Windows
Analysis Report
WI Inspection Report - 763634 - UNITED ONE CREDIT UNION - 1117 S 10th St.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 1992 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\W I Inspecti on Report - 763634 - UNITED ON E CREDIT U NION - 111 7 S 10th S t.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 3568 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 4452 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 00 --field -trial-han dle=1632,i ,859850338 029047367, 1111139736 0101548855 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
windowsupdatebg.s.llnwi.net | 46.228.146.128 | true | false | unknown | |
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.200.196.138 | unknown | United States | 2860 | NOS_COMUNICACOESPT | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1523393 |
Start date and time: | 2024-10-01 15:07:46 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | WI Inspection Report - 763634 - UNITED ONE CREDIT UNION - 1117 S 10th St.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/43@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.5.13.197, 52.202.204.11, 23.22.254.206, 54.227.187.23, 172.64.41.3, 162.159.61.3, 2.23.197.184, 199.232.210.172, 2.19.126.149, 2.19.126.143
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: WI Inspection Report - 763634 - UNITED ONE CREDIT UNION - 1117 S 10th St.pdf
Time | Type | Description |
---|---|---|
09:08:57 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.200.196.138 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | CarnavalHeist | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Phisher | Browse |
| |
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
windowsupdatebg.s.llnwi.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
NOS_COMUNICACOESPT | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.226906025009861 |
Encrypted: | false |
SSDEEP: | 6:KFIq2PCHhJ2nKuAl9OmbnIFUt8i9dXZmw+i9dFkwOCHhJ2nKuAl9OmbjLJ:eIvBHAahFUt8mX/+mF56HAaSJ |
MD5: | 40F4E8CF3F4766F4FC4DAB6994974EC0 |
SHA1: | C88F7BC03B48C744D5B4F94D417EF2C6CB5114C6 |
SHA-256: | 0B5A064105822774F25B8B6709B0F101B5847AB32B69BE001D20194F68329CF9 |
SHA-512: | AD93CDB2BB190F5943C43E0AB07C8006164B593C92989ECDA824B9BD4235689E2597CC86ACE1C642028D4373112528DB532FA6C6BCBBC20837A04655B490E158 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.226906025009861 |
Encrypted: | false |
SSDEEP: | 6:KFIq2PCHhJ2nKuAl9OmbnIFUt8i9dXZmw+i9dFkwOCHhJ2nKuAl9OmbjLJ:eIvBHAahFUt8mX/+mF56HAaSJ |
MD5: | 40F4E8CF3F4766F4FC4DAB6994974EC0 |
SHA1: | C88F7BC03B48C744D5B4F94D417EF2C6CB5114C6 |
SHA-256: | 0B5A064105822774F25B8B6709B0F101B5847AB32B69BE001D20194F68329CF9 |
SHA-512: | AD93CDB2BB190F5943C43E0AB07C8006164B593C92989ECDA824B9BD4235689E2597CC86ACE1C642028D4373112528DB532FA6C6BCBBC20837A04655B490E158 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.1568576680290406 |
Encrypted: | false |
SSDEEP: | 6:tq2PCHhJ2nKuAl9Ombzo2jMGIFUt8ALZmw+7kwOCHhJ2nKuAl9Ombzo2jMmLJ:tvBHAa8uFUt8AL/+756HAa8RJ |
MD5: | 616CDF2B761FCFCE6A31F9AC3CA323A9 |
SHA1: | C87E4964FFBF5D430A1918AA4F3B958EA52CBAE7 |
SHA-256: | E7487C170AB61D35FD6B7C5608B723106671FFB1C1E55EE4A48AAB0DCB2FA563 |
SHA-512: | 128A8A36D286F6746E65CB6354797DBA0E2145C077FA03A481CD736BDC8EF78250C2BABB575BAC180AE82D2F27C5A9C008C054AE4320C85ACA9F86F8D1E0F600 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.1568576680290406 |
Encrypted: | false |
SSDEEP: | 6:tq2PCHhJ2nKuAl9Ombzo2jMGIFUt8ALZmw+7kwOCHhJ2nKuAl9Ombzo2jMmLJ:tvBHAa8uFUt8AL/+756HAa8RJ |
MD5: | 616CDF2B761FCFCE6A31F9AC3CA323A9 |
SHA1: | C87E4964FFBF5D430A1918AA4F3B958EA52CBAE7 |
SHA-256: | E7487C170AB61D35FD6B7C5608B723106671FFB1C1E55EE4A48AAB0DCB2FA563 |
SHA-512: | 128A8A36D286F6746E65CB6354797DBA0E2145C077FA03A481CD736BDC8EF78250C2BABB575BAC180AE82D2F27C5A9C008C054AE4320C85ACA9F86F8D1E0F600 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\2547a05f-46b5-41dd-b3bc-fb22fb4b0ac3.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.971316048517525 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sq6esBdOg2HqAcaq3QYiub6P7E4T3y:Y2sRds9DdMH63QYhbS7nby |
MD5: | F7F1CD2D53965E977D6635B7C49A6132 |
SHA1: | 1BAC64A74FC426290CCBEF72595AB84254F59F0A |
SHA-256: | A27575AFB3A9868E652DA4C88FED84208264F2B577263ABF2359C6EF761B77B9 |
SHA-512: | 3816E2FC5C41E8AEC574FE3A836D28F9C28DD485A72BDED70B5510DB9253356B83EAD3E4D2CF36B2CD9BD872A5298FC176493327334FD5A85B91DABFC8D37C2C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.971316048517525 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sq6esBdOg2HqAcaq3QYiub6P7E4T3y:Y2sRds9DdMH63QYhbS7nby |
MD5: | F7F1CD2D53965E977D6635B7C49A6132 |
SHA1: | 1BAC64A74FC426290CCBEF72595AB84254F59F0A |
SHA-256: | A27575AFB3A9868E652DA4C88FED84208264F2B577263ABF2359C6EF761B77B9 |
SHA-512: | 3816E2FC5C41E8AEC574FE3A836D28F9C28DD485A72BDED70B5510DB9253356B83EAD3E4D2CF36B2CD9BD872A5298FC176493327334FD5A85B91DABFC8D37C2C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4288 |
Entropy (8bit): | 5.225440012944603 |
Encrypted: | false |
SSDEEP: | 96:S4bz5vsZ4CzSAsfTxiVud4TxY0CIOr3MCWO3VxBaw+bSL66p1yY66sZ:S43C4mS7fFi0KFYDjr3LWO3V3aw+bSfY |
MD5: | 1C9A58782544520008595827F4776480 |
SHA1: | D600AED10F70D28D10878CB0F25A29B82B282A3F |
SHA-256: | 98A2870634BE7D0986D5E4A8AEFB1783E63FE5CE155B2912F5C2CDE1ACE0DCED |
SHA-512: | 3A1CF3A1952E502AF186C5B07B36C115F36379352F9697D8903CE85146DB20E0C356F676738144E77A85CAF86E119E14B22412D08EFA8D4ED1486AE14AB0ED60 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.187692235575461 |
Encrypted: | false |
SSDEEP: | 6:qq2PCHhJ2nKuAl9OmbzNMxIFUt8rZmw+GkwOCHhJ2nKuAl9OmbzNMFLJ:qvBHAa8jFUt8r/+G56HAa84J |
MD5: | DECC891316D1915D3D7FDD0383BE3245 |
SHA1: | 0BBA3A53CEB4C2B01E4734145CDC2E3467E51CAA |
SHA-256: | ADB63F36AA5676EA2398C0DB0F51793E4C5796B265BC70ED299136BAE2073013 |
SHA-512: | 13FE696E19BA2493B66120A9C2224E87439283CCBF13798B47C69E79F73A9C33703165A42CCD5A820317E5EC8FACBF821E805970B5204E128BD0AE0FA55D1A39 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.187692235575461 |
Encrypted: | false |
SSDEEP: | 6:qq2PCHhJ2nKuAl9OmbzNMxIFUt8rZmw+GkwOCHhJ2nKuAl9OmbzNMFLJ:qvBHAa8jFUt8r/+G56HAa84J |
MD5: | DECC891316D1915D3D7FDD0383BE3245 |
SHA1: | 0BBA3A53CEB4C2B01E4734145CDC2E3467E51CAA |
SHA-256: | ADB63F36AA5676EA2398C0DB0F51793E4C5796B265BC70ED299136BAE2073013 |
SHA-512: | 13FE696E19BA2493B66120A9C2224E87439283CCBF13798B47C69E79F73A9C33703165A42CCD5A820317E5EC8FACBF821E805970B5204E128BD0AE0FA55D1A39 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241001130849Z-176.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.8460609611674756 |
Encrypted: | false |
SSDEEP: | 96:fOdBsW4MMIM/RMMiY0JyfwMMMMMMgM3BMBSU0/yvR0GwhXS9KvTZaiPMz4cu8bog:frZ7U3NB1vT2Zbpz0Kjym |
MD5: | C6BBC68AFC95E50299121FE22C07B045 |
SHA1: | 6E17EAE55F974557599F12F8B8834E90DA884DCB |
SHA-256: | 87092504E4098DE761A277BCC0F74B8EBDF0465689A47641726844512A90ED79 |
SHA-512: | F0C73DC4560B6FF0871AF1AC5A5280DBC93C81D804902DB49119674EF980D059FB87F83ED889B40F4BE2A4945BC44B0D46553CA5DA473999D0C20F99F11E0499 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7895108629891827 |
Encrypted: | false |
SSDEEP: | 3:kkFkl/hQLfllXlE/HT8kO1NNX8RolJuRdxLlGB9lQRYwpDdt:kKgT8JNMa8RdWBwRd |
MD5: | C1CCA858942D396C54951C6B0C36559A |
SHA1: | 98310256B0ED450A767C18D5343FB18C11737262 |
SHA-256: | EC80D0CF92B2351CAA59027DF79577A6955B5D5DC8DDCF48DFF9743720436505 |
SHA-512: | 5894F1BB3C360AFA9DFCFEF04B381DDC811F5D358DB19212C0BBD32724EB2EB50A86CB6AB0445EDFCEEC1DA73B1469A03116052C55D6B731A452488A22A54BA5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 328 |
Entropy (8bit): | 3.2478978672539016 |
Encrypted: | false |
SSDEEP: | 6:kKen9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:m2DImsLNkPlE99SNxAhUe/3 |
MD5: | 7DBE8A081B9367FC324AFCFAB09E8B0B |
SHA1: | FB8A8974A3ACCD4666A2E9E0F9AC1BD6D2A48639 |
SHA-256: | 72708252A0513EC1C9D716D2A92509B030F4A31F57B5B9258341F32B69DC3D15 |
SHA-512: | DB8E6F13CE5015710E3D496F1EAFDFBA2624AD21D00FE9FF9E2459CA21F4985A34814FC5999EE9B30CC39385F8DB0325C2C134BE7C23D0638686D55DAA14B706 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:qKPC4iyzDtrh1cK3XEiv07VK/3AYvYwgF/rRoL+sn:XPCaL/3AYvYwglFoL+sn |
MD5: | 27094DF6D14B4D6728D59FFC4E31294B |
SHA1: | CC768A8693F9C122496C2BE949E13F0C36AE7888 |
SHA-256: | B26846BECCDB3792F05A996D2863C7A1D286BD9F997DBC2112604EBDD206FEAC |
SHA-512: | 681F8D3F21AF1B1898F6572DB44AE92CF2AF56B3E8C9421C679DF0962A6CABE44753A5327368DAB97BC9AF997EFD86B803847285BB64F427196C65C8B0348BE8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.363125695778107 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsSFLIR2vB3/dVlPIHAR0YARoAvJM3g98kUwPeUkwRe9:YvXKXseIR2vR/ZwHAMuGMbLUkee9 |
MD5: | 7AFCF21225774F77D9D61DB926A429D1 |
SHA1: | 31B2C2D65A36A2DBD619289FD34232794E750236 |
SHA-256: | 646C3AB4B97E2CFF65A684B05E43E145FB2F71D1AC49EF722A42F02D531F3524 |
SHA-512: | 53C1C86CD29AF502584E5B388767AA3D942597FB074D1F2AD6FDA4B6655194B210C69FA08B854008C7B4776AAF762D5F505A694BC0F63BEAA3C5DE3FB6FC18B3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2976923261926 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsSFLIR2vB3/dVlPIHAR0YARoAvJfBoTfXpnrPeUkwRe9:YvXKXseIR2vR/ZwHAMuGWTfXcUkee9 |
MD5: | 20A1F7D381A65D034CDA25534F79165B |
SHA1: | 26E97F650E64C045EF0C5AA4E865E89262EC2969 |
SHA-256: | 536F1A24D292D83562A8DD74BAFBEAAE2486BD5FD140795CE0C2400D63CD8005 |
SHA-512: | C58F790EAB9796CE9722DE0DFB0E046F4ED8FBA4F622F2351B45A501E99CBBD0FFE63DCA7F3081D08D21A7B29AEA29EB9E725770B179B5464060F7A082745430 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.275951821550406 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsSFLIR2vB3/dVlPIHAR0YARoAvJfBD2G6UpnrPeUkwRe9:YvXKXseIR2vR/ZwHAMuGR22cUkee9 |
MD5: | 4B39E95BD1786A66082FDB803CB609BC |
SHA1: | B1BA11E4EAC49041DE9B2A4B0EBEB9B59590B488 |
SHA-256: | 463E5D793CBE495FF168B7AAE25437BA02426346C3515F323B5C8F8113D99AC6 |
SHA-512: | 6B16090F577BE2F012755E8751564636F8F5C637360F29814C95D77547E2856263443F034BBDBA8A9ADC34FD3AA2429134020BC134F2983E0A6370ED7E2CB305 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.340065902304488 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsSFLIR2vB3/dVlPIHAR0YARoAvJfPmwrPeUkwRe9:YvXKXseIR2vR/ZwHAMuGH56Ukee9 |
MD5: | 429FE445BB5802060270F32F016D459E |
SHA1: | 317A7C62279EF68C3FDD3B8BC0E08954944E845D |
SHA-256: | 95C1C05069FACA178345454E9AE40ED0DAF1661FB8378F6F3F108E18C9EB91E2 |
SHA-512: | C12769237BFA0F8135CC9D8BA73430EA64CCEC55784FE94A5E71A8C882F8AFAE8EE630B042BF1D4C8440ABCE097AA8D1AD7014F4A94306F2E172DD9C906CD9AF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.66835328037364 |
Encrypted: | false |
SSDEEP: | 24:Yv6XvIR2JhAbpLgEFqciGennl0RCmK8czOCY4w2h:Yv58JhAbhgLtaAh8cvYv2 |
MD5: | B80A944187BC4500380A98F84A4E6B45 |
SHA1: | 799AD6B59BA16C778EFD6BAAE5D3B02D69CD30B0 |
SHA-256: | 2576B4DC87B396C9DF2E82F3086F58B94E3E7CCC64FB85DD73FBA465EC3189C0 |
SHA-512: | C4BDB601F54BC979C7CD1EFE59DA1C79E3D50F56736E0A565E298AFF001252179A7B935F7BFD90DAB479628593EA01CB5F3C1762BDC33E45D49075950889ED3F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.288455303179582 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsSFLIR2vB3/dVlPIHAR0YARoAvJfQ1rPeUkwRe9:YvXKXseIR2vR/ZwHAMuGY16Ukee9 |
MD5: | B5B2E575D2107463352BB88CCB8C2E50 |
SHA1: | 2F716C99FD5C33B64692AEAD728EB27BA5EBDCB4 |
SHA-256: | D31AA39232C60F12E81F2AE3D49C7E824D2F704E5D7D2388E19F7FCDE7CEDA9D |
SHA-512: | 596F0DECE614F7A8DA640BF1E296D3A1B6E9F0F6ABD2D21CD24E289C18049C845AE49A77259AF690022750A6129CD86E59B688C03698329CF6E8EFF31F50AAE6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.653685676625469 |
Encrypted: | false |
SSDEEP: | 24:Yv6XvIR2JhAG2LgEF7cciAXs0nl0RCmK8czOCAPtciBh:Yv58JhAGogc8hAh8cvA3 |
MD5: | 27ECCBEF7F2075C6A3C0D1BF6CEC5D74 |
SHA1: | BE630E5092669CBD067A0BEFC6307188435DB983 |
SHA-256: | C60E2AF49F00BE1E3C16D5983D6B11ACF524A53FA712EA88A72DCB6267BE0ACB |
SHA-512: | FE5CFEECBCAF203684E7631D113C4252BFA011FAA0AC50F2D7C7D058C81A07934E84639BBCE289080BD268AC6A72D1AC97ACA7CD48503278009CC1413CB2065C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.702068350803424 |
Encrypted: | false |
SSDEEP: | 24:Yv6XvIR2JhAqKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5h:Yv58JhAqEgqprtrS5OZjSlwTmAfSKr |
MD5: | 47CFBA40592F5B2F3E3E0161A971A34B |
SHA1: | 74EFB3B24542EAE3E15B09E504837C0FE2B9E4CB |
SHA-256: | 23A91782F559A05BD4D4C79D94C736B49F60F642EF1E4C3CC52EDD4DDC8F26CA |
SHA-512: | 5E6C2DF53D9C9EDAD30B84FA44647F501ABF5938A994B40650AFB70753FF19D4F87A4159A00F3FAD058BB87B68A950B2A80B8A588E1A4E0042E76DD6195B68B9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.298807131331145 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsSFLIR2vB3/dVlPIHAR0YARoAvJfYdPeUkwRe9:YvXKXseIR2vR/ZwHAMuGg8Ukee9 |
MD5: | 5D11214222013025558E7BE2BB3335C5 |
SHA1: | 1333153E429B0C2550D9AC0FC3D9D6AF6A26FE81 |
SHA-256: | 6AA6385FB7B10D3E0FF6876AFCFF97814E5FE5613C0679692B1AEF8F3C003E03 |
SHA-512: | 49D5FEAEEFDEEA4F27083AE0CFB9C8451B039905529B0BC14E9EB3D49A63783A01C076581972FED95123D462F701916AD64DBDA759DF75FA01F1B329D3D42541 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.7765905988343595 |
Encrypted: | false |
SSDEEP: | 24:Yv6XvIR2JhAZrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN5:Yv58JhAZHgDv3W2aYQfgB5OUupHrQ9Fh |
MD5: | 00132FC6BF35083A2952B4FD56F47BBB |
SHA1: | 9D6D7BDC9B3FADCF371F8EFD470F01CBB61E29DA |
SHA-256: | D06FEE865C222B21B3AC82DB889A8FA80D2CA1A867F2F72E48C838427BC391BF |
SHA-512: | E94A71D12A4F4A6488AF0941498DCE47ACDBB90FCD5D16E0A37338F00E400208E3CEC9B874C992F4469AD25D4FB14120591B6E621FE1A9B7118716EB8A797EFE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.282362427415104 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsSFLIR2vB3/dVlPIHAR0YARoAvJfbPtdPeUkwRe9:YvXKXseIR2vR/ZwHAMuGDV8Ukee9 |
MD5: | C5B4039DEAAB14F328C4AFF57A77BA1A |
SHA1: | F2877E39C672260CA65A76030B2BE9A22E41D5EA |
SHA-256: | 84F83D5328A99FEC336CB6852BB08FA95025690F8D3D0CAA2EB9C538DED86783 |
SHA-512: | B4FF5E8605A476DD321D5D93B1A16AEB35B4BD9BB1D4B12BA65B40DE6F38CF2A19DDCE92006E70D4836FC1E434F2E97E6E659A1393C75A8FE58F40651184DF0A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.281388865572333 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsSFLIR2vB3/dVlPIHAR0YARoAvJf21rPeUkwRe9:YvXKXseIR2vR/ZwHAMuG+16Ukee9 |
MD5: | 902974A7B612F12A380D938FCF3D2F7B |
SHA1: | A62F583BB0A61702AB5502FDBDAF4FB1DC4544EF |
SHA-256: | 99C323D0FDAB53105E645D2958C82316D853A998A90BD2817D4366FB6EA6F6A6 |
SHA-512: | 014839D9BFC03E487F818724A367087E2AAEAE8E0690F7A2104C4457A2F3F407807F344FB0696785C880B4A9211A3C31266648CC198DAFF51C9017F435335C29 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.657992895680442 |
Encrypted: | false |
SSDEEP: | 24:Yv6XvIR2JhAbamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8Bh:Yv58JhArBguOAh8cv+NK+ |
MD5: | 450B651B3099E4EF8307EA5AC5021565 |
SHA1: | D9AE577C3D04C49FC0C033D6FD0FD7E2CBDF39D6 |
SHA-256: | 278B6F0FFFF016F715969B067DCD7C15D37C89C8745EEB7C21A8DFAFE60570B0 |
SHA-512: | 4400BB0357018258D662C2EF91AAC1CE8448979807BD5F85E252028DF69750903440FEB7DF0B56A2C6ED5B209C156EAF14FDCF6DEAAB21893806AFC805953D05 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.2567095013843685 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXsSFLIR2vB3/dVlPIHAR0YARoAvJfshHHrPeUkwRe9:YvXKXseIR2vR/ZwHAMuGUUUkee9 |
MD5: | 02BC1DC6C404993EF3A7C356C026B4FC |
SHA1: | 2E70D24482A6A6A3173F7C5F911EAA433940F983 |
SHA-256: | CEBA50AB814A752C96FCD1B45CEFEA85FADA1E20597012D33581EE4BC3BEAE6F |
SHA-512: | 80F513B1C680BE64832AEA3ADADC26BF2F90580E29C5324948F241858837D4BAE88E4D65D5612148B590ABF1FBADDD0ED006B294C6B73CF1D9FDAE952F3BC983 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.371733942176045 |
Encrypted: | false |
SSDEEP: | 12:YvXKXseIR2vR/ZwHAMuGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWV:Yv6XvIR2JhA4168CgEXX5kcIfANhM |
MD5: | B8D09EC24E1E434642EC7BFDB2878EEB |
SHA1: | 6087AEEF0F4FBFFCCECBDB00B44BF72E7D3329EF |
SHA-256: | FC641B34B06862A02D3354ADDA2F604311FC314F43095E5A7336C1FA8454991F |
SHA-512: | CE0E20664B94B49D3679554F8937D003B76A35A81F3DB8214F290807A0DFFD9C185E06A371C0A76A32A16E4BB0A42AFE4420A3ACF53C9E300449F2F52B967CBC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2651 |
Entropy (8bit): | 5.143050813932676 |
Encrypted: | false |
SSDEEP: | 24:YFutmIaqoFnayI/kE9C8oAazljMxuNdjh4cj0SDz1IBCn2N9zi2LSNeCcY5Pbl99:YRDIc/BjNfesMib/cYFbl9se |
MD5: | 79036A8935573A3075E91E1D7ABBD938 |
SHA1: | 365CFDC46669D368E3704AD4BECBEC9866BD02D4 |
SHA-256: | 50A77B3708249CB9B186409C96F788D851FED9431F063EF2E6130011405453AA |
SHA-512: | 3DF9F3B91452D3BB910986345B7932A8388B6C8644EF9850B6EE8C9A05A64FA6F7E59BAA117C5DCD5D9FCFF6B9BE3E3E76AD6F23893EB2A98263F20758523319 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.3179714825349935 |
Encrypted: | false |
SSDEEP: | 24:TLKufx/XYKQvGJF7urs9Ohn07oz7oF0Hl0FopUEiP66UEiPbnPnNknNMed+tqVpm:TGufl2GL7ms9WR1CPmPbPahdgypilITG |
MD5: | 6F111CEC361FB54AD4D6EC46867319D3 |
SHA1: | 4964DDF91E663788FF560D9958B23421ABA2342F |
SHA-256: | F98566CCF39DE35469046B01F657588C21132D04644A278845640BC3F36276D2 |
SHA-512: | 3BD418D42E1459E743B77E64259744DA139E332E073BF74E64625B6D1507F2F0FA47229121D37CBCBF24A44B94E24280FE9F552C222FDDC627FDB417B82F0372 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.7802095895528676 |
Encrypted: | false |
SSDEEP: | 48:7MAWR1CPmPbPahdlypilIzqFl2GL7msqI:7RWfMwbPahdlmKVmsqI |
MD5: | 194632692F44552EA16CE39C52D4A197 |
SHA1: | D2EC600ADC11B5625856ADDB766E71919F8F625C |
SHA-256: | D9E6E14FFE1D142C49F7941732227E27007D012F5D764B401C296597B5839F0D |
SHA-512: | 0DF2A317FBCC5A279FFF56672D8B7755EC08D1EEF826F1A1E31E52B9F761E2746B57D42D2AA2705EB7A1CE4D7BE947B2E2FCC945B9A784F347F7789D9499968B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.524398495091119 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K80QRailww:Qw946cPbiOxDlbYnuRKhw |
MD5: | A9C8ADD8C876AE1D29A98DDE822F91D4 |
SHA1: | B862896CA4680A70A020D1A7B23CC65930B4297A |
SHA-256: | 14050807B65A37DA855371CB604402E1A494F8807649B9A6F3E70B6A2607C246 |
SHA-512: | C03EE1F239A34E83568B3B4EAD8AA75E0C798D0324EB1C5465DEF410A9662D5CB2232FA8F3A5668436F1A98ABC3A7F5671D4045FD287704888F6D7DE2A750FAF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.011696565669966 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOoMsZ5MsWmCSyAAO:IngVMre9T0HQIDmy9g06JXSImlX |
MD5: | DADCC726266E4F0C26359256233A70D4 |
SHA1: | 4D5199F3E0C5D6BC36A51DB690692BA6F9E2EBAE |
SHA-256: | 8830A6702FDDE883DE9EFAF73B61E5FC9BB786B0D9B4FE8E48EFC1D2D8324910 |
SHA-512: | 7D96C1C46C736A2980BA4D5C24371AC9D6AC60DC053A8AB6DD8A8D6FAA563AFECEDB572627D39C5269E5450948A1B4C832CCC12D7968079E053E93596EB5191A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 09-08-46-913.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.33860678500249 |
Encrypted: | false |
SSDEEP: | 384:IC2heaVGJMUPhP80d0Wc+9eG/CCihFomva7RVRkfKhZmWWyC7rjgNgXo6ge5iaW0:X8B |
MD5: | C3FEDB046D1699616E22C50131AAF109 |
SHA1: | C9EEA5A1A16BD2CD8154E8C308C8A336E990CA8D |
SHA-256: | EA948BAC75D609B74084113392C9F0615D447B7F4AACA78D818205503EACC3FD |
SHA-512: | 845CDB5166B35B39215A051144452BEF9161FFD735B3F8BD232FB9A7588BA016F7939D91B62E27D6728686DFA181EFC3F3CC9954B2EDAB7FC73FCCE850915185 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15092 |
Entropy (8bit): | 5.3480273269233916 |
Encrypted: | false |
SSDEEP: | 384:h26f6KzgdHUszyGZ4sLA+IT22Je4ZzDzD3S1UQSKakiLOKlcUbx86RpQpQh1LNFL:ojQ |
MD5: | A61FE10DACD9769BAEDA546AB7837981 |
SHA1: | 0A8D634800E0E02973110CDC645F8F77E627479F |
SHA-256: | C6BB5E8762DB184C2E1CB4BF29FF51D2C1DEA6766D72A3BE3F0C3B8AB9B2327C |
SHA-512: | A48255B34EE6C1D0119A2F5C43CE1A6F57703F8A063CF7658F9F36E14C07A7FA01F185AF2C4ABE10EE30CA8D98D3D793F603CC6A96000E4907118F599752954E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.412217748897184 |
Encrypted: | false |
SSDEEP: | 192:TcbeIewcbVcbqI4ucbrcbQIrJcb6cbCIC4cbWcbHwIXAyi6EAAYJBcbSaX:ceo4+rsCJtXAyi6EAAYJjaX |
MD5: | E6C57CFFAC1054BF16063CBF7658154F |
SHA1: | EB56F5D120DC56D16E6A17E407F5680C8F74800A |
SHA-256: | E3505176A80219C36B136B7C7BF7636225928A855D89A50CEC4617A774D80540 |
SHA-512: | 1DB6730DDF8A349C7EA285E73B9265EA7748F69F0F57F612DFB1935FA87A3DC4D84529CE8F6D55B172C5C5BDF8E73648B8DF125208022E6A44D0D06A2F9BEF69 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru |
MD5: | CA6B0D9F8DDC295DACE8157B69CA7CF6 |
SHA1: | 6299B4A49AB28786E7BF75E1481D8011E6022AF4 |
SHA-256: | A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7 |
SHA-512: | 9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.968797991235167 |
TrID: |
|
File name: | WI Inspection Report - 763634 - UNITED ONE CREDIT UNION - 1117 S 10th St.pdf |
File size: | 238'680 bytes |
MD5: | ea9de4ef0bb89d78522c10d5a32b8d7d |
SHA1: | 0435be41c86391f6e6bc7dae22fea79e0eab8fec |
SHA256: | bffcdccde64e4594e6f81e73e7abea098f6c54fcfdc77f66f2d53dc5769a3c6f |
SHA512: | 534dea1fbe00d84c2c7c8b3e04197f5ca7ddeb47e9ea2be14e77eef7897f88104feead47217942b99533f36aa1cd988bec5fa39d522ae764a577b40594cc6625 |
SSDEEP: | 6144:LwAGk1tlcBeLuJjIg2I8dQEhpvwAX9CfL0jUT+Vky:RGT6VhQ3A8L6USp |
TLSH: | 58340298F909961E8CDBD386C708E1C30FADA239328938C56C5D5D0B18ACD62F577E97 |
File Content Preview: | %PDF-1.6.%.....1 0 obj.<</AcroForm 407 0 R /Lang (en-US) /MarkInfo <</Marked true >> /Metadata 408 0 R /Pages 2 0 R /StructTreeRoot 44 0 R /Type /Catalog >>.endobj.4 0 obj.<</Filter /FlateDecode /Length 11387 >>.stream.x..}[..6...#......4E\....GX.=.....]G |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.968798 |
Total Bytes: | 238680 |
Stream Entropy: | 7.996204 |
Stream Bytes: | 222296 |
Entropy outside Streams: | 5.096605 |
Bytes outside Streams: | 16384 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 109 |
endobj | 109 |
stream | 19 |
endstream | 19 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 4 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
18 | 07791c9e8ec6691f | 467e2f45510ce766a2a2fcb90c53a93a |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 1, 2024 15:08:57.763914108 CEST | 49719 | 443 | 192.168.2.8 | 23.200.196.138 |
Oct 1, 2024 15:08:57.763953924 CEST | 443 | 49719 | 23.200.196.138 | 192.168.2.8 |
Oct 1, 2024 15:08:57.764028072 CEST | 49719 | 443 | 192.168.2.8 | 23.200.196.138 |
Oct 1, 2024 15:08:57.788494110 CEST | 49719 | 443 | 192.168.2.8 | 23.200.196.138 |
Oct 1, 2024 15:08:57.788511038 CEST | 443 | 49719 | 23.200.196.138 | 192.168.2.8 |
Oct 1, 2024 15:08:58.352221012 CEST | 443 | 49719 | 23.200.196.138 | 192.168.2.8 |
Oct 1, 2024 15:08:58.352502108 CEST | 49719 | 443 | 192.168.2.8 | 23.200.196.138 |
Oct 1, 2024 15:08:58.352519989 CEST | 443 | 49719 | 23.200.196.138 | 192.168.2.8 |
Oct 1, 2024 15:08:58.354347944 CEST | 443 | 49719 | 23.200.196.138 | 192.168.2.8 |
Oct 1, 2024 15:08:58.354401112 CEST | 49719 | 443 | 192.168.2.8 | 23.200.196.138 |
Oct 1, 2024 15:08:58.357887983 CEST | 49719 | 443 | 192.168.2.8 | 23.200.196.138 |
Oct 1, 2024 15:08:58.357969046 CEST | 443 | 49719 | 23.200.196.138 | 192.168.2.8 |
Oct 1, 2024 15:08:58.359638929 CEST | 49719 | 443 | 192.168.2.8 | 23.200.196.138 |
Oct 1, 2024 15:08:58.359647989 CEST | 443 | 49719 | 23.200.196.138 | 192.168.2.8 |
Oct 1, 2024 15:08:58.412806034 CEST | 49719 | 443 | 192.168.2.8 | 23.200.196.138 |
Oct 1, 2024 15:08:58.457734108 CEST | 443 | 49719 | 23.200.196.138 | 192.168.2.8 |
Oct 1, 2024 15:08:58.458077908 CEST | 443 | 49719 | 23.200.196.138 | 192.168.2.8 |
Oct 1, 2024 15:08:58.458123922 CEST | 49719 | 443 | 192.168.2.8 | 23.200.196.138 |
Oct 1, 2024 15:08:58.465040922 CEST | 49719 | 443 | 192.168.2.8 | 23.200.196.138 |
Oct 1, 2024 15:08:58.465054989 CEST | 443 | 49719 | 23.200.196.138 | 192.168.2.8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 1, 2024 15:08:57.409874916 CEST | 57444 | 53 | 192.168.2.8 | 1.1.1.1 |
Oct 1, 2024 15:09:28.730222940 CEST | 53 | 63875 | 162.159.36.2 | 192.168.2.8 |
Oct 1, 2024 15:09:29.222336054 CEST | 53 | 61317 | 1.1.1.1 | 192.168.2.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 1, 2024 15:08:57.409874916 CEST | 192.168.2.8 | 1.1.1.1 | 0x92a8 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 1, 2024 15:08:57.417942047 CEST | 1.1.1.1 | 192.168.2.8 | 0x92a8 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 1, 2024 15:08:58.276848078 CEST | 1.1.1.1 | 192.168.2.8 | 0x16ba | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Oct 1, 2024 15:08:58.276848078 CEST | 1.1.1.1 | 192.168.2.8 | 0x16ba | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Oct 1, 2024 15:09:11.869292974 CEST | 1.1.1.1 | 192.168.2.8 | 0x8ad1 | No error (0) | 46.228.146.128 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.8 | 49719 | 23.200.196.138 | 443 | 4452 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-01 13:08:58 UTC | 475 | OUT | |
2024-10-01 13:08:58 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:08:43 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6e8200000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 09:08:44 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79c940000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 09:08:44 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79c940000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |