Windows
Analysis Report
repo.noindex.zip
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64_ra
- rundll32.exe (PID: 5936 cmdline:
C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
- OpenWith.exe (PID: 5104 cmdline:
C:\Windows \system32\ OpenWith.e xe -Embedd ing MD5: E4A834784FA08C17D47A1E72429C5109) - Acrobat.exe (PID: 7024 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\r epo.noinde x\repo.noi ndex\proje ctdata.rop e" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 1668 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6428 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 76 --field -trial-han dle=1600,i ,353238745 1054723791 ,148237021 8202154262 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | IP Address: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Virtualization/Sandbox Evasion | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Rundll32 | Security Account Manager | 11 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
chrome.cloudflare-dns.com | 172.64.41.3 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.64.41.3 | chrome.cloudflare-dns.com | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1501285 |
Start date and time: | 2024-08-29 17:01:11 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 30s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | repo.noindex.zip |
Detection: | CLEAN |
Classification: | clean2.winZIP@18/36@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, backgroundTaskHost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 107.22.247.231, 54.144.73.197, 18.207.85.246, 34.193.227.236
- Excluded domains from analysis (whitelisted): www.bing.com, e4578.dscg.akamaiedge.net, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ssl-delivery.adobe.com.edgekey.net, evoke-windowsservices-tas.msedge.net, geo2.adobe.com
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: repo.noindex.zip
Time | Type | Description |
---|---|---|
11:02:01 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
172.64.41.3 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
chrome.cloudflare-dns.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.1787191105724055 |
Encrypted: | false |
SSDEEP: | 6:N52Dq2PsHO2nKuAl9OmbnIFUt8857cHkZmw+857cHEkwOsHO2nKuAl9OmbjLJ:N0vkHVHAahFUt88h2k/+8h2E51HVHAae |
MD5: | C87599845D8F3B47BD3BEB4D7E66714A |
SHA1: | 73EB692E97C613B0CFE95478B9B94C470FA36CDB |
SHA-256: | 1C3888C4D5F1EFC8AC00D8A9DEDEF5346DB35AA1807BBA065FD794095CEC8517 |
SHA-512: | 414FE94B71E8247A0DCAFB466F617839514C89FC0682DF32FF89D20D2A2FB2A569E7EAD38B3FE3612601AB4A6C20D1A0B9FD7320872D7B25A1709460622F49D8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.1787191105724055 |
Encrypted: | false |
SSDEEP: | 6:N52Dq2PsHO2nKuAl9OmbnIFUt8857cHkZmw+857cHEkwOsHO2nKuAl9OmbjLJ:N0vkHVHAahFUt88h2k/+8h2E51HVHAae |
MD5: | C87599845D8F3B47BD3BEB4D7E66714A |
SHA1: | 73EB692E97C613B0CFE95478B9B94C470FA36CDB |
SHA-256: | 1C3888C4D5F1EFC8AC00D8A9DEDEF5346DB35AA1807BBA065FD794095CEC8517 |
SHA-512: | 414FE94B71E8247A0DCAFB466F617839514C89FC0682DF32FF89D20D2A2FB2A569E7EAD38B3FE3612601AB4A6C20D1A0B9FD7320872D7B25A1709460622F49D8 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.162209439985261 |
Encrypted: | false |
SSDEEP: | 6:N5FFQyq2PsHO2nKuAl9Ombzo2jMGIFUt885F5G1Zmw+85FlnSQRkwOsHO2nKuAlx:NpQyvkHVHAa8uFUt88tg/+8xSQR51HVg |
MD5: | F12F62FC936B0B43C2380DEBE78CF694 |
SHA1: | 8EF7FD25CEE26BEE94B3C64B795EA13463B39BD0 |
SHA-256: | 2FFF88792361671E9A0DDFB4D4E3312955177D1D114FF54DB616A6DCC1710141 |
SHA-512: | 844DE6C57F34497F3535CABC7505B3C87338DCB2F58D7BF5D5F337FDA5CE1836EC68F7982F46772267DAF125E8E35806F0E6242FC390D0A6010EAD3F2718836E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.162209439985261 |
Encrypted: | false |
SSDEEP: | 6:N5FFQyq2PsHO2nKuAl9Ombzo2jMGIFUt885F5G1Zmw+85FlnSQRkwOsHO2nKuAlx:NpQyvkHVHAa8uFUt88tg/+8xSQR51HVg |
MD5: | F12F62FC936B0B43C2380DEBE78CF694 |
SHA1: | 8EF7FD25CEE26BEE94B3C64B795EA13463B39BD0 |
SHA-256: | 2FFF88792361671E9A0DDFB4D4E3312955177D1D114FF54DB616A6DCC1710141 |
SHA-512: | 844DE6C57F34497F3535CABC7505B3C87338DCB2F58D7BF5D5F337FDA5CE1836EC68F7982F46772267DAF125E8E35806F0E6242FC390D0A6010EAD3F2718836E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3d9a0d80-99f9-4f44-abc2-ea5de6f164ce.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 266 |
Entropy (8bit): | 4.8399217827843 |
Encrypted: | false |
SSDEEP: | 6:YHpoueHOJ3/QBRXH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/um3a2caq3QH7E4T3y |
MD5: | 189D1E7452200FB5F191CA4C9612EEA9 |
SHA1: | 946C6758AFEC0895387158C16B7DBC0CAEDC6ABE |
SHA-256: | 1BCC5FA9D73827B9F71217A320DA24E399596699AD273F6B2D5C430058E75B74 |
SHA-512: | 7F325B33BAEC7001241643BED036D81D4A15280A646E4D76598FF67E210A401943967C3EBC60183A483E52DC020995E3059AF09DEE2EE5505CAAE52F1756F8E7 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 266 |
Entropy (8bit): | 4.8399217827843 |
Encrypted: | false |
SSDEEP: | 6:YHpoueHOJ3/QBRXH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/um3a2caq3QH7E4T3y |
MD5: | 189D1E7452200FB5F191CA4C9612EEA9 |
SHA1: | 946C6758AFEC0895387158C16B7DBC0CAEDC6ABE |
SHA-256: | 1BCC5FA9D73827B9F71217A320DA24E399596699AD273F6B2D5C430058E75B74 |
SHA-512: | 7F325B33BAEC7001241643BED036D81D4A15280A646E4D76598FF67E210A401943967C3EBC60183A483E52DC020995E3059AF09DEE2EE5505CAAE52F1756F8E7 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6678 |
Entropy (8bit): | 5.240062840240158 |
Encrypted: | false |
SSDEEP: | 192:TUi8h+F8Aj8DRCGwtqzmsLnNreR2ZpjRe4I8qr9jnNI92D3jC+3ETKEAE8C5sSMm:jX8eQRUm |
MD5: | C8FC7EEAC3648BE8F476E51FC3A137AA |
SHA1: | 95E8B52D04442CA6B58802B723D18092187C40C3 |
SHA-256: | 948340AC1FB6D54E09C00DBC35C28D16E981922F96B9EF9059F7078286068F74 |
SHA-512: | F46F0DFE10BA62829DC785E597E07F509B2773222883E3ACE584BED054AFB9688C2FA2BFE22A703C1610C1A1B34F1566E466916BA649CD96F4EE69FB9111A65D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.130124038745389 |
Encrypted: | false |
SSDEEP: | 6:N5L4YQyq2PsHO2nKuAl9OmbzNMxIFUt885LNASG1Zmw+85L5tYQRkwOsHO2nKuAo:Nd7QyvkHVHAa8jFUt88dNTg/+8d5SQR9 |
MD5: | 491628E15DA6CCCB6EE72D81E075E096 |
SHA1: | BE413430703F406BB0B21AF682E48ACB1D790F04 |
SHA-256: | 0D8BF86F7CA0E10A61291EEE0F5A617A0EBB8D189296CAD367A63AE9FAFC505D |
SHA-512: | AEE008ABC09D9ADBB6D5E1D810BE3B9FD28C758F33BDF73B9E42828250FDD941751810169445C0332CB58C9682F153E10FA90CBE20594400F268AD5211207A58 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.130124038745389 |
Encrypted: | false |
SSDEEP: | 6:N5L4YQyq2PsHO2nKuAl9OmbzNMxIFUt885LNASG1Zmw+85L5tYQRkwOsHO2nKuAo:Nd7QyvkHVHAa8jFUt88dNTg/+8d5SQR9 |
MD5: | 491628E15DA6CCCB6EE72D81E075E096 |
SHA1: | BE413430703F406BB0B21AF682E48ACB1D790F04 |
SHA-256: | 0D8BF86F7CA0E10A61291EEE0F5A617A0EBB8D189296CAD367A63AE9FAFC505D |
SHA-512: | AEE008ABC09D9ADBB6D5E1D810BE3B9FD28C758F33BDF73B9E42828250FDD941751810169445C0332CB58C9682F153E10FA90CBE20594400F268AD5211207A58 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 259864 |
Entropy (8bit): | 3.202660492858591 |
Encrypted: | false |
SSDEEP: | 1536:WpKP7iyzDtrh1cK3XEiv07VC/3AYvYwgn7rRo7+sn:AKP5T/3AYvYwg7Fo7+sn |
MD5: | BE9BCC8BB2DB177C5D0157BDE4A1D3FE |
SHA1: | 31836566F2EBE2EB88519AA3771D24DB439D9457 |
SHA-256: | 19D825CC20881511801CAA8DD9107805442C3B7685AF39FF16944287482659AD |
SHA-512: | 6BB9C6B2AD532D72F5B5D687B8D9F04CFBB4DFC62294283DCE484928F20BCAFD21E61798F303FA3CF7288B10CF0F4A6AC2B83E17C55BE9E819A9960ABF61BDCE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.371184861871753 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJM3g98kUwPeUkwRe9:YvXKXqLmJtO/jx6mfnGMbLUkee9 |
MD5: | BFA1AEFB1B7B671FDADF8B0CADD27E73 |
SHA1: | 31B05F174893B120B90ADE36ED7CD49FC439E73E |
SHA-256: | 2F2E6EE5BAB85A184733AEE67E497D6F6F3BD580F6D950843E27E46E4009CC28 |
SHA-512: | 975BC5CE8F43CBBFCF82BFF3F5ECE3C9DE90BD8AEC4A0960EA604E57274990AB19CF3AE423CE6D106DC093190B2A61461C33A6317429F7F2F16A9E42D5102043 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.316137287339679 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJfBoTfXpnrPeUkwRe9:YvXKXqLmJtO/jx6mfnGWTfXcUkee9 |
MD5: | 71F6457E355265C9452C98C9DE3F14BB |
SHA1: | E19867BF9E36CE5533D226A5D44BBB3C9AD5F43C |
SHA-256: | 664C27F9A60AC891A65A297703765EECEAC15DE7016FA428547FEF901C3DAADB |
SHA-512: | E654B997A91686034EB134ADFDEE60306528E666207DB807467A68D941C6667D317C49ECE4142835CF513965078C551C45BFF06A69E358C1BBE57DDEDAD1ABC9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.294685603865684 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJfBD2G6UpnrPeUkwRe9:YvXKXqLmJtO/jx6mfnGR22cUkee9 |
MD5: | 4764B94F823961DF7402BA92C974D3C9 |
SHA1: | 4AEDE0088128BE110623F9DB63909018B095FF9D |
SHA-256: | 05A21B0CD21C3E1B2598D3B8EE3700E810DD6BD9994F7C79D9A804B8E612F49E |
SHA-512: | F5EB0033CE40EC42C4A8EC5B31D87FC63C8B5DF72E3F74737BE17DCC6A09A2004D0711D5E9AA516C647B2AC363C9EB4BF4E9BFFC1257F715F89146CC66175F51 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.357555783374013 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJfPmwrPeUkwRe9:YvXKXqLmJtO/jx6mfnGH56Ukee9 |
MD5: | FCB12767A807B8474BE9555B1A9B4D45 |
SHA1: | B6DE687A6718297ABD58ACD69DBAE747847F1D0C |
SHA-256: | CC1152984F427CC1C9D5F2041E794913BDAFE588DCCF5BE71A4A1C7FD4270CFF |
SHA-512: | 3AAAF94523E8E667DE3F543810589545B0E78ACF9BD39826A88919666C8EA38957AC327F4E32F3554EC38065F317E5D2B0B2F3E5D013092D1B2513DC961B13AF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.671316553318692 |
Encrypted: | false |
SSDEEP: | 24:Yv6XqLmJtO/d60spLgEFqciGennl0RCmK8czOCY4w2a:Yv1KQ8NhgLtaAh8cvYvV |
MD5: | 611674CC914583EA889353E31D5A5C9F |
SHA1: | 5702CB9A4374E82AAADE1F75643D1048E2C3B435 |
SHA-256: | CE46DDEFD1DEF1A1617F3C0CFDD1116D4476CF8ABE38742134FA3B60B84EDD7F |
SHA-512: | 7BF41580A7BFCDD26F758037F1CF89D1220451F68FCF98EE127A147E4ACD7029A5803CD97E9F30A02F2E5CB913809277B9CA502C4C6D53A30F36477189CD24AD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.6595018532375265 |
Encrypted: | false |
SSDEEP: | 24:Yv6XqLmJtO/d60GVLgEF0c7sbnl0RCmK8czOCYHflEpwiVa:Yv1KQ8RFg6sGAh8cvYHWpw/ |
MD5: | 26CCA7147502AB7BCB3524546E84520B |
SHA1: | 53236488DD46EF3AA62980A9D623EC5DAEE6A9DA |
SHA-256: | BC7D023F495BE690C1494D3292C83F1EC8943BA2C8E5F460BC9C7265E244CBD2 |
SHA-512: | 23E4BA4962B69ECB62107DB652FC8FE971C8CC927836D888224E31F64B5A2EA7154EBB2DE6A973BE48C165283EB2183F8E0EFFEE558C4ABC24E22EEB48059CB1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.3073095748466095 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJfQ1rPeUkwRe9:YvXKXqLmJtO/jx6mfnGY16Ukee9 |
MD5: | 91EF3C573535B330217247A78FF6E362 |
SHA1: | 9D077BDC293874781658D3E42268F9EF2C2067BD |
SHA-256: | D3684D9FCD6F4964A869E1ADB813422502F31254050E4BE455F2B52C2E00FAAC |
SHA-512: | FCB6A5C56348CD9DC0FA8365A33D402E802B2A04B921E24FF67AE0BC31D39F88F2E2DDCBF4DFE089E29E7FC3FA1EA5FBDC5A15C1A153759CD991D059F878FCD7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.652858086753852 |
Encrypted: | false |
SSDEEP: | 24:Yv6XqLmJtO/d60z2LgEF7cciAXs0nl0RCmK8czOCAPtciBa:Yv1KQ8Aogc8hAh8cvAs |
MD5: | 8D942A9F06048F40A77FF5ECC43A0EDC |
SHA1: | 2B4F15B9BE43D2D82772E0D383950ED8D93A90DB |
SHA-256: | C0BDBE05B73E4E8D706B69DCD9E749F60517086E64FA38D72711ACC3013EBC65 |
SHA-512: | 9508980FBC43C39EF6AAA9726ECD42E59FC6EF96E60C03B16718671953D4C2309E347DC05412B1B92554095A2CA01A47FD9C87236773C611F4BAE54BA85D7BAE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.70367371535181 |
Encrypted: | false |
SSDEEP: | 24:Yv6XqLmJtO/d60/KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5a:Yv1KQ8IEgqprtrS5OZjSlwTmAfSKQ |
MD5: | 3A936A9BD00C29D3329E8C6C8D948262 |
SHA1: | AB158A86154F995094778485A7A4F4DA4FD81EF8 |
SHA-256: | 0CBC10AF57B0AF285B72396E58193A7840A0EE9DE158BC1F6443699D63E353B2 |
SHA-512: | 590A62088F20997250F50733742713D4FFA5AE3407ABE064722491433BD5EA3F5985F0F573F58684C179C4E6B4695A1BFB6D967735AC8AF4CBA998A3AC04DEDC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.313963521595309 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJfYdPeUkwRe9:YvXKXqLmJtO/jx6mfnGg8Ukee9 |
MD5: | E762777E39F995AAB8EF6A03B4367850 |
SHA1: | 6B8DC7886C96E4AC22332D287EEDD8CC271A9C17 |
SHA-256: | 2C36A29D29EF4BA7006927469A4A10C091E79C89A3E112B5A7A5745B1EC213F7 |
SHA-512: | D40B33D90EFD4997D781B4DF3E5AA07E045E8755AF81438F2DA93A61C768957B06D014475826E53787ECA95518024548D75CF9E3978F0E1C09E7085158CBF2E2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.779279443199217 |
Encrypted: | false |
SSDEEP: | 24:Yv6XqLmJtO/d60CrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNqS:Yv1KQ8nHgDv3W2aYQfgB5OUupHrQ9FJj |
MD5: | CE68EDB05563CD69FBA6FB154C0E8615 |
SHA1: | 524F6301BFE96A8960C490B01DFCAD348DAF49F6 |
SHA-256: | 83EA1228893EA710F77EB648E1F25E43BEF0A8B639987651991EF96D353607E2 |
SHA-512: | 8EB89B97BAAFD803D69E59AEAC6D3C418AF66C02AADF705CF4C4C6E9258E9AC6B9371ECF5D19C878310DB7727F5E5A0A8464E109F6D4A14BFAF2466CD0950293 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.2974146500485855 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJfbPtdPeUkwRe9:YvXKXqLmJtO/jx6mfnGDV8Ukee9 |
MD5: | ABD29FE755FD288D411B062E80923421 |
SHA1: | 5FA7F08DDE98340C559DBB7CC00756BCF4202F58 |
SHA-256: | B7A6ACA57797E1AD3D253B344130969D8FB4B804E1F45A7F2E093FF76B1EB120 |
SHA-512: | 94977D4072267DB55D19777A9D6940931211E1D1C6586BB7E6A241ED38FD435F60651CBF9494B790F982684DEEBBB0CC6052C73F76485087DF80C99E54B348EE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.298631395232863 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJf21rPeUkwRe9:YvXKXqLmJtO/jx6mfnG+16Ukee9 |
MD5: | 62A38A2DFE2304C328AA86711EC293C8 |
SHA1: | 17F0FEE78EC37B806F11C85F11E4497CDF20BAB0 |
SHA-256: | DB607DCB4EC5586DA46936E59120F44FF3C83D36DD7AB331A74F18AD7D922DFE |
SHA-512: | C92929A80F23E3FEBBF4137AFB629A9F4F845EC14FFCB6F47B8B7477F692E9C4184DD4D4A297F17A862C4D4D6153198D9654FB80EE35C3BA11A21F5CA9AC5B5D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.661789928272587 |
Encrypted: | false |
SSDEEP: | 24:Yv6XqLmJtO/d60YamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8Ba:Yv1KQ8pBguOAh8cv+NKN |
MD5: | EDD07E56624054322264398C739F4E4C |
SHA1: | C683EF08704F9DA59EE821167CD00289C043B8F7 |
SHA-256: | 1A5AF96F32C25FBB9F2EA05B54718C05A52514A1525EB000C0642A74DA169E4D |
SHA-512: | 8EEB067E8FA60B2C6BCF4D4B34ADAC85F7683DE2C393038F14A2C81D7EDAD8E4E150DC6F09785340B12251B550AE2B5271C7746C7B5A63D27FAFBED3EE1BBDED |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.274116574082868 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJfshHHrPeUkwRe9:YvXKXqLmJtO/jx6mfnGUUUkee9 |
MD5: | FD6549B8D3B55DC7808D344F1D7E61F5 |
SHA1: | E1298277E44292ACEE190850D0BFC63413F6ABB0 |
SHA-256: | CCCD584BFB9D0338D05723A9C934C576C7B38FF02111877121DA22D5ECF26D9F |
SHA-512: | 2C2BCDAC9EAE7A589AC0A7702F67B46CA6CB67773E17BC5190F9B9A73EBF7350F099978CC93FADFE97C42A18A0FE3DDBDB49CF3DE5DED6314643381F4AD90C80 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.374926476268232 |
Encrypted: | false |
SSDEEP: | 12:YvXKXqLmJtO/jx6mfnGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW+:Yv6XqLmJtO/d60n168CgEXX5kcIfANh/ |
MD5: | 18942DD284EEBBEA028B65FCED1C582C |
SHA1: | CED963012066B0C711BC651B65505F6DF6188E90 |
SHA-256: | 4ABAEF88AD14F306BFDF2B5F674C3DFD450BB1F5BD7BC211305F063042EBF854 |
SHA-512: | FBF2CD62A70E082A33B83236C9F8CA4D4E40128FF44D0865396B1E5A01C543FA6536242EE523A954976B2C4779187CBDF7EB7A082D3326B3E5DEF89F643F0A52 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.148859962195208 |
Encrypted: | false |
SSDEEP: | 24:YlYKajO13ay2A49oLlNCYQwB1cVq/XEYf1auYrjhzG3j0S56AB2ki2LSbmK5Y/9f:YwO1VvQQcOXf1XchyzvuJmKS/9Xv |
MD5: | F7A2C8E423D738E19F4F4137651C0994 |
SHA1: | AA4A9F694F3C77D45DC934DF1D76C3599B352548 |
SHA-256: | BADB99D1A5FF202AB83AFB011FD189D8BA255383AEBE9F9D6889439F0ADE5362 |
SHA-512: | 9B0398582B6926D645269A6BD57105D80C74800CBBCA5C7704A265331BB946A8720720AB5F70F720E7B4E7ACC9388EF2D0B34E1771663B42395DDD7A04A25AB9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.3574318660069264 |
Encrypted: | false |
SSDEEP: | 48:TVl2GL7msncRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22Lct15BvP8tJ:vVmssZnrFpPtIJ |
MD5: | 76F39A42C8A606E93F16A0037AC232C9 |
SHA1: | 1A066A60D7FD99D85DE7B4E6BA06D76011191D72 |
SHA-256: | EA5C1F043C59CF8FFF50F5CB3DE0BBD5FB731C2BFB5B665E15A58B9D8A0FBC62 |
SHA-512: | 78DE7ADD5A8BCA0AAF21DC770E5747D7EFB2B2BCF636BE5D2A70A007A0E2A93D9D44324F604BE7F2248FD1CD5A5B2D34596D84784C17ED6BBFD2661459BBF3BB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.831629651807497 |
Encrypted: | false |
SSDEEP: | 48:7M8WcRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22Lct8BvPxcjqll2GL7mw:7BZnrFp8teqVmsN |
MD5: | 642F4777A24A6EE28890CDC0AEE2D234 |
SHA1: | 7B23D073F03C531E81FEB110BE80FB2241ED755A |
SHA-256: | 51FEFEC0BA29007D9251C07891E6C914D455F1B90293A6979E78E8CFA568AC52 |
SHA-512: | 931FD3518516266AA80DAA5CA89980039C983C8344AE60669DB870CDAB77A4C6F44FC2EF1C94B9904CB8C4737AA39A43520CA289EB3E421B64F2AC0B390643A5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5178552411299933 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8xIAdlxYle:Qw946cPbiOxDlbYnuRK4ew |
MD5: | 46C9F7C4F15E370F173C4CFEBCDE2C2E |
SHA1: | 8A6371B8D87BFDD199660539C056C45EFDF7750C |
SHA-256: | FF313F73CE935C413FA314ED11F33F1A154D01B1AA9D4CE3BF7E706F26EBCE66 |
SHA-512: | 10739A4072B1488C4409DD3733330163FB7CCD9E65521E40082C74A9631A645C4806EA747A8BC194F668665ECE0F49CA17DC410E7CFC8EE5D554FC8C93E76B21 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-29 11-02-11-111.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.359827924713262 |
Encrypted: | false |
SSDEEP: | 384:yNDmLJAZYTtvEcrd/GVMimVRMTzpCeb9sJVPbvHktuFKr4Bnk2DfNSNq8iwyhZ9u:bAPaRH9E3/ |
MD5: | 06DEAEDB81D09FD8FB5FF668D8E09CB2 |
SHA1: | 28A02BCBD5975117B97A08AFB049F2C94F334726 |
SHA-256: | D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64 |
SHA-512: | 948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16601 |
Entropy (8bit): | 5.331721039934923 |
Encrypted: | false |
SSDEEP: | 384:A6mDRN4+McLb0PiLhuQDw2fii5uWlEYD5WoceieD2R0nprPhfBykE1Els/RUaDzG:cwD6 |
MD5: | A4896676354044C67E4A7149E8C80FF0 |
SHA1: | B63208F9B8965FE34EF149261A8227F5F900C1B8 |
SHA-256: | 827D90D7D302DDBC4D08C79E0CDC87D8A1EC21796D545743B1F541A026EB0349 |
SHA-512: | C29D58538DF79180C2E1CD7ABAA962FC9A449C89ED0DB7AEA2940605589C758E700417EFE7029EE96A61D7B090F8C6D4E47ECED4551367F67F7C35A625038812 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35814 |
Entropy (8bit): | 5.419588301101041 |
Encrypted: | false |
SSDEEP: | 192:fcbmI6ccb9cb+IqccbdcbIIl3cbXcbWIS+cb4cbIIJzcb6HPcboI/5cb6:g6sqGlVS/JVHS/T |
MD5: | B8D38E259C616D52164F8A08FF8422B5 |
SHA1: | 70599CEAFB939321E2DC41DCE6C5A1A2241C62ED |
SHA-256: | E33F20B426E4228D6A6134CB8026399FD80C8AF027C39157EACECFA764D41F9D |
SHA-512: | 18FA833196BA64115303F297ED5CE76B33749EAD6D6FE948BD44C9ADFA244F5BE9C2BBC39102355CF7A146498E857C0332DF6FB72892C555C54660A1C6F84EA8 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.994672858687464 |
TrID: |
|
File name: | repo.noindex.zip |
File size: | 304'182 bytes |
MD5: | 65766ecbf4e0757461f0ea20258d2789 |
SHA1: | 27e3289e2f366aa8e60dba0d4d40e72261ef3ac6 |
SHA256: | 205b46a7fb6036a4fea8de4124ddd9cae1bb5ecbeda81f1a4bd16dbe795bf6e9 |
SHA512: | fd41f9c8ee95ad14357f1f2e416b3f533c4c3941c8e1f8d9f8eac5926545bed2f793e86964cd2b810506e213c9832806146af583b506c88406f23bc001f95adb |
SSDEEP: | 6144:hdyFRljrTetZRzwjMtGM6VHdRXIz1n6QEjxcWNjzvZBwufsCUtFU:hdylrTetZqj8GppdWq1lBwNdU |
TLSH: | FF5412006DDDAFC7D96B633601079C444B66AAFC91E6F23C9726BB18F096A904C1737B |
File Content Preview: | PK.........x.Y................repo.noindex/config[core]..bare = true..repositoryformatversion = 0..filemode = false..symlinks = false..ignorecase = true.PK....rrh...h...PK.........x.Y............ ...repo.noindex/hooks/README.sample#!/bin/sh.#.# Place appr |
Icon Hash: | 1c1c1e4e4ececedc |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 29, 2024 17:02:17.439496994 CEST | 49722 | 443 | 192.168.2.17 | 172.64.41.3 |
Aug 29, 2024 17:02:17.439517975 CEST | 443 | 49722 | 172.64.41.3 | 192.168.2.17 |
Aug 29, 2024 17:02:17.439590931 CEST | 49722 | 443 | 192.168.2.17 | 172.64.41.3 |
Aug 29, 2024 17:02:17.439903975 CEST | 49722 | 443 | 192.168.2.17 | 172.64.41.3 |
Aug 29, 2024 17:02:17.439913988 CEST | 443 | 49722 | 172.64.41.3 | 192.168.2.17 |
Aug 29, 2024 17:02:17.440571070 CEST | 49723 | 443 | 192.168.2.17 | 172.64.41.3 |
Aug 29, 2024 17:02:17.440602064 CEST | 443 | 49723 | 172.64.41.3 | 192.168.2.17 |
Aug 29, 2024 17:02:17.440661907 CEST | 49723 | 443 | 192.168.2.17 | 172.64.41.3 |
Aug 29, 2024 17:02:17.441355944 CEST | 49723 | 443 | 192.168.2.17 | 172.64.41.3 |
Aug 29, 2024 17:02:17.441371918 CEST | 443 | 49723 | 172.64.41.3 | 192.168.2.17 |
Aug 29, 2024 17:02:17.662174940 CEST | 49723 | 443 | 192.168.2.17 | 172.64.41.3 |
Aug 29, 2024 17:02:17.670332909 CEST | 49722 | 443 | 192.168.2.17 | 172.64.41.3 |
Aug 29, 2024 17:02:17.708492994 CEST | 443 | 49723 | 172.64.41.3 | 192.168.2.17 |
Aug 29, 2024 17:02:17.716494083 CEST | 443 | 49722 | 172.64.41.3 | 192.168.2.17 |
Aug 29, 2024 17:02:17.896123886 CEST | 443 | 49723 | 172.64.41.3 | 192.168.2.17 |
Aug 29, 2024 17:02:17.896234035 CEST | 443 | 49723 | 172.64.41.3 | 192.168.2.17 |
Aug 29, 2024 17:02:17.896281004 CEST | 49723 | 443 | 192.168.2.17 | 172.64.41.3 |
Aug 29, 2024 17:02:17.896281004 CEST | 49723 | 443 | 192.168.2.17 | 172.64.41.3 |
Aug 29, 2024 17:02:17.896949053 CEST | 443 | 49722 | 172.64.41.3 | 192.168.2.17 |
Aug 29, 2024 17:02:17.897032022 CEST | 49722 | 443 | 192.168.2.17 | 172.64.41.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 29, 2024 17:02:17.431202888 CEST | 53246 | 53 | 192.168.2.17 | 1.1.1.1 |
Aug 29, 2024 17:02:17.438348055 CEST | 53 | 53246 | 1.1.1.1 | 192.168.2.17 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Aug 29, 2024 17:02:17.431202888 CEST | 192.168.2.17 | 1.1.1.1 | 0x86e6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Aug 29, 2024 17:02:17.438348055 CEST | 1.1.1.1 | 192.168.2.17 | 0x86e6 | No error (0) | 172.64.41.3 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 17:02:17.438348055 CEST | 1.1.1.1 | 192.168.2.17 | 0x86e6 | No error (0) | 162.159.61.3 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:01:40 |
Start date: | 29/08/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7df260000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 11:02:00 |
Start date: | 29/08/2024 |
Path: | C:\Windows\System32\OpenWith.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d3610000 |
File size: | 123'984 bytes |
MD5 hash: | E4A834784FA08C17D47A1E72429C5109 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 19 |
Start time: | 11:02:07 |
Start date: | 29/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7110c0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 20 |
Start time: | 11:02:10 |
Start date: | 29/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7334f0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 21 |
Start time: | 11:02:11 |
Start date: | 29/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7334f0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |