Windows
Analysis Report
NOTA_ACCR_11.PDF
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
Acrobat.exe (PID: 6596 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\N OTA_ACCR_1 1.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) AcroCEF.exe (PID: 2852 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) AcroCEF.exe (PID: 7208 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 08 --field -trial-han dle=1628,i ,348887633 8839633871 ,107013977 8584166679 8,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1447160 |
Start date and time: | 2024-05-24 14:52:02 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | NOTA_ACCR_11.PDF |
Detection: | CLEAN |
Classification: | clean0.winPDF@14/47@0/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 107.22.247.231, 18.207.85.246, 54.144.73.197, 34.193.227.236, 2.16.164.65, 2.16.164.59, 2.16.164.32, 2.16.164.42, 2.16.164.51, 2.16.164.64, 2.16.164.81, 2.16.164.49, 2.16.164.27, 172.64.41.3, 162.159.61.3, 2.16.202.123, 95.101.54.195, 69.192.160.136, 93.184.221.240, 72.247.154.160, 72.247.154.136
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com, wu.azureedge.net, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, apps.identrust.com, wu-b-net.trafficmanager.net, fs.microsoft.com, identrust.edgesuite.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
08:53:12 | API Interceptor |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.229182439266949 |
Encrypted: | false |
SSDEEP: | 6:DC3v4q2Pwkn2nKuAl9OmbnIFUt86C/LJZmw+6C/LDkwOwkn2nKuAl9OmbjLJ:DC3v4vYfHAahFUt86CzJ/+6CzD5JfHAR |
MD5: | 1274DF30C126455A54FCC17467F05484 |
SHA1: | FE7A71B01419703EB781D35770DE12381F32267B |
SHA-256: | D120ECBAE319709CF9CA0E742AC76503B38B749B60E5AC0966A7AC880394C31E |
SHA-512: | F21DDD101056867ED836C9374D136F427DF2DDFE022448F0FA9D16050BF9AC5EF82284FC199E9016612FC0E4CA48447CDFEC501F10FBA73FACE9CEEEBD5F3B57 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.229182439266949 |
Encrypted: | false |
SSDEEP: | 6:DC3v4q2Pwkn2nKuAl9OmbnIFUt86C/LJZmw+6C/LDkwOwkn2nKuAl9OmbjLJ:DC3v4vYfHAahFUt86CzJ/+6CzD5JfHAR |
MD5: | 1274DF30C126455A54FCC17467F05484 |
SHA1: | FE7A71B01419703EB781D35770DE12381F32267B |
SHA-256: | D120ECBAE319709CF9CA0E742AC76503B38B749B60E5AC0966A7AC880394C31E |
SHA-512: | F21DDD101056867ED836C9374D136F427DF2DDFE022448F0FA9D16050BF9AC5EF82284FC199E9016612FC0E4CA48447CDFEC501F10FBA73FACE9CEEEBD5F3B57 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.189396631532638 |
Encrypted: | false |
SSDEEP: | 6:DC/stq2Pwkn2nKuAl9Ombzo2jMGIFUt86C/3sZZmw+6C/FFQkwOwkn2nKuAl9OmT:DCktvYfHAa8uFUt86CPsZ/+6C9S5JfHA |
MD5: | E5ED11402BFC61C2F1DBF22F66A59004 |
SHA1: | 0EAAD5DBABE5B97C66E57268F719B01B40EEEBE3 |
SHA-256: | 3E7EDA1215DC0332BAF402587CAF4DFC866DCC46872DA59CE49A3704712A6979 |
SHA-512: | 29F18D14CDB18705998E4031B3BD2A65214DB4EAD8015BE332759DF6F0598B77981AE75BF22A3DC868D84CF3AEA462C8897E405A9EDC31D3EDF262DEC5E0B82F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.189396631532638 |
Encrypted: | false |
SSDEEP: | 6:DC/stq2Pwkn2nKuAl9Ombzo2jMGIFUt86C/3sZZmw+6C/FFQkwOwkn2nKuAl9OmT:DCktvYfHAa8uFUt86CPsZ/+6C9S5JfHA |
MD5: | E5ED11402BFC61C2F1DBF22F66A59004 |
SHA1: | 0EAAD5DBABE5B97C66E57268F719B01B40EEEBE3 |
SHA-256: | 3E7EDA1215DC0332BAF402587CAF4DFC866DCC46872DA59CE49A3704712A6979 |
SHA-512: | 29F18D14CDB18705998E4031B3BD2A65214DB4EAD8015BE332759DF6F0598B77981AE75BF22A3DC868D84CF3AEA462C8897E405A9EDC31D3EDF262DEC5E0B82F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\270ce418-4898-4502-8dbb-71ed351451e2.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.969340035861989 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqFBxSsBdOg2Hmcaq3QYiubInP7E4T3y:Y2sRdsgdMHZ3QYhbG7nby |
MD5: | DF9598A3178A124231C9DD3CE04A9B33 |
SHA1: | ECF32CFFB956942A4D051C210C8DFDCEA58788AD |
SHA-256: | 497BFBB51DF2037041F2E054D480B9F3E173BF2158BF0D3380A727039BA691FF |
SHA-512: | A6CD77CA0C703BC6389F60FEE87D14D4C565EF4BB929817738136CD26BCA053811AD082549DD6504A00DC891D21D00F48842F897E7ED2026BA9E0675D390CE4B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.969340035861989 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqFBxSsBdOg2Hmcaq3QYiubInP7E4T3y:Y2sRdsgdMHZ3QYhbG7nby |
MD5: | DF9598A3178A124231C9DD3CE04A9B33 |
SHA1: | ECF32CFFB956942A4D051C210C8DFDCEA58788AD |
SHA-256: | 497BFBB51DF2037041F2E054D480B9F3E173BF2158BF0D3380A727039BA691FF |
SHA-512: | A6CD77CA0C703BC6389F60FEE87D14D4C565EF4BB929817738136CD26BCA053811AD082549DD6504A00DC891D21D00F48842F897E7ED2026BA9E0675D390CE4B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.261545653976532 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7BdUICnndZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go4 |
MD5: | DC061BA941C0E27BEB544C7B7A164055 |
SHA1: | 4E5B2A1068B81191DD819503FC6E9FE8809D79E0 |
SHA-256: | 8E82FA1EF17CF595BE5373E76879D4E98A0D15DB43A4E6C46478BAB3E60EE9B3 |
SHA-512: | 00CB66FD746F9287978E26C8D559DAF9C3CBCB8E188310401CF96DBC165B50801F28EC19C0E0621E212773C007711CBF8C907621C83926CB0903CADE2F687AA8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.16456345305713 |
Encrypted: | false |
SSDEEP: | 6:DC4Vl1q2Pwkn2nKuAl9OmbzNMxIFUt86C4VjZmw+6C4V40zkwOwkn2nKuAl9Ombg:DCivYfHAa8jFUt86Ci/+6Cyz5JfHAa8E |
MD5: | 504148A39F51A648E92EB32286F20027 |
SHA1: | 77960325ED380C5F74B161C7994E27807DB5FEB5 |
SHA-256: | B5BAC7FF33D04A7E06B3C8FE27B2C893E39FBF9891E3F9724DD788C13AF7871D |
SHA-512: | D634786486E8C5FED5DA4AD5E38EE749D397BB2EF35AE9D73CAAA352F179D281CEA0157773FE0EA60A03F2B64B71DF19FE52402017FB5E0EC8472483484FF17D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.16456345305713 |
Encrypted: | false |
SSDEEP: | 6:DC4Vl1q2Pwkn2nKuAl9OmbzNMxIFUt86C4VjZmw+6C4V40zkwOwkn2nKuAl9Ombg:DCivYfHAa8jFUt86Ci/+6Cyz5JfHAa8E |
MD5: | 504148A39F51A648E92EB32286F20027 |
SHA1: | 77960325ED380C5F74B161C7994E27807DB5FEB5 |
SHA-256: | B5BAC7FF33D04A7E06B3C8FE27B2C893E39FBF9891E3F9724DD788C13AF7871D |
SHA-512: | D634786486E8C5FED5DA4AD5E38EE749D397BB2EF35AE9D73CAAA352F179D281CEA0157773FE0EA60A03F2B64B71DF19FE52402017FB5E0EC8472483484FF17D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240524125304Z-162.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.288604262217674 |
Encrypted: | false |
SSDEEP: | 48:m5qUe7kO89A6w4STAWtqqgJimly4q0TpZUCw4VJhnmSk9Xatl9RF4NvCgf5o1dSF:RkO8/w4OAV1fV3n6oEWQMw |
MD5: | 888CDF7A58C3695D343167C9B2E21D9F |
SHA1: | 6EF6FB43EAE22FF5F26719B51A8617A899772FF3 |
SHA-256: | 218B419A8C30481B163F815376D4D24C477EEC29BB470C88DED7425AAF8C66A2 |
SHA-512: | F11B5BE48B6945E05E3D5A9D6A5137B52D0F19FDBD60027ACDC1E18F7F2798EB9066D0B36392229EA442AE37419E103AC945776DF979D4A858DAA6E2F8B1612E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445228716564698 |
Encrypted: | false |
SSDEEP: | 384:yezci5tGiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rJs3OazzU89UTTgUL |
MD5: | 4D8EBAC6A0F8980DAB43F051E9F074F0 |
SHA1: | 940C8A31C909D38607DEB5E5760DD819485EE718 |
SHA-256: | 3F7E57124CB37D9FC76BF20BE8B42F0BD3B9EDDE04409301D32655CF12E113D3 |
SHA-512: | F5453EE90536087E2F32869AB5E5C41F22D2AEE9E887517FDF1D28BD726A9EAD35407CB19C1E61647F6AB2EA1D24BD9EAD2DDBD72459FD4A50EA4AADD8A964F9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7755551976486537 |
Encrypted: | false |
SSDEEP: | 96:7XpjuE/iFO/DXKQg/ZiSb9IVXEBodRBkp:7Xpfu5jedRBG |
MD5: | E4CBD66E94C11FBBE0C7A61A954F970B |
SHA1: | 09B8E9F78243A050F0D444B9F6C25389A1D31D98 |
SHA-256: | A2DAE86C4C38065000927AE31A70871DB770CEB0B056E01207255CE558D348F9 |
SHA-512: | D9FFC1D17707F43EA8AD964A167815DC4ECCA8641287837F6649D881DE8D651494439DA2BBA2373BD9E4FBEC917FF892C8EEB07DCBBE24E6A7F24DC4E89092DE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 ![encrypted](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAXCAYAAAARIY8tAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQyIDc5LjE2MDkyNCwgMjAxNy8wNy8xMy0wMTowNjozOSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6NkY0N0QxMkZFMDExMTFFNzlEQjNEM0NBNTA2NjRBOEEiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6NkY0N0QxMkVFMDExMTFFNzlEQjNEM0NBNTA2NjRBOEEiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjUxREYxNzEwRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjUxREYxNzExRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+MtWoxQAAAcJJREFUeNpi/P//PwMyYGRkhLOrauvZuDg5izk5OZPff/ig9O/fP0YGVADSfBOI5wLxpLbmxl9wCai5jLgsABkuJiq6j5ub2/rBw4cM6OqwgD1A7A2zBKaeBZdqoMFNwsLC1tdv3ABxXwPxJiD+gqaMB4j9gFgUiF2AuBaKEQ7G5gOg61nk5eXev3v7jufzly93gcKWQJe9xuYQoFqQ4ceBWBmIP4AsA6r9AzOXCYcHVIDhDjIcxJ6My3AQgMpNhnIFQHqR5XFZwMHECJd6yEAYIKvhIMYCqoFRCwgCjGSanZPzhpeXVwiYXBn///vH8PPXr/8MaGpu3Ljx+e/fv/+RkjYrExMTF4gNzO1fgGYe27VrlzvWjCYsJCT8/ccPkEKIF5mYGLE4jA+lvAA6AGghcuZzwxlE/4CKYYbTPQ5AuVxTU5PBzMwMpVDEB1hIscDB3p7Bx8cHzJ49ezbD6tWrqesDGRkZOFtNTY36QXT02DFw/IAidNOmTdQPonv37jFcv36d4fPnzwyXL1+mTUb7j1SZDIqcjBFEhFx34sQJhkcPH5Jvwa9fv/BqAMXBtatXyQ+iHz9+/KRCyFyDMQACDADO2LiJuitcAQAAAABJRU5ErkJggg==)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 69993 |
Entropy (8bit): | 7.99584879649948 |
Encrypted: | true |
SSDEEP: | 1536:iMveRG6BWC7T2g1wGUa5QUoaIB9ttiFJG+AOQOXl0Usvwr:feRG6BX6gUaHo9tkBHiUewr |
MD5: | 29F65BA8E88C063813CC50A4EA544E93 |
SHA1: | 05A7040D5C127E68C25D81CC51271FFB8BEF3568 |
SHA-256: | 1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184 |
SHA-512: | E29B2E92C496245BED3372578074407E8EF8882906CE10C35B3C8DEEBFEFE01B5FD7F3030ACAA693E175F4B7ACA6CD7D8D10AE1C731B09C5FA19035E005DE3AA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 330 |
Entropy (8bit): | 3.139206469813435 |
Encrypted: | false |
SSDEEP: | 6:kKlSlDN+SkQlPlEGYRMY9z+4KlDA3RUeVlWI/Vt:slMkPlE99SNxAhUeVLVt |
MD5: | 23B30DEEA2295EDF27E063213FE5DCCE |
SHA1: | D2E5149583CAB68D84B3A9BE39656350C2D24E03 |
SHA-256: | 1FEC0E987A022B57DD6B98D2D5D63D0FE6730A209741C4D20CC1B023D0890F77 |
SHA-512: | 7DA30367A48C43E062259A2195CC67AF32A3221D7611B3E84A0BECF0B167B9F5B2DBC78716765AD9F68126FDA7685DAE9623778DE719A6B163208529D200B202 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.026467887142631 |
Encrypted: | false |
SSDEEP: | 3:kkFklKSNllXfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7l3:kKZS31xliBAIdQZV7I7kc3 |
MD5: | 5138BF1B70B601F415AA5406DC138DB4 |
SHA1: | 0AD0963F7143C477D77E9041768B6929AE1957E6 |
SHA-256: | EE75299D7881D44401D9DCC1D2336CECC3B3DA4C078450B9D677FFEC0D46E8C8 |
SHA-512: | 5BB6E13C01E33B9F347DFAEDE7965F092D926A8796C5BA1244B859C0A64B620C68A6CCAC542C3D8684C1A59583E76175AFEECFF1ED5A4EAF1CAF0AB4608D4007 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.368862201622063 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJM3g98kUwPeUkwRe9:YvXKX9UyN2Zc0veGMbLUkee9 |
MD5: | E6A01ED47584C497D6A93A9FA935A95F |
SHA1: | A50F5D179911C01E630FE180C09BE79880AE278A |
SHA-256: | 4EF904AE3B4997682851C97D14577190373A837F51CA0A59E74910FF1B6052A4 |
SHA-512: | CAD2C9E15AC492C72EC8618DE4908B03645C041C1E221212ED8143A2F561E349A3877EBC2A036C986B4BC98EABC9AB7EA833EDCE4FDA2F010FC8ECA38FF0E53E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.318457930638335 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfBoTfXpnrPeUkwRe9:YvXKX9UyN2Zc0veGWTfXcUkee9 |
MD5: | 43D730D8B4475F2F22C8408F5A96E4CC |
SHA1: | A45994EC37DCE8471A245760B2B3DBEC7DCCB413 |
SHA-256: | 53A7DE03E1E461B00AEA9BB71FEFCA844822C528B140308674EF84814AB2AC3B |
SHA-512: | 852B6770E4F3EAC2009EC5DD568AA69D26BDBBBBC75D307C53A7B4EFEA08376D2A28878673BB3C67E274D4B29739B4E59ED77B837242C2C4603DE21DAA8553BE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.297164144865214 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfBD2G6UpnrPeUkwRe9:YvXKX9UyN2Zc0veGR22cUkee9 |
MD5: | F559054C21FFC1198888428779E7405E |
SHA1: | 392D10AB4EF595861921F02C71D1D04DA6F9823D |
SHA-256: | CFE783F65EC3E20B02657BA6D18E23E8D5A7027B80826CE8048D33BFE69F1868 |
SHA-512: | E2852D2903865FF009F5C8C42139CEFEAF1E364FFA42FA0F22BC6A0FCE4045466051BF5F0430642B12EE61EBF6D82C2504FE0FDB6F155B8998D867084431EACC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.356065648705111 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfPmwrPeUkwRe9:YvXKX9UyN2Zc0veGH56Ukee9 |
MD5: | 61CDF5DA423AE8778FE81A6B8244278E |
SHA1: | B4513203A4238FE6321EF4A8865C03DAB0D898DF |
SHA-256: | 7EEA621FA66B648D0432EDAD65EE5CFE7072763FE85DA9EA7F568BB79B6E1AE5 |
SHA-512: | 8AC3BDF6F4BB5CA06FA6A2E57F2191D79311C0C6B85A933E319BC26FD717414088EEA53AA1100505CE4015DDFB9FC38A981A47DC19DB2109686F6532D813BB73 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.314380638829615 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfJWCtMdPeUkwRe9:YvXKX9UyN2Zc0veGBS8Ukee9 |
MD5: | A5A614EEFF71FE7B74DA2856CEEEA351 |
SHA1: | 4F4FCC83688EFD1093F69A907690BCDAF5556392 |
SHA-256: | EA3DAB35AB9BD96CD620C30DD7D1C206706A2363EB423F9CE4CE8285A7EAED06 |
SHA-512: | 73FD3C8AF92AA1F1B57B7AFA2AE95B8ADDEB02C9D3C64C2FF07185C8E23A5C0FA142E0BBEF2595D949C84A5A37061C53BB3B0722A9785EA6FFE1267CE03328A3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.301518756594389 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJf8dPeUkwRe9:YvXKX9UyN2Zc0veGU8Ukee9 |
MD5: | F329F7FC14750C81AADA88B30E5A98D1 |
SHA1: | 7A0E40B8D17990209F34EF67D5E21B24C28C1D47 |
SHA-256: | 73DFE621AD7BF5BB0F09FECAD3E974876C1842F09934FE78E6F08328AEFC85F2 |
SHA-512: | A3091115C211774022281187CB24D6FD32DD83F551CADB02B0FB2A490E2F73A27F66D536D5D0225FE2058EE163E20E683BBA1FFBC70727C640AB7041025521EE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.306520173022594 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfQ1rPeUkwRe9:YvXKX9UyN2Zc0veGY16Ukee9 |
MD5: | E248F93AE5A325B12623B72F12B3B103 |
SHA1: | B789027C402E3127F61BF7FC44BFFAA5046B87DE |
SHA-256: | 26BAA83247342773F1DCB3EEE1C40D45841D42CED4FA8A1798BC85E3294A5956 |
SHA-512: | 643DDFA457B3766206CDE68D798DF0C1A03A721A0293AB6E150E139063698451422D4967E4589A55D33EE65BE571A2BDBBD0692148617AB03CD59D4073F3A2EC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.310321802865488 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfFldPeUkwRe9:YvXKX9UyN2Zc0veGz8Ukee9 |
MD5: | AC25E5B07ADCA1778D8DF6A63E0B1A1D |
SHA1: | 20E0FF56AD924F9184E2E8F9C7DCA37520162A69 |
SHA-256: | 66EA53EA93732DAC8C65EB77D9AA4FB2E596A60B017836D822593DCE5F579604 |
SHA-512: | EA051CA413A3383E11F1BF98AA3F222B1F3CF17B6869879705FC885B07C9304A5212B031F53B8343465C3466F80495534710FE977D9B15A36653DBAFC4019167 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.739946324863769 |
Encrypted: | false |
SSDEEP: | 24:Yv6X90zvaKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN7:YvE8SEgigrNt0wSJn+ns8cvFJp |
MD5: | B0AB0FC0AFD43BD8CE40916786552267 |
SHA1: | 418B9CB5629DAE49103DB2B83F0D64B1555E07A9 |
SHA-256: | 1BB3BCB1C2B74E299EADA8E6EE9D2A017358E7A28565BB0D2760492767D11FA1 |
SHA-512: | 6DB6AB4DD09577EA1BD28AF73831C759E80D5837B7454F835BBDDFAD89BBBBB2B0247F87BE227666CA21AE3CAFCD9CAE850D4DBBFAFA2913433E2CEC3406D38C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.307603217756169 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfYdPeUkwRe9:YvXKX9UyN2Zc0veGg8Ukee9 |
MD5: | D19966A72A43A03E32E0B3DFED9D615A |
SHA1: | 5842841DC354592047A5D6BF18CFC14D25A18F1F |
SHA-256: | 79ADCCF817E0220DC4105496B39816A7F291BF0458311CEFC2D51447A39F88BE |
SHA-512: | 24B76CA1D8D17F0E254FDE58AA5E9AAB72E04F39B071BD0EE645D19A4D343A84849F7C2598285E68BEA5FEE7B3B80AF81EA842FCC2C065E3A453874C69C8D941 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.779461824101886 |
Encrypted: | false |
SSDEEP: | 24:Yv6X90zvJrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNz:YvE8RHgDv3W2aYQfgB5OUupHrQ9FJV |
MD5: | 2C434E10252E51EAE098D6A0944E817D |
SHA1: | 24D42943F52B91F98AAAAD460E98880EF6331DB4 |
SHA-256: | 016F5B000615241735F94F2E0C5570B8C47D77A3B81CB93211CC4B41B71DB84D |
SHA-512: | 1CAA2D711AA2584B42ADD9687EE49BBE78C643F99EEC48D6EA629C127979806FB0F59D7E73F582B606E89FB12E560BDCC4AC36D519F787E0F9C3C8A135C92528 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.2910980596378945 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfbPtdPeUkwRe9:YvXKX9UyN2Zc0veGDV8Ukee9 |
MD5: | D7A077316F8B19B17200BB88CB99BE1D |
SHA1: | 0322B2460688BBF10A04CCE6CDEDD5A9809FD555 |
SHA-256: | C42B005BFA6D5CB99AE0B1CD2FAB294FEC61E5DE5E8DEE9ADAF672BA912F4D41 |
SHA-512: | 05E026D1BC278657A8D346E0614E6604CA7DB91F49A5D9288191FA5782B5C2485C200868F3B89C0CD3672563B2B9F8856583B63CCFE3792A94083887449A0E99 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.296694720249448 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJf21rPeUkwRe9:YvXKX9UyN2Zc0veG+16Ukee9 |
MD5: | D64F9E81897D7D96D3EB09A34B7160AD |
SHA1: | D8D80A5EEC36220939DACF8E59F2F830C6811650 |
SHA-256: | B391793BC3281994FCEA8DF400F2276AC7FC73BA89CDDA7012B95E324C745835 |
SHA-512: | 405644A3FA4A8466827440768D3C8ADF3E695EDA4408B9D3950E1C0CA71541C1A3D60BC553EE1B1EB00DF9D20C4ABA25275AF631E92BD7893B84277D01092A64 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.314144528440095 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfbpatdPeUkwRe9:YvXKX9UyN2Zc0veGVat8Ukee9 |
MD5: | 7614B2A6023C81DCF8601C3643EB608E |
SHA1: | E1E6613403B6CF4CAD059A24B4FD2FE86C068104 |
SHA-256: | 7A36607C8C8A9E56D6D44823BB73A27159A0F5A6ECDA842A9339E4502A2344AE |
SHA-512: | 287681F52CD83531F4E8BC995765C2EDD5C391EE23CB4796B793E37C9A915FBE2BA01B913B53316D05BD35AAC26ACA4174D4541A699F09F88707106CFE8CA74D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.271225967997197 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfshHHrPeUkwRe9:YvXKX9UyN2Zc0veGUUUkee9 |
MD5: | DF55AF82C6FFA506880304C4CF07E25A |
SHA1: | 182B99C5773BC9F4C3E34617D5DAD525D436A370 |
SHA-256: | CF28FA60AC8DE1D899483AB7B8F642BB40DD6E65CC3D3016CEFE55B7928F42C6 |
SHA-512: | 3B08E7C00607E6B006994BE04C93B12640AB8ACC097D0C457747892413728D5AD3C20CD065A98E325D11AD72B42C77E02AE07C7E7D217611429D68F2AB1204B8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.371093119918443 |
Encrypted: | false |
SSDEEP: | 12:YvXKX9UyN2Zc0veGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWn:Yv6X90zvo168CgEXX5kcIfANhO |
MD5: | 077AC633913BDDFE76C1430C3E50FDC0 |
SHA1: | A5642F7E33F7B73D3B30381E07E1BD55FCE1BFF3 |
SHA-256: | 944D6EC9951F5DB92B1E9F9AF42FCCB5059026FC1F88970D08ADA4674B6BDA3C |
SHA-512: | 622C8FC1C8E9BC26DDB0F6E3764C3DC1E4840EA3808CB79044153654639EEDE49E26926371460DDE0CD65C7977B63728202E1CE1E3B9BA51DCFF2430DA7FCDC6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.132906381315609 |
Encrypted: | false |
SSDEEP: | 24:Ylqpr46CptGXt39la8vBay74q7BWEhDjxj0SZbQF2SGy2LS7aK5b9a6oudOG:Y8usBtRH1mIyJaKt9a6/ |
MD5: | 9C47665B40AD999860895969967E080F |
SHA1: | 5476873E8395F231D9A7A3B1218DC42C2496CE15 |
SHA-256: | C76387B0CE5BF39F162BC61B287F27A57FE8F029F8B1EAE5E502B480F13514E9 |
SHA-512: | 3835C7B2308BA5AD316C4224778B03557896C81F772653C28EDD4962B73421CC9AAB9FD924417BA3DFC6BD1F3A6AA66C792573BA5FA83FC9B431B7EADCCECAE9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1890471520811814 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUU6dSvR9H9vxFGiDIAEkGVvpmp:lNVmswUUUUUUUU6d+FGSIt6p |
MD5: | D30B3DB19D4F61B9E2D9844CD786348E |
SHA1: | 4EABA85D23378B1AEDB20FD7DFE514B39A82F2FD |
SHA-256: | E1453986A2023B5F8DE1AB04C452736DB5A7E521C0AF35D402A40B6807C75ABA |
SHA-512: | E936C1BF0E2ECE455D1994F0A96901458A5E9894593994A7F664B27BD3A2B31E9A4228E575300BDCA7FE849A314587B277BBF2C5A3E3993895ECF45A50640A92 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6081934873499373 |
Encrypted: | false |
SSDEEP: | 48:7MqKUUUUUUUUUU6lvR9H9vxFGiDIAEkGVvaqFl2GL7msF:7qUUUUUUUUUU6BFGSItAKVmsF |
MD5: | 42FC1F36188E60BE259A7C6DA10C9282 |
SHA1: | A17931EC18232BA67F5D8D32D0EE7D503A111B7D |
SHA-256: | DBB8DEE54DA636B3D49470A418A6E0EFE8EDC78A813C6409B22C872C19934971 |
SHA-512: | 37755514B5DCE3A4F65A7E725C3F16F77A61251532DCD8D1502674508155C0DD74B09DD3F33525AD10D9B26C5E9D59AF6597A3C38F7BA23DF1FC7B8A71115CA5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.534010397435022 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8cUlWyll:Qw946cPbiOxDlbYnuRKHWl |
MD5: | 983E97A21785EA9C346F10AD1B37C229 |
SHA1: | 2412DDBAFFEC208D8D0607718F1241DE020C2777 |
SHA-256: | EA90022B3752C6FD31B8E8FF4715DCD48BCD0353DCA73F4E19B7F171E07F8742 |
SHA-512: | 820E6FCA30097BD943022A15122606C09F6E8A00E3B094CBC90DBDB7A9669221C0E279317EECF2318F18FC80B9B9C58A2403508D2CC8BFA795AF708F9F8E5A12 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-24 08-53-02-101.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.357337792456818 |
Encrypted: | false |
SSDEEP: | 384:xaxoxhswOQ7zRaL51g3MbhDiClKI0DbOJOz/ldNdAvx0KPJemlH5svs5kTp4nqag:BUKL |
MD5: | 3BCAC0B2723CF1F744A9DFB516F16685 |
SHA1: | 9BCF75D03C1E512F4E1DF230D834403718FA41D1 |
SHA-256: | 364C22B7E86397C4B50FA14380D1C1E6F1A2FB87204EBB4359B4648DA00387A6 |
SHA-512: | F6B33D313A6B6BB7870DE352D5AEC5436FE8F7EEBC50E554A1109956B0ADBC5A77DB4C3C422B8B65B9FF29702985EB34D73FDB6765E9ED1CEBFC851574AAA983 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.384139359237204 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rX:Qw7 |
MD5: | 2BDB2AD86F4C9135174463C233E1FDF3 |
SHA1: | 1D7C83D066D2D9A8480636BA9309636CD639042D |
SHA-256: | E57B55DD3C88FA1E1FA1EEDD538C311684FA4F65E079F33F85DE19562772E37E |
SHA-512: | 9B1ECA244D29045255279238BE4CCD3AF844F72408C0EEA2E143D0CC11C0216186C4626A65F1B902ECB8A07511E1ECED8C90E23B1394B9C572B75B508A86F5DD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/M7oMOWLaGZ4ZwYIGNP8dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RVWLaGZ4ZwZGm3mlind9i4ufFXpAXkru |
MD5: | E787F9888A1628BE8234F19E8EE26D68 |
SHA1: | 44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5 |
SHA-256: | 3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80 |
SHA-512: | EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.77664190248463 |
TrID: |
|
File name: | NOTA_ACCR_11.PDF |
File size: | 18'289 bytes |
MD5: | e6843c9d88e5dff3b04fa7eb6e3f3f52 |
SHA1: | 0e07211f9b8704b444a70656b603b37a622881ad |
SHA256: | 2ce905cadfa90c99483047431ba23d00f81d3ef6a710a6b184def5f9283d02ee |
SHA512: | 053a9461c74d56c7d2dc5edc6a1f205f45fe7312d1faa3ac0427e8d7ce66bdf04ae8d2fb2d3e0794a143900637d7bb1f9b95d5c23d8d02ce1778e880a9ffe6de |
SSDEEP: | 384:XaX/sa3+NX2ULQZfQTYCdmWii5UdK/9embekBmfH/N2pWY0LOfke:XG/sE+bsBQ8DDi5UdK/kmbekMf8pWYSo |
TLSH: | 53829E0BDC1A0D85E99BB92B1DB67D5E477AB70329C0A6C6307F8F41E3009B496267C7 |
File Content Preview: | %PDF-1.4.%.....5 0 obj.<</Length 6 0 R/Filter /FlateDecode>>.stream.x....n\.....m>......G._..T..@Ab....M...d%....%M..O..t.....{.]_...6..p8$....;.k.).......3.....R..N..Fw......Y..=........N+...;.\.|r..fOf.+D\2.."..l....l...Rp)*...A./>.uz.}....On..k2]....SY |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.776642 |
Total Bytes: | 18289 |
Stream Entropy: | 7.929289 |
Stream Bytes: | 15569 |
Entropy outside Streams: | 5.064208 |
Bytes outside Streams: | 2720 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 19 |
endobj | 19 |
stream | 5 |
endstream | 5 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
10 | 0f7355cdb5715f0e | c60a7c747b511b941544a5ef6440c476 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:52:58 |
Start date: | 24/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 08:52:59 |
Start date: | 24/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 08:52:59 |
Start date: | 24/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |