq2PN72nKuAl9OmbnIFUt8YHQdANj1Zmw+YHQdAN1RkwON72nKuAl9Ombjd:nXyvVaHAahFUt8kF/+khR5OaHAaSJ |
MD5: | 71DB3B2568B5E5EAA36FF03AF392107D |
SHA1: | 3362E8C77C7A46D1CE26558FB1C42F5753DB8964 |
SHA-256: | 409F5110886F75DD91F2CFCA06CE2A49B2555BE9F1175C4C6B9E45B20F76C7A8 |
SHA-512: | E3328E03D63D552E87615BB8B3A524535098BD1EF5B1E54412118378F9B395EB6A695CBDD51403A999AE0B5D5D33FC37E4A0E935C56AA0D6030C3816460EF3DF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.143746234024927 |
Encrypted: | false |
SSDEEP: | 6:HHQdSyq2PN72nKuAl9OmbnIFUt8YHQdANj1Zmw+YHQdAN1RkwON72nKuAl9Ombjd:nXyvVaHAahFUt8kF/+khR5OaHAaSJ |
MD5: | 71DB3B2568B5E5EAA36FF03AF392107D |
SHA1: | 3362E8C77C7A46D1CE26558FB1C42F5753DB8964 |
SHA-256: | 409F5110886F75DD91F2CFCA06CE2A49B2555BE9F1175C4C6B9E45B20F76C7A8 |
SHA-512: | E3328E03D63D552E87615BB8B3A524535098BD1EF5B1E54412118378F9B395EB6A695CBDD51403A999AE0B5D5D33FC37E4A0E935C56AA0D6030C3816460EF3DF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 342 |
Entropy (8bit): | 5.173315179130804 |
Encrypted: | false |
SSDEEP: | 6:HHQdTS+q2PN72nKuAl9Ombzo2jMGIFUt8YHQdIWZmw+YHQd4VkwON72nKuAl9OmT:n4vVaHAa8uFUt8kFW/+kF5OaHAa8RJ |
MD5: | 40AC957484B5E58914336D7E39A0470B |
SHA1: | 488520C6E515EFADF6149863A04DD16CA37D2C47 |
SHA-256: | 9A50658A16F57FADE7C32F4627FA5E59F87CAB2D782FA84E7D8D3FDA1DA26E5B |
SHA-512: | 93AA03BE0FDE3F37181FCC9A8D0CFD56A767A1010934798D664ADD0617B5CDD815F4F51B43B3BEF21CE72AE2041C10E8511EDF4F4649A1E861475551D959D2CF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 342 |
Entropy (8bit): | 5.173315179130804 |
Encrypted: | false |
SSDEEP: | 6:HHQdTS+q2PN72nKuAl9Ombzo2jMGIFUt8YHQdIWZmw+YHQd4VkwON72nKuAl9OmT:n4vVaHAa8uFUt8kFW/+kF5OaHAa8RJ |
MD5: | 40AC957484B5E58914336D7E39A0470B |
SHA1: | 488520C6E515EFADF6149863A04DD16CA37D2C47 |
SHA-256: | 9A50658A16F57FADE7C32F4627FA5E59F87CAB2D782FA84E7D8D3FDA1DA26E5B |
SHA-512: | 93AA03BE0FDE3F37181FCC9A8D0CFD56A767A1010934798D664ADD0617B5CDD815F4F51B43B3BEF21CE72AE2041C10E8511EDF4F4649A1E861475551D959D2CF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\97126a8f-e122-4bcd-b511-565cbf97299c.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.96930632548093 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sq3hsBdOg2H5zcaq3QYiubcP7E4TX:Y2sRdsHdMH5K3QYhbA7n7 |
MD5: | DD37F82325396DDFFAD88B82D2CBCD66 |
SHA1: | 3466956564A5B291ACA580AD3A64DB1D17FF3EA1 |
SHA-256: | E7CBC01B0A229857D322679808C064A1E1324977D8E4CB7D1E7EF683CA77F986 |
SHA-512: | 7EF66D617221E16B52784F24FF3220935A023583F3BBF4B80505142848F09CBC4D6AAC549C1192F69E449FE0B4FBA4D25549B16269C8E146D9C1E71A5ADB7135 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.971824627296864 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7 |
MD5: | F326539D084B03D88254A74D6018F692 |
SHA1: | 395B367E0E3554C3E78A8211F2D4B9F0F427CA87 |
SHA-256: | 9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007 |
SHA-512: | C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5aaf16.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.971824627296864 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7 |
MD5: | F326539D084B03D88254A74D6018F692 |
SHA1: | 395B367E0E3554C3E78A8211F2D4B9F0F427CA87 |
SHA-256: | 9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007 |
SHA-512: | C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a46d5241-4302-4354-a490-13542ee1381a.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.971824627296864 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7 |
MD5: | F326539D084B03D88254A74D6018F692 |
SHA1: | 395B367E0E3554C3E78A8211F2D4B9F0F427CA87 |
SHA-256: | 9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007 |
SHA-512: | C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5859 |
Entropy (8bit): | 5.251738276878318 |
Encrypted: | false |
SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7DPj+Z:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhY |
MD5: | 75A66A1830948E018B70400DF9D18446 |
SHA1: | 57ACB9BCA4C6D5C8D5BD96A031D4E34F33549DA6 |
SHA-256: | 18CCDD2AB45715E641B0ECBF939EBC70B51F0DC53EFA4605A808EBA6CC1F87C0 |
SHA-512: | 474665CC0CDF37D521C654B67CBAD21D47CDA6697E1136E65C7C750A852F839A718EB155DC3B663719F171897B3AAC8C5AE2A0716F96ED16F5EEA651E8439F80 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 5.163581441110038 |
Encrypted: | false |
SSDEEP: | 6:HHQd6G+q2PN72nKuAl9OmbzNMxIFUt8YHQd/Zmw+YHQdsd3VkwON72nKuAl9Ombg:n1vVaHAa8jFUt8k8/+kF5OaHAa84J |
MD5: | C9D504357E145CF1B6ACDF359C6ECD5C |
SHA1: | 5AE443187DE4CB3F101DD8EC455C5B5B31809350 |
SHA-256: | D39364502A709F2DBEC76D6F3D19FE35CEE012E0082B429DE2768EC1FE46D6DE |
SHA-512: | B85793B6484C0CEF6651AD6C5DD50F0038EAECB85F7CA77E2FBBBE35946603CF129E34196771BF9956754DAA29746F1E9E4BF0DB66CA589F27B9691B0F8A238D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 5.163581441110038 |
Encrypted: | false |
SSDEEP: | 6:HHQd6G+q2PN72nKuAl9OmbzNMxIFUt8YHQd/Zmw+YHQdsd3VkwON72nKuAl9Ombg:n1vVaHAa8jFUt8k8/+kF5OaHAa84J |
MD5: | C9D504357E145CF1B6ACDF359C6ECD5C |
SHA1: | 5AE443187DE4CB3F101DD8EC455C5B5B31809350 |
SHA-256: | D39364502A709F2DBEC76D6F3D19FE35CEE012E0082B429DE2768EC1FE46D6DE |
SHA-512: | B85793B6484C0CEF6651AD6C5DD50F0038EAECB85F7CA77E2FBBBE35946603CF129E34196771BF9956754DAA29746F1E9E4BF0DB66CA589F27B9691B0F8A238D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241120202035Z-201.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 0.16213573475832596 |
Encrypted: | false |
SSDEEP: | 24:RmGaeIaBLU4DanIae+ePjIaMqHNaUysu25slbSutc:Aoo4MeD4qHBIyL |
MD5: | 6E1BE9FD4799C6A9823A8EEDCF02458D |
SHA1: | 215932F09CD82844D442FC978AF54DF91E3A7181 |
SHA-256: | 4EA077925FF3A2E92408142576DAFE2C37547BCB8FE600C5DEAB5CE2E3B3CFEB |
SHA-512: | 02AF13F2C2EF1CB47F371B825B51FA708D16FBD1B87635619A12449EE8B00180EF520DDD817D361D926BD3F6D82910907334590D04F8FF962D5A3BEA98A8E2FA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444666704782909 |
Encrypted: | false |
SSDEEP: | 384:ye6ci5tViBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:m+s3OazzU89UTTgUL |
MD5: | 8EA2E8FDC98C3838BB2659CE07276E8C |
SHA1: | E1D1D20B21CBD9F2124DC302FA6F9A4A98EA32BD |
SHA-256: | 7210779B76EA945D7D02FF8646F661A9294F7AECA8DB6ADDAACBC39692DF617A |
SHA-512: | 4241BC055A484F17BCA0156078DEC5636A47204730D0B06CC8C0A15ACCEF0B6DD70AE2F20D3B105A054A8F181C9EE8E2B54D38658B1C241700D5B42C6F4749C0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7675126538278967 |
Encrypted: | false |
SSDEEP: | 48:7MsJioyVxioyxoy1C7oy16oy1fKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1O/:73Juxn+XjBiyb9IVXEBodRBkr |
MD5: | 681ED30877CA468537F6CF5979E3DBA6 |
SHA1: | B8FB09E77884263A20C8A96D1B7A160392611D93 |
SHA-256: | 350E363374A906792CB5F2FF14FA6561A450F25F42D2FC86C9EF2B029A2EDD27 |
SHA-512: | 9CDCC9FD17DBB92D89BB245155D2B186844D06B4A42EB4C10C363E425EDA1543E9D292F3E6CDF31C65C8F8C111563DAB6C0B38860CA9C648EF68BC517E5B48AE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.756901573172974 |
Encrypted: | false |
SSDEEP: | 3:kkFkl1qcsevfllXlE/HT8kjbNNX8RolJuRdxLlGB9lQRYwpDdt:kKLcseQT8IpNMa8RdWBwRd |
MD5: | 8C43418CEB9A2981D136609597605FF5 |
SHA1: | 4D83406D6BD15CA649C8BC92D8ABF73F2F2A701F |
SHA-256: | 5C65CC98C8961F8F5199347467A143351337C88E5046F9F5FD72CA25EE4B09A3 |
SHA-512: | 9328D10435BFF8CB2E38144D67A63E2A93E986BDCB5A1EE8B605ED0C368E20226C90BBF2A38DDCDC0D35FCE4F46AFDE730B861AC1E7416BCF9EB185527102615 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.2384888235734746 |
Encrypted: | false |
SSDEEP: | 6:kKx9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:oDImsLNkPlE99SNxAhUe/3 |
MD5: | 43B11A1E2B3B675A95C399239A803707 |
SHA1: | E4AFAC7029415C76FCF145FA41BD4D29904FC56F |
SHA-256: | 4B5DF0A0241DCDB556F173335203FE060F5B6AF837BED53EEFBA67DA62513137 |
SHA-512: | 6180FFFBCDAC743100F76A6068F51536811E5E67BEA813B86901BB1ABDC53C93D209A95FD52E3ABE2E2E5A82ACBB8165588ACC82FD4C36675F805084B012F83E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 228345 |
Entropy (8bit): | 3.389782163700774 |
Encrypted: | false |
SSDEEP: | 1536:qKPCWiyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCwJ/3AYvYwglFoL+sn |
MD5: | B818E722BD4826732B5B51A764A2DEED |
SHA1: | 22ED095EE973AED3BA5C3A805FCE0174423E2352 |
SHA-256: | 47BB6F65159447A89B1B0D8114D569458862C84A7A247A1032618E09AA86868F |
SHA-512: | 39E1BDDA3E02965A4B1C6AA287EA92B0612CC024F05C12AF0AFA521D08D99BDCE55B3FAD8880DCD40AC6F70D141DFB9CCDA9094ACA877972037AC2E73803E43B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.361863663907271 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJM3g98kUwPeUkwRe9:YvXKXFUT0Afc7eHZGMbLUkee9 |
MD5: | 1F0096B5CCC8A2EA8B8C2295B6F3D197 |
SHA1: | 963F309AA3E7AF9BD5D90F7DD3003A73C25A7787 |
SHA-256: | D84D55B6C3624D1AE13CEBB39EDD19628C462F0B13D4164426B7928AEA8AE9CB |
SHA-512: | 37709FA02D16FB30B695DD7B5F0AF25D671122535F63FCC1D4E78FD80A92B688D8D4A4B9BDA81FE5D99D760A99B22EE908A4286F6353B066EDD59EF18FC51C46 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.315307347581254 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJfBoTfXpnrPeUkwRe9:YvXKXFUT0Afc7eHZGWTfXcUkee9 |
MD5: | 6D90C86118F0EDDA0E9B66C5177FC9EB |
SHA1: | 31A7C7A13AFFF368F3FFBC97CB184670CAAFBD80 |
SHA-256: | 89B8174D10151F81145A2F652EBC49D7B863BECCFB8B723ABC21CC69BD43ADB5 |
SHA-512: | 5E722F6A4C417F8934F2C9C920FB6E124927AD1728DB8C8E02476DDA83F3EEDDF67130672E5F8AEA8888B5A65FB202C1C68F14CD360CD559681EF493D0F70D51 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.294793916718657 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJfBD2G6UpnrPeUkwRe9:YvXKXFUT0Afc7eHZGR22cUkee9 |
MD5: | 4B79731AF3E0F030008D8D8E072E47AE |
SHA1: | A13AB4B61A92942A0A88B19A9D740356DA2AF8CC |
SHA-256: | BEEC80E605153F469B4010E43CCFE059938D4805CC44FBDF553176DBFD08ECA0 |
SHA-512: | 34CEA048C6AD840B42619DE8D9143B31CEE072DB1D4EF67A0C64255D5F286959A021036FDA1A9CBC720B4EC723E087691724BF77D960E14C614C71DA27AF2DEE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.341833617732263 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJfPmwrPeUkwRe9:YvXKXFUT0Afc7eHZGH56Ukee9 |
MD5: | 2DB9A7A0ABCDF932CD8F3707DA4ED450 |
SHA1: | 5755F0050E0770605822FA85F113A685908123C4 |
SHA-256: | 16BB93A132A8B52DEB5A87240CBDA9357208B14AB04020BE492AC0B9DDC7EAE1 |
SHA-512: | BF6A0E4395E6C12FA534C5B264D5032F88E63F15C87959C8F78EA1FE1B9C1778313CBFBCF6A853865D40FD2A3F9EA73177A5AC83C1DFB7AC165DD989412D2493 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1123 |
Entropy (8bit): | 5.68620119280731 |
Encrypted: | false |
SSDEEP: | 24:Yv6XKEiepLgE9cQx8LennAvzBvkn0RCmK8czOCCSQ:Yv7Whgy6SAFv5Ah8cv/Q |
MD5: | 711D065A23A8FFC0318EA542C90DC9F0 |
SHA1: | FCA8A8AC26BA882EC3073E37DBFA928617645FD6 |
SHA-256: | DFEB7674A8FAB69BBA4E947D22BFDD0922221E8F0354B1CE7BF75FFFC663547F |
SHA-512: | 07CE0CDB7987DF5BB23984729EBFAA9992C7F663C030C44CF6176A7DCB8ED23C7070DD307CA8F245B8B610558FCF109B2F187294D8DBF3261914E93B922063B3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1122 |
Entropy (8bit): | 5.679242819722049 |
Encrypted: | false |
SSDEEP: | 24:Yv6XKEiIVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdB5:Yv7gFgSNycJUAh8cvYHe |
MD5: | 638B94438BD23F67945DF66615B468ED |
SHA1: | D2FE8C9403E385D79124287A980858406ACEAF31 |
SHA-256: | BD9C89394A09387B78BF297D68F6528F2BD39C27B2F7B820DD1A68CF96304D00 |
SHA-512: | AA9BEA7C39DA80ADCD5446C4FDBD977816411A3A1E2CE76B99E296642B3B59AA0AA11165A80B680BE78CC07A554BD2A5C4EB0A50180AD4FDD3768C5EFBDE1119 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.295582919981737 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJfQ1rPeUkwRe9:YvXKXFUT0Afc7eHZGY16Ukee9 |
MD5: | 224A64DA96967F1D334191C685BDDF63 |
SHA1: | B9A63C7AC8528005CA0EA4E59258821EB4FA3607 |
SHA-256: | 547500E9C847575FA8EF1D0A11D364C723A615F87BDA07FD956E61D8FAFD9376 |
SHA-512: | DEF4F1BD7DC07A68751E0C641AAB1BA1DCFC980EA95303C1D3FFB3EB0FA9D71096F8F1978F5E6C7AE604787BFDF623AEE939AFC111CEAE626A038ED3A43F33FB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1102 |
Entropy (8bit): | 5.671157823615683 |
Encrypted: | false |
SSDEEP: | 24:Yv6XKEiN2LgErcXWl7y0nAvzIBcSJCBViV5:Yv7FogH47yfkB5kVQ |
MD5: | D902ED2F0B9B85EA4DCBE81B71BFFD9E |
SHA1: | 7C5C730C868A7DB02F1E9F306E55E626E8C82FE8 |
SHA-256: | CB638408DB569FD726C9201E1B4538779540461DD31D341E59F5CEEE4B30FB01 |
SHA-512: | 46FBDFD90031884034F7FE305FE63402ECE6C35B2A302C8AFE3E1C86AB47D9C841E6C822459FE9C9D0E70FFBAD179609C1B51979898D07D0CBB7759D8D5B119E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.698265400313611 |
Encrypted: | false |
SSDEEP: | 24:Yv6XKEilKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK55:Yv7tEgqprtrS5OZjSlwTmAfSKf |
MD5: | 177F86671A2448A1EEC0B22F69E4AE4A |
SHA1: | DFC02777EC87B3A5679FD8B85FC1D6711664DF21 |
SHA-256: | B8AA5D8BCE15550D7D68A09388220997F0DD1193EDB9BC3116162863E6642495 |
SHA-512: | 286F11D033CF6A91CE6E7C436513C30044BC2B51BFB031A19ADCA9AE70A6B2DD2F30392D3BA54045FBFDB2CAC095DC0B9DE531E481ECFA34C487071524E2F49C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2989797470768165 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJfYdPeUkwRe9:YvXKXFUT0Afc7eHZGg8Ukee9 |
MD5: | 3739FA7A0CFC0EAA75E80EA713796CDD |
SHA1: | 6332B43BCAA1AED134E6813745568E5BD0CC5B2E |
SHA-256: | 110B5238F9BE7C333188D5EFEFF2812F601E7ABB1E18E6F3F77E9F56AB553288 |
SHA-512: | 09A449EB98B30399CE6547EBC0E79C58F81175393A5DEA3E9664D77719D88E610A691ADC2E4FFDA2320D663E2F5E07E155F14EC025B9678182FE4CBAC813633E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 284 |
Entropy (8bit): | 5.285311148627979 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJf+dPeUkwRe9:YvXKXFUT0Afc7eHZG28Ukee9 |
MD5: | 6380C46CE02317243BD57C7DEEA00DB2 |
SHA1: | 6719483D34DD3A1060102CE27BA96B74975E050A |
SHA-256: | 66298866123CE750241331E908699515FCB6F57A9C6895603A73A60AEC9FF742 |
SHA-512: | 8910CD4CFB9E0B23AEA2768373F18FEA807173DC06AC173D22272CEB3DDDB83739B574A55EA50CE8D91D728B1465FF19435F8A1224D360CB2C426A2C15C16FE6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.282533856798262 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJfbPtdPeUkwRe9:YvXKXFUT0Afc7eHZGDV8Ukee9 |
MD5: | E8D497F58BD7C874E785D0599339EDDF |
SHA1: | 471664FC1ED30E30ECEF84F91F9308D66A55F220 |
SHA-256: | 440364026EF74E8B6138C3CA3F791DE91E38A9A4E7FEED4C591EF02709E3A476 |
SHA-512: | 917D98F365BFC6F253DAF3AC3537FA9AC074BF71B87E94884E59F7ADA353F4BBBEE1F5213F3CD50CED5BDE6FE75AF63001750796DE9D78B741C9BCA2FA167931 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.286196920874722 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJf21rPeUkwRe9:YvXKXFUT0Afc7eHZG+16Ukee9 |
MD5: | EB7C6CEC04A8C2A9F8D2076844AAB0A7 |
SHA1: | D24F2592BD15E52DF1646C967FB2195FF8E4A198 |
SHA-256: | 79450749391CD46ACEE035A4CF9AE20A765415E16D47336B52B898466CB00237 |
SHA-512: | A83A5F079A5F6ABC434AFDFF8B6DB7DDB95E39E6966ABFC278F5898A7CF958C2ED68E7ADBE06BAE0B0CD4649685477B475F187CDE941148755DB5EB1AA4C5095 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1090 |
Entropy (8bit): | 5.661359120953006 |
Encrypted: | false |
SSDEEP: | 24:Yv6XKEiCamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSQ:Yv7EBgkDMUJUAh8cvMQ |
MD5: | CFAF9B5BC112D3CD535AC3A0D971BB78 |
SHA1: | B6434A627EDE0DEB8F0DE1C1D27091158A1F16A4 |
SHA-256: | 9D3EC6E4E455FA945069BFDC8E202DC138EABF63A5D4ABF69981C5F188D885EE |
SHA-512: | 5FAA9E082FE88B9051DDCA767B9E27065F3779E8702B811FEFF81FBEA20D435B446C3DE5179157D57617FFA52A21254CA51E0962A75FECBDCCBBA3C3FEA85B5F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.263824654894297 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJfshHHrPeUkwRe9:YvXKXFUT0Afc7eHZGUUUkee9 |
MD5: | 771CAA7972D685A65684DA40BD8104A1 |
SHA1: | DB0E74AAD13A5FB76229EB3268544D98FEF00086 |
SHA-256: | E5B41F6FFF7E2CA34B54D071D009F7457784D69669194F872DD31EB1A2F34192 |
SHA-512: | E8AC761C94ABFBD7C49E2026ABBD5E7AA610A685C3F8A2E940E202006983CCAA2C510F95D50FA1E845F243856D1BFBB3D22B4FBBD1E3FBB6984906D4F62671CF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.364778918173654 |
Encrypted: | false |
SSDEEP: | 12:YvXKXFUT0Afc7eHZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWAF8:Yv6XKEiV168CgEXX5kcIfANhQ |
MD5: | 988E36374D8F70773FDC5446B0B0EB20 |
SHA1: | 8BB5C52312DBA08E2E8C866186A493F5A4C472DE |
SHA-256: | 9A1A1F88ABFA7C79099000FAA57E0016D49123B53120E0A2ACC8AFBCE274E2EA |
SHA-512: | 4EA128A5D44F1D73D6CC0508770FA4D188E45CE3A7C69648D146C81882A76ED4118A9A4CDAE1CD3F6F14EC44CA3AC054115312517621049511826CB8ECE2EEB6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2817 |
Entropy (8bit): | 5.130512155031236 |
Encrypted: | false |
SSDEEP: | 48:YyPGZJlBENdeWorrWGwjnFGgTO4VoDn9dBq:JPa5EWWov6xTv6jq |
MD5: | 29003D79EA67827588485D443CBB5639 |
SHA1: | 3CB03970D201F3F4CC3771A30E3EADCD4B45823C |
SHA-256: | B380FD4160A4F7DC9792FD445FA0C109ED4F5846D1EC28D644A85FF1333D59F2 |
SHA-512: | 525D902C98DA3C9233AA4F84A23DBB84F9B6CC98BEB308C8A1FCC6223A0ADD5D55019A2B4D1B8ECCBE751683C7FC3E933B6E80DAB28DB6B9C306C14ED8F9AC3B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.146337089566392 |
Encrypted: | false |
SSDEEP: | 24:TLhx/XYKQvGJF7ursm9RZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcZ:TFl2GL7msmhXc+XcGNFlRYIX2v3kFX |
MD5: | 1DDF761E0C34A17498821F281BB58A3F |
SHA1: | 1739461A25C622EC10295D6320275D1EFB63CA8C |
SHA-256: | 687F9988AC451A4D469FBD16CA804F2140BAE76D7B7C470358E243DF24216E19 |
SHA-512: | B4793371A7479AD530A4BED5DF20085B3FDA105DFF5FA63FDFF31698D59EBD221B8A609C5472E17ABF8AB639B2062DB096648D9EF39AD14BE0A36888F67EDD6E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.5520607764940952 |
Encrypted: | false |
SSDEEP: | 24:7+tY/G9UXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxzqLxx/Xn:7MYG+Xc+XcGNFlRYIX2vKqVl2GL7msR |
MD5: | FB11B8B69E72BACFB134B66E6D028A13 |
SHA1: | 819D30652BD1E87287CE9798CE27E3CAC730E284 |
SHA-256: | DBD29D8BEB008769F8961D0D336761B72F150C2C5E7AA4D8D7B6783AD98BD633 |
SHA-512: | A02F8843D4309704DD02893EE86461F0363D853FCE37003862F8276B11F6CE44D48E5FB30129A24A475C3D5A491C78E654E4416F7203959D8D430144340D68AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgmjblB7tUcUOQVnk7GL8ARK3eYyu:6a6TZ44ADEibmcEnk79ARK |
MD5: | 2F7CB3E762CB3B5A9A9D55F55E5DC06F |
SHA1: | D86C840CC9FCBA4E5B97069E37C3FC2377D8FAB5 |
SHA-256: | 75B2B4A02DBB6733E1CC9DD9FE3FC68FAB5A2B74A309BF61C86B68006E8669EF |
SHA-512: | 3A3D348280C1E7BF09106E1477CF17FBC5861C8792C9789E9A656E2459B9A6334505AE1DF33DDA5FAD8837EDFD7372E9551625A76EC8B65BA762579773250C39 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5097251598291805 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8QOOlvWbH:Qw946cPbiOxDlbYnuRKZOOgz |
MD5: | A34A7CEBAA34F29208F347EBF67C98E0 |
SHA1: | B5E717BA177F58DA60638255506467E8B0FBB73F |
SHA-256: | 421ACB6D6816CBAD835B54E846693DDE1C337A83EFF376E1AD28DA2DBEA17936 |
SHA-512: | E1BCF495397C5F9EFBE8F50DC7140939A7EF07E610794CB4400BD80419507446735ACF442CD5E23590BFA2157008AEDFEA6857E492E90F1826219FBF1CC3A19A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-20 15-20-32-690.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.338264912747007 |
Encrypted: | false |
SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
MD5: | 128A51060103D95314048C2F32A15C66 |
SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15113 |
Entropy (8bit): | 5.347842766944498 |
Encrypted: | false |
SSDEEP: | 384:Hgpt4VBMyEA77Ugw41SBaoD5IwT8COqWn6VTBHDBUf4wzRH/s2b+CuI5YhEy0B6D:njQ |
MD5: | 174153EBC27FB9D82F733C2B41A69DA9 |
SHA1: | 624028036238449D3D320921132923FE77A8B3EA |
SHA-256: | 78CC455AF6AE4A867467EA5C12F516F083795945466A206D23A901D9387C00CB |
SHA-512: | 47ACAE252B72B73F439F81E318B71BED384DFDD70BCA8155FF1EA1E94940A09415460BCE074FD84ED1C6AB2679486C9D033CE4669DF0ADE1081B854600F9462E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.391577204459224 |
Encrypted: | false |
SSDEEP: | 192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbVcbKjIzxcbR:V3fOCIdJDen0z+ |
MD5: | C1C9507B0A7108C101A2D48C5BCCCEE0 |
SHA1: | D81FDC460C205F4A5886AEB13AF387A103F1318F |
SHA-256: | 9DB4767C17B53515B0B60B68D05A23AB0A12B61769BD957CFE08D24AB3D31976 |
SHA-512: | 34161F20AA3AB81291D05D2A24DB59C70B324CC78D2FEB07E418F3574949E86AAD56E2175E4C2760BF581C11B5B713EB61393DFA5C72619A1EAA4301122543C4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/M7ouWLYZwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLYZwZGuGZn3mlind9i4ufFXpAXkru |
MD5: | EC8D4FAB55F24C0E344D263724846C4A |
SHA1: | 5444D90F86D68A23AF7FB5434DEAE740D57D0312 |
SHA-256: | E489C11D38BFF8F1F51351BAEBEE9F723A5C036DA0B0CB9C82306251017054EE |
SHA-512: | 21018FD299944987654C202779C8E0185815868DE7179B814F145573EE8D45ACC33CA7E008CB23774C473DD7939E9D7D7C2E5A14E31D5EC62F7BFFDBBAB41F9A |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.98379941068753 |
TrID: |
|
File name: | Exhibit 7 - Catalogue Mattress-Jan 2024.pdf |
File size: | 919'402 bytes |
MD5: | 225d43650452e5075fc72fe303f9b41f |
SHA1: | d988b73f991791033b730acc56712312fcb1971e |
SHA256: | 81a2b59d4267a52ebd7ac6994e1299b4bc65c8ce6181beaa213a211004dc543f |
SHA512: | 90923d1697f219f62029f913fb58bef6f32da4d276d0e8e3385a582c45d6b7b6243eef4752c5fb4f2b07dba106e4561513fb55830df248cda4af65c2e5d37900 |
SSDEEP: | 24576:NAr+c2qedkh39P0huIiJPpLiqpGaGN3rv4dqwkDilr+d:3qSo39P0huDiqpGlruqDilrS |
TLSH: | 3015236F8589C0CC45B087C4B7078DE59645B3EFEA849DBBB25F0A8B2F52C16DC42D68 |
File Content Preview: | %PDF-1.6.%......313 0 obj.<</Filter/FlateDecode/First 6/Length 197/N 1/Type/ObjStm>>stream..h.T....0...W...B..... .7*..]...Q..1U..."...q..H$.l6...;!..zX.*..S./.i.u...7..C.(g.-....J.S!D&.Df|........B....].......;"...D......`.._..4...+..M....k.@..5)..9.Q... |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.983799 |
Total Bytes: | 919402 |
Stream Entropy: | 7.997456 |
Stream Bytes: | 886818 |
Entropy outside Streams: | 4.554735 |
Bytes outside Streams: | 32584 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 73 |
endobj | 73 |
stream | 55 |
endstream | 55 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 12 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
167 | 969696961717330f | 33650148db566b56fcec7a991fbbbe92 | |
168 | 969696961717330f | 4c132a236ed2f5f9368e5a436f588bc1 | |
169 | 0000000000000000 | b3e04b4125453a2a1b043b77df891ac4 | |
170 | 0000000000000000 | 1186aba7b99902473f07153422690178 | |
171 | 0000000000000000 | 2d98cac913a56b7ad54ace7bc19a772e |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 20, 2024 21:20:40.516932964 CET | 56139 | 53 | 192.168.2.6 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 20, 2024 21:20:40.516932964 CET | 192.168.2.6 | 1.1.1.1 | 0xd226 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 20, 2024 21:20:40.854211092 CET | 1.1.1.1 | 192.168.2.6 | 0xd226 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 21:20:42.694155931 CET | 1.1.1.1 | 192.168.2.6 | 0xb857 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 21:20:42.694155931 CET | 1.1.1.1 | 192.168.2.6 | 0xb857 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 21:20:55.711724043 CET | 1.1.1.1 | 192.168.2.6 | 0x885d | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 21:20:55.711724043 CET | 1.1.1.1 | 192.168.2.6 | 0x885d | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 21:21:18.945086002 CET | 1.1.1.1 | 192.168.2.6 | 0x606c | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 21:21:18.945086002 CET | 1.1.1.1 | 192.168.2.6 | 0x606c | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:20:28 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff651090000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:20:29 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 15:20:30 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |