Windows
Analysis Report
U.S. Xpress (1).pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 412 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\U .S. Xpress (1).pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 4460 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5052 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 80 --field -trial-han dle=1556,i ,892720237 0515218720 ,113772477 5230510441 7,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
184.25.164.138 | unknown | United States | 9498 | BBIL-APBHARTIAirtelLtdIN | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1426964 |
Start date and time: | 2024-04-16 20:08:16 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 6s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | U.S. Xpress (1).pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/41@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.201.212.159, 52.5.13.197, 54.227.187.23, 52.202.204.11, 23.22.254.206, 172.64.41.3, 162.159.61.3, 23.209.188.151, 23.209.188.149
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- VT rate limit hit for: U.S. Xpress (1).pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
184.25.164.138 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Lokibot, PureLog Stealer, zgRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | DarkGate, MailPassView | Browse | |||
Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
BBIL-APBHARTIAirtelLtdIN | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | CobaltStrike, Ducktail | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.18924097884171 |
Encrypted: | false |
SSDEEP: | 6:3T9+q2P92nKuAl9OmbnIFUt8gBrNJZmw+gBrN9VkwO92nKuAl9OmbjLJ:D4v4HAahFUt82NJ/+2ND5LHAaSJ |
MD5: | B118117A823B234BFA45A7FECAF6692F |
SHA1: | 5A50C8559FD971B6EEA4A20D8687674D4B78075D |
SHA-256: | 1079E8471BD9310021EA79D90BD7CF49E44D26DACB43211A8B4850DAFDDD04C3 |
SHA-512: | F92DAA39AFBE155EC6379A7DA161ACEC73AD097A996988AAA02C844469704E95F40547960235E94929E2602EE50BEA4AFE71D98554D9148C694AD3D5C5B2B2C2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.18924097884171 |
Encrypted: | false |
SSDEEP: | 6:3T9+q2P92nKuAl9OmbnIFUt8gBrNJZmw+gBrN9VkwO92nKuAl9OmbjLJ:D4v4HAahFUt82NJ/+2ND5LHAaSJ |
MD5: | B118117A823B234BFA45A7FECAF6692F |
SHA1: | 5A50C8559FD971B6EEA4A20D8687674D4B78075D |
SHA-256: | 1079E8471BD9310021EA79D90BD7CF49E44D26DACB43211A8B4850DAFDDD04C3 |
SHA-512: | F92DAA39AFBE155EC6379A7DA161ACEC73AD097A996988AAA02C844469704E95F40547960235E94929E2602EE50BEA4AFE71D98554D9148C694AD3D5C5B2B2C2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.171353870839631 |
Encrypted: | false |
SSDEEP: | 6:khc+q2P92nKuAl9Ombzo2jMGIFUt89h6Zmw+9j/tVkwO92nKuAl9Ombzo2jMmLJ:kXv4HAa8uFUt89c/+9j/T5LHAa8RJ |
MD5: | DB32017B4463C67BBB279368C94E8F71 |
SHA1: | F05E172B6371DA746BBDCBDA63C19BB8DA5533F6 |
SHA-256: | 1B5A6A4BC7D9CB51E11E388DC8DB7A809A56877E77A7E6BEF77E114BD1913F6B |
SHA-512: | 921C20A699317E598C860EFCCFA2E1F58859A5ED52F9843807DDC7B9D0A550752F0C56F80448BEF5A9D96A6345202C68AC8585CA9354E88D97541FC623DE04EA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.171353870839631 |
Encrypted: | false |
SSDEEP: | 6:khc+q2P92nKuAl9Ombzo2jMGIFUt89h6Zmw+9j/tVkwO92nKuAl9Ombzo2jMmLJ:kXv4HAa8uFUt89c/+9j/T5LHAa8RJ |
MD5: | DB32017B4463C67BBB279368C94E8F71 |
SHA1: | F05E172B6371DA746BBDCBDA63C19BB8DA5533F6 |
SHA-256: | 1B5A6A4BC7D9CB51E11E388DC8DB7A809A56877E77A7E6BEF77E114BD1913F6B |
SHA-512: | 921C20A699317E598C860EFCCFA2E1F58859A5ED52F9843807DDC7B9D0A550752F0C56F80448BEF5A9D96A6345202C68AC8585CA9354E88D97541FC623DE04EA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.057418416365483 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZ8xsBdOg2Hqcaq3QYiubxnP7E4T3OF+:Y2sRdsnidMHF3QYhbxP7nbI+ |
MD5: | 255B08032310A6CC741189EE0100C770 |
SHA1: | 05392BEDA1253B835FA95FDCEB1744DBDFB218CD |
SHA-256: | 3C579B60A2A38FAE34E31A8B20451D5769AB615D41930E363FAE300CD6BE0995 |
SHA-512: | 4631FDDEFDD874DEBDF35298C8C2020D8F98191C09D31F5C83B70B1B3CE9A5F8D5667A0A5BC20F46DE393F4FE3694F01E039555BA46CC47E17670F8D3776DA75 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ca64dd55-b7f2-4754-9cf0-a103886c1ad0.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.057418416365483 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZ8xsBdOg2Hqcaq3QYiubxnP7E4T3OF+:Y2sRdsnidMHF3QYhbxP7nbI+ |
MD5: | 255B08032310A6CC741189EE0100C770 |
SHA1: | 05392BEDA1253B835FA95FDCEB1744DBDFB218CD |
SHA-256: | 3C579B60A2A38FAE34E31A8B20451D5769AB615D41930E363FAE300CD6BE0995 |
SHA-512: | 4631FDDEFDD874DEBDF35298C8C2020D8F98191C09D31F5C83B70B1B3CE9A5F8D5667A0A5BC20F46DE393F4FE3694F01E039555BA46CC47E17670F8D3776DA75 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.234195722497718 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUN/S1G1FQqcT/So:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLL |
MD5: | 1E0EE1811FB1D74810508413592A4FAB |
SHA1: | E2A35A7FACB36C3155350015488361A156FFF535 |
SHA-256: | B8F5FE181AA68C527FA8C8098F3CC1575D6D39A87D2AB4C6AB97E6BBA025E16D |
SHA-512: | 17F9DEE7C7D3A97E53F26D89F150B3ACDD43D1B10A0FDB3ECE2ECD75BB4ADED07FB83CB1B8612F92CEAF686695207E8EC1FBEFCDCDC6AB50A5102C250B2B104D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.195768498657488 |
Encrypted: | false |
SSDEEP: | 6:kln+q2P92nKuAl9OmbzNMxIFUt89l0FtZZmw+9l/tVkwO92nKuAl9OmbzNMFLJ:kUv4HAa8jFUt89+Z/+9ZT5LHAa84J |
MD5: | 16D3C94D8EAEE0518B1595AB2A3B9880 |
SHA1: | 0F4AC11C696C5650DE0EE31F080EC6C6B85025C2 |
SHA-256: | FC3C1BDCAF92E6C6CB6F659E815DF5B4405ADDFD8A0FEC9C5A78FA6074C36969 |
SHA-512: | 1256DFE45ADA108CEEEC02E734C3B5457BA7988E657C3CCA2F3920832F16AEBA75A3A480323A5851BBACCB5614778142B23505B10AEA7BFEBBA5105A7E0469AB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.195768498657488 |
Encrypted: | false |
SSDEEP: | 6:kln+q2P92nKuAl9OmbzNMxIFUt89l0FtZZmw+9l/tVkwO92nKuAl9OmbzNMFLJ:kUv4HAa8jFUt89+Z/+9ZT5LHAa84J |
MD5: | 16D3C94D8EAEE0518B1595AB2A3B9880 |
SHA1: | 0F4AC11C696C5650DE0EE31F080EC6C6B85025C2 |
SHA-256: | FC3C1BDCAF92E6C6CB6F659E815DF5B4405ADDFD8A0FEC9C5A78FA6074C36969 |
SHA-512: | 1256DFE45ADA108CEEEC02E734C3B5457BA7988E657C3CCA2F3920832F16AEBA75A3A480323A5851BBACCB5614778142B23505B10AEA7BFEBBA5105A7E0469AB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240416180908Z-158.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 89270 |
Entropy (8bit): | 1.1085013476659502 |
Encrypted: | false |
SSDEEP: | 192:bodsyJlds6lCLQ3y9dsJ4YJyRI2FdYYKQlOOo/2khSb17M2HBw:sdBds6cj9YJyRLEtd+khSb17LO |
MD5: | 20C7AA4C94B7B8EB6EB241E309EFFA95 |
SHA1: | 373CA9367AC0FCE1F178AB95AC96D5E314817CCF |
SHA-256: | 65A30288786E5B35559065D3FCD14A7E24E72267AF316901D0D3D622624287ED |
SHA-512: | B1F29333DD7BCD61FFDA931CBAD823BAC4C09F9DC4ACB7DC14B1F38A9F8BE8FC7CEDB397062BA0537756C66B902CC1651BD1B585F022EB45075A89E2E41BA485 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 228346 |
Entropy (8bit): | 3.3890581331110528 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:DPCaJ/3AYvYwgXFoL+sn |
MD5: | BAE090D23B1C0D4F6DC247F0080D349E |
SHA1: | 8A7AAD52A54F9A3CCEF3CE323F6BBD5B2B530461 |
SHA-256: | D7D3096317CF32DBEDF75D85390FE89A96170D44C09B2F6D164036064F506AE3 |
SHA-512: | 208136EBA10544EA5EADA1C32EADFD8066047A9D851FF95BADF9938D40AFA1771003C2725DB8C78991E700C73FA2FC3C9F3CC3712B3332E4CF6F8DDE0E539130 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.322139932626735 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXpt4dMOx+FIbRI6XVW7+0YaKoAvJM3g98kUwPeUkwRe9:YvXKXpt4dMOUYpW7z5GMbLUkee9 |
MD5: | 0C4D94E53DFDB6B13BDC2DCD4163D1AC |
SHA1: | DE276F260886BBCB092CF9DF743BDDE3C53B1F35 |
SHA-256: | D2FCB4B0CBF75C4AEB43B271231875B240EEAC4544678EA6E33E091A22C11303 |
SHA-512: | 328730AD6E88F73C4441FA94BFEF279DE4F6E2D6818498B6E9BA34EC0C8FA297C436A27E9E79CD97C71FF75135124291063B637C7CAC93CCB1A4B594B6D08D55 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.26152229669356 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXpt4dMOx+FIbRI6XVW7+0YaKoAvJfBoTfXpnrPeUkwRe9:YvXKXpt4dMOUYpW7z5GWTfXcUkee9 |
MD5: | 94FABE161365FFA5943107AC3061184E |
SHA1: | 961F50387E8DA646E3AA0DD614474DF929B25EA4 |
SHA-256: | 9EB1F6CCBAE26205990554C711110FC9F32202C203721051D045DA50C8E46B56 |
SHA-512: | B1927003E2FA64C69114CA41682185992D1CAB3632E1C0A515E240CE45486B5F059A3F635173AB4D4AFE3CABDA912BED6D1420C181CF8B9A7D0BFA11E188F97E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.240517332088635 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXpt4dMOx+FIbRI6XVW7+0YaKoAvJfBD2G6UpnrPeUkwRe9:YvXKXpt4dMOUYpW7z5GR22cUkee9 |
MD5: | 79928AF755B0047F398F1208BF016AAA |
SHA1: | FDFD90A28B184B108180B8A49ECBC74418AA7162 |
SHA-256: | 78630CCD71EA852029E14E75C6EC2BC50F23ABAC556E24BAE2C7CA33159B75F5 |
SHA-512: | 3AFDAE4ADA8D3BE29956798B4698030CEEE735DC3A4167B13A86DCE4041D7A0AF667A42758C5D1A385AA798ECE062A0FEEACF8B8A7D56D7711065203984D3377 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.299586373309075 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXpt4dMOx+FIbRI6XVW7+0YaKoAvJfPmwrPeUkwRe9:YvXKXpt4dMOUYpW7z5GH56Ukee9 |
MD5: | C1893B7A8C7AD67424B6943A7F9D95CA |
SHA1: | F11A75A2D28D9A279F7569F4BAE722117B4C2D39 |
SHA-256: | D8FA5262850EB6D4DD6A1E08A28557839AE965AF39E648B15B1C118E015BC8F0 |
SHA-512: | 3CE857318D172055217A988AB030778F50FE0E92C4F9F04E66DF790F3F8A1D1856695581DACCE8303CF807310D1DD520F193C30AF99B66AC32742EBFC60D55FE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.26205440434442 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXpt4dMOx+FIbRI6XVW7+0YaKoAvJfJWCtMdPeUkwRe9:YvXKXpt4dMOUYpW7z5GBS8Ukee9 |
MD5: | 77C7B99CD7E0FDAE496C29F2CFE76101 |
SHA1: | 89AC5802A75748AA4754607AAA553BDC1CBC0451 |
SHA-256: | CEA624E9F72BB9EDFA95924ABE720974A1D5FEF28BE2C100E143A0E384255D30 |
SHA-512: | ADBF66467B9D4F4048E349D3450064EB3955C392D2874EFE2BE22DB04331BE3C694C898798F1A019E458FDA36E9418DFAA248BA54B46B2E814CC0B4BABCF9148 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.248266838596764 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXpt4dMOx+FIbRI6XVW7+0YaKoAvJf8dPeUkwRe9:YvXKXpt4dMOUYpW7z5GU8Ukee9 |
MD5: | 30BC535A3D0DB5ECEBB305AA879E7F81 |
SHA1: | 7B8F41EB2CC132440C8ECBD42055B91EE882B6C2 |
SHA-256: | F69A6D254C6014837B3F6D3B5ADD1CAE5B26147598CC9F7EB333A728368A7E0E |
SHA-512: | 606348961578960F72FE20EF0924DCCC69FF694D45807205F461C9866C2A2BD41E28F91085B5F06F43370330F64BEADB46E74ED6E6B056249C1E7FB1DEDE4352 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.249462745716144 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXpt4dMOx+FIbRI6XVW7+0YaKoAvJfQ1rPeUkwRe9:YvXKXpt4dMOUYpW7z5GY16Ukee9 |
MD5: | 1DB5C4BC793BB257A8B5A194CDA9DF27 |
SHA1: | B5F46250338BCF1E865F5BA27427D30B592EE67E |
SHA-256: | 397F114B0E5EDEC8D8F476E4328C3CDD3E6E673A9553BA91A6E59EF610AF14CE |
SHA-512: | 5A9CC1F5690AB1D9296DAECD2910A883BBA9ADC863210835A13A987B1578E14BC1D800F7D81ED6E2578B30085B1E5C6BF9076CCFA3B95640CC65DBBC9EDFFDF8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.270550372219963 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXpt4dMOx+FIbRI6XVW7+0YaKoAvJfFldPeUkwRe9:YvXKXpt4dMOUYpW7z5Gz8Ukee9 |
MD5: | 34849F67B2E43F3160EDBBFE8B3758D6 |
SHA1: | 2CAF03001037F872C082B88A7606C4BEB6BA1F85 |
SHA-256: | 340FE6F80FB04ADE76CCB8F7AE9E644B6F86DEDFFE01F2CAB608E2C7B654CE6D |
SHA-512: | CB8FB3A5FB76FE09A70BB5C3A80787BAF7725D6460D7238847AFC44AFE1563BD13DE6D09C65CE88490DA3E0698A06FF70ACA6FE5B3FCE87AC07F1186536885CB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.7350570349494046 |
Encrypted: | false |
SSDEEP: | 24:Yv6XptKMOFi5KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNY:Yv495EgigrNt0wSJn+ns8cvFJy |
MD5: | 1F8D02FADBCA357697DA3F4FE8E298AF |
SHA1: | 9C906607C2B5CFA730A576539A4704B6DEAEA897 |
SHA-256: | 119E9141DC1E8E1D3CD2F9ABEC6F0107E0C6D1ECBD90F27E259F559D158D8A5B |
SHA-512: | 9158F60B53113D008AE5FE5A1C521D990993047BC4E93BAF0A8C17A1346966CFF8C00F88E2390E564BAB075AF29D56B91C53E7BB32FFF350F3DF2A63D56D3559 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.255738974108336 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXpt4dMOx+FIbRI6XVW7+0YaKoAvJfYdPeUkwRe9:YvXKXpt4dMOUYpW7z5Gg8Ukee9 |
MD5: | 90B0C36F9E3AD8342879D917D2BAF88E |
SHA1: | 34E3211BE62F21A8A9389D4356A82E85F000F900 |
SHA-256: | 311FD9892616B169BCC9ADEF654236F5B31E09EF4B9AE5095ABE88F740065C72 |
SHA-512: | 41EC24B27D735F27A165A29CCFB65CA5BE641884D1DFAA84838CDFFB4B535CAD617128E4F08180AE6B28B4579ACFC03A3783543B196F786ED6572DD42DFE5AF8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.76752763662409 |
Encrypted: | false |
SSDEEP: | 24:Yv6XptKMOFiUrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNw:Yv49UHgDv3W2aYQfgB5OUupHrQ9FJ+ |
MD5: | 2A5F3EA5EC7F9F408011B7C2FAFC0FE7 |
SHA1: | 322E48520D0E673ABBDDB262376C9666909F79DE |
SHA-256: | 50E73BEA28B122E07062038F28806C6D52FE7913F2A669CECB00B5D4384ED1BE |
SHA-512: | 4C4DBF75FB1CD01DD5FD4AC234C74E1ADC3569821D688D4C73BC41A07118A832875F8DE2C1E7105CCC954C494891C909FB8B7F887612ADB7A0D098F9C3C4ED47 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.239590271272864 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXpt4dMOx+FIbRI6XVW7+0YaKoAvJfbPtdPeUkwRe9:YvXKXpt4dMOUYpW7z5GDV8Ukee9 |
MD5: | C1039990FFCB092DAC221DF63B2365BA |
SHA1: | 42DA879CE43844CBBB51946E45B0757847100BC7 |
SHA-256: | F9F67773BC5D7D35E05BAD208739A4C5099B79FBAC6AA244D7EF71FA9FAF927F |
SHA-512: | D27E22B2BD96E2DDE532F9F02F187808902C6871A1D05B3455B62238F89DF2DAAB5600E733AF9860F6FFBA563E0828694477E8E17D7F2389D6091D018AC4F737 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.240336471249644 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXpt4dMOx+FIbRI6XVW7+0YaKoAvJf21rPeUkwRe9:YvXKXpt4dMOUYpW7z5G+16Ukee9 |
MD5: | 59D6639C0A454D8151866D0B3DCC169D |
SHA1: | 07E7879D374BB83A02852B7D4FC5609075E84CFF |
SHA-256: | E4719E698C204651E9A9E0389538A5358E746050684767AAB2446FA49B2F36FA |
SHA-512: | 0005E5A87084B63D3A2FDA73D758D88C4659B4476C93CD71952247A41AE3A5E0DCB4C1559015E8030D307EAEFE1A67403B2AA10E92BEACAF4F142FAB18252DBF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.262574102866483 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXpt4dMOx+FIbRI6XVW7+0YaKoAvJfbpatdPeUkwRe9:YvXKXpt4dMOUYpW7z5GVat8Ukee9 |
MD5: | A57C056D58FE51629387EA56EA468FEE |
SHA1: | 4771067413503003C1F969FD726B96BCCE770250 |
SHA-256: | DC46912E7AF95DFC7C729ABCE0C2A60E781FEAFEB932C9F16946393E8F32213F |
SHA-512: | 6811099E95FA231E93520DDE345721C5E812F7F113258892E0D29765CA52444D0A0DBF7EBF822C649F631A598B5A7265737E35364C3A710B6653B7B5D5F5E2E3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.217400520492139 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXpt4dMOx+FIbRI6XVW7+0YaKoAvJfshHHrPeUkwRe9:YvXKXpt4dMOUYpW7z5GUUUkee9 |
MD5: | 059A2B79CA41709C36C90B1252992A5B |
SHA1: | 1BF75DD524EE821D5B4F14ACB08E55669BC37DDE |
SHA-256: | 508A5202DCF652C96E13DBDEDA70E0AF71839B2B49CAB738CEC01DF8B30B169F |
SHA-512: | 32D4594D510C9A5C215C37142B4BE6250EA8906E4E5589E699B6DEC3D01E3D0476CD26F5E811E64C8D76667180367C6581A3ACB8575F480ED54BF416ACA22E1A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.35871482314241 |
Encrypted: | false |
SSDEEP: | 12:YvXKXpt4dMOUYpW7z5GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWzA:Yv6XptKMOFiJ168CgEXX5kcIfANhZ |
MD5: | 1E6B50052EC3C73110CDCD57C4A47884 |
SHA1: | B340D1FC58C87EE8FADD77C9A3A12D33E98158F7 |
SHA-256: | F2E995D7D4F58916CCB1FA32BEED9B69DA95F308E5FF2DCE2377BAA3BB9DFB9A |
SHA-512: | 0911454AD1387AAF1BE6216E5ADFF11B0249FB66FF594CB7572DB63094B9A82590350FA54741A19754B0EFD0C4A7CC0B8AB6253D09858267A39380A6B16D656A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.131128340238874 |
Encrypted: | false |
SSDEEP: | 24:Y4TxWTJvMC+fQUi3sq6qy+UTnaUcayTxqvn/TVs6cjyBVj0S0Shj8SP/2BhBP2Lc:YoZY36qbyP/aPTV8il6h9I |
MD5: | BD0717CD212A27EDD61E0EB9969A3A4A |
SHA1: | 10130EE482D312B9BD7D7F0A7C17FFFEC198350F |
SHA-256: | 91D2E98E58FC10AECDF5142C2C85422D41043F706132C0519FCC5EE9C6E68F19 |
SHA-512: | 593DAB9FC13D6A9EAF911EE115C1249BF85DE5F2163A314E4BE76020EEF5067714E195C350713C3219CA8BDABAA2E8F285AD09F0CA90691EF608BF9FE7A18AB8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9863635020520919 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpSM4zJwtNBwtNbRZ6bRZ4/MF:TVl2GL7ms6ggOVpCzutYtp6PV |
MD5: | 6A6970714F06D2CAD1E8067A7A7A6720 |
SHA1: | 26C3BCBAF1A28735353D93B00CEA3DC107B7797A |
SHA-256: | 8CE04E27FF2C01A7B010CEBA85C88EF576E8A772679879D4D774CCA4A0F5DC5A |
SHA-512: | 6CE9FD192602DC03CA75E2AE280A60BE213B0F4667ADACF8A4A3C2E8429520DF0410836BAAF9A5D7ACC15B0F719F504323D01C4B4DDBFEE3CA1F91704A23BB27 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3381216287596978 |
Encrypted: | false |
SSDEEP: | 24:7+t7AD1RZKHs/Ds/SpSMPzJwtNBwtNbRZ6bRZWf1RZKBJvqLBx/XYKQvGJF7urso:7M7GgOVpZzutYtp6PMOJvqll2GL7ms6T |
MD5: | 8BD364809EB8551EB45A1727A44FAB88 |
SHA1: | BAEDBB0D03DE4E24FCEEF188291BBEE17B0913B7 |
SHA-256: | A49B4BC2A4055251FFC734B6542FFB2A012B4DEA036E1A48FB1463054A816934 |
SHA-512: | 51A56DCD847802C09588BAE726709BB8A3AEF75B6F53E3B9AE35280E93319543584D00D465CD6878D47515B2C9A8AACC77DB46BBA31FDC43DAFBA5A6B7CFA460 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.511206980872271 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8eeWalHH:Qw946cPbiOxDlbYnuRKhs |
MD5: | 49D417CCA784D834D276A73546B246CF |
SHA1: | 2610A9F2D140528619DD80D3FACE459B841DC864 |
SHA-256: | 101A0AF2C10992C740D0DBBA1AD319A3E13E0EDD18E61B93FE9C6700D88A0BE4 |
SHA-512: | B2BF18F476C77741E27E4882E4D44FEA8AE9CF6743567D3FCB78DDAB799B3BE68531162747538D856EEFDB824701B8E2E44B8E5983CC8D7356B1D908E3D8FFC6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-16 20-09-06-176.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.379731144792467 |
Encrypted: | false |
SSDEEP: | 384:M8yp6Mj8LictMUNuwmLi8YCONUlMnH5o/9RrjzSbakX5n+k6bemCoVYtT1RdIQwl:z8F |
MD5: | AB0216DDABD4C8E9221CCF0D1AD3241A |
SHA1: | 5D0C0F26AE13FF2916CAC10EA8FD1FAFD9E8C65E |
SHA-256: | 3A2ADE90347743CFF413DA4F10D45203F6D03ADAEA05FD710054408410122E5D |
SHA-512: | 00636D42E8F22A39A13DB80508DE6C6CDEE1A04C41EF0C6FA45A1F65FB39873E1F6E2AC72D08CCEC3535FE7474BDD26F8ECB220CA8FDB04A78BB7070613F863F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.403552531121972 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbv:T |
MD5: | CB22ABC60C46C5958EB5BA0088C6D66E |
SHA1: | 0367D7AC9BE648FC14F3FF6237B1D6FD341B1E45 |
SHA-256: | 7170DEAFA995656B39EE9EB5EECF5F01EDD08F617CA7D70E9405E0763FE73C59 |
SHA-512: | 35B7E7307C8FBF8B20866F7D6C02E4AD6208A4C788ACEB828CD009B48A9C2CC4B06215FEF0741F2EE6AF7BC4EA75F1BC13B8B279F4A4C37C7E4D34A02BA8BA59 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/M7oMOWLaGZ4ZwYIGNP8dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RVWLaGZ4ZwZGm3mlind9i4ufFXpAXkru |
MD5: | E787F9888A1628BE8234F19E8EE26D68 |
SHA1: | 44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5 |
SHA-256: | 3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80 |
SHA-512: | EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.056973331729609 |
TrID: |
|
File name: | U.S. Xpress (1).pdf |
File size: | 99'396 bytes |
MD5: | df9fd48d0c89ef5a450f1cc3bc7febfe |
SHA1: | 401b6af770346e5446eee26a1c87878f9f2c0afe |
SHA256: | 5d584b0051274996f4e3e3529edb6cab40317770d44fd2c15129cf6585d990b7 |
SHA512: | 6a0e8030b75856256fc6ccfb9febb3e078e871d4ac3cc91740f16adffb4a8ae848a8ca4ff63d1649497144054024f86d0d79b335deab79cc591849036e3fa28e |
SSDEEP: | 1536:kPaCyBzClhX2CWQNgpKbyUKjbaYOdC6usmdgYzzyFIi88pTo:kyBClIsgMObaXYJx |
TLSH: | FDA3EA179C48DB43A42482E8BE430E692F5B174DA98236FE702F4DCF6F246610CDE56E |
File Content Preview: | %PDF-1.6.%......7 0 obj.<</Linearized 1/L 95595/O 9/E 91691/N 1/T 95304/H [ 459 145]>>.endobj. ..16 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<2FEAFE315D046E18E331A483259B11FB><B102A4A1C00F3945A1CF557AA870F04 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.056973 |
Total Bytes: | 99396 |
Stream Entropy: | 7.034013 |
Stream Bytes: | 97186 |
Entropy outside Streams: | 5.335407 |
Bytes outside Streams: | 2210 |
Number of EOF found: | 3 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 18 |
endobj | 18 |
stream | 15 |
endstream | 15 |
xref | 0 |
trailer | 0 |
startxref | 3 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 4 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
15 | 0c786b3368480d55 | 9cad1f509d952e8e5ef77dcb77f45332 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 16, 2024 20:09:16.839879990 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 16, 2024 20:09:16.839915037 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 16, 2024 20:09:16.839983940 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 16, 2024 20:09:16.840255022 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 16, 2024 20:09:16.840270042 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 16, 2024 20:09:17.157052040 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 16, 2024 20:09:17.157542944 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 16, 2024 20:09:17.157568932 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 16, 2024 20:09:17.158643961 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 16, 2024 20:09:17.158708096 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 16, 2024 20:09:17.160653114 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 16, 2024 20:09:17.160758972 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 16, 2024 20:09:17.160984039 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 16, 2024 20:09:17.160999060 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 16, 2024 20:09:17.213844061 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 16, 2024 20:09:17.300591946 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 16, 2024 20:09:17.300673962 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
Apr 16, 2024 20:09:17.300779104 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 16, 2024 20:09:17.301512957 CEST | 49714 | 443 | 192.168.2.5 | 184.25.164.138 |
Apr 16, 2024 20:09:17.301526070 CEST | 443 | 49714 | 184.25.164.138 | 192.168.2.5 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49714 | 184.25.164.138 | 443 | 5052 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 18:09:17 UTC | 475 | OUT | |
2024-04-16 18:09:17 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 20:09:02 |
Start date: | 16/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 20:09:03 |
Start date: | 16/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 20:09:03 |
Start date: | 16/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |