Windows
Analysis Report
49a790ea-b732-4d5f-9f94-3f246fad2b7e.eml
Overview
General Information
Detection
Score: | 21 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- OUTLOOK.EXE (PID: 6528 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\49a7 90ea-b732- 4d5f-9f94- 3f246fad2b 7e.eml" MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 828 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "7C4 4A89B-53EC -409D-8728 -588BABF15 9F0" "2AF9 E6BA-0FC6- 4D68-BDDC- 6AEABD9378 A5" "6528" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) - Acrobat.exe (PID: 4916 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \AppData\L ocal\Micro soft\Windo ws\INetCac he\Content .Outlook\1 G9QYAY4\40 1238-5383- 211_Follow -up_lett_1 06986.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 816 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6292 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 60 --field -trial-han dle=1560,i ,164320778 6995096475 1,57524430 7312624152 7,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: frack113: |
Click to jump to signature section
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Persistence and Installation Behavior |
---|
Source: | LLM: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Browser Extensions | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 14 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
windowsupdatebg.s.llnwi.net | 87.248.204.0 | true | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1458476 |
Start date and time: | 2024-06-17 17:51:10 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 54s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 49a790ea-b732-4d5f-9f94-3f246fad2b7e.eml |
Detection: | SUS |
Classification: | sus21.winEML@20/71@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 52.109.89.119, 51.11.192.48, 2.19.105.74, 2.19.126.149, 2.19.126.143, 18.213.11.84, 34.237.241.83, 54.224.241.105, 50.16.47.176, 162.159.61.3, 172.64.41.3, 2.16.202.123, 95.101.54.195, 88.221.168.141, 2.19.126.163, 2.19.126.154, 93.184.221.240, 2.19.126.139, 2.16.164.121, 2.16.164.91, 2.16.164.115, 2.16.164.114, 2.16.164.59, 2.16.164.11
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, e4578.dscb.akamaiedge.net, a767.dspw65.akamai.net, acroipm2.adobe.com, wu.azureedge.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, a1952.dscq.akamai.net, osiprod-weu-bronze-azsc-000.westeurope.cloudapp.azure.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, apps.identrust.com, wu-b-net.trafficmanager.net, ecs.office.com, fs.microsoft.com, identrust.edgesuite.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, weu-azsc-000.odc.officeapps.live.com, p13n.adobe.io, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.co
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetValueKey calls found.
- VT rate limit hit for: 49a790ea-b732-4d5f-9f94-3f246fad2b7e.eml
Time | Type | Description |
---|---|---|
11:52:10 | API Interceptor |
Input | Output |
---|---|
URL: e-Mail Model: gpt-4o | ```json { "riskscore": 9, "brand_impersonated": "Unknown", "reasons": "The email contains a warning message indicating it is from an untrusted sender, which is a common characteristic of phishing emails. The header suggests that the recipient has not previously corresponded with this sender, raising suspicion. The presence of a 'Report Suspicious' button further indicates that the email might be flagged as potentially harmful. These elements collectively suggest a high risk of phishing." } |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
windowsupdatebg.s.llnwi.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.225474514053276 |
Encrypted: | false |
SSDEEP: | 6:dyJBzOq2PoSc2nKuAl9OmbnIFUt8syJSnZmw+syJS1kwOoSc2nKuAl9OmbjLJ:wJB6vgSfHAahFUt85JI/+5JQ5LSfHAae |
MD5: | 5BD51123D2D7344305050D95C9746A2F |
SHA1: | 7D1A9BBC709ABF0F92CAB4A924735CAD9A79B335 |
SHA-256: | 24EF8A2FAE052F44E2AF5C6F10590F29D2D505078D5053278DEA56893ADE6992 |
SHA-512: | 7848E711FF3A4D5DDA3B85389AFE16FDDB68E74922FB155AD4C0433656D0F37EB9813673158D8E18B0BA0B20B44AA3B090C1C4DA316C8BD3619209F09D33EF00 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.225474514053276 |
Encrypted: | false |
SSDEEP: | 6:dyJBzOq2PoSc2nKuAl9OmbnIFUt8syJSnZmw+syJS1kwOoSc2nKuAl9OmbjLJ:wJB6vgSfHAahFUt85JI/+5JQ5LSfHAae |
MD5: | 5BD51123D2D7344305050D95C9746A2F |
SHA1: | 7D1A9BBC709ABF0F92CAB4A924735CAD9A79B335 |
SHA-256: | 24EF8A2FAE052F44E2AF5C6F10590F29D2D505078D5053278DEA56893ADE6992 |
SHA-512: | 7848E711FF3A4D5DDA3B85389AFE16FDDB68E74922FB155AD4C0433656D0F37EB9813673158D8E18B0BA0B20B44AA3B090C1C4DA316C8BD3619209F09D33EF00 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.236046804745825 |
Encrypted: | false |
SSDEEP: | 6:dyKxq2PoSc2nKuAl9Ombzo2jMGIFUt8sydgXZmw+sydgFkwOoSc2nKuAl9Ombzos:wsvgSfHAa8uFUt85ds/+5dM5LSfHAa8z |
MD5: | 745E8A28B1295F8A6A2081BB1DC6D70B |
SHA1: | 74C27E0A62C254BAB36BA3B23B47CE113221F194 |
SHA-256: | 66EB3666B9E6371A1762216A7BCBEB09B989CB256AE29FADDD94893FC546BBA0 |
SHA-512: | 3F57D957EFB85B11192A0B5B1C6AE3E7D34849E96C1283EA7A74E4CAE9CA58A2469D510E39D8D01EABE90D1106A2CF91310B0FB7CDFE9A706AC8F4C9B6C7565F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.236046804745825 |
Encrypted: | false |
SSDEEP: | 6:dyKxq2PoSc2nKuAl9Ombzo2jMGIFUt8sydgXZmw+sydgFkwOoSc2nKuAl9Ombzos:wsvgSfHAa8uFUt85ds/+5dM5LSfHAa8z |
MD5: | 745E8A28B1295F8A6A2081BB1DC6D70B |
SHA1: | 74C27E0A62C254BAB36BA3B23B47CE113221F194 |
SHA-256: | 66EB3666B9E6371A1762216A7BCBEB09B989CB256AE29FADDD94893FC546BBA0 |
SHA-512: | 3F57D957EFB85B11192A0B5B1C6AE3E7D34849E96C1283EA7A74E4CAE9CA58A2469D510E39D8D01EABE90D1106A2CF91310B0FB7CDFE9A706AC8F4C9B6C7565F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8a0e1d4c-21a4-42f1-a87f-350dded3535b.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 476 |
Entropy (8bit): | 4.965779662503592 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqdEWsBdOg2HpyNcaq3QYiubxP7E4T3y:Y2sRdsXdMHpy83QYhb17nby |
MD5: | 46D218BE165D6B3BAD8EC6058F0E60C1 |
SHA1: | DA22E88BC1EABAA0E48C63C54DE1D5A4327840C3 |
SHA-256: | BD87D80568CBAC230464825CC22C945F5AC5E78A1BCDCF4B1DD5D643B011F275 |
SHA-512: | 262BE2568E68E18A29685E3B6501FE8C725757C9246FF06303B72B39BD376239A5A25B24137DB50C77657CE206972E36A5DFB7A37590396A1F5F21CB0110401F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 476 |
Entropy (8bit): | 4.965779662503592 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqdEWsBdOg2HpyNcaq3QYiubxP7E4T3y:Y2sRdsXdMHpy83QYhb17nby |
MD5: | 46D218BE165D6B3BAD8EC6058F0E60C1 |
SHA1: | DA22E88BC1EABAA0E48C63C54DE1D5A4327840C3 |
SHA-256: | BD87D80568CBAC230464825CC22C945F5AC5E78A1BCDCF4B1DD5D643B011F275 |
SHA-512: | 262BE2568E68E18A29685E3B6501FE8C725757C9246FF06303B72B39BD376239A5A25B24137DB50C77657CE206972E36A5DFB7A37590396A1F5F21CB0110401F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7504 |
Entropy (8bit): | 5.244330646330724 |
Encrypted: | false |
SSDEEP: | 192:7T5zVPGMEdvJ85E7hMgFZ6t9zEubg3RVEoMC22bCmtEW0phgRIitkNyWNEx3yOZ:dKaqZzZ |
MD5: | 55AAFED4B6C3FBEB98D416440E9C141F |
SHA1: | 01BCDD4ACB9683A587EBF5760553D9ACB6000AF0 |
SHA-256: | 15669212E0F6AA5F43D15BCB86B3C51DF892BC5970024EAA9DD44025B1295F14 |
SHA-512: | 48718AAF45BFE7C65206EB35DA6EB64B2500CC9DB670D8807C49E33D175CAAB4293795D3CD80CF2DB5266B26F9F0E1D92CE90090DB315C1AA171A49896A0DFDF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.226970086064988 |
Encrypted: | false |
SSDEEP: | 6:dyHUCq2PoSc2nKuAl9OmbzNMxIFUt8syNmjZZmw+syNWAkwOoSc2nKuAl9OmbzNq:wHUCvgSfHAa8jFUt85NmjZ/+5NR5LSfv |
MD5: | 1E88A54260BC9965374A75E2CE5ED881 |
SHA1: | 8D7FD662D1BEBBD6D3A0237B93FC38DA29CD143F |
SHA-256: | 4AB5D0754E38821C26C1FFF8EEE5C0EC9886FFFB76E7212230248B307FCEF38A |
SHA-512: | C1899C6F3A16392BE4ED9354C845B7CB6D6FE62CE5F8F5F2BA704DE2B6C2735374A5CEBE4C8AD75FFDEBB2FB4690C466633769B881C40DD51BDB6BE8D9852166 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.226970086064988 |
Encrypted: | false |
SSDEEP: | 6:dyHUCq2PoSc2nKuAl9OmbzNMxIFUt8syNmjZZmw+syNWAkwOoSc2nKuAl9OmbzNq:wHUCvgSfHAa8jFUt85NmjZ/+5NR5LSfv |
MD5: | 1E88A54260BC9965374A75E2CE5ED881 |
SHA1: | 8D7FD662D1BEBBD6D3A0237B93FC38DA29CD143F |
SHA-256: | 4AB5D0754E38821C26C1FFF8EEE5C0EC9886FFFB76E7212230248B307FCEF38A |
SHA-512: | C1899C6F3A16392BE4ED9354C845B7CB6D6FE62CE5F8F5F2BA704DE2B6C2735374A5CEBE4C8AD75FFDEBB2FB4690C466633769B881C40DD51BDB6BE8D9852166 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000001.dbtmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16 |
Entropy (8bit): | 3.2743974703476995 |
Encrypted: | false |
SSDEEP: | 3:1sjgWIV//Uv:1qIFUv |
MD5: | 46295CAC801E5D4857D09837238A6394 |
SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 107 |
Entropy (8bit): | 4.499533765034893 |
Encrypted: | false |
SSDEEP: | 3:ekklltt1HcZUV/TgllfOAHWXlknl/11HcZUV/TEPGKTTW:gllttVnV8VUunVnVoeITW |
MD5: | C719980A1EEC1C5A0EB1F004D83A17A6 |
SHA1: | F77A92E46D1816AEC09B83B54F4F31DA59E5B320 |
SHA-256: | F342B3E5953620F46D693B744DF77543F19885D1BB8DC32BA7F937CB3D8F171D |
SHA-512: | 51727556DB3CD37C0E7737C5A07E9F3B1DA374C514E481DDD2DB1039159296F16B0109F9C3F054100A02AED7539C7FFE24D73DA93CAC4279676FA98A6991E112 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\CURRENT (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16 |
Entropy (8bit): | 3.2743974703476995 |
Encrypted: | false |
SSDEEP: | 3:1sjgWIV//Uv:1qIFUv |
MD5: | 46295CAC801E5D4857D09837238A6394 |
SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 283 |
Entropy (8bit): | 5.254340505423749 |
Encrypted: | false |
SSDEEP: | 6:d/SM1oSc2nKuAl9OmbzfXkrl2KLlbajyq2PoSc2nKuAl9OmbzfXkrK+IFUv:NSlSfHAa8/uLojyvgSfHAa8/F3FUv |
MD5: | 100B37BE7AEA082FDF023406C7AEAC98 |
SHA1: | F5411374B79235854DEC6BE31A5AA64FDDFB47CE |
SHA-256: | 20E997DA0937AC936073ECE8B29E37D432B7C1CA5458EFC04D24AB0F0140979C |
SHA-512: | 41E1D87C153A0049879501998F652C1C31EA18097B20E95A2250BA3FEC675C1865B17C296DB264A835F911EB3E5C50AFAC52EF2A5A5124E0BD999453604FC08C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\MANIFEST-000001
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41 |
Entropy (8bit): | 4.704993772857998 |
Encrypted: | false |
SSDEEP: | 3:scoBAIxQRDKIVjn:scoBY7jn |
MD5: | 5AF87DFD673BA2115E2FCF5CFDB727AB |
SHA1: | D5B5BBF396DC291274584EF71F444F420B6056F1 |
SHA-256: | F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 |
SHA-512: | DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16 |
Entropy (8bit): | 3.2743974703476995 |
Encrypted: | false |
SSDEEP: | 3:1sjgWIV//Uv:1qIFUv |
MD5: | 46295CAC801E5D4857D09837238A6394 |
SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 126 |
Entropy (8bit): | 3.6123534208443075 |
Encrypted: | false |
SSDEEP: | 3:G0XttkJcsRwI9tkJcsSaJkG3mH2lztzlkzXlfmH2lG:G0XtqcsqczaJf3mH2lztzl4mH2lG |
MD5: | A05963DD9E2C7C3F13C18A9245AD5934 |
SHA1: | 15A87493591860C6C22499DF3A705ACB3CB466BD |
SHA-256: | F40B7EF0FE0B676871403B8DD21CE42AF8E482DC8B81F09D93CB2C48CCD112B4 |
SHA-512: | E67833950A3DB8D4C27FC851C7DF9AEBB85699024F805E98A2951E9E9FC3B606F10EAD23CE0A3B97484A18A9A52520540FB29787178BFEB9FBD8D46D0AA492A2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16 |
Entropy (8bit): | 3.2743974703476995 |
Encrypted: | false |
SSDEEP: | 3:1sjgWIV//Uv:1qIFUv |
MD5: | 46295CAC801E5D4857D09837238A6394 |
SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 301 |
Entropy (8bit): | 5.224840177113146 |
Encrypted: | false |
SSDEEP: | 6:dvM1oSc2nKuAl9OmbzfXkrzs52KLlbuyq2PoSc2nKuAl9OmbzfXkrzAdIFUv:NlSfHAa8/N9LYyvgSfHAa8/iFUv |
MD5: | DCE4275326AC575657921031D7C03D08 |
SHA1: | BB769303BA38A26BC06BA723046322CFDEBEFEE4 |
SHA-256: | 174F4C4C1E770D95DB1DD4026B9066E9E8167D90792C05C4BB2540E23198F035 |
SHA-512: | 2E208098D3C7BC136E1D8B3FFD87F12D7EA0D9D82B48064B466E8F383935E7ED27C572D6499B74275C36A63D5201D082D7330FA63E275EC8E11C62CB35601337 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41 |
Entropy (8bit): | 4.704993772857998 |
Encrypted: | false |
SSDEEP: | 3:scoBAIxQRDKIVjn:scoBY7jn |
MD5: | 5AF87DFD673BA2115E2FCF5CFDB727AB |
SHA1: | D5B5BBF396DC291274584EF71F444F420B6056F1 |
SHA-256: | F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 |
SHA-512: | DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240617155201Z-169.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.505231583602419 |
Encrypted: | false |
SSDEEP: | 96:oXXquNmzrT1B3TWwKoz+keJ07Y5mIrMsYo7LEMMMUEMZ/+eYoDOjWRWY/0dKMMM5:Qq91BjkBYIrMjqY/0C/7PCIaaJWf |
MD5: | 39742FB3CA88000F7C836753FEDE050F |
SHA1: | 2481BF6773FACD752744EAD2712B0A93282592AD |
SHA-256: | 47A08D326E97C526B729554C1BD5B89EFF59DA299DA057D206C7ACBDE6BA142F |
SHA-512: | 50D511BC6A21521D7E4C16A8988469787B08C640EBB5E73911E8A4EC7B67A7051D2DA3090E295581C46BC713835963AC202E4E2CFE724CC798381B7A17C046E2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444985781175468 |
Encrypted: | false |
SSDEEP: | 384:yeUci5tviBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:8ks3OazzU89UTTgUL |
MD5: | 02773EBF6F39C2839AECD6550F48D3DD |
SHA1: | 3C780AB18B6871A7F2FFCB0D5B8A4594285B658E |
SHA-256: | 58EC5C4C8298A18E8482B5B86BD72915A9FC59054FE4E02F10238A151E33C028 |
SHA-512: | 334A8E49EBDB3D11FED61A01450CBF49DEC251FF71D50013EF0679CAD5C45FEE47F796FC28E45A6437BEBDF40D0D65B1B66120278FF869ACD368FEB6F4D585B6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.772447744781087 |
Encrypted: | false |
SSDEEP: | 48:7Mup/E2ioyVqioyioWoy1CPoy1uKOioy1noy1AYoy1Wioy1hioybioyIoy1noy1M:75pjuqoQXKQtvb9IVXEBodRBk8 |
MD5: | 846C14B4A6887F25130AE7F75AA2D37E |
SHA1: | 119569BC6A2063D231234E4CF6940079BB28FC93 |
SHA-256: | 934F3718D981A8F78C97837CBB9A9306C33DB6D770A5A6EDEC3E8DE75A0A4948 |
SHA-512: | 66AB16485BA30B22F0DBAD26704E69D3D050DCE213AEE93CA471170C585B12F86680391BA8890EE29388F1449848BEC765FC5CD165A10750573F64793BBBF75A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 328 |
Entropy (8bit): | 3.1341929632267593 |
Encrypted: | false |
SSDEEP: | 6:kKOF9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:2sDnLNkPlE99SNxAhUe/3 |
MD5: | 32782A20ABF715E4FB93787994D1F01E |
SHA1: | 1F56EE776DC1F3CEBC4D6C1AAD03A75CF4D1D9E0 |
SHA-256: | 5EC107BC3D77D7E9B557E282A09E72AB7496E5852B584FC01585430AB0694C86 |
SHA-512: | 31B7723B9E04BB8461E967BA8F65236CE8075ED7981FA97FC182D811A1DA14A8837E03B51FC29D7E705A885E3E929A778550076A8035893C156BD5653E5B185D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.0135904565956606 |
Encrypted: | false |
SSDEEP: | 3:kkFklkEl1fllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnka:kKxEzxliBAIdQZV7I7kc3 |
MD5: | 9650422D9478C315A6257FBE0ABC993F |
SHA1: | 8E1E54D23EE5B2BD15FA013836E19264E8ECC553 |
SHA-256: | 5818B575F19040AEB59DD55334CA3AF07BCEDFA7E36DD67A3EDDA1093D680D0C |
SHA-512: | A0B317DEE9CF26D16A272E893EBBE764F24E2CB1709BAE8D682804C8A1ACC404CFF71830563891CBF442F8470CF83DE1496C18684493593358850F2D33C97D4F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.378333905346283 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJM3g98kUwPeUkwRe9:YvXKXqsBDhQIOQxGGMbLUkee9 |
MD5: | 29A628F98257791D32324A96C4DBFEE2 |
SHA1: | 0DE04FA28BA1EEB2C87A15709FE2FA281647009B |
SHA-256: | F6F778097C676EAE7F11A8DD40F8981DA1E47DC822895609244B1509415FDDF8 |
SHA-512: | B72224B004F73C379FF26730F3531D99CB595A964126D0592FF2D025E466BF3620157FCDAE0164CE2F65FC7E00BDBD45E05811436CFA6B9F2E8E0890B9AAF763 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.326773862817023 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfBoTfXpnrPeUkwRe9:YvXKXqsBDhQIOQxGGWTfXcUkee9 |
MD5: | 8A560AFDE574FCB8AF46580D24F3E07F |
SHA1: | 66D0FF739F86C904B35B127C74600AC398CC6586 |
SHA-256: | 552E41340512BB72D084FF5BFA21D513CA73A9AB9BA42C2E8A78BD5CAD098213 |
SHA-512: | BD934EBE302AFBE675FFC04F8E780F2610042DC592CE83F2D6454FBE6905F9BAD65029B992512FBA080CAC2FCA9C7994666DC1A8029C84291B9670A4EC0A2C9A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.306260431954425 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfBD2G6UpnrPeUkwRe9:YvXKXqsBDhQIOQxGGR22cUkee9 |
MD5: | D86BD5DB5E4055AC861D65DF752E1FD5 |
SHA1: | A5FAF907EB590DF12776761B812D26882A251190 |
SHA-256: | BDA03D579BD9234E44C1591A827137661BA2C36976AD49D8A7753BE798F44401 |
SHA-512: | 01A9C8AA225F29A603A7CAC0443790568DE904B0920AA5B7C35560D18359EF984A82EF7E0F9E25E2B7FCF10E84018EBF47950B9C3896FDDD7B008490B025C6A8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.3692488446336375 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfPmwrPeUkwRe9:YvXKXqsBDhQIOQxGGH56Ukee9 |
MD5: | 59814D53FBCC3D6FA2AF6C48CDE69AB7 |
SHA1: | 693D792B35B75E019120A3BF0F420DFA495C47DF |
SHA-256: | 63A097E0FC5C9F20D543BC9A61338DC77E433767E22AECF22C81AF4BE57F00E9 |
SHA-512: | BF128EF4BD8544CC48846A3300BAA8021AC6491404AA1A028A4703C89FFC9D68E516B0240884443D07E366FB0434D12F228976CC072609CEF9698C2B56866CAC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.3312557950825035 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfJWCtMdPeUkwRe9:YvXKXqsBDhQIOQxGGBS8Ukee9 |
MD5: | F7F3EB8AF3040AEC05230385EFCCAF52 |
SHA1: | ADDD806ED4277B56F89343D88D90111B8A0C1022 |
SHA-256: | 2F97B706E32B4D091B3A0C12B76CC86C62C7E6A09652BCB61E4F67781B66A060 |
SHA-512: | 211A9EF7F301C5D0918E2C1FB266F9813A82C8D1CBD8F8F4E8DF18D520D94EE554337B3BFD38BA71A75AC60AC180066C7EF5110576FAC739DAD7A199C7A45661 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.318237267258436 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJf8dPeUkwRe9:YvXKXqsBDhQIOQxGGU8Ukee9 |
MD5: | 6FD7E9D80933FB64318A442FF95617AB |
SHA1: | 9A82753EC11EB50E9DD88BE28AE43DD1FD0E3C2B |
SHA-256: | 72EC0758C23182735F395376621C81A79659A9BD88074D851407FBBC800FAC9F |
SHA-512: | 76381AAB361756B49674280649A1594568E1C002A1DB596B1C68B8A30AD931BABB5EDD92B51974935E815DA75E4046F12C1B834A86477B586334C6C9B2DD6864 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.32006352598445 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfQ1rPeUkwRe9:YvXKXqsBDhQIOQxGGY16Ukee9 |
MD5: | 15065A83F9129D59A63EF841070E6868 |
SHA1: | 695D660FB5BC4744D993464B9AA1090D840F1749 |
SHA-256: | 4582E92DC90891BAA040AD15FF05147C7010D6670399F88B92ECE1190119D102 |
SHA-512: | F83DA4ECCA64BD844E88111498E0BA4941CAC7A5E07AE209BC2E6A4CD2CA5CC827C05AA0EF6E7B4C7C253FDE3A89AF278EDF80869782C7BCA75D76344AF3672D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.324708329083552 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfFldPeUkwRe9:YvXKXqsBDhQIOQxGGz8Ukee9 |
MD5: | 13C99F57004C6ED70185AFA62C2B66E6 |
SHA1: | 0EBF169F085BEDDC582A54236D87ED89EEBAD85A |
SHA-256: | 20D76A1ED8F1E66BBBA6472599A7D635519703EDBCEC3E149AEA6030AE2E01A0 |
SHA-512: | 3EE049F24F01DD1C81077E7037FFB17E140F5CACBE5DFFBA32920E416223514EF3AD0D82A8499FFAD946D0AD8EEE74E103B65884537B074738EB4EEA494C45F0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.745740203345896 |
Encrypted: | false |
SSDEEP: | 24:Yv6XqWJVxSKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNq1:YvVWjxSEgigrNt0wSJn+ns8cvFJU1 |
MD5: | C0FDBD0E2F77938CBCDAE3A937F4E71A |
SHA1: | C7CDA036CB936EE2B88105F0E17CB9D3804E3C47 |
SHA-256: | 05D1B224E3E94FC0DB18D30C04123DBA247B3757596A19CA6E11E8C6D4FC4833 |
SHA-512: | E89C93CA3E80EA606EDD23164EE29A41E14C2DB763997F26BBF62141F24F99CC63519A67857A8CE024DA378C11940BCD3665CE54B000E1AEC5318BF8C880D6A0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.324653548641441 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfYdPeUkwRe9:YvXKXqsBDhQIOQxGGg8Ukee9 |
MD5: | C57791AB3E864AFCB920E8B00FCAA482 |
SHA1: | DB6FF583488E613C0039B339A5F7E9EC766945BA |
SHA-256: | ECB95EDB4D656F84A27C57C7BB20B8FD78DB826E21509E9C0EE3FB9B49C92D00 |
SHA-512: | 9DE5BEBE8C2F0C4AC3E1904AD0DF87B0AE9EB53DCF44BD40DC5E79214A9C392457E6E5258EB628E6A7F932CBFE951E55351838AEC5ED69EA6C86F0FC3BDF2AA3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.786602594641358 |
Encrypted: | false |
SSDEEP: | 24:Yv6XqWJVxRrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNy1:YvVWjxRHgDv3W2aYQfgB5OUupHrQ9FJq |
MD5: | 1A6CCFB1E7967DC58F3B021D8ED6026E |
SHA1: | A390AB543FBBB2A4BE43713BE9C2D87FB06B4E63 |
SHA-256: | 2F6035A61519BF7A042174C6EBDC278F88A620994FD8B4920566072982653AFA |
SHA-512: | 04968D869905D00CABBB0293418CBCF1B8B2B1AC01910832FC727DF2EF5BB3DF0E4CBECB6BD09CF1D30AC5908BE6CF89C331AFCEF1BA0041393C0D2380CAFEB3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.308031206118455 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfbPtdPeUkwRe9:YvXKXqsBDhQIOQxGGDV8Ukee9 |
MD5: | FC1F98553416BE55F55E65C082F2FDC3 |
SHA1: | 4DC53EB51B85DF353691F235B8DFD74828283C72 |
SHA-256: | 6A4CEF1A4E816DAC14E813420D31CF37D8794A7437A6759F49A59DB37EDFB684 |
SHA-512: | BCAC4F10E8917E700F6414CB7A74CCAD2D90D63DEF6F1EB2614CB3358C3A4E19905282087F73C825DB5A974A1B13FAFFAD4237299F2985235FF1CDC176F63ECC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.31110401827121 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJf21rPeUkwRe9:YvXKXqsBDhQIOQxGG+16Ukee9 |
MD5: | 9E4256FE302C3B3C4B03EFC413590E81 |
SHA1: | DA3289AB586EA16DE16A17A020A77362BC2BE768 |
SHA-256: | D72180865905639D140CEDF7460D1621B8ACE63233D74F3E227DA734B8CA96C5 |
SHA-512: | 1AD969EA636DB2DEF1419FF6458A91BC9036CE714B6E2D368BED955C60E15236CD806E2173C456FDC91631F195A15773FA04B2C892D794ED55DB1B5A28424EEB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.331488677399588 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfbpatdPeUkwRe9:YvXKXqsBDhQIOQxGGVat8Ukee9 |
MD5: | A535EDD8D3A6570584D3899F603F07A7 |
SHA1: | 7DD973BB24B5F0E072A44C99CFF0D6BD71AA8AC6 |
SHA-256: | 19B7E49B8D11FDBBC6A7984B9AE25E074915EC1651A2F0D7CE15F39FDC32956A |
SHA-512: | FE951DD0E6E9FE66D4E39308688700CEB1656346B0832C4F9B8F5E35FA9072A21354DCA8F058B69510BAB232084910D1B1A6C913A2AF4CBEA427F4E610149F9E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.288493188724984 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfshHHrPeUkwRe9:YvXKXqsBDhQIOQxGGUUUkee9 |
MD5: | F6A1C64519B75F0F0BF869F855448DC1 |
SHA1: | 684D7A56BB81B0D03DEBBBD6A230A7F31976CCE6 |
SHA-256: | 876D3F5ACED7FAE7E0F7E6DD14344A5BE88359CB048638A1913D1BD481D8BA3F |
SHA-512: | A5667A3740D90C07CF9088FEC4FC042580EB2B2F007DF4DA10AAA5ADE4E1F7A133DE2B16A8BFF84365E0302E4B438CC8E5091EF40B43514810842751E61532F3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.394697210990893 |
Encrypted: | false |
SSDEEP: | 12:YvXKXqsBDhQIOQxGGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW21:Yv6XqWJVxg168CgEXX5kcIfANhP1 |
MD5: | DDF708AF97A0C49D419D7D5AED1959EE |
SHA1: | 95280B6ADA800B56E66927DCB73174CFF686EC79 |
SHA-256: | 4A7956EAC8E57007A5DEF3C0857E3CA1E9CDCE38D7B26BC15F173508B6D1D2C6 |
SHA-512: | F7C98B0D40C4206EB27E5426CD92D0BD1E6CCD596B9964B5FB8D3B3D1E0D901BBC01B6DED37418365C1D66BD553B02C5E8B97A3B6584C2DC832AA92E013CBFF3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.134275801451724 |
Encrypted: | false |
SSDEEP: | 24:YIdrCmbC2+D4cV0VX5xQaRiray7ST+EOG4S0jKXj0Ss38M263j2LS2a9EMn5CA1v:YI4AUUys/qtG4LKT0ZBjoa9EMnl1m96 |
MD5: | 84A58AB64CF204301B23CA2F4D9619A8 |
SHA1: | C7C11F200776CB590171AA85C70453D78DF71BA6 |
SHA-256: | CAD4168C3FC01F328278F54904CFDB1CF838297C6A4CEC33862CF478AE9C8D35 |
SHA-512: | E1A3BD17F28E17A2513EEAA98E61E0AB69F310FD4313832B9F633D2EB794ED2AB3F22B7BD73CC21DC9A6819C22C9CE66E6E35DC89E5481FB83E68EA02016A6F0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.4574494038703771 |
Encrypted: | false |
SSDEEP: | 96:/VmsnyVaydoAoDoTJoTKkovkoBkoro/oLog8Xgt4K:okykydH |
MD5: | 5981D02A32C7FA8DCFF7D1C233E07E65 |
SHA1: | 4FADF1A16A7B869C8C7F039157CCC967D10EB2FC |
SHA-256: | 575E247F813017208AF18B2DC7E6A537AE3C11B48F00DF14F518743F57202112 |
SHA-512: | EA572819EF2B363D1C2066EFB9284C5DCAE689501BFD906D3680AED77E6589FC4C6D0BBE56B073719A0C4BEE0C9B13B395A9EE00D85319DB67E8A562FB7B5C1B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.9608108433435634 |
Encrypted: | false |
SSDEEP: | 96:7+yVaydoAoDoTJoTKkovkoBkoro/oLoglXgt4MaVmsV:7+ykydcnA |
MD5: | F3DD223A4EFF42149FB3C6ECDCF7E07B |
SHA1: | 8B2540344EC900BDF5D675D5338CD2A258D83927 |
SHA-256: | C66019FE7402EDC3EA0A50C92CE7830D40169111D55FDF59351F35FDE3390DC8 |
SHA-512: | E09DD406D90F8168B81955FF11AD04C8187A19CC892290A299615914C1C9932921108823175FE2397EE95ED58F7B5C16DD15FF8AEBBE1679BF86962EE74142B2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.377729522114159 |
Encrypted: | false |
SSDEEP: | 1536:EiYL8ogsF11oZ5mZ9gsMhNcAz79ysQqt2jZswqoQUGrcm0FvH4+yZbpqYRwzzH2R:8Lg/LOgfmiGu25qoQtrt0FvqnjcebFsi |
MD5: | 1438C0ED8E66AF9E3E573C03E1BC3CFE |
SHA1: | C79DEF5CBD401E138C9F791DCC61C759B5388FFB |
SHA-256: | 172C0E6E0992400C84F7684BA938E326039AF8ECDCC883DC5DFC2A41CD361059 |
SHA-512: | 3F15BAF3FB543838CB1F8D5CEAA0E43C1DD9CE13BF53901360F0693CF273E72459DFC5565D030EE8B6BE6D72E83EDFBD15EDA491F7B9F23BE7CFBB8EC818EDE4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\0A86DA2E-783E-486A-9402-60BB19DD1A02
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 173591 |
Entropy (8bit): | 5.290711591360556 |
Encrypted: | false |
SSDEEP: | 1536:8i2JfRAqcbH41gwEOLe7HWaM/o//MRcAZl1p5ihs7EXX6EAD2Opa6:Vce7HWaM/o/7X3kb |
MD5: | B6771973DB52616D272E03C57689315D |
SHA1: | EF079D7EB28FCA601676F5C285C14F527403D14D |
SHA-256: | 52D12775FA722CDD769E14C340A1F1595AF1AE57B4616CCE6D93D8AB598865B4 |
SHA-512: | 3C86611C74356FF78293EC87B20F89F617BD8DDFCCAE7095498D65D68D9D469D6C2AEB463F401C323ADB1D1DB609056452CA7E694218FCFA51F8FF121F810B88 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04616353740967531 |
Encrypted: | false |
SSDEEP: | 3:GtlxtjlEMPboqN/ilxtjlEMPboqN/Hll1R9//8l1lvlll1lllwlvlllglbelDblx:GtkMPXKkMPX/X9X01PH4l942wU |
MD5: | 136DF4E36F153A0A2BA136E8679759AA |
SHA1: | F43FB1895C97AD5F180200ECCFB9296FBCB0C5E9 |
SHA-256: | 1A4E67508045CC2769C26277765E1F2FB5E6AC44377F659ECD7811631C16D94B |
SHA-512: | 8A28275A78E33AA2EBE88706A0B655740B4C179541986EE5CA41BFD22F732BD4D8544A4B8BB1EC53622CB1B07EE5F3903DA828504E2D9F9BA93BE6B2BC87BA9F |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 49472 |
Entropy (8bit): | 0.48371000420131083 |
Encrypted: | false |
SSDEEP: | 24:K/p9glQ3zRDcOXUll7DBtDi4kZERDSzqt8VtbDBtDi4kZERDnAen8Bqt8VtbDBtJ:E4Q1FUll7DYMGzO8VFDYM03BO8VFDYML |
MD5: | 0E70F1BBADB18786633D2C1AFBA9F302 |
SHA1: | 767AE18197C159AA9460A47FEBA695E36E0FA074 |
SHA-256: | 4C1FAA6B75DAF416B90AD6C2661FDD3E23289C665ABEC59776DE87D8C038F4B6 |
SHA-512: | F13B6CC73FBCC3FADC5EEFD8C32A351000413394433BF3D3F98EE6AF4758F443884D222660DD43CF4EDABCE9E9D94E836C226BD2D6E2A569BB1907987D19725C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1G9QYAY4\401238-5383-211_Follow-up_lett_106986 (002).pdf
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 143912 |
Entropy (8bit): | 7.97517357286046 |
Encrypted: | false |
SSDEEP: | 3072:KHqcP0VHS0oAdrYdJaVWHrkCw3+MZ+U6vLWZvXhaViO4r:Qt0VHSFAdrqCOriD+fLCpdO4r |
MD5: | 08A22B2C46B4FCCDE573EFA8C5E1ED53 |
SHA1: | A50CB29824CCEF83EB7E743C26AB34F0EDFB6232 |
SHA-256: | 2CA487EA8A63B2475E55C5C2583E171845E5568D68F93B373C525A924F1D01DD |
SHA-512: | E4B5CCC6460736FFE0C17C1324CD1D33B7BE07072FD2F7CBC1DCFEBE091075A6909D324EAA13146AAB7B369756A363F0FD01838931E515D7535F31F937CAF7BD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1G9QYAY4\401238-5383-211_Follow-up_lett_106986 (002).pdf:Zone.Identifier
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:gAWY3n:qY3n |
MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1G9QYAY4\401238-5383-211_Follow-up_lett_106986.pdf
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 143912 |
Entropy (8bit): | 7.97517357286046 |
Encrypted: | false |
SSDEEP: | 3072:KHqcP0VHS0oAdrYdJaVWHrkCw3+MZ+U6vLWZvXhaViO4r:Qt0VHSFAdrqCOriD+fLCpdO4r |
MD5: | 08A22B2C46B4FCCDE573EFA8C5E1ED53 |
SHA1: | A50CB29824CCEF83EB7E743C26AB34F0EDFB6232 |
SHA-256: | 2CA487EA8A63B2475E55C5C2583E171845E5568D68F93B373C525A924F1D01DD |
SHA-512: | E4B5CCC6460736FFE0C17C1324CD1D33B7BE07072FD2F7CBC1DCFEBE091075A6909D324EAA13146AAB7B369756A363F0FD01838931E515D7535F31F937CAF7BD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1G9QYAY4\401238-5383-211_Follow-up_lett_106986.pdf:Zone.Identifier
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:gAWY3n:qY3n |
MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{EF18C7F1-C1BC-4E24-BE04-887A6C43C825}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 3436 |
Entropy (8bit): | 3.0860411498091387 |
Encrypted: | false |
SSDEEP: | 24:vWjkqnZ7Gaw3VfrZH+KlsFj58X/ds2DFvzWKavLyhlsrk/hPwRRafC0dV2A3PoZ8:acaopXKF9ssGCLyTwHJ6PKfvmqqy |
MD5: | 33BCDB066A5BE88E4496BFC43A24CAC6 |
SHA1: | C3C1DF191EE7DD289897724A0490373188C1A245 |
SHA-256: | 88366FF3850FB6310D4D2824FF8027B32A5A3CE2A84143F1BD262535BA6F8A85 |
SHA-512: | 991572E6804E40D28FF8729981F22F71FC9D737BE5453EE511DDF9C1A8EBEDAA1F6E3289061A4AAA1E4107CF3A60E0DB9CC6FAD170B9A0D4E3750641C0854131 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1718639507790434800_EA0783F2-C45D-4F9F-B778-8C0388BF34CF.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.1591090133641745 |
Encrypted: | false |
SSDEEP: | 1536:HHdF9EzpyTZCj6qgU/QJrsP8BrCQ0Q7jgRAq+ujABE4:xElycj6jpt7S |
MD5: | A0DCCA318EBE27B7C89BCB5834C26DD7 |
SHA1: | 2D25D23924433A212FEDED99BA3DCB8CD657C913 |
SHA-256: | 6A25D482C5470052F32FEA9F196ABB73428382A36359BA227AD9759EF77C268E |
SHA-512: | 27C257B51034FD527D2E542F1A91B3DABC2D47F0C6945FA39FDEABFE4110118A0F8C61F241B95BCD0CE6E8FD462A8A4DE4035ECB2FA711A21730EA1E6AD30010 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1718639507791410500_EA0783F2-C45D-4F9F-B778-8C0388BF34CF.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5162684137903053 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8dqMlf9:Qw946cPbiOxDlbYnuRKCJ |
MD5: | A8FA8CA14F24F4AD99F176639C98A867 |
SHA1: | 98CB15FEFFCC39C38761266D7A32691CE6A60B26 |
SHA-256: | 7FC978E29A36806FCCD46C7917B862100FCB04E5B3D0A81B0127EC0F135DB84A |
SHA-512: | 809718CA1A2D6439160BC79321E46BF7F60C0BBE329D66E83283092444FBC319C0757024B5CF542FAD36D0025118C8EC09DCE39D47617D3F449D953E5B390F00 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240617T1151470522-6528.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 4.4794704922790185 |
Encrypted: | false |
SSDEEP: | 768:T/kbYS5eL6qi+l+41xa9vXeihE9m0uZQAXvFZa+Ah:q41xa9vXq9HMQAXvSZh |
MD5: | F683D97B53D93BFF89BDEEBFD114C76B |
SHA1: | F434198E797829094310BFF6095AB7D5B9FBCEEE |
SHA-256: | F4A926E87FEB84DC8544F1037BF192A57208439EC5B47EFF0D1216E5F90CEFBA |
SHA-512: | 7BA1EA1E6990CBC0F526AD2F8FCC96441439E781F279021E398FFE946191C905B7D44CA30468929A0D3E0AFCFF81391970DF1B7909606629E7D80BF6F70058DD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-17 11-51-59-930.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.352085917943317 |
Encrypted: | false |
SSDEEP: | 384:QvbUDndepwY2glOjhQlvt07jGviSggyrKMaAYqu1NGZnGWtDtxtAtoDtBt8tBtwz:x5xP6In+n+/ku |
MD5: | E89CDF7025B70E5A72FFC801BADFB345 |
SHA1: | 2C55C26FD5231BEBD6531BDB7962D12BE288A1BB |
SHA-256: | 2A90DFB97133E5C0219784D1C4A94C0DC45AE4787C40CFE6894A59D94C4FB88C |
SHA-512: | 22621DFF9C688C4B0BB3237350959B4357C65D1796834FC23E6636B4975BE942A969F7DB05E8FC10102DEBF93ED662BE28FC649B2456EB4B659EC84BF8E93621 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.367983245030537 |
Encrypted: | false |
SSDEEP: | 384:BWQaDNDzDEDjTD8DdDPDsDlIvT7CLSszimxAnPwIP8fVpj7L+7XkLBcUHVEUbVwy:Jic |
MD5: | 92219C6EBE98E3703C0B51974E573362 |
SHA1: | CEBABB6C3AF45C6898BCA769E3E9860A0FF6D6BE |
SHA-256: | EB1F54375C95EC3D7794FDCE8B7CDDF366CB40C3D0049E6896DD74830F77B342 |
SHA-512: | 9EC70647D5F64E01183C9A68BCA9CF4713F24D199932886431AEC3310B22C5C471FF5BD61C69AF555BD3E5EE883136118FC3A07274D6AF0A8EBEB4311B903B85 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35721 |
Entropy (8bit): | 5.41144506318169 |
Encrypted: | false |
SSDEEP: | 192:4cbUI+EcbBcb2Ie4cbhcb4IZfcbtcbGIEScbCcbwIrFcb4cbgIr9cbl:v+ge2ZDEdrkre |
MD5: | 084D310F63039C2CC960900642211009 |
SHA1: | B699DEA0D2FF9602763A2B947222E7C28D1CD576 |
SHA-256: | 9CDB040528245331EC5489B3842FCBF36BA24B7C86F03BF9519D106BC17A3538 |
SHA-512: | 16C7A849864A0A262F1FC5486481E76280AA766860F51E6F7DE3EFBB171E3A69B7529ED07F4EA36939D9FF2B696E00EF39AE2B8C638ED0ACF31705D367194ED2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m |
MD5: | 774036904FF86EB19FCE18B796528E1E |
SHA1: | 2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16 |
SHA-256: | D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD |
SHA-512: | 9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 543911 |
Entropy (8bit): | 7.977303608379539 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P6D+Tegs6121bbvHKTJJJJv+9UZd1ybxrr/IxkB1mabFhOXZ/fEa+Q:O3P/egf121bYJJJJm94dMNB1DofjR |
MD5: | D0E92BEE373CC487536DA8FBC0B618F1 |
SHA1: | 9CCC0FBE9A08217217C749819D90F4D7D6D62AB8 |
SHA-256: | 827FCE98F251C467B0D5428A0CDB1FA2431DA910283C5F330E9DDCEA9502FC05 |
SHA-512: | 7DE0717216FEA71F10621F229DEF4CC57C15CE42C8913CB0839C32EA0947ECF2CA1F55E3BB23BE938EF76433F1F1330C62D4FEE0E6FBAC02B2B743A4A5E3A9B5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLcGZtwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLcGZa |
MD5: | 22B260CB8C51C0D68C6550E4B061E25A |
SHA1: | DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E |
SHA-256: | DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0 |
SHA-512: | 503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 12840 |
Entropy (8bit): | 7.733328071253101 |
Encrypted: | false |
SSDEEP: | 384:76hl/F3HjWXxeCidJJCCLtb+XdbbNdE7vRt3p:evZHjWBeCidJICLtUd3Ct |
MD5: | F83E5D26FD48C7B27A57713B1BF02FDA |
SHA1: | A1A48E6DED1D2EAB81716A868508E8D0CA1E4F8B |
SHA-256: | 9D07E8AEA689228922934EBE7B8A5A9D9C9DE08097632F0E3371E3357AA6AB05 |
SHA-512: | AB10B6BFD423AA1AA405F8B75167A9FB03FD1DD5BF683F5DDDF23D435CE6FF30F28BCBE9C77C6D5F24349AF3D66296CF07543277B5D8D76BC52FFBB258F33B98 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.0370104374629148 |
Encrypted: | false |
SSDEEP: | 3:Hlnlj: |
MD5: | 2237FDC36A84C1AA95DE1A471806E87B |
SHA1: | DC00C00C0771DD4C3CAB133C2DF58B99941AE842 |
SHA-256: | 958F60DB132502011FA442182293826F0AF0FF539F7FA1F880FAE07B5D70552C |
SHA-512: | F5FC4D03C629DB72AA522DF512784474DA93ED7340C7C888424E228912B7260A2754EF620D36B40361E24B6DFEF456F077CDA0B0DF132085AE02B4B4DAD46040 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 6.730995579822503 |
Encrypted: | false |
SSDEEP: | 3072:eCp9OCtuVaD0kJ3E/jxlPCsxCQ+4Ce9RYeou257IoiJitfwegigM+/bvw2c:eC9XE9Asd+dImeq6Pigvv1 |
MD5: | B345BD35BF0CC43DF57EEFD509A369F4 |
SHA1: | CF20EBB9515C7EDD90E2CB7DE2AF64805ADF1E48 |
SHA-256: | FEDCC519DF29086D0E510EEB432D0A57E4E6AF1B86BFE67DB996361F8E78EE12 |
SHA-512: | F1584AFBB4518D07FF098E05174F6073B1D0F51A225C2D394AD5810E54C4B1EAFE3B4EC2E12AF84B2626A73BD136CDFB2F0803725662DCF00A85EB701E673119 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 262144 |
Entropy (8bit): | 6.8387904796630545 |
Encrypted: | false |
SSDEEP: | 3072:Fp/e4GhtQVwD0oJ3E/7xlrC/0xoQ+6CeoR3eou2S7EoiJrtyTbgigFvyHZL:PCvE1Qc3+vx/LjAsigFvy |
MD5: | 25A4D24BDFC8246AC53148CDE5D5B769 |
SHA1: | 57ED3F9079179973D7CD74845590748C9CB49A25 |
SHA-256: | 25E6608629B31918A51EAD861C45E3C2FEF046EB635493377563BBAF36C9A963 |
SHA-512: | AE540EA9B647841249442087A720B9F482442644DAD51483FA0C646C4FB36EABF8ED99FF7598744CA04B873712B2AC67A251306CD2DCC65A89CDDEC70B8D97C1 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.12905135472819 |
TrID: |
|
File name: | 49a790ea-b732-4d5f-9f94-3f246fad2b7e.eml |
File size: | 218'670 bytes |
MD5: | ee0f35659eb9bdbac4964768e4d9b987 |
SHA1: | ba0a9a9d07f955ee459a629d3e8581a8f6aa6ff9 |
SHA256: | 08b95795c7991b93224489b317e5bf39838ca91f0c6cfec01d9eb2589facf8ec |
SHA512: | e35cb72db951966d9020355cc9438bd89e8e55b16bfbea537f716d6bd622064d5d26cba1bb126a720bbef9a3af832c52a82bb587f68bd46a91c9670f8a2f776c |
SSDEEP: | 6144:nuaW2tN6eKGm2MTCXBHF7cxuVaF2uXmREA4vPuJojOWm9Y:nDrtKGm29F7IuaF2uXm/bWmy |
TLSH: | 462402139FB74C962B6052FFEB1BB6C9B01A3B5647AE49F572D1B235743D2B2A305020 |
File Content Preview: | Received: from PH0PR06MB8483.namprd06.prod.outlook.com (2603:10b6:510:5a::13).. by CO6PR06MB7155.namprd06.prod.outlook.com with HTTPS; Fri, 14 Jun 2024.. 11:39:21 +0000..Received: from YT4PR01CA0345.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:fc::26).. by PH |
Subject: | 401238-5383-211 - Follow-up letter |
From: | international@facto.fr |
To: | IHassanali@imax.com |
Cc: | |
BCC: | |
Date: | Fri, 14 Jun 2024 13:38:27 +0200 |
Communications: |
|
Attachments: |
|
Key | Value |
---|---|
Received | from ufactp60.cm-cic.fr (HELO UFACTP60) ([10.45.204.38]) by geimsa02-openrelay.cm-cic.fr with ESMTP; 14 Jun 2024 13:38:28 +0200 |
Authentication-Results | spf=fail (sender IP is 67.231.159.236) smtp.mailfrom=facto.fr; dkim=fail (body hash did not verify) header.d=facto.fr;dmarc=fail action=quarantine header.from=facto.fr;compauth=none reason=451 |
Received-SPF | Fail (protection.outlook.com: domain of facto.fr does not designate 67.231.159.236 as permitted sender) receiver=protection.outlook.com; client-ip=67.231.159.236; helo=mx0c-007a8001.pphosted.com; |
Authentication-Results-Original | ppops.net; spf=pass smtp.mailfrom=prvs=888f86086=international@facto.fr; dkim=pass header.d=facto.fr header.s=201706; dmarc=pass header.from=facto.fr |
DKIM-Signature | v=1; a=rsa-sha256; c=simple/simple; d=facto.fr; i=@facto.fr; q=dns/txt; s=201706; t=1718365118; x=1749901118; h=message-id:mime-version:from:to:date:subject; bh=UBpNxf2ze8uuZaiub7NHphXd2PxtrS2cir+1xETyKLQ=; b=wZN4YfNgwCLqU5qyhVUPyW8gylSoR0E4WHb2A/siZsKBOaOP3Z8OYiyu fcytvbDw4ACD4Tsm6Qtx4rmIwci56pWmiDtQEvHFoFuiF8TJA+42oNFCU q07FgmOsPjt23bFvefEdsBxAjeVv6aHe1SOE0C9B6mnFkTRokp6/hl+qw 3MWdU5TM+UvVpVQapyVPeIWYMjDnEJzAg1QZKiy43VwFXFIbilY7TOnVf 66diH0OAO1jiUWG2Lfy6c9CIPY6S16LVd2E/O6qe8naZ1tes51hhI+dgR Rb1RmxQaVCjhSZhUS9Zzq2LeGKNf3/MRT48MNGxzGJUw6+KKxnLLlnig4 Q==; |
X-Disclaimer-EI | FR |
X-CONTROL-SENDER | international@facto.fr####international@facto.fr |
X-IronPort-AV | E=Sophos;i="6.08,237,1712613600"; d="pdf'?scan'208";a="440056095" |
IronPort-Data | A9a23:+Rfgc6yD1RRvFkxQz1x6t+eTxCrEfRIJ4+MujC+fZmUNrF6WrkUHm GceXWGBP/yLNzagctkjb4+wpEpQvJ7Vy4U3TgU5pC00HyNBpPScCIXCJC8cHc8zwu4v7q5Dx 59DAjUVBJlsFhcwnj/0bv676yMUOZigHtLUEPTDNj16WThqQSIgjQMLs+Mii+aEu/Dha++2k Y20+5231GONgWYubjpKsv7b8XuDgdyq0N8mlg1mDRx0lAKG/5UlJMp3Db28KXL+Xr5VEoaSL woU5Ojklo9x105F5uKNyt4XQGVTKlLhFVHmZk5tZkSXqkEqShreckoMHKF0hU9/011llvgrl YQX7cTYpQ0BZsUgk8xFO/VU/r0X0aBuoNf6zXaDXcO7n2f9WF7LndpXVnpvNNJJ3eBYD3thz KlNQNwNRkjra+Oe/ZySYdVU2JxLwMvDZdtZ5iwml2mFS612KXzAa/2iCdtw3TEsi9pIFOrfY MwQbRJhZR/cZFtBID/7DbpiwL/w2yenImEwRFS9mLYzwEXa7FRN86noIsbJU5+IY9tnkRPNz o7B1yGjav0AD/SW0SKB82ilgcfBlCjnX8QcDtWFGuVCnVOazXALVkVQXl7+qviyzECkMz5CF 3EpFuMVhfBa3CSWohPVBkDmyJJYlnbwg+ZtLtA= |
IronPort-HdrOrdr | A9a23:8bnAqq5f4gWsQFmGSQPXwKHXdLJyesId70hD6qkRc3Jom6Oj+/ xG8M5w6faWsl0ssRgb8Li90cK7Lk80m6QZ3bUs |
X-Talos-CUID | 9a23:0AbnnW59qJLpbveGdtsspGQvMeUCLFLklkyJKhDpLmBGRqe6cArF |
X-Talos-MUID | 9a23:i5YpJwvl/H/KoZTexs2nuS1mF+phw/ySK1EIg4kakoqGEzJCNGLI |
Message-Id | <392cf1$d3le8v@geimsa02-openrelay.cm-cic.fr> |
From | international@facto.fr |
To | IHassanali@imax.com |
Date | Fri, 14 Jun 2024 13:38:27 +0200 |
Subject | 401238-5383-211 - Follow-up letter |
Content-Type | multipart/mixed; boundary="--boundary_6876_4c0ce9ca-ed8e-4f74-90c1-dd0796f45cbf" |
X-Proofpoint-GUID | t0Oj-KMzJCi-YjmAo_3Fu2vWMIbkdkAa |
X-CLX-Shades | MLX |
X-CLX-Response | 1TFkXGBobEQpMehcaEQpZRBdtRhNCe0VoeBp7aBEKWFgXZ2NZRX5rHhxjfRs RCnhOF2RaYEBefkJmYB18EQp5TBdhRVNFX2FCfhIYWhEKQ0gXBxsTGhEKQ1kXBxgSGxEKQ0kXGg QaGhoRCllNF2dmchEKWUkXGnEaEBp3BhsSG3EbGBMQGncGGBoGGhEKWV4XbGx5EQpJRhdDR0tSS UVYWnVCRVleT04RCklHF3hPTREKQ04XXhplQAdhZ1BgaUMHc0BHa0V1GWxfGFx9Z2NIQU5Ba0sR ClhcFx8EGgQZHBwFGxoEGxsaBBsZHgQZHxAbHhofGhEKXlkXTkVOaEsRCk1cFxgSGxEKTFoXb21 NQWsRCkVZF29raxEKTEYXb2tra2trEQpCTxdhQFxCbFB5T0x8cBEKQ1oXGx4fBBgYHAQZGgQYGR wRCkJeFxsRCkJcFxsRCl5OFxsRCkJLF2RaYEBefkJmYB18EQpCSRdkWmBAXn5CZmAdfBEKQkUXZ 2NZRX5rHhxjfRsRCkJOF2RaYEBefkJmYB18EQpCTBdnY1lFfmseHGN9GxEKQmwXZ2NZRX5rHhxj fRsRCkJAF25naVJ4WGJQXUxaEQpCWBdoc3hAYn5cBVBpGxEKTV4XGxEKWlgXGREKeUMXZVhleEZ DX3xAHV8RCllLFx0YHx4RCnBoF2FGcGFiZlN6G1lTEBkaEQpwaBdpZ0kfcmZ4RnlpUhATHREKcG gXbRlvSHwYfxoZZFIQGRoRCnBoF2hdZlhMSWcFWkZLEBMZEQpwaBduRWNtZn1LRWdwRBAbGBoRC nBoF2FzXHNHS0NABXwFEBsZHREKcGgXa05dQEdPEllCaUMQGxsSEQpwaBdsEk9JYmxkeXhOHxAb Gh4RCnBjF2AYYGgFT3ppGU9wEBkaEQptfhcbEQpYTRdLESA= |
X-Proofpoint-ORIG-GUID | t0Oj-KMzJCi-YjmAo_3Fu2vWMIbkdkAa |
X-Proofpoint-Banner-Trigger | unknownsender |
X-Proofpoint-Virus-Version | vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-06-14_08,2024-06-14_03,2024-05-17_01 |
X-Proofpoint-Spam-Details | rule=inbound_notspam policy=inbound score=0 priorityscore=0 mlxscore=0 phishscore=0 mlxlogscore=951 suspectscore=0 impostorscore=0 lowpriorityscore=0 bulkscore=0 adultscore=0 unknownsenderscore=20 clxscore=201 malwarescore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.21.0-2405170001 definitions=main-2406140080 domainage_hfrom=7254 |
Return-Path | prvs=888f86086=international@facto.fr |
X-MS-Exchange-Organization-ExpirationStartTime | 14 Jun 2024 11:38:39.7562 (UTC) |
X-MS-Exchange-Organization-ExpirationStartTimeReason | OriginalSubmit |
X-MS-Exchange-Organization-ExpirationInterval | 1:00:00:00.0000000 |
X-MS-Exchange-Organization-ExpirationIntervalReason | OriginalSubmit |
X-MS-Exchange-Organization-Network-Message-Id | fcfc4467-196e-41d1-afd1-08dc8c668948 |
X-EOPAttributedMessage | 0 |
X-EOPTenantAttributedMessage | 690377a2-597f-481c-a498-b51532ed1e7d:0 |
X-MS-Exchange-Organization-MessageDirectionality | Incoming |
X-MS-PublicTrafficType | |
X-MS-TrafficTypeDiagnostic | YT1PEPF00001E8A:EE_|PH0PR06MB8483:EE_|CO6PR06MB7155:EE_ |
X-MS-Exchange-Organization-AuthSource | YT1PEPF00001E8A.CANPRD01.PROD.OUTLOOK.COM |
X-MS-Exchange-Organization-AuthAs | Anonymous |
X-MS-Office365-Filtering-Correlation-Id | fcfc4467-196e-41d1-afd1-08dc8c668948 |
X-MS-Exchange-AtpMessageProperties | SA|SL |
X-MS-Exchange-Organization-SCL | -1 |
X-Microsoft-Antispam | BCL:0;ARA:13230037|12012899009|82310400023; |
X-Forefront-Antispam-Report | CIP:67.231.159.236;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:CAL;SFV:NSPM;H:mx0c-007a8001.pphosted.com;PTR:mx0c-007a8001.pphosted.com;CAT:NONE;SFS:(13230037)(12012899009)(82310400023);DIR:INB; |
X-MS-Exchange-CrossTenant-OriginalArrivalTime | 14 Jun 2024 11:38:39.6625 (UTC) |
X-MS-Exchange-CrossTenant-Network-Message-Id | fcfc4467-196e-41d1-afd1-08dc8c668948 |
X-MS-Exchange-CrossTenant-Id | 690377a2-597f-481c-a498-b51532ed1e7d |
X-MS-Exchange-CrossTenant-AuthSource | YT1PEPF00001E8A.CANPRD01.PROD.OUTLOOK.COM |
X-MS-Exchange-CrossTenant-AuthAs | Anonymous |
X-MS-Exchange-CrossTenant-FromEntityHeader | Internet |
X-MS-Exchange-Transport-CrossTenantHeadersStamped | PH0PR06MB8483 |
X-MS-Exchange-Transport-EndToEndLatency | 00:00:41.9424887 |
X-MS-Exchange-Processed-By-BccFoldering | 15.20.7677.008 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198); |
X-Microsoft-Antispam-Message-Info | N3gnLzQqAhMCIbUzSR7TDLeDCAzLaUYmo57DCD0PqTIEKKDVqjh2fwQGfpXlyL6jAZWKx1FUIhKcoMZ/WWfZyg9PebD04qIWl3Hue0X9mxzZDb/f/g7SUm4Ce7/p+0s3giNLApL5eeH4FcbJW2PWr6trb41YKrMFS32sLiCMCl6wxwpEz2tMGJKAiOdhEDxxcC7UlT35RhAWc3FP5XAM1gvwlHmTxNDGWNHXYL6/LQYa2iZ46coprh/bA5dmbMEs4NJz7iCQc7PhLbbVOU7fxEJ8bsKe5CUUyJk5HSGhVdU30tSdN5d7QueAGNfhki0JGTM1DxAn1BAxzBFep698U6HCD0tQ6eM0eubCKMpX3qYlNVT8yRB88HLQvZ0je3IaCPx7CBXugfEswPLcmABCFHEG5rnK1hjkW8slvTDYYB6alJyePBhViXMJmQILO6bIZwvNraVCedd8zDAuFn872ftvLmVlvlTzhMspO3LM4XUIArBtOYYwNhWv52RYJ4BPAG+f0XiflEzjFxebhPwTchrhClEhlP4GOuPTfvZjVA9MJRQeZI2VBxWQ2XnDSZ/Hnmkajc6sUXineQ16gihopEt2zRbAQ+E43O5JLrgyOcagqn/R6GeAtkUNfUM3wmPxumfnrMTHbg6UjUJs41xyPetUcT59GGO0EXm0wvO1TLgxH/RAtiWgp05zEsfn1sJfFd4NHCkoNukE+W6OahR1yFK+U9cXahzXUG54+HnCTcJC7DLrTXfQl0PpI2jG3/8JBr//q17o3wr2cjRKAq/48qclAPy5pqdKtFcECwyu6E8weTB4SWT/5Mo1X94m6Sij5ku7ZA+gybUhImuali10IDkLVhJYeeZAsKYh9gjIP+Sld3tJN0BXlJTKYJKxBt706oJVb47KeRJ2LQTXyO5IUpyJ6dFSHwZHVaOyeGLMAjLDm+MH9QzGb/yBvWxYMtlL0PbBr42r2Wad5WNnfMrDERky87M/RUzSmxEGpHGTUYCvxNXvn18mh67j4up9LbRLGUGqUxR4D5ae5R/Ij8+ujTXCQOvVUvKbOxBneBfaQV/o5azzbEyY0fLhqGzy8zWn6wBIZgILZNtpPK9Dyk0QlczQ1RRmEgx6vP1AMsK9pdsC1IEBguQHWK4ncPmscZRKtPyX0RUHbNFxx15kSrmybgbV8jm1EUHnWsnJmGE1UIX2wYXS7zq80LxVWNHKQZHfbD0VIoqgrX/oSxoZxz7gNRmZ+DLqERWmh0cE0OmmfGnhW+6csKcf+e+Lq6+/6hjdQLYNvu2QbGPECGfkR4Gir+Z+UBApbcmXviZKlnpwLymFH2vK67Hv+FyQJXi6Mi84Ah/cLiuqMhsRH3/DVl/rXLkXhrscXMN1A/VAKszaNT/fy4gu9TFhE4rSD6Nb0YNDzSPLzDujUyXc8+nUe6dbp3d6M3zKARWdh6nsKsUifNk/NNPFeZhogML0KAuKkMkmGbvYGYQXlZ3ensTEGhQNbd8gDYWZvogmA/HntIPQ3ZnFpxi/peOphiBy+v+gmY4WhH7/GTed1Im6JHMNVYHTKXB8BHyuWbchdr6iBcx7Dp33Mw5GL4A8Bi45yLoeeS1qkRnT/GpViRQWUsT3SwPk5SqQ5aAO63jenkwPXhmlUgR72cQYOFRfhTIdV5pfiK78Srso6bOfLLZ97Ukmz2u5rRNCr0ztxQ9zbQO/kvvEvm+B1ixHPL1wz451fcRXNNtmNEE5IUAG6PztlRVMTkRBGBtO9/WtRedJtbzbUfZJRJRcMls/QfjeFrB0LYCl6KTCQZC1pr0u6aGq4AdTUN62aY1okbmUNj7cWRz7Sh0l+vP7ZY/l/T41BPDzX1POPNUegpcG13GmX4ReVzJpwLKO+c+wkBUHHLA8TgaMN5XSBy3fh6zFOtIg59Y5DIczZV5q1WT9LFUspm3gt8CVaVS0uyK5xveSaHi0oXJdqM9qVv7B5kCLLLUp5SPP8VY0Yy3u3mxzUy2xxCzHO01af0lYzB7v3x+FgdTRu/6HVB0i7M68NrJ2IgKJ1q98YHI0Og+YCYF3DMqbgcQm0oLMJY3LsbPqDBzuMaI9NM7BcwP2UURyVmWyjIfMdxY7gtYwkJ3OY1cEtxyfiUaL94grRxT/cwG5Oo3ltbdXetckRn33TgMFE6yTa1etNB1GKKrPva/M |
MIME-Version | 1.0 |
Icon Hash: | 46070c0a8e0c67d6 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jun 17, 2024 17:53:38.696331024 CEST | 1.1.1.1 | 192.168.2.18 | 0x5ea7 | No error (0) | 87.248.204.0 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:51:47 |
Start date: | 17/06/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc50000 |
File size: | 34'446'744 bytes |
MD5 hash: | 91A5292942864110ED734005B7E005C0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 2 |
Start time: | 11:51:50 |
Start date: | 17/06/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7a9c70000 |
File size: | 710'048 bytes |
MD5 hash: | EC652BEDD90E089D9406AFED89A8A8BD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 4 |
Start time: | 11:51:55 |
Start date: | 17/06/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff663080000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 5 |
Start time: | 11:51:57 |
Start date: | 17/06/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff767b30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 6 |
Start time: | 11:51:57 |
Start date: | 17/06/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff767b30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |