Windows
Analysis Report
http://damarltda.cl/certificado.php
Overview
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 7164 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://d amarltda.c l/certific ado.php MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) - chrome.exe (PID: 6452 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2104 --fi eld-trial- handle=197 6,i,745157 4889927052 220,452784 5188268333 523,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- OpenWith.exe (PID: 7048 cmdline:
C:\Windows \system32\ OpenWith.e xe -Embedd ing MD5: E4A834784FA08C17D47A1E72429C5109)
- rundll32.exe (PID: 7724 cmdline:
C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
- OpenWith.exe (PID: 8060 cmdline:
C:\Windows \system32\ OpenWith.e xe -Embedd ing MD5: E4A834784FA08C17D47A1E72429C5109)
- OpenWith.exe (PID: 3824 cmdline:
C:\Windows \system32\ OpenWith.e xe -Embedd ing MD5: E4A834784FA08C17D47A1E72429C5109) - Acrobat.exe (PID: 2100 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Downloads \causarol (2).rar" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 1636 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 1952 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 40 --field -trial-han dle=1592,i ,144937230 9292382526 4,11775953 2319553898 88,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: |
Source: | File read: |
Source: | Key opened: |
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | File opened: |
Source: | Window detected: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Thread sleep count: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep count: |
Source: | Process created: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Virtualization/Sandbox Evasion | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 Rundll32 | Security Account Manager | 11 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
tibusiness.cl | 186.64.116.245 | true | false | unknown | |
damarltda.cl | 138.128.188.146 | true | false | unknown | |
www.google.com | 142.250.101.106 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.101.106 | www.google.com | United States | 15169 | GOOGLEUS | false | |
54.227.187.23 | unknown | United States | 14618 | AMAZON-AESUS | false | |
142.251.2.84 | unknown | United States | 15169 | GOOGLEUS | false | |
74.125.137.113 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.2.94 | unknown | United States | 15169 | GOOGLEUS | false | |
186.64.116.245 | tibusiness.cl | Chile | 52368 | ZAMLTDACL | false | |
23.202.56.131 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
142.251.2.102 | unknown | United States | 15169 | GOOGLEUS | false | |
162.159.61.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
23.200.60.110 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
138.128.188.146 | damarltda.cl | United States | 33182 | DIMENOCUS | false | |
74.125.137.94 | unknown | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.17 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430796 |
Start date and time: | 2024-04-24 07:24:49 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | http://damarltda.cl/certificado.php |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 27 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.win@39/44@8/90 |
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 74.125.137.94, 142.251.2.102, 142.251.2.138, 142.251.2.100, 142.251.2.113, 142.251.2.101, 142.251.2.139, 142.251.2.84, 34.104.35.123, 192.229.211.108
- Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, slscr.update.microsoft.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.136245885455927 |
Encrypted: | false |
SSDEEP: | |
MD5: | 56B4C27FE1A97B189E9CB6B9058939BA |
SHA1: | 74426A5C02B899173E6BF00941C44328A5E2C794 |
SHA-256: | 413ADAEAE9D7B0B0BCC9B256A0301195ADED0F93DCAA15E33FA767F72FFD635F |
SHA-512: | D0959FE4897E937566A998CAE567C65E23D5F3F3BCFA3A4D12A3DD979D8D56D70380F83E042354BA698823C0B624865D27BA4ECA911E27BEC468C604014A85E1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 5.157309302126936 |
Encrypted: | false |
SSDEEP: | |
MD5: | 949CDE44B0CDC38ACA51520C55454403 |
SHA1: | CD8C1B16A9186C48588DE08BFD5ADCA09628F7CA |
SHA-256: | 7652BB479BC255A071613E793A9EE8BBB53E1DA23CDD32AE6A8D9329A47CDCEB |
SHA-512: | A8A8DC2D0F2AFDCBFA1A5A52BFD5B74BD6ED788000F757A81770851554F233D50EA7E0DFEC35E8E166C492ECC01576D1CCDC8BBA6E3DC194062422FCDFF8CE2E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6268 |
Entropy (8bit): | 5.2450177107291776 |
Encrypted: | false |
SSDEEP: | |
MD5: | 51DA948B01F457E65514C786029F4D74 |
SHA1: | B9844A304A4901FC7251F41B0FD0372201F90B70 |
SHA-256: | 4154BF767F5484A903D7F00A1B127414B7EF6B10BA82226F7697C3C7B5560A53 |
SHA-512: | 650431A1D2EEFB4E37C2B52772765E995B5DF503E925127322A6AE035C8BAE494BE23EC177E175409FBB70B05012C6B58934212F853FBCCEC4A58A819BAAB0BA |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323 |
Entropy (8bit): | 5.184290736601864 |
Encrypted: | false |
SSDEEP: | |
MD5: | A2178B48CE0F8EDE2B4CE4480FEB5A92 |
SHA1: | 492A0BB22D88C1A632D8DFC30E3998F87976EF24 |
SHA-256: | AE74E814B1449067C343FC870EC0081E9DD7E675BBD7C7D462D350CFF70CB460 |
SHA-512: | 23D9F49DD1F4FAA6DD7ACF6879BA7C7B1862FD0E7A9A5536145287BE846F88CF8D8D34890B876A485418BAC1B514DC521D95B6D7D0F22EFF04ED2259B4D2B242 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.4448519071614765 |
Encrypted: | false |
SSDEEP: | |
MD5: | B5F6806AB4ED79655487B90C4EDA458B |
SHA1: | 6FF5B035D60CA1570022C22C2AFA2B084BF71A4A |
SHA-256: | F165F7885F65E0BAF910AAA11E25508E9CDBF071FADEACC399CB6F9A7E188C9E |
SHA-512: | B954707A6FEB166322D679CAEF296C0616BC317BE261DD70BAB3A8E324EAF0316D3DA9FACF665B1AD0C0B7EF03D3A90A5DB890CF1444CC77A839FDF77FD79E84 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.76547250487407 |
Encrypted: | false |
SSDEEP: | |
MD5: | FAE850629BAB64E5E559A4F816804D5C |
SHA1: | 6F9888984CAF971745EAF84E6FFF2E83237B59B0 |
SHA-256: | 15B3E2E155DAA5B3A6CB0ABE60B0F7C2E766DB1B5B5417809F35CBD1B0AFEEE6 |
SHA-512: | 12C4E71560CB77B290A04E68BAA1A0E5A01005FB233A11BC36ED204755D02518A1DF1A9139E1FF290F54A3A93EEDC4C712BAD2E71732F9073D7349F568B6112A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.345092135790011 |
Encrypted: | false |
SSDEEP: | |
MD5: | D0A61B557A2A1DFEED883D01A47342DE |
SHA1: | FE533FC6B387B10B01B2B6C7C10B1CD44A31D294 |
SHA-256: | 3BFA40F59BB1AFEBD1E17435891EDC6B90F7AB3EA4336810253A6E3AB7924042 |
SHA-512: | 3C6B17E0833CEDD774A6F6FBDD6E8E8679998172466CA317A0EAF6FDE84EB20A358B6C432E840FB215F518B93E87E4F642657CA7C76784E1B7831EBB0FCE86BF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.290289143259773 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3AC17510B273C388188AAF962A0EF6AF |
SHA1: | 103BC52EF4FF543FBF86F0A80FA1991116B062FF |
SHA-256: | 983F402DBDF3D95639872EFA8C91B1EB5DD763562799911C3941A76445805EB9 |
SHA-512: | D45CA9EF7495C4D0DCCA72B34519BD74A845F6BF26AB2B34A71C7E2160050B6476BCE9988004CF4D6CF47D1376E947EF62E1D3FD4DC153CFBE88FB1A137FD5B4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.268837459785778 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1F895CF2D9D205AF118C04D6A9F17BA5 |
SHA1: | 3BEBB501BDEF496E14F536AABB53AE8817CE11EC |
SHA-256: | 4BB57FF71CC16E9A3D2434A63A0E720BC2D24076CE1952FF43BA67871906FF15 |
SHA-512: | 54442B9B9A98E02129D1BBCCB07C5B07CD7E14EDF11BD38536BAE8191AE215882C9095C8FA1933D7A8FD53A1ABC32D321D23113C29706A654B52CE3EA118DDE4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.33054752304379 |
Encrypted: | false |
SSDEEP: | |
MD5: | 713C15A62B2F537CCE2D63EC3360F8F7 |
SHA1: | 0CCA3A990EB4B0F11605EF66214E4BF6DBA45DD1 |
SHA-256: | D93A94D7944F948D129D58456EB47B24DE4BD024A4FD5945BD9F4656CFA32FB8 |
SHA-512: | 376D9A8D8B651032175AC0E802D385B1FA10959C272D074AB5FD831B4A32A5B961DCD4FC3C5CBCEFFB43FFE163FCF50301603477702C945F5C6B8FAABE1EA46C |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.294636762869969 |
Encrypted: | false |
SSDEEP: | |
MD5: | 851291DB568B2CBA6F174BB2B05821E2 |
SHA1: | 91F6F0B6F9106A6B7072083F2342029BCF8C76CE |
SHA-256: | 96286300ACB5CC0EC4E584B06B5A4DC4ABEC9C23077467F5D4F48BDD50A58EA5 |
SHA-512: | C22288F604972E0701D20E277718F285A9D687D8848C3FA43004DE5B0A1730FD42F8BF32437DE18BFBF6F7B1DF227E65DAB7760215C663647A1CB2FF91110270 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.280738068897522 |
Encrypted: | false |
SSDEEP: | |
MD5: | 858799A7643AB0FB273E81EAFF46D30F |
SHA1: | 186964DB977039B523A65CF2C3B32BEFE19A2D27 |
SHA-256: | 9A3B0CCD6654BFB25EF480E2AEC593366BA7C16E4E856052B4ABC327F008C626 |
SHA-512: | D55D83F0B3D22E383E27D692B108FB3205DDA1E2F6C635EED44D9D0CDF0D971E18C06ECB0B9C92DADADC1D12F5A9F7536077BEC12010D401DCB4907CB6DF063F |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.282200164263241 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3A51E1C23A905181C432CB1E80649382 |
SHA1: | 421809BCA43079CEBA01975E5102AD43B51E9CFB |
SHA-256: | C996A42B2E84EA0124217993886FDE6D622F4F0525AF56D087593BD6AE62B099 |
SHA-512: | CDFA5AEEAB32E251114C7874F56E5051D73A1DD8DF9C125756E9FD05E8DFF374F46BE62EE4132B755DD0F8C7BF5CB2D5423BD26FE646A4A3D0D70A6EA25D8251 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.291671960992431 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0C52779FB152A19D43E252D9D7A5A697 |
SHA1: | DA2C6F085C20D88895C779BEFE6873EC93D8730F |
SHA-256: | F93D863906BC29771A5C5006BB394C35B2C33B53D8F9683BFDB58BC8901F75EC |
SHA-512: | 52B79893855E729796EEB66C44D5A60966AAEECD05A16DC473F8FE07D722D89013BE27BD1917F4A50420C8E808BE1111CE1E9E86E4FDD4AC0AF068C490BD8497 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.738777159170645 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1DBF880EE2BBF7F8983C83EE34534F4F |
SHA1: | 942B2B6805A6372938736DA8C1683D3F4FEF8529 |
SHA-256: | A5E280465E9A7C705344257D2BF943561BDFF97E0C3CF602D725608397D4F1EA |
SHA-512: | 4FDA27C35C1965DBF175D2A619FCD8791491FB9F248C9A73F4795D62114682BD16226BF838D21DF53AF007BD68B1866C3A4A2CE619BD2885DBB61F09D97F4289 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.287654388066838 |
Encrypted: | false |
SSDEEP: | |
MD5: | E43CA4264BC7A1CC9212CD3F1049B81E |
SHA1: | D5CB656FD70693DC56A717C346E57960F9460DC9 |
SHA-256: | 05E68C267865D2F812305FCB0DF3473864E351A619BDA8F0B849B2389CD89F1E |
SHA-512: | C8507DAB7D2F97657172E85B7A67EF3E41D4176D088092D46545A8288536B40D1FF7FD323DDCA639427D293C6BA1EE07254B2BD9CE3F4CDA6330CB71A3C245A6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.777624145844813 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6C69BDD4E79479AF68996755C859DF63 |
SHA1: | D13FEA239D493B14B1E201AE6FFD687167A2E9DB |
SHA-256: | 24F6411D181A30AB5CEB53B326DC834FEC078B7D9E9719A6F5A184CD631275E7 |
SHA-512: | 5C3729C9622D6AD976038FBC28C728D57798CDD5B7922D48833386882274F39DBA18CB9BFEC352A7175987EFEBF6326F3064CEF2B7A223B00FF7568219D95E6E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.271286335307252 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7CF960F71313AC10C10F8448B8329285 |
SHA1: | CCC17A5C2BC5B6A5C2C447913DF90977139449C5 |
SHA-256: | ABF4A58CDCEA6753EE6DBB14B00CA986C0BACCD683ACB8670D24A35AC750C6C2 |
SHA-512: | BEF9DDF37298ECE09D54949E5099207F03FE45C559C28FED5826D8CA60CA9BFA8B87211C24540362390E769731B5A6F6493F57625D30E75C5C8894AB33021B33 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.273084538472084 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1119F800D4425F54175493AD28AFA2D9 |
SHA1: | 3CE708766502481EC877EC61325BE0672F99064E |
SHA-256: | 5C380420A88B6310DA7A26746C3E1DC1BA5F7447FB5EBE3C99A5608414DAE71D |
SHA-512: | A4C64FEE2858E61DA7A62D599F5E9D95F30AF595E82686BDF3B064485574368B41C67F2F5BDC5F81E37843F458420CA208766B09396F2E65C87F7A8F64F9D44E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.294489516824986 |
Encrypted: | false |
SSDEEP: | |
MD5: | 10C2053F5E96F42AA10733B20873FD8F |
SHA1: | C659685B4CA9986DB3B4C153D2B200F028958A65 |
SHA-256: | F6314874D45C1E2C79F661AC02DB4E12FCF8A5ADF9142160E7330A812FA1BDA5 |
SHA-512: | 8609F20F831F6A9A2615D0402A091D05713104FAF900A9723CF89D498066B944DFAD9704A99C898371117ACB5FCB3B8D4A15F40469FA8835801E66F6D5DC08D0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.249391851655984 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0715DF0660E7BBFCAB0ED27124C00CFB |
SHA1: | 0DB4B6B6F1BF1B9C3A279C956348850696296105 |
SHA-256: | 05C0849F8091C9F1641AFA3A4485E58EFD9C2382F40EB982B10D95AEA7CA6207 |
SHA-512: | BDBB9310A8FE11970B6843B9CBDBD8D7D109A27E0D2ED3F974C4572E96429892B5E70AECAFF76EADE63C7DF2BCE631898C365C10956720B42E8B356A475EC2C3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.37134696547764 |
Encrypted: | false |
SSDEEP: | |
MD5: | 77AE83B94EACAB030D6B7080F6350662 |
SHA1: | BD7283FA94E4F50B6EBAE70DC7AB0FFE60CF36C5 |
SHA-256: | 49C2480ECC7E8EB00BC0F9375987563F2C50D015509E1C0FE91A1746C5F369F1 |
SHA-512: | 9502EFFBC6B49BA328F100BB204A7EA5E629BACEB5C79084D0634ECFB89A2E6796BCE3E772F8941D5E231A62576610624DC6BC5F5789E0C8490A86CC1C20284E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.133445075199679 |
Encrypted: | false |
SSDEEP: | |
MD5: | 10DE1F076BCDE244F530D72327786B9B |
SHA1: | DF4C0B49BB4AD7A11ECCA866F7198E9B26E62C5E |
SHA-256: | 1B12BECA4826CFF1638B111972E176B7F0BB468506B3F3DC1390F90D2C80CA6B |
SHA-512: | B0D4A2C6F0732CB64BBF368D98BBDEB7B1DB889BA55A3F50FC6C6F74BCC3DD518BBD1CFD194E72DFDEC4D41E1708A0100C4F04B91285BFD7B4C710776339992A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.3574635903797239 |
Encrypted: | false |
SSDEEP: | |
MD5: | 020CD99D55DD16AE24EAAB20D59896A2 |
SHA1: | 6DC7EBC9CEE1E5DFABC7210EFDC9B95C9B6AEF4C |
SHA-256: | CAAE7C8D5C4E33CF2A426B11DE927FE17ED21180E8A0D560CBBAC077E395A713 |
SHA-512: | 77AA80A6916A2010898CE7952418B807EB75FB956A4A6FB155A82797A5C3D5782E8D762553A097F1355C993ABB2ED0CD7ED682497D6D6295FE65405A283A0C64 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.8320505952744084 |
Encrypted: | false |
SSDEEP: | |
MD5: | DCFF13F756986EA1536966CD23EE70C4 |
SHA1: | C96503343E07FEA0C234786636AEF974322F4C5F |
SHA-256: | 21D042DF51091E94164F91D7984582D9478D7C5646F736FB91810D528B8D3FAB |
SHA-512: | 500B7E44E800B94CB4345417E570A54B8ED28D2F7B3463884C282DDA455F77A9DD7B9770B3B5E9342311F2D7B284424E0754F26A57E6F768D8F8359BB4EF899C |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5081383324894926 |
Encrypted: | false |
SSDEEP: | |
MD5: | CE4B799D7F83E8AB9DC8E13D470C0168 |
SHA1: | 48D22EE3778462A8C0EFA797C68BD0CE72AA1D55 |
SHA-256: | 0BBE579CC5BC59F44DBCB93084040EEAA230E10F3AD67E7305E52627096E01CB |
SHA-512: | 41C621EEF5957E93CE32E454DECEE6B0BCB18082396EDE0BE4D3B75DBDA6C3968287554B3A5DACF9A0B6A8F6ECD1C6F63292DECA49D41D5652A021533E6EFBED |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 07-26-41-073.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.359827924713262 |
Encrypted: | false |
SSDEEP: | |
MD5: | 06DEAEDB81D09FD8FB5FF668D8E09CB2 |
SHA1: | 28A02BCBD5975117B97A08AFB049F2C94F334726 |
SHA-256: | D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64 |
SHA-512: | 948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.389423079362719 |
Encrypted: | false |
SSDEEP: | |
MD5: | 546D8E6DBC45C8E48252B60AD96FDBB6 |
SHA1: | 7C00FC7CC0433B74C6FFCC2ACB49BA3C46AE595B |
SHA-256: | 4796B934CDF2C3BEAF0E247BB7DA7510040730EB138C508A374E6BA77296DACD |
SHA-512: | 37966EBCA4889A87CFF38D79B63455E45B41758AD1749838EF7DDF4EEAB6F23A6E76D2FF90C858E3B25BAB4AC227DC9D65B40472FA72EBA08DF6ACA06A0A39A8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35721 |
Entropy (8bit): | 5.420699604137267 |
Encrypted: | false |
SSDEEP: | |
MD5: | DA93BCBC27B9827143CFDAE8ED9C22A7 |
SHA1: | 47F0A9CF3AB029D77D4B624CBAE839E976E2290B |
SHA-256: | A413D8C55F568DC41DC4C32644CAD9C609F4ED9E6BB2729503C0E41CAE3CAB1F |
SHA-512: | 99846E812F88125D82FBC97A0F222017A72AFFB20D2DB267B6A2956C327E6FC8ABD5120E0CE03C162D7A5042019A96F1C7777C93865BE421505BCED8B628E259 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | |
MD5: | FBC36885C55EA5BA776031C5D88CE062 |
SHA1: | 0B4F1882091C0F6B9B144758152BD729B3758A52 |
SHA-256: | BE08DAB2ADC2DBFB49CB47C8DF92E3DDF79A45B02C568559CBED049ECD379B08 |
SHA-512: | 231BA28A5F85E426168C46714DFBF24975C7A9D72068A1974B0B1E3C72BA41416103C253AC5C1C2254C13FB9DA9B2CF9C867D248D181135D0D268CC3839EA4E1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9975001001881223 |
Encrypted: | false |
SSDEEP: | |
MD5: | 22A635A1385268CD513D8E2EEBF91548 |
SHA1: | 57D8AF5723807C38F15FBDCDCF531B7F59174CDA |
SHA-256: | 57BDBC8917C1662EA5226F219D049E2672C64A7F057CE5F7470B8D24668EC926 |
SHA-512: | AAEDE932D2EE890ED53273C482737B0F2F32DCE9CDA4B1692A12E47523AE7DFAE53A9C2DFA851DD589C854D62E250F145450B1D8499407D411E24948204CA506 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.011805867405891 |
Encrypted: | false |
SSDEEP: | |
MD5: | ECA8B38084EB341360F945A9731016BC |
SHA1: | CAC773EDE2E58001C3B168E4646EBC7CC7DC0508 |
SHA-256: | 27B1A975173B8B24F958A5EC1C694DBAA3A74A81D08131B351109E65A47A9C71 |
SHA-512: | 9748D38A2B22CC2F396F292DB8937322641F80DFC972E87456AEBA6000CD7D0B293B5CC3044149E84BA2DEFE69C054F4646202DAED416779E11C7E1335EB5A10 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.018367241176728 |
Encrypted: | false |
SSDEEP: | |
MD5: | F184EDC4BB38B1DD16EFBE76A9440DAE |
SHA1: | 8D9A6F8B998644002207A4BE0FD5185C050D9142 |
SHA-256: | 08E4B32B7F035B08496AB15B5338610E0E18B49B61479515AB5DF9726BEDEBF9 |
SHA-512: | 53AC0F6E7071C0055A20811A8BDA2D96C6721D4729333C720AE64549546D4A69AF892E1EE197B9CEE322EB4506B9B0E58314D72A7C0FA851A2F40E9AD7F241EF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 4.01128733129323 |
Encrypted: | false |
SSDEEP: | |
MD5: | 618312B5C5AA2259170F1F19A04C33B8 |
SHA1: | 63F7F34A2052457064B3416098EAF1847487716B |
SHA-256: | AD5BC847737953679B1ABF3B33795378BB97F441B3773284A1E7A0D8D5EBC23E |
SHA-512: | 0F0810A2842F139E83D4C1BF2C87C763A3F73A22D113DE7DDE582DC9AA43BAB68493E4EAB729328A986A078AA61844DBB4ACFDA31652F534B2D50EB4C9AD042E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 4.000290947391776 |
Encrypted: | false |
SSDEEP: | |
MD5: | 48E356E6328941978E2B9C0CEB4E03B1 |
SHA1: | 3FE6C7011160CB023F60229C27E7D3C3C88F08F3 |
SHA-256: | 570AF97422F14B5AB6C75189C1548E521352119915611F71C630777D61E6EFC9 |
SHA-512: | 893B5D921838C5F32F39592A2EE7BA3F8030AF53F6E375C73178D1510B08123020432CCF96BDF3D629E74D54A09136738871A4D12E559FFF8AEE3158D47597A3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 4.0127754584213315 |
Encrypted: | false |
SSDEEP: | |
MD5: | A782DAB991B62A9D55EC4CC20D4B95F0 |
SHA1: | 7FC57DDB066B0FE426D3A3FD98DB9C912C68C5FF |
SHA-256: | AA67419D386972095FB37DAE72C963C4B32F708CAB9C4E4A6E327351A51FA070 |
SHA-512: | E708117A1F03E1A8A779FB6866C9C23E90105E0A4F1D18997142A33004B32D9F6024316903D99B86C9679FE96EEA785BDE4009D5BEE22E275CE06101C8D67BCB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7722 |
Entropy (8bit): | 7.950052266216004 |
Encrypted: | false |
SSDEEP: | |
MD5: | 800CC8DA5727AB35746C7BCA0C991E88 |
SHA1: | C3D55F6209824A4C01DAA3B0566E99786D13504E |
SHA-256: | 781B1784E9704F41150647DB325A9166F2C044432D2252F353E999E9B5EEA9A8 |
SHA-512: | 1B916125473002A6FA0152B580899AFF0ACA8650271B2380E0B2BF3A03584750BDE0968E34E6840D8D4106A36F5BC663EF29A8DDACAE99D272DFF4F7896625C1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3C0DEBFAC9CD948DD871927F2828BC11 |
SHA1: | E3013B4318AC5DF35AC2F9778A0806344F6CCA7D |
SHA-256: | D49412FA17ABD507BC7488956D72923CF697FF4C63FC5254963075548CD03763 |
SHA-512: | 5391F81BBD38A1C977F7D6D99A1D7DA0BF63677F4066CA9C6703CEBAEF94BFF38F29991196E39FB8F271EDC4B97DCB5EB079906BA866001A8B408E09D2CBDAA5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 675758 |
Entropy (8bit): | 7.99924310242817 |
Encrypted: | true |
SSDEEP: | |
MD5: | 3C0DEBFAC9CD948DD871927F2828BC11 |
SHA1: | E3013B4318AC5DF35AC2F9778A0806344F6CCA7D |
SHA-256: | D49412FA17ABD507BC7488956D72923CF697FF4C63FC5254963075548CD03763 |
SHA-512: | 5391F81BBD38A1C977F7D6D99A1D7DA0BF63677F4066CA9C6703CEBAEF94BFF38F29991196E39FB8F271EDC4B97DCB5EB079906BA866001A8B408E09D2CBDAA5 |
Malicious: | false |
Reputation: | unknown |
Preview: |