Windows
Analysis Report
Rhenus Express_Bank scam.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 3148 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\R henus Expr ess_Bank s cam.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 5720 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6200 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 28 --field -trial-han dle=1576,i ,301019516 9711488959 ,230473517 0993569971 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
x1.i.lencr.org | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1560170 |
Start date and time: | 2024-11-21 13:53:02 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 6s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Rhenus Express_Bank scam.pdf |
Detection: | CLEAN |
Classification: | clean0.winPDF@15/53@1/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 172.64.41.3, 162.159.61.3, 18.207.85.246, 34.193.227.236, 54.144.73.197, 107.22.247.231, 2.23.197.184, 199.232.210.172, 95.101.148.135, 2.19.126.143, 2.19.126.149
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Report size exceeded maximum capacity and may have missing behavior information.
- VT rate limit hit for: Rhenus Express_Bank scam.pdf
Time | Type | Description |
---|---|---|
07:54:07 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DanaBot | Browse |
| ||
Get hash | malicious | BlackMoon | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.188045711369942 |
Encrypted: | false |
SSDEEP: | 6:HEDQJ3Iq2P92nKuAl9OmbnIFUt8YEDQJYvZZmw+YEDQJYvzkwO92nKuAl9OmbjLJ:kMJ3Iv4HAahFUt8/MJ0/+/MJ05LHAaSJ |
MD5: | 2EAEB87FE02073A0207A5548A9A780A0 |
SHA1: | 405889518303A27ED7561E67FA4EAD34A4EA9DA7 |
SHA-256: | E8E351399B834814337426EC27BDE88A60C8DED2508A110D0B656BEE1ED0A487 |
SHA-512: | 9D8282CA7884326893CF84873DD750FBF08465D425F6F8E576AF89258A24D7B35DAB2424C2F96F4E896F564B2C23E63853C462945C2558C51B4374849396D95C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.188045711369942 |
Encrypted: | false |
SSDEEP: | 6:HEDQJ3Iq2P92nKuAl9OmbnIFUt8YEDQJYvZZmw+YEDQJYvzkwO92nKuAl9OmbjLJ:kMJ3Iv4HAahFUt8/MJ0/+/MJ05LHAaSJ |
MD5: | 2EAEB87FE02073A0207A5548A9A780A0 |
SHA1: | 405889518303A27ED7561E67FA4EAD34A4EA9DA7 |
SHA-256: | E8E351399B834814337426EC27BDE88A60C8DED2508A110D0B656BEE1ED0A487 |
SHA-512: | 9D8282CA7884326893CF84873DD750FBF08465D425F6F8E576AF89258A24D7B35DAB2424C2F96F4E896F564B2C23E63853C462945C2558C51B4374849396D95C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.223614393730339 |
Encrypted: | false |
SSDEEP: | 6:HEDQJdlVq2P92nKuAl9Ombzo2jMGIFUt8YEDQJCMQgZmw+YEDQJCMQIkwO92nKuA:kMJlv4HAa8uFUt8/MJCC/+/MJCu5LHAv |
MD5: | 18CF61920E8833C7C492F27EF827504E |
SHA1: | 8F7B05174083593211993B2F3F76B87FCC6983F9 |
SHA-256: | DCCF0BC499D652069116AE1A20F0E4E7E01ECEFC5F0D666AC2B1293101A51FD7 |
SHA-512: | D045D9F16AB9AE858C1051AB58070A3B1A4D4B5A032188BFAC09F8E3AA856F9CAECEB81AAD23B22CDDE44BFFAF9335ABA25F2AF3F43F0464C563DA88FB91E193 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.223614393730339 |
Encrypted: | false |
SSDEEP: | 6:HEDQJdlVq2P92nKuAl9Ombzo2jMGIFUt8YEDQJCMQgZmw+YEDQJCMQIkwO92nKuA:kMJlv4HAa8uFUt8/MJCC/+/MJCu5LHAv |
MD5: | 18CF61920E8833C7C492F27EF827504E |
SHA1: | 8F7B05174083593211993B2F3F76B87FCC6983F9 |
SHA-256: | DCCF0BC499D652069116AE1A20F0E4E7E01ECEFC5F0D666AC2B1293101A51FD7 |
SHA-512: | D045D9F16AB9AE858C1051AB58070A3B1A4D4B5A032188BFAC09F8E3AA856F9CAECEB81AAD23B22CDDE44BFFAF9335ABA25F2AF3F43F0464C563DA88FB91E193 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\7e59c69e-8dd8-4311-9699-a0857e00b933.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6b5bb4.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b3ef3866-bdc9-426e-9094-006e9d6e1878.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.048109251103277 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqg2sBdOg2HOcaq3QYiubxnP7E4TfF+:Y2sRdsvbdMHx3QYhbxP7np+ |
MD5: | E982CF0CE55D5A966CE115C1C8A742BB |
SHA1: | C5552772D13C611F32BC1CCEA9ADAC9C93F672FC |
SHA-256: | 623DB761B553CAB136B8CA98C581519380158F6A9B0AE4686BF08C2CE1F01675 |
SHA-512: | 58CD9DD6D12485C6C9F00D691A8D9F44C2A76AD9C2499585E9DB86D7B17508E2B71FFC5EFF6D877789BE8B5D4514360E8BA1F454BB2BB3BAC0E69CE2D11EFA0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.234847347473082 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUrpVkzh4+VEz4Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLt |
MD5: | 8B04941A83DCF4DE92D1382527392337 |
SHA1: | D1987760D7389441C69791947DAE7C6531AACC3D |
SHA-256: | FBB9075C9D064883A51F31428812BD24DC2717EBBCFEE5B5A2495FF18F2860CF |
SHA-512: | 621F734FB14AE1E9CF09E902C572F158467870B5220A9D289023101FEEF74215D370E379E8E304AEC80DF7ACAEF6A6C7436262AAD3F2A7BCA570507E99E85C1A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.230419044927761 |
Encrypted: | false |
SSDEEP: | 6:HEDQuqVq2P92nKuAl9OmbzNMxIFUt8YEDQxqgZmw+YEDQBIkwO92nKuAl9OmbzNq:kMuWv4HAa8jFUt8/MV/+/MS5LHAa84J |
MD5: | 0ABCCA2962092E59E4C955DBB09EE490 |
SHA1: | A3B9E0BC81064D6E262F84C702E86B35DB48E852 |
SHA-256: | 1511E6F31AFDF22BD376D9F739F0CAC6E44AA614934D70C3109B16B1EB1A2802 |
SHA-512: | F28FBE73FC5F4F39B9ACA3A550B1D369DEBD8A53F741A693FD07A8979E09B3C808FB9F0303F2C4E3A1833ED35F239A11BF74C8CC2C806CB87799F5CEDC1994C4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.230419044927761 |
Encrypted: | false |
SSDEEP: | 6:HEDQuqVq2P92nKuAl9OmbzNMxIFUt8YEDQxqgZmw+YEDQBIkwO92nKuAl9OmbzNq:kMuWv4HAa8jFUt8/MV/+/MS5LHAa84J |
MD5: | 0ABCCA2962092E59E4C955DBB09EE490 |
SHA1: | A3B9E0BC81064D6E262F84C702E86B35DB48E852 |
SHA-256: | 1511E6F31AFDF22BD376D9F739F0CAC6E44AA614934D70C3109B16B1EB1A2802 |
SHA-512: | F28FBE73FC5F4F39B9ACA3A550B1D369DEBD8A53F741A693FD07A8979E09B3C808FB9F0303F2C4E3A1833ED35F239A11BF74C8CC2C806CB87799F5CEDC1994C4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.013154474863312006 |
Encrypted: | false |
SSDEEP: | 3:ImtV9lyHPllllnUIghlPtCR/l2/l1u5oll/llAcnylsX+/l/Wwh/fX1:IiV9kvlll5ZgztCR68o/12sX+tuwh/ |
MD5: | B623A727CD94F2BB69F027CEC7746ABE |
SHA1: | 5DFE5B80B1C87F74CE3F16E1C2BCEB5D0F112029 |
SHA-256: | 9ABFE0767F9AF078D11D27635673F1C5B939950AB450E6E73FEDB10782F9F309 |
SHA-512: | 1F9CBBED18898002ABF5CDCAF8F6B35118D0ADEBD2B8A1F095675847F5F08D999F0C3E2FA379A2AE41251DAFC07015CC6F87D0EE003D1CFD1C07E097F4A7DB90 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241121125400Z-177.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.2574676864595749 |
Encrypted: | false |
SSDEEP: | 96:BRrfrEZ/Wp8zgMDrke/qViMZaa/f4ozfaNFVoa9N:BRrfAZ/W+z3Yu2x4oUFVdN |
MD5: | 292193BFC98935629D2E43C0CFA9E676 |
SHA1: | 68B6D954642BBB3A0E26DC794A094EEB0CB46136 |
SHA-256: | 3897D3D56156AD7D12165592189B3213FEB367DD2DB15D580DAA2B3D0CC1675E |
SHA-512: | 5DE8E296E8A49FAF158E453956066292E8222192112EC207172503981F2119EB5198AA320C05822F5F3C57038B52DFDF1A10F28BD3927A7A4EAE2DC3EBFB44DA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | 3:kkFklXP2ZhfllXlE/HT8kj7vNNX8RolJuRdxLlGB9lQRYwpDdt:kKN6T8k7VNMa8RdWBwRd |
MD5: | 5304D66053901DF850B2958310AF3A92 |
SHA1: | 929F182E764E712FB010BB9037CC72CFB3EE945A |
SHA-256: | 74641D585FA58B25D56D37DBFA678E1AB71E974EDB17BDDFCF36A6A23CC84AA2 |
SHA-512: | 54BDA8373689B34273D8329EA5E7DBB619A03DA0FB4228107F3ECEFBDAA5775D512E909E1BFC8F197AB136B0EEB14870221CD677C93C673837EB58727E2924B7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.2539954282295116 |
Encrypted: | false |
SSDEEP: | 6:kKLT9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:ODImsLNkPlE99SNxAhUe/3 |
MD5: | 1439E88CF202305812661DE47964D2D5 |
SHA1: | 95925FF3CA9C15A1A3FDC9D10EEA64E1679C2C85 |
SHA-256: | 7F5D1A17443667E56858A75118166DE91118F667A362CEEE674F118ED1F5F5D5 |
SHA-512: | 05EFDFB39A95DC85A8255163EC83DA4450BAC8FA4BF2D640115D53B23328F0BFC4BA93CAA4D112841641DCC412AC35C68482B7F62CAD11DCEE355EFDB4CEC88B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.356743901232909 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJM3g98kUwPeUkwRe9:YvXKXKoYpW7NoVGMbLUkee9 |
MD5: | 571D418386451A5431B51E525A0CC60C |
SHA1: | 08B6A5A202F762A9E3A8D5A71EE6F5C70FCD438D |
SHA-256: | D044C2BF6DA92726561545A47BBD3B4D31B95622AF3D115EEDC60F85C75D2A3E |
SHA-512: | 49B45880A2B5A1D201D693E3DFBC06B87A070F7A38EB5656EAB0BFC94D84B6C134329CF2BB2FE2E7E1847D6869AE68F0D197DB97936F02F26AE72AAF5800F587 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.295305713261826 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJfBoTfXpnrPeUkwRe9:YvXKXKoYpW7NoVGWTfXcUkee9 |
MD5: | 35C2164E01BD4BAEBB521FC174EF58DF |
SHA1: | B0989EED63ED0815E7D1DD9425AE57B34B9C72A7 |
SHA-256: | 0DC3EB15A9F2999E71E028C0258D2C64460D08DF72FC14EC696A5CA4BB2AA267 |
SHA-512: | 46C8191F19830B77568BED41C6640372776C69CF8843B688BF769F44814EC3A86118F915E3BFDC16BC68D08E4769AEEDAC644E98EFC474C3DDDC2649EBCF9C80 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.273444628007094 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJfBD2G6UpnrPeUkwRe9:YvXKXKoYpW7NoVGR22cUkee9 |
MD5: | 8AFDF397CB336973AA3D44417DB7EFA8 |
SHA1: | 85D3C7985AF63E40B716ED6646D03D2BE331451F |
SHA-256: | 3037C22ED45FFF24ED392D696449FB963F2EE1301DC6AF23D3BCE0C7C3A47EB4 |
SHA-512: | ECD49D9B9A14060A0BD85BE9F8CBF95C303E4E6445B53F0728C9F9CCD533485EF9BA63A9EFCFC7A60A9EBDDACA6F1C032A4B46354D004E0F10B21F355DE10699 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.335404516252308 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJfPmwrPeUkwRe9:YvXKXKoYpW7NoVGH56Ukee9 |
MD5: | 958665B1B39A2CD70190C25168349124 |
SHA1: | 736E1F4F67541E95EF7FA2F49C86F36CAFD60BE5 |
SHA-256: | 16E11565627A2D3366C65E49C4DBBDD17BE1B4E31FE0E8EE5AB66323DCCAF9C6 |
SHA-512: | 0B49550C8F9BDF752DD4CA497F49FA00A615149698D60EC50632BE3806455C046830B10B1736689EFFF7B664683D4B5C6AF84BAB0CD6A9E72ED8101E89473753 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1123 |
Entropy (8bit): | 5.690082880020753 |
Encrypted: | false |
SSDEEP: | 24:Yv6X6iNFpLgE9cQx8LennAvzBvkn0RCmK8czOCCSC:YvaNFhgy6SAFv5Ah8cv/C |
MD5: | DCC257BE707B847876638CC5473A42F6 |
SHA1: | BD94D2EC4D1CD74D1B9F0DC0A774D063E40715D1 |
SHA-256: | FC1AD272350DFB318511A2110162D74C57E5E3FC197BC74EA1387105E60758AF |
SHA-512: | 1D81289A35D8C340272F2EE311789BEBC582941E10A3870879798BE7D4ED2322B6C543BE4DE8D81CA0AE68745B742079EAB0021606D66ADAB1A8DC7203828ADE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1122 |
Entropy (8bit): | 5.678847985511578 |
Encrypted: | false |
SSDEEP: | 24:Yv6X6iNJVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBj:YvaNJFgSNycJUAh8cvYHE |
MD5: | 79825F56835EC5EEDCA8393447AC0D95 |
SHA1: | 144661AC46C3CF3F1CCDB1523FBB80D354A90AC0 |
SHA-256: | F92662DB3D9A0D1E44531B9E0C6B87071204F64F9B305199C60D6E58EEB5F65D |
SHA-512: | C5B135B86004E3C2B889B4D54E1DD9341A7E651ABF8C56F5CDF9EAF7A2A0DA11496F017B264706793501AC78AF0A2E3E7784BE5D4A5133520018670D55506CE7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.283477555548577 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJfQ1rPeUkwRe9:YvXKXKoYpW7NoVGY16Ukee9 |
MD5: | D6D002EA7417E94B02862AD6DBB32DFD |
SHA1: | DC0EA54834877D9A6B19E1BE94CEAA4F15EF94AE |
SHA-256: | 0E8354B174C4C82DB9AF756BE5413DD727EF70386DC18AFD1AFC5E571C2B2115 |
SHA-512: | 46C30C36F4F2A5DAAD8D3B271FB5098BFE9128FD13C797647D5B695C88EA6659D28D1CBB07B67D21BED5655244B6F0E9647FC4BC4FF15735628CD635EB631578 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1102 |
Entropy (8bit): | 5.6725424198068755 |
Encrypted: | false |
SSDEEP: | 24:Yv6X6iN42LgErcXWl7y0nAvzIBcSJCBViVj:YvaN4ogH47yfkB5kVC |
MD5: | BEC4F66900183D11690010A71B772B81 |
SHA1: | B587FF07BB8C7228AE5E6AE225176D4D0FE1ED68 |
SHA-256: | 67A72E4A3ADB81FE983C539F70CE1A2AFFE784EE86B02EFDB5D9D0BBF4262AE9 |
SHA-512: | 580D5610EE527D88E0ADDF129341F03C157D3B8114EA933C841AE58F55C78736380214C6E1C795977F38D34606980C64BEF911E1A52035BCE390C3D9706A7012 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.69734150897862 |
Encrypted: | false |
SSDEEP: | 24:Yv6X6iNwKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5j:YvaNwEgqprtrS5OZjSlwTmAfSKV |
MD5: | D228E383BB0F3F52B672BE961092E662 |
SHA1: | F467D3D07F43C5061574BD0B51FA4E5E2C87CD18 |
SHA-256: | 25ADFAA43B57B038FBBCA67A463F2C306590C86D5596A1EC1E132D3A014356A8 |
SHA-512: | E47342DD4847BF2F79958E187FD2F702ED3D7FF105BBEB6CB716681D566C38230EF7BA9583A698BEA60D83304976B81309A6CC9C150B11379275FBDB68CB4C60 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.291061364208064 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJfYdPeUkwRe9:YvXKXKoYpW7NoVGg8Ukee9 |
MD5: | 0071C0E4070084174C5A4A28267FEAF3 |
SHA1: | EF10BC569B99C34E8CBDE9591289A54438235548 |
SHA-256: | AEE7E6994174D9F58F76FFAFA7D2095DF6CFC252B61953AAEB5363610AC5D739 |
SHA-512: | 9E68C841A42DC964C0B8AF2F03E555F694F87D3C6194AA5BDF323EAA5FC2848124AED16498F4683EEED5ED00F5DF22EBB7DB5E491B8BFB8F53F23235FE3A5842 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 284 |
Entropy (8bit): | 5.27725335761013 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJf+dPeUkwRe9:YvXKXKoYpW7NoVG28Ukee9 |
MD5: | A55916B3C7BE863FA20849B1CE1D8AB0 |
SHA1: | 67226B07AAFA7E726944A84B5A61ECCA22AF7CA9 |
SHA-256: | C9C0EDFF60BB499712424FF8AACE0606D6838E6AF8186948427F9628C3C5B6D3 |
SHA-512: | 3DDB3054DFF2D6AD50EE7473DD74E4552D73E0F4E22BF7B2A230DE46A27DD82D1D8625F9399FC393F3CB462CB5244C0BA6E9BDF06FBD81C74400E54F7AB6B375 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.274669895804897 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJfbPtdPeUkwRe9:YvXKXKoYpW7NoVGDV8Ukee9 |
MD5: | 05596BAFF93F44510AE532210D28F11E |
SHA1: | 20942AA87E4840067E0EB75C7BDFAF74CAAC2B03 |
SHA-256: | 2E51B11E15EA00FDEFC49B4B077AF3E852803F2751364AA63818952466ACB222 |
SHA-512: | 4C4F1A93066010A4B0288339C6FE141E070F662C0DA10DA07AABDB943A1D2B0A82FBDE27F06C37EE1BF605EE0E2D0627378205ED273D96FF0E7A7887A106BFB2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.2759050104093 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJf21rPeUkwRe9:YvXKXKoYpW7NoVG+16Ukee9 |
MD5: | 0B70AF7D47C0F6379068103E28F5B616 |
SHA1: | D7BD4C2296B7CAB58CC2C540E3C506211A79FF07 |
SHA-256: | C14E80789F472FA9C61D738F70C32611E597981AD138BF5C75062B9096406CA2 |
SHA-512: | 27B54627E7548C879587190B2A4204EB35B1068EC9675C5D38116B7B1BDC53AD2D29EC6DD7C5B77F16164927590BA870DE9543D1606A7FDAC94AE74A92DF1F35 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1090 |
Entropy (8bit): | 5.662339188399296 |
Encrypted: | false |
SSDEEP: | 24:Yv6X6iNdamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSC:YvaNxBgkDMUJUAh8cvMC |
MD5: | A8D752E5562A530EC7163BA150D42703 |
SHA1: | 018497CD6516AB9B90B7C03BCD11BF5B89A4C690 |
SHA-256: | 08A1E26D89B13149231099CB4EA6E1A1949D9DBBE5FE45BCE194C4EB17CA5EC3 |
SHA-512: | 4C5C4C84A84AD9897118700F12DAA5F8B4BADC70B06668BFD6FDD3C3C6EBA70842CD7AA58BD5F06E6095714C57B7F7472986D8E645852EAED4262770A9B7AA0A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.253093425173333 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJfshHHrPeUkwRe9:YvXKXKoYpW7NoVGUUUkee9 |
MD5: | 9AC75AB1B41E8083B327A69A603E2BDD |
SHA1: | D7763EF736FB02C824303C06AA3EEF84BE082F04 |
SHA-256: | 43E4888E54D9284DA3FB8E5FA75B9027BE720FDE97AB43C03EB8F9D3CB755C31 |
SHA-512: | 4FF97B05725C7616C93393786D7E542102ED981B3E503631EA2E23B815E7BAE60A9CD570EE469CAC2616C97DC40BB06C378BDBB6D5B728020DA668D8060981E4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2817 |
Entropy (8bit): | 5.142848537827663 |
Encrypted: | false |
SSDEEP: | 48:YWVsQ4RUi4ZVIMxITaY2yTaVNi93ZJlio:lVsQwUnZVIMxIT2y33bB |
MD5: | A8187424C61E6EC4A820BCC1054C4093 |
SHA1: | 4F5C97DD718FB8C9F9AAA5C37345D6498C62E212 |
SHA-256: | 43F2583A0C328D366492BFCDBE24FE4FF942E2CAEF7F33F6F1DB8E5B7621873A |
SHA-512: | 88A9D75F52829608819C2C1DC0EAC26D90DDF465F711019AE9A830BA1909B43426D147B546BA6973B6A3BF39351B319F6D299C75C96CF5CF576547A15C522B9D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9849046016978474 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpyDD4zJwtNBwtNbRZ6bRZ4FDDF:TVl2GL7ms6ggOVpyD8zutYtp6PQDp |
MD5: | 41C5DD67E578C0CE8ECA5B93D8178774 |
SHA1: | 705D3C99118A0528853AE000A0AB4BA24B1B1F70 |
SHA-256: | 7CC0450939219C82847741E60E25A492C45C0DFC1A9765B61A093360DBB50FDE |
SHA-512: | A39FA35F1003815631BFC93646FC91B64BF2A58CEC4A03D22D66A64F4A213EA9650F600A40337B6D1770675BA6E68F38CC4FA910C3BE769A4F06B98404C1502F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3387599811230217 |
Encrypted: | false |
SSDEEP: | 24:7+tWAD1RZKHs/Ds/SpyDDPzJwtNBwtNbRZ6bRZWf1RZKUqLBx/XYKQvGJF7ursq4:7MWGgOVpyDDzutYtp6PM9qll2GL7ms5 |
MD5: | 0D92038511B6E4D2F5A2301B2087809A |
SHA1: | 8C79664D62571B1D76F9FC9B56D02B583EE110C7 |
SHA-256: | E1FA1C280C1D3C9E40E2A08299B9D45F50BF30CAB0B2A621808298A4A7B97D80 |
SHA-512: | 9D6652AF8E5D14C34C0F4727E5E67E7892CA5BB99B36AB126A4C89F864E876D1A8850F30018F115C51DCEDCAADB291298ADDC9405A8F8A73FE2D114DAA39786B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgdlNg3NJNWCUY0BvSVfBUOWfJxYyu:6a6TZ44ADEdzg3NeBvSVp8DK |
MD5: | 5C5C7AA6D95F62ED17E749B4DE4C77FB |
SHA1: | 1C6F1D7EAACE153A31150A55953D202C55BFD07F |
SHA-256: | 41353923A7586903B0852F883A947E864CE08A7E0D0E7EA328930B6DD56A2552 |
SHA-512: | E21CC5DB4A21EF8BB571B472945596701D693A8B3D12357D9A0D2A8F4FECF214F8CAC54B7B15BCFDD59318A359EE6776BCD7A6DF7666D38C3513C1DF7D4C7315 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.501595078528367 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8hlpivH:Qw946cPbiOxDlbYnuRK0MH |
MD5: | 44D14EAFFE1332F09A5C67F2203A9F7C |
SHA1: | BCF5772A9891D38BD3B6FBDADC31FAD7A987F177 |
SHA-256: | CC27A6337B06635B7E4EFF517737F9768B84F662F2DAA7C63B37DC836DD2D335 |
SHA-512: | B5853E68314B6C3277D0E83F73B3B4C4E65B42994489AF09E49342AFEB98BBE6CE07895D23B912C314882226ACA010E6D0B1A34FFE30A4B0BC3DBB648A847AFD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.071613107592004 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOy1O1uLCSyAAO:IngVMre9T0HQIDmy9g06JXCoglX |
MD5: | 48C28C9A58771C14A4C9B4B644574F44 |
SHA1: | 42C7376A087BAB43FF6FA2661ABFF494B9314DF3 |
SHA-256: | 6AD7861327F5DDDF2095E6BA7D37D5FEF5625A2983E337DEE51A562DB8C77DA8 |
SHA-512: | AC92C48DD355922305085FF921523D31B0DD9F5BF24F361F5EB987D1626FE1382027EA7403125EF719763129748E823ACDA4E9178F66E40CA6CDB231AA952C7D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-21 07-53-57-727.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.377345941325967 |
Encrypted: | false |
SSDEEP: | 384:irRA3AEAvABAGA57AeAHA5AuAAAh181I1mEqEzE/E8E9rV15RjA5RE6IK2KmKELi:iFcJMMF87pOOz5EqO81IILQPXjAXEDNk |
MD5: | 029388930A95B66447FE67EB508B0C1A |
SHA1: | 646D3CC0CA0A306EA83965DDF60E08BD87EACE72 |
SHA-256: | C0BE90230AF4AF8CF84D40E78B6DFC2B6310DC5D7570EAE5809870C41C752602 |
SHA-512: | 4EE88AA25B2277A0DB152209D2B59404CC39F335648E8EA73B74D446C1A49A1C7C87D58382E4FCCD4D893D1264C379B3AAC77925071425A79642D84A43BA6E3C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.402072316457658 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbT:X |
MD5: | 2A007FF6304BE8513BF57F3E92368AB3 |
SHA1: | 823A0F13037CF2814742BE766AC5B5205B60571F |
SHA-256: | 062C3059E855975FF71E8EB5CC73E853524CD1951EAC3C1AC4BC005D02DB59AF |
SHA-512: | 6FBF3F571158F2E37D3F5E3714A0F1F80C0D69AAD24C2D737E2E97FB138EB9FDCDA0EBAD89F07F1F56BAA833D4F4C55E2A8AA8BEEFD1518A0827D87A92524BC3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje |
MD5: | 716C2C392DCD15C95BBD760EEBABFCD0 |
SHA1: | 4B4CE9C6AED6A7F809236B2DAFA9987CA886E603 |
SHA-256: | DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8 |
SHA-512: | E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1439367 |
Entropy (8bit): | 7.97609170196247 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNP4xdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGe3mlind9i4ufFXpAXkru |
MD5: | 49D8A80707172858F2DA6673037C272A |
SHA1: | A2242B8E10DF0958FE2B44E2EE43851D7C231B3D |
SHA-256: | 0C6A67BA2D3DA8A887491F6651ADD953B6BA100BBC69237BBAC5581FE9A46669 |
SHA-512: | 42FA0F072DEB5FC8D6A2AC410122AE7D07ACB38E379E7C51DD4B1813DA9E217444E903BB8ACD7217EE8468C65BC12C3D4FD2A2767FFAAD05956E95B7BDC11E1C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/M7ouWLYZwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLYZwZGuGZn3mlind9i4ufFXpAXkru |
MD5: | EC8D4FAB55F24C0E344D263724846C4A |
SHA1: | 5444D90F86D68A23AF7FB5434DEAE740D57D0312 |
SHA-256: | E489C11D38BFF8F1F51351BAEBEE9F723A5C036DA0B0CB9C82306251017054EE |
SHA-512: | 21018FD299944987654C202779C8E0185815868DE7179B814F145573EE8D45ACC33CA7E008CB23774C473DD7939E9D7D7C2E5A14E31D5EC62F7BFFDBBAB41F9A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.992505428538972 |
TrID: |
|
File name: | Rhenus Express_Bank scam.pdf |
File size: | 207'515 bytes |
MD5: | c23e360dec1b5cce7084fae6653fcf29 |
SHA1: | 82e3ee68dd0b38eccbb6abd9f7e69ef83088e4bd |
SHA256: | f93a499cc946d82f97ce6edd0f8135b8feaca01d1cbb039beaa42e2766f35cdf |
SHA512: | be1a2933561b86b4d43c8808faa5a9c8a0494c72375cb8073b2d6aa958154d8b2ce02a4a5e228817c21821dd86d2bd8723d30a841547b94a34049d206b33bda0 |
SSDEEP: | 3072:uic77xozYkjfMFWZbeEWbrAJkziKIRds4wWTEEjSf6Th:ucbbM4ZiFbrAJkzNmf4EVh |
TLSH: | 9C149C878E089AE1D81D04F97D461DDD7D2A4308DC490DFF792D0FDA3E909678EA6A0B |
File Content Preview: | %PDF-1.7.%......48 0 obj.<</Linearized 1/L 207515/O 50/E 202702/N 1/T 207208/H [ 500 185]>>.endobj. ..67 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<BFFFC1B35153C94BBDE6210397B03AC4><FF68869ADF154B4E853C678C913169B |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 6.992505 |
Total Bytes: | 207515 |
Stream Entropy: | 6.967757 |
Stream Bytes: | 203741 |
Entropy outside Streams: | 5.422416 |
Bytes outside Streams: | 3774 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 26 |
endobj | 26 |
stream | 23 |
endstream | 23 |
xref | 0 |
trailer | 0 |
startxref | 2 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 4 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
61 | 8804d889d7008800 | 326f6a5c677289b20937f014548fcf47 | |
62 | 0000000000000000 | 60e7febe461bf3061c54d25c417a6c65 | |
66 | 010100000000565e | 58966a9d67d6148743ab75a4024458e8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 21, 2024 13:54:06.805257082 CET | 49977 | 53 | 192.168.2.5 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 21, 2024 13:54:06.805257082 CET | 192.168.2.5 | 1.1.1.1 | 0x1ede | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 21, 2024 13:54:07.043008089 CET | 1.1.1.1 | 192.168.2.5 | 0x1ede | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 13:54:08.815215111 CET | 1.1.1.1 | 192.168.2.5 | 0xb9e2 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 13:54:08.815215111 CET | 1.1.1.1 | 192.168.2.5 | 0xb9e2 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:53:54 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 07:53:55 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 07:53:55 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |