Windows
Analysis Report
ppop_verification_request.zip
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
- rundll32.exe (PID: 6568 cmdline:
C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
- Acrobat.exe (PID: 6568 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \AppData\L ocal\Temp\ Temp1_ppop _verificat ion_reques t.zip\LETT ER OF AVAI LABILITY O F PRODUCT_ page-0001. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6472 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 1304 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 56 --field -trial-han dle=1596,i ,620873727 4966404848 ,174310962 1557978299 7,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Timestamp: | 04/19/24-15:37:03.080820 |
SID: | 2855542 |
Source Port: | 49705 |
Destination Port: | 587 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-15:37:03.080820 |
SID: | 2855245 |
Source Port: | 49705 |
Destination Port: | 587 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-15:37:03.080820 |
SID: | 2840032 |
Source Port: | 49705 |
Destination Port: | 587 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-15:37:03.080820 |
SID: | 2839723 |
Source Port: | 49705 |
Destination Port: | 587 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-15:37:03.080820 |
SID: | 2030171 |
Source Port: | 49705 |
Destination Port: | 587 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-15:37:03.080820 |
SID: | 2851779 |
Source Port: | 49705 |
Destination Port: | 587 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Static file information: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Rundll32 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
184.25.164.138 | unknown | United States | 9498 | BBIL-APBHARTIAirtelLtdIN | false | |
162.159.61.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
52.202.204.11 | unknown | United States | 14618 | AMAZON-AESUS | false | |
184.31.60.185 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428769 |
Start date and time: | 2024-04-19 15:41:44 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | ppop_verification_request.zip |
Detection: | MAL |
Classification: | mal48.winZIP@19/37@0/20 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.31.60.185, 52.202.204.11, 23.22.254.206, 54.227.187.23, 52.5.13.197, 23.34.82.6, 23.34.82.7, 162.159.61.3, 172.64.41.3, 104.76.210.69, 104.76.210.84
- Excluded domains from analysis (whitelisted): fs.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: ppop_verification_request.zip
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2552532010176165 |
Encrypted: | false |
SSDEEP: | |
MD5: | 81B06E0226FE9982659FCC2ECE03ABE6 |
SHA1: | B69B7BD300D900A995A453757DBD4CE42ABA872D |
SHA-256: | 7511A42C7A2E1A8071AC296575B9382541B95AB465379970E8F823CA5580F5B2 |
SHA-512: | C34015B4C60AA0A9197C1CD1E01A8F66604DAB4613ED8ABC2561BA9BB1A5D15B611DBF51AE7F0F9D0AA9B88CD0769767E3642D69E17EFD7D1CF32B8586F108A6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 333 |
Entropy (8bit): | 5.213937708028093 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0B22483163EE0DA2D4BDB097D23A083B |
SHA1: | 8DE88B994CACBCC0CE966DFAECB94D49E2DEC486 |
SHA-256: | E2E31E3989154E2231054AE2F268FCE3B0EC1EC40A647329A5265F73C04E6131 |
SHA-512: | 477690504BF28A7186E2FBB3334D9CCF09E9C8BE7D10366DD763D1130B10E065E2B00F91A5FCF848995875769BCC5AAB8761FD41B00833CD326D3687739411B8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7400 |
Entropy (8bit): | 5.245582085035477 |
Encrypted: | false |
SSDEEP: | |
MD5: | BA0027DB01469FC32B53B0B70E23AF91 |
SHA1: | 1963D16DE703B6F20E0000C06F0BF53264F9AD40 |
SHA-256: | 44A578D0D09F8DECC2CA47BC328D48425F75F2E00C71B651962875FE684BE58E |
SHA-512: | 6FC809AD67988D3FF9FCCB202AB666B3438BA24BE2D7B3DFBB522FC547852D77101411B3A3E72E63A25CDDE4F30CA16DA660EB945224D487F03D6FEFA5F82BA1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 321 |
Entropy (8bit): | 5.247253876005537 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5EF6DDB74A929D55DC0847063B2F8786 |
SHA1: | 8266CC28B163B4954AE2D3FAE13C6C758B6F019D |
SHA-256: | 3226E2C06E8108DB00B7A4E83AF66FFE3275889D8030164D4A8DC5CCDF138614 |
SHA-512: | 064F408BE08CEB59D15E69A80438E9C71374C8FEAB6FB4C5731A7AAE0151A6B02DA6E8EAEE68A62BB41DDD40C3E64E265F3006785133AECB350B4917DE241747 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445430684427128 |
Encrypted: | false |
SSDEEP: | |
MD5: | D6BE99540F09983A6A6A483DF0A2625F |
SHA1: | 2CE5ADC35B21B4F6EF6CF0A735E0448D39EE18D6 |
SHA-256: | 1E191C9DD7E7BFD931A7BBA24BA8A32E0F66FAEDCACD79965E90D8CA2BD4CD0C |
SHA-512: | 4A6A8C605B2A044E28F352E8BEBE117FB4CA38CE4186091485EA16EECE2D7972F5A3A29117A5A92C504E62A9C7E8E36A4106FE17C52613E47F49DC02B388AE95 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7764861392137825 |
Encrypted: | false |
SSDEEP: | |
MD5: | 28469E1417120A36FF08D302D2563C42 |
SHA1: | 5B35AF645EDE93568618A783D2A623DE21192262 |
SHA-256: | 168A6C33EAE0265B8967C480C3E8DB7585711D20F9A8AD10815987B03AC247A6 |
SHA-512: | 6CD412B7F16210A233E9AE38D8660D24BD44DD6F6F81DE84B3327DCB03F9E97E1C9D70F01A946E104E8FCA18E04A5930D220087E7BFF178F457AF70CE4081EF7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3548564108595444 |
Encrypted: | false |
SSDEEP: | |
MD5: | D7B2FAE2FC820DB2314C686D288E5E31 |
SHA1: | ABA814AB1BB4061EC6E82E7E0FDE4E45CC5957AA |
SHA-256: | DEA73ED8CAB414ACBA22548C327C6E0DD19741BC822C6C5CD7BA4D4994BEAEDD |
SHA-512: | 6472B3DC19D85024B3AEC7063B833F8893E1AD38C42E9C51D489FEAF9807CD08B5AFA84F15B9EAC90FD83570B74EC528583BBAC1D56E964D4806CB2BEBE58E96 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.301726390203789 |
Encrypted: | false |
SSDEEP: | |
MD5: | 429E80FD99C60BA0EBDAB7CF6CF8B1AA |
SHA1: | 463C6F6FF7348F0C86C25DE11081A0B51F2A294C |
SHA-256: | EE851391660934D39253C53A7392301A7EB9607916522C6E7F54BEDC177B1AED |
SHA-512: | 815D8820F8778175F6C21453DC246424E8CD0959E69B699BA6F416A084E42AE0D1A3D3DF16648369589A9213AE421D486A7D7A329DDDC1669C5701C5CDAEBEBE |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.280274706729793 |
Encrypted: | false |
SSDEEP: | |
MD5: | 392EE7A52A8CB8852FCD07D67F51E632 |
SHA1: | B44A61305DD3F432B10C3F8E2D2400572F8B8124 |
SHA-256: | 64339B757CAA48906201B7604D4306CD526FD7644076A02876925686A1A0F222 |
SHA-512: | 8B0D97ABDF93585F3E9443D8EA39028C9742E0ACCF7BD999EBB378EA594CF7BDD027C0DECDC880B14A1BC89D1FDD407FA5CDD688E20E72345C6A1A8055F750C4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.3449475784105225 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2729081693814931F5B87A5E94847F07 |
SHA1: | 2C2A07420F748C0C2207C2E17026541A30E762A2 |
SHA-256: | D1D9CAA59596D1824195083ED8C17F7A789C8731FD67EF5D32EA5DBD2C3B0795 |
SHA-512: | 1F2AEC6134C2855DC09E7EB470D19A76647E5CC63053ABCC0D498235F3424BCC96DFFAC55BEE70CAEA22B51F30C68E0067885ECA2D5D150F0B6F0791C8ECE1F8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.302807182885516 |
Encrypted: | false |
SSDEEP: | |
MD5: | 105DE1298F711138553D9919A7A3609E |
SHA1: | A8BCF80C6C9DA552932B6AA4CC644368EF7EAB94 |
SHA-256: | 4EF4A50DA7B382CFD1A3AA5F3AFBF85F2688A9B70730C9E04FFEB4BD7B5BF371 |
SHA-512: | 3CD8B13DC3BEBB8EDF1A91BBBFA4A6B424439456E62FA39564A19BFBC60D5A7EF9B0B4F1AE6153506E2212FFB3C6C93E50AF21BB0C9B6860811AD2F58A2AC414 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.288437486619419 |
Encrypted: | false |
SSDEEP: | |
MD5: | D6C158CBD6A3F83BDC21BA35D230086E |
SHA1: | C8814B2534C7367F9501D1DEC034BD2EB69EDF5D |
SHA-256: | 65FCC9724084A336EFA37FF5B723C94342C48E4A3BE7CD59E9BAB5CC4B0CE7B8 |
SHA-512: | E30A53AA3F199F34ED0050C88E6E8CC55DBB45FDC57807CE7EEB6ABCA5D1E02E2F0FA8BD6EC6239BE14CD5D97323F0DAE6D1348EFBE0E4012D8F7DEE07B5D5AA |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.291773957831946 |
Encrypted: | false |
SSDEEP: | |
MD5: | FA1CAC3DEAB836465F11C36F4C26AFD7 |
SHA1: | 22FE93F1C547ADD1BD0F4B48C364361B897EF22F |
SHA-256: | F403EC072127E5C9F8D7C5D5F2EE653E89B7928D1B9374851BE285DF61296A62 |
SHA-512: | 7C8318FA7C9695BA9348A0EA9F0749DCA6EC0593DC29EB52C689171BA372FB8535E6FA4ABED07E81598C0A309768A9AB6D884D2D65956933A026C311D98649E4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.294123333453242 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8A6E57CEE2BB020119BB396C5D361762 |
SHA1: | F7C84C83F73704DD1D37DF120BF2C17D6EC66556 |
SHA-256: | AF5A941F90C6662E2701585FA8A1A82BA5B0CF91956C0854F584B2AD6EAB1065 |
SHA-512: | D6F3279CC7BE9102E2862D9B5CB86F038ECD00024792AD28E8802E16D6CCA68F16430AB86DCD6113D7C69DF9F3A293CDBBD4259C5B8ADFE48102A0B8361BC9BA |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.741087460316653 |
Encrypted: | false |
SSDEEP: | |
MD5: | 50763BBD181FE57DCA9D113B0C7D4017 |
SHA1: | EC1B0A5346F7353A4A0066CCBE397795315DEEC1 |
SHA-256: | 0846347692CB130D3CF9D4483FFF190D890C493AECEACB2A2D1D2F4372FE9963 |
SHA-512: | 93C7149987355C15A4DE25C070B8C2028C0BF2E0250288F5ECF670B30C210E23ED3E7D8429457B8C9A4CE1570C1F8B63456EA69A4AE1956038A42B109121FA1F |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.29590962213099 |
Encrypted: | false |
SSDEEP: | |
MD5: | 079DEF7FEF9D2D7BA1756BAAF3B0642E |
SHA1: | 789E04B525C75C7B47FD18E6A06A095A35E3D4F3 |
SHA-256: | B8E3C566DF51C7FA47F86533580222C34D824A627DD7BB8596C694D601A76908 |
SHA-512: | 65880726669DEF33E4D2140048C2F54FC9A2205133656EBF17DE1CBC00AD75E31DDC475185D98DDF0011C88FE4300BED34F9E2D33C90A911957F51B9453B21B5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.778464635713786 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1B34095340C7B76D184A80A2ECFB9181 |
SHA1: | 94037516A580EFE5183259A6E29A62B05C3A2AC8 |
SHA-256: | 56FD71220FF30D570B39202182F3E5FD97FA14842B278F4B8EE74A4450874270 |
SHA-512: | 8D95E97320C9A5DE25F73E7D84278BEC8E4D5EF065232ACACD4EA7F6144B688FDCBAAC629464680D6D413106689E6BA35DEBA5A645196043E597C1A9F49482BC |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.279484832367528 |
Encrypted: | false |
SSDEEP: | |
MD5: | 484FF75A3065E0DB6911B762663187F5 |
SHA1: | A14A3B5E4F06DC8D1478AFC8170534DE20B54A67 |
SHA-256: | 87AD5A2120797B18ED2C481384628A78CCFB1CD32D21FAB2ADD5A8811005E5AF |
SHA-512: | 9DCF5DDFDCE9EAD75296D82F48E4A3116560CC0504ED13F0A4C9919B3CCB054ADA951C96213EF9F4389D8F527479272EC2896C13FC73A9BF2C4E299D06B48C57 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.283384812496383 |
Encrypted: | false |
SSDEEP: | |
MD5: | E558B9E77E0285DF524E36EC0B5ECA88 |
SHA1: | 38FBC79EA21B142B83D4F137BCF8EF210EFD866D |
SHA-256: | 4DAC3BA4D361862714FD82BC31CC66A417958905AB61C40C498C87A6599481E1 |
SHA-512: | 6AFCC78F9BA946D82AE958CD5E7C26EC83ECE1AC0F84AD69ADD2587157E705D609A39F4A96F47FD140F45B71E1DC50D91987BE1A26C99F5D2904C0F7406D5D0C |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.302744750889139 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0687EFDF3DB2C47702DB9697BE278384 |
SHA1: | 8EAE5EE3734EE47185EE65EF526EE60DD3A3CFBE |
SHA-256: | 29871498D5C1DA67705EF81F2D40FC94E95527BD2DEB17E573225C4080DB2CAD |
SHA-512: | B1E86CB04DA7DEF5CE6CF0777A88F007FF60D13ECE39A55D4BEB1070A1B26EECDAAB3B3CAFD14417F4C561F552709DDD458046DCEF087BF2162B77AE3667C065 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.257587371462186 |
Encrypted: | false |
SSDEEP: | |
MD5: | A599D1B41AB32DA106C8EE6597D1E228 |
SHA1: | 5F7756730AECA1AB6D1E943A97A9570B0A26ED7D |
SHA-256: | 075B4D5DE7FF44E611433884262C453565F38EFFD502BF80F4FD332C24AC31AE |
SHA-512: | C80004AFDC9F89485C98AE8694A0457FF6D30DA87B08FEBB215CE93077CC4CD9F76A96A0E1007C069CE40925D80847297D845B30592564BA67EC4E73EBE3CF6F |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.371950987392021 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6CA6C838985F488B496DE0AD653AC9E4 |
SHA1: | D5BB58E2426A7A3EA1FFC22EA0058D26110E5155 |
SHA-256: | 5E2C3A4F04123389168678F7F213CE4FE5462030D61F536F91FCEA07A8E76266 |
SHA-512: | 8D2A0964E9AF73366EA8B7294DEB8AEAEB3C6AF1ABEF0E5A68A58FD57EE22EABDF507F563D05CEB2A78DBB5085F8FA20C14DE030AF75D3610F516104A6BD08AC |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.138525941866267 |
Encrypted: | false |
SSDEEP: | |
MD5: | B7FF2D2CBDDFBAE71D06ED4C946B3509 |
SHA1: | 661F4A305FA6AABE87E3E11C4F3FA67CE5023EB4 |
SHA-256: | B25CB7164F311055BA5B256C9281A92709567A165B4603EB6B17DAC4C8FBF7F5 |
SHA-512: | EB939CAE13870DF103D95487A2C47F926DAEA9BBBA66F4E1F0557F1B93E3DEDC2B61B058EA51473C09B57ACCEC3DAC61C7DDA553E43ED5AC56EE6A0DC11780F4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.4578260695028895 |
Encrypted: | false |
SSDEEP: | |
MD5: | 03A5CB0D63467427293B1352E35590A9 |
SHA1: | 4ACD06CF45FD7360C81751C6E296FC5F4ABF8D4E |
SHA-256: | CA4DC1C8BFA40FDBE23A6D685DA40361D0A0BEFCAC1ACA66F26B178251A23CDB |
SHA-512: | 59E40F5C9E746ADAA0A2B5384B893488D4E40CF2E3561C94E78AB76C08392DF72A8B011356CD358107A5534D67BAE0B698491F440D3829C52D55865029B56884 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.9620893161973925 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6DB68E76BE86AF192799CB32DF0F7A60 |
SHA1: | 4E6600E3B9E063163E2B5219C5FAC892B5BD5B1A |
SHA-256: | A8A4C71C20588C1CE96AED4C51F23BE846B383D9785B06729505E059381C96F0 |
SHA-512: | 8E7474CB82F64C36F4A464BCD77D72D8FDD4FF327E12C71A64BEEBA3EBE3FD5DA19B9D1A58A64BFFB9942BAA250B7EE0782B8AA3F40B073D100C5ECBC2C5AEB7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5390718303530573 |
Encrypted: | false |
SSDEEP: | |
MD5: | 07E59B2673439F42B85EEB4C4876F330 |
SHA1: | F5EC2E1386783953F4127ECC48D760DCE69EA4B6 |
SHA-256: | 987B1BDB5D684AE429BDA98C2E7BDD0A3D958E40B85049F8740BC9AE590609F5 |
SHA-512: | 2D104E5D2A5FC42165E89A8AF251AB7D09B7F346CE5D87727D5C1FF5758C233941C7A7828E9CA9015C11D2DD2342AB4C002FFA933DDE45D2CFC771F3FF639143 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 15-43-19-575.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.352085917943317 |
Encrypted: | false |
SSDEEP: | |
MD5: | E89CDF7025B70E5A72FFC801BADFB345 |
SHA1: | 2C55C26FD5231BEBD6531BDB7962D12BE288A1BB |
SHA-256: | 2A90DFB97133E5C0219784D1C4A94C0DC45AE4787C40CFE6894A59D94C4FB88C |
SHA-512: | 22621DFF9C688C4B0BB3237350959B4357C65D1796834FC23E6636B4975BE942A969F7DB05E8FC10102DEBF93ED662BE28FC649B2456EB4B659EC84BF8E93621 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15092 |
Entropy (8bit): | 5.377729601994892 |
Encrypted: | false |
SSDEEP: | |
MD5: | B5AF9D5561901BC1D8DBC6FEB08E9AF4 |
SHA1: | 25511DB8C3AC607148B6D7EF2D6648DC1E4B39E2 |
SHA-256: | CA15A13FB3830C66406EB99459040430AE34DF9E31F5AF9A1A908A55104BB5AC |
SHA-512: | 60CFEB3372D96503BE4747B16691A8F54FFEB8AEB4E686C739B27D11903C347FD114480E2F405AAD8E69020FB7929762CA36C49619F87AC939E782478BBE7D9A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35721 |
Entropy (8bit): | 5.417302062160619 |
Encrypted: | false |
SSDEEP: | |
MD5: | C4D4565274D0A2C7C949E32CD8358868 |
SHA1: | 446E960F1589779C5C66391DF1D7ECD341FCFBC3 |
SHA-256: | BE680874346BA60F67FFE82B525078961C05002617B477EB3F823EE855E8D1E5 |
SHA-512: | 469225E5800580E0B23DF0D6365F835A174833320B82A25A083AF0144BB48B83EA2AA4FB6B6D0BC328A1BA2C529A23B8EC52074986D829242586DA60E74AA574 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | |
MD5: | E787F9888A1628BE8234F19E8EE26D68 |
SHA1: | 44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5 |
SHA-256: | 3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80 |
SHA-512: | EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 543911 |
Entropy (8bit): | 7.977303608379539 |
Encrypted: | false |
SSDEEP: | |
MD5: | 956BEC2EB32005025184F904D9622D32 |
SHA1: | C6A9A8B3F7A7AB8122FB00457C0F83D4A77F21AF |
SHA-256: | DEFD4ADB96BA87467278B6B06980FDAB1EE460D971B62ED05A89FF32983784EF |
SHA-512: | 3A32B169312E5886D8C3029BF15AD291C41AF9FB03AE7D9B1A3CAB74E95C7AAAF3E384F2432BDB8F815075B11F30D4FF083271802B41616C9060E268EB3B5D3D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | |
MD5: | 408F8BA5ED5014C1E10FA19D75C944A6 |
SHA1: | 87595F69D692B4D785AAFAD71394426879C7980F |
SHA-256: | FFFE47EBC7E157F63F4BE40AC0B2DCD73A5DCDF57B9D03FEA3EB99212A7EC16F |
SHA-512: | 01B286CA276C6B4302AC6ABA30466CE2048F6AC7FA5ACD7DCA375541C91339CEE94377B783A3A7710D10C315CA062CAE79DD2A073406D1C3C76AC4787DA5A793 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.998839597578062 |
TrID: |
|
File name: | ppop_verification_request.zip |
File size: | 1'784'469 bytes |
MD5: | f2a28541d1b4cb1a6fb00495d78970c7 |
SHA1: | 06380029fe042a4c9a29796d626edca04d25fbef |
SHA256: | da951a118e08263357427047351f95c30ebb6b577e56fcd8a618e445c0373d09 |
SHA512: | f5f66ca3a52586a52eff631e8e616f5bcbffd18fb1820afd9b98f29fd741ee275bf757b4e50ae58dca41e81a2885cbdf6ff855d56046bad703dbd0219d82bfc5 |
SSDEEP: | 49152:CpHw1OtTLSXDZGgDcGheK+l6bhWCrVYgW93IqtdbU:CpHwwt3sDZlDcGodgbhvrmV9zhU |
TLSH: | A985335354077E08FEE0C4EAA5CCF736A8580763AA1E04C629C2B7EA7E876DB31055DD |
File Content Preview: | PK...........X................PNHZ PRODUCT PASSPORT EN590.pdf..u\.[.?, ...0.t..5.twIH.04..C..!%..!...R.) HIwI......=z....~..........}]{......X.bP........bx...k\,n...ff..%"...t... ..=........@...&P..h..ud....pWs.6.......>...*.....%LD.x..j.@.]...@.(.b.A@.. |
Icon Hash: | 1c1c1e4e4ececedc |