Windows
Analysis Report
U.,S. Xpress (2).pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6388 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\U .,S. Xpres s (2).pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 812 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7220 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 28 --field -trial-han dle=1628,i ,138906888 6786823232 3,60675899 0668673601 6,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
184.25.164.138 | unknown | United States | 9498 | BBIL-APBHARTIAirtelLtdIN | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1426965 |
Start date and time: | 2024-04-16 20:08:31 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 19s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | U.,S. Xpress (2).pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/44@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.201.212.159, 23.22.254.206, 52.202.204.11, 54.227.187.23, 52.5.13.197, 162.159.61.3, 172.64.41.3, 23.209.188.151, 23.209.188.149
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, time.windows.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: U.,S. Xpress (2).pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
184.25.164.138 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Lokibot, PureLog Stealer, zgRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | DarkGate, MailPassView | Browse | |||
Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
BBIL-APBHARTIAirtelLtdIN | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | CobaltStrike, Ducktail | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 300 |
Entropy (8bit): | 5.240511335296561 |
Encrypted: | false |
SSDEEP: | 6:AjUpyq2PcNwi2nKuAl9OmbnIFUt8V5jz1Zmw+V5jlRkwOcNwi2nKuAl9OmbjLJ:AoMvLZHAahFUt8V5jz1/+V5jz54ZHAae |
MD5: | 7375115B234115EECAA0AD80F0B64445 |
SHA1: | 7AAAEAD7492E0B897188DA021932DF33B6751D96 |
SHA-256: | 6E8D757D5406EFE02CC030968EBA18C5A0D883257D66FD55010FD05E1F6DAC11 |
SHA-512: | 6307085C39E86B34C358971CF2FC8ED0C0A632B689BCEE49B1672D69F84A6A200BB2B4F2A49EA1547278C56E4AD22CA01D951A78896E111990C62C5FC6E0E296 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 300 |
Entropy (8bit): | 5.240511335296561 |
Encrypted: | false |
SSDEEP: | 6:AjUpyq2PcNwi2nKuAl9OmbnIFUt8V5jz1Zmw+V5jlRkwOcNwi2nKuAl9OmbjLJ:AoMvLZHAahFUt8V5jz1/+V5jz54ZHAae |
MD5: | 7375115B234115EECAA0AD80F0B64445 |
SHA1: | 7AAAEAD7492E0B897188DA021932DF33B6751D96 |
SHA-256: | 6E8D757D5406EFE02CC030968EBA18C5A0D883257D66FD55010FD05E1F6DAC11 |
SHA-512: | 6307085C39E86B34C358971CF2FC8ED0C0A632B689BCEE49B1672D69F84A6A200BB2B4F2A49EA1547278C56E4AD22CA01D951A78896E111990C62C5FC6E0E296 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 344 |
Entropy (8bit): | 5.205320285124879 |
Encrypted: | false |
SSDEEP: | 6:3POq2PcNwi2nKuAl9Ombzo2jMGIFUt8mYZmw+mmFbFzkwOcNwi2nKuAl9Ombzo23:fOvLZHAa8uFUt8z/+9hz54ZHAa8RJ |
MD5: | F5103CA421408135F8DE3A2DE30B8FBA |
SHA1: | 029FC5C04FFBEA9037A937FAAE34222AD51E607C |
SHA-256: | 26C691CBDCDBF0E41E5F33EDB3253727100DCE745DAE61FDE88899B29C154CFB |
SHA-512: | 7A666047854ECD26751AE69D095362D71021BFED1FCC996987A0A504D1DB59D03EFFE4793AE22E60E2467A36167454B58325A5EBE7E1D14D34D28957C8692772 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 344 |
Entropy (8bit): | 5.205320285124879 |
Encrypted: | false |
SSDEEP: | 6:3POq2PcNwi2nKuAl9Ombzo2jMGIFUt8mYZmw+mmFbFzkwOcNwi2nKuAl9Ombzo23:fOvLZHAa8uFUt8z/+9hz54ZHAa8RJ |
MD5: | F5103CA421408135F8DE3A2DE30B8FBA |
SHA1: | 029FC5C04FFBEA9037A937FAAE34222AD51E607C |
SHA-256: | 26C691CBDCDBF0E41E5F33EDB3253727100DCE745DAE61FDE88899B29C154CFB |
SHA-512: | 7A666047854ECD26751AE69D095362D71021BFED1FCC996987A0A504D1DB59D03EFFE4793AE22E60E2467A36167454B58325A5EBE7E1D14D34D28957C8692772 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9f63504e-c2fc-4409-9fb4-591020d6aae2.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.969340035861989 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZE2sBdOg2H7Acaq3QYiubSpDyP7E4TX:Y2sRdsDbdMH7r3QYhbSpDa7n7 |
MD5: | 1BB0F7713A58F7B5E7ACFB20A5374AB1 |
SHA1: | B4625E6441BCDF592B6DE4FE4367E2BE3A19E376 |
SHA-256: | F24B74E7924D539B4BB1691DCC5EA7DD06BDD6D93A198F9C6323C272BB78C4A9 |
SHA-512: | 93643C94C5C1D62AD4A09F3D9D102F07FE0F43C556BBA29701D55E5960EEA1F69C578D7A345038E841EFC1B9D84D2DB79B46EF576F80CAB3AC78577A4F062CFC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.969340035861989 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZE2sBdOg2H7Acaq3QYiubSpDyP7E4TX:Y2sRdsDbdMH7r3QYhbSpDa7n7 |
MD5: | 1BB0F7713A58F7B5E7ACFB20A5374AB1 |
SHA1: | B4625E6441BCDF592B6DE4FE4367E2BE3A19E376 |
SHA-256: | F24B74E7924D539B4BB1691DCC5EA7DD06BDD6D93A198F9C6323C272BB78C4A9 |
SHA-512: | 93643C94C5C1D62AD4A09F3D9D102F07FE0F43C556BBA29701D55E5960EEA1F69C578D7A345038E841EFC1B9D84D2DB79B46EF576F80CAB3AC78577A4F062CFC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.23917136861796 |
Encrypted: | false |
SSDEEP: | 96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPAWBUOpZ:CwNw1GHqPySfkcigoO3h28ytPAWBUOpZ |
MD5: | 6C3F6B119EA65F8B376E3B005F7E5873 |
SHA1: | 65A2809FB119CA659AB03F2092B3EF79DA3099B5 |
SHA-256: | 369E8F65FCAAA6B92FCB039F8313DA34B77810B6E592EC5A1C2118F757B9D33B |
SHA-512: | 929E5035510FA3283CCF0948A38B09C4A1371122A68F007BE4AAB0F26768F57BA86CA480172241901DA43D2B83031AE7062AAF44D788D40D2DDD685C6E63D962 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 332 |
Entropy (8bit): | 5.237351947155392 |
Encrypted: | false |
SSDEEP: | 6:xpq2PcNwi2nKuAl9OmbzNMxIFUt8gU5Zmw+gCHzkwOcNwi2nKuAl9OmbzNMFLJ:xpvLZHAa8jFUt8gU5/+gCz54ZHAa84J |
MD5: | 4D5E7C4FECC80447CAA86BEF37583ED5 |
SHA1: | 5A9D6E0C286EA67F26CEB436FE00D775567918E6 |
SHA-256: | 692FB8E0B54686A4E048867B9C2AB750FAFAEB7A265761553B29674A448C34EA |
SHA-512: | E2B3D3C262CC8F5563E0FAE3C3A6DC9EC5DB7E9D78A4BE23CFE6FDABCBCE916ABEEDFB9EDC29D9AF1C536960CC5D7908EF38A50A52E01C8962AC0A3099784DA4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 332 |
Entropy (8bit): | 5.237351947155392 |
Encrypted: | false |
SSDEEP: | 6:xpq2PcNwi2nKuAl9OmbzNMxIFUt8gU5Zmw+gCHzkwOcNwi2nKuAl9OmbzNMFLJ:xpvLZHAa8jFUt8gU5/+gCz54ZHAa84J |
MD5: | 4D5E7C4FECC80447CAA86BEF37583ED5 |
SHA1: | 5A9D6E0C286EA67F26CEB436FE00D775567918E6 |
SHA-256: | 692FB8E0B54686A4E048867B9C2AB750FAFAEB7A265761553B29674A448C34EA |
SHA-512: | E2B3D3C262CC8F5563E0FAE3C3A6DC9EC5DB7E9D78A4BE23CFE6FDABCBCE916ABEEDFB9EDC29D9AF1C536960CC5D7908EF38A50A52E01C8962AC0A3099784DA4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240416180931Z-176.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 88614 |
Entropy (8bit): | 1.11103756881555 |
Encrypted: | false |
SSDEEP: | 384:ZnSyneUnG0sDTJzEtJMYHW4ed74hmtlbz8:ZleUn3GR4JpNed74Mrv8 |
MD5: | AD078D0C90B7984CE7A65EAAEBA78E9F |
SHA1: | 3423FAFD15D52863A883EB72214AFAB8E9E3D78F |
SHA-256: | 64DFC93102C42545A7CAA004C70D954D2BDA6531ABB5C9B2CDD9767CE17558E4 |
SHA-512: | 9AC532E8A9697A790781BD6C030A05A83774180EF9FF24AF90280AB05DF6BEC18ED71B3F1153F97332580D8AA1DF59146334121957211E15CA7056CF627E6262 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.439062262927321 |
Encrypted: | false |
SSDEEP: | 384:yeaci5GUiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:1YurVgazUpUTTGt |
MD5: | 9C274E1ADA4B738C144DE2CC9A5F4733 |
SHA1: | CF2F0F12EA6AD53BBAA032B779695615DAD7F3E2 |
SHA-256: | E26587BF5B5F12E9EC17199CBA8662B5EA6EC51FC3BA849EE0ED9D699C6478F1 |
SHA-512: | AC8781BE4A3AADFD78FEFF8E7188D50282A08814E9CC675FC3C5DC82E6B91E8F026D499AD1ED88A4F91A08ABF2C950F0FD2DE2133BB6A54BD280A501DC5BED42 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.777405565544913 |
Encrypted: | false |
SSDEEP: | 48:7MTp/E2ioyVTioy3DoWoy1CABoy1LKOioy1noy1AYoy1Wioy1hioybioyLoy1noI:7IpjuT0iANXKQibb9IVXEBodRBkT |
MD5: | A1B56F586C5775DF6C8D7A033997ACE0 |
SHA1: | 31247C77D7FFF313006776A71E523EB79436B41C |
SHA-256: | B0296723A6F12F64DDEFC427354A1F93290E7024887BB7647FB9E87E5FCAA660 |
SHA-512: | C2FEC444512EE6579FFEB6412DC64594CFC3DB0C20EA4D091D71C5C22CB7F0B59BFD33B64D723F9958624387075670F235B25B7B73AB2B35ED039B9E16BDE977 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 228346 |
Entropy (8bit): | 3.3890581331110528 |
Encrypted: | false |
SSDEEP: | 1536:qMKP+iyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:FKPoJ/3AYvYwgXFoL+sn |
MD5: | 2F8A4655789D955BD1CC67B790AF3179 |
SHA1: | E9F56CC175D0D792B1CD57A2210DD955F0739BAC |
SHA-256: | 09958248E59EC060D4345471BA55CD61481D6EA52A04AEC4B46B8B4826C3ED4F |
SHA-512: | 32755A4320EB0F05CD71280765424E9752F817E931C8E582BE93C589FAD3AFB48987DCF6D43768298D3A66D685297E82BD07AB2F604D43B9FF40C11F0391A66C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.385239567515789 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIrvQcVEU9MO4WsGiIPEeOF0YKqqoAvJM3g98kUwPeUkwRe9:YvXKXIR3MObsdTeOBZGMbLUkee9 |
MD5: | D5BFB9D89AA788BACA96BE95F9F7B984 |
SHA1: | A8255E48ED9A8271671CED252C8F86E5DC4165DC |
SHA-256: | 9C720796DB3EF1051B202726E8C754A337928E592CCC68EEC8D301DB34BBE303 |
SHA-512: | 064D5A260CD689814B0751912954904F9D84357C85EA7BDE5E898EB2A1725115D8D400F947B0E88768D3F9329287CEA9E2783FC101D364F7CE068B990A36174D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.323364745449629 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIrvQcVEU9MO4WsGiIPEeOF0YKqqoAvJfBoTfXpnrPeUkwRe9:YvXKXIR3MObsdTeOBZGWTfXcUkee9 |
MD5: | 1D1E7D3C3CEDC676EC1992B0989E7B82 |
SHA1: | 9C4E4257B36F396462E0672419029E6BE6C808D2 |
SHA-256: | AE4A9739794CAB6CA388C8F083DBBCFA4F1301416C7E7253CA2757120BE868B4 |
SHA-512: | 2D328B638712AE53C10BE4364943F24D6DF841CE59D361FA2070CE2841C839E8468A7C694387C2C539DAAEADA200ADECF9570EE9EC9BF6A0FD3888E6E0ED207E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.30176406431806 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIrvQcVEU9MO4WsGiIPEeOF0YKqqoAvJfBD2G6UpnrPeUkwRe9:YvXKXIR3MObsdTeOBZGR22cUkee9 |
MD5: | B8DEAE677BDA92BE55FAF5190EFF4E5C |
SHA1: | 547ACEA7253DBA58E5113EDECA633835AEFB1B4C |
SHA-256: | C8D7F2AC90E514BCD04A9CA2FA0D94111A5D1851BE9F128688BECC5B4411B7B9 |
SHA-512: | 615E97156AE462391109389027346B98721BF2D07693443B55C68E57C7E1FF16C168C19EB28AD122977E9A2524EE474B2A0ACC146A8F97D6C660D89392D33A17 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.372885455975819 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIrvQcVEU9MO4WsGiIPEeOF0YKqqoAvJfPmwrPeUkwRe9:YvXKXIR3MObsdTeOBZGH56Ukee9 |
MD5: | 310D2BD7AEC791A3385B88E9B85811D6 |
SHA1: | BE8B50917EE6CBD1F882712EFA89763CE78A6A18 |
SHA-256: | E0D6E649996DD2F306C138691B70E539C1CF713E7C34C706571469EB620D1E05 |
SHA-512: | FFACC663FC8279DA72272AEBFE68F0FE74E8EF337144B5467C3DFA695C314D10A40012C103F8E5449899D7C6653ECF0134A0898C62524275BBB193158117AE16 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.327337967136785 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIrvQcVEU9MO4WsGiIPEeOF0YKqqoAvJfJWCtMdPeUkwRe9:YvXKXIR3MObsdTeOBZGBS8Ukee9 |
MD5: | 992F33FBF6FC862C665084637850B027 |
SHA1: | C92EB5E47DF99F19307FF3F5921B251E09F8CC8A |
SHA-256: | A76D206336E7D85F6695F686413C31302CF54850D1C102072A86AFB7573AD5A0 |
SHA-512: | F290B1A416E0355E6BBB457B591BD0226F5E8A7E045DA09910EE80F1310BDEDC6E5B9320313294E1B10B2DA44919A63280131A09F720C33348B791500E10993A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.313672746777524 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIrvQcVEU9MO4WsGiIPEeOF0YKqqoAvJf8dPeUkwRe9:YvXKXIR3MObsdTeOBZGU8Ukee9 |
MD5: | 58428DE6D453468521B7B3DABFA6ADAA |
SHA1: | 44607CC56D24215D8487B41EB6C3EEDE2C78E53A |
SHA-256: | 5429132632FD27650EF0448324A8F4AD7DBAACC77230403546D74AC24C32625D |
SHA-512: | E8A88A450A6DC5DEB66EA4756A1C78BCD5FDA43D3AC8CE6D4568D25C6C3660CF4685F59ED745365702783D56D3099629A1500F2B7760285A99F548CF3063790F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.318032705752891 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIrvQcVEU9MO4WsGiIPEeOF0YKqqoAvJfQ1rPeUkwRe9:YvXKXIR3MObsdTeOBZGY16Ukee9 |
MD5: | CFC3F477AA40589B4B4A074380B3E2A4 |
SHA1: | 084CF816079B6A098339B2128B453DA72E9F015A |
SHA-256: | C045D4F2543EF68FF309038A6FFDA189165C33796F8E4873725CAFC4C9AC820D |
SHA-512: | CE9255AD8EEEB29C3909E05D5E345F88E0743D85D597D14B3FE4A6200791D4658A334AF829085D350270F978758D649C1425FE30BC4D2CAED4B1B2D9F9EE8620 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.334900426272156 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIrvQcVEU9MO4WsGiIPEeOF0YKqqoAvJfFldPeUkwRe9:YvXKXIR3MObsdTeOBZGz8Ukee9 |
MD5: | 19E6B9CFACDD1BDE743ADB9EE1F9B648 |
SHA1: | 3955EC8E9E96B2D3BC1A8102EDAA3D3246663D5A |
SHA-256: | F7BD9AA0747AF85157704B698DFFB7C6DC30BC883C57A3659EE4B3DC6CD01113 |
SHA-512: | 5993D93C848C46BA896C32729BF6929D13B578FAC4C70F645D430D7E2083C32C52E87E98CE73273F44CC211A823EBCCF90C54F1CBE7750D9F719AE97475A1F4F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.7430820777762595 |
Encrypted: | false |
SSDEEP: | 24:Yv6X08ObmeOHKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN+:YvzweKEgigrNt0wSJn+ns8cvFJM |
MD5: | 39D195731C96D05985BB9917ACA8F4FA |
SHA1: | 927F45BC0F4F1973023872E6FC4B132343FD8FE7 |
SHA-256: | 6AF385F08F650CAF9468B832A11E9585E0C19AE3075F020BDF237C43263D63CB |
SHA-512: | 083564D8C4A6A9F005FCCB6EAE989282E97F53C6A957DA546E4BBB2C8A6CE8C077B13C799C74554E705BDE23E6499BB979188C7DE4BFD1E7F42763854A2E8D9F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.320695051201476 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIrvQcVEU9MO4WsGiIPEeOF0YKqqoAvJfYdPeUkwRe9:YvXKXIR3MObsdTeOBZGg8Ukee9 |
MD5: | F9AB1D6D8121E307D186F93A3F8D9791 |
SHA1: | F28814851749436CF91A04E0CB48DF8048D3E549 |
SHA-256: | 5D33330AB3B562490468C85048D1A3EBE7835BC909907E1C2389503BC9195CDE |
SHA-512: | 76E236C5BAB4887D987D0B3CD093F0B40813AB7BAFF1A69F013C4F0B8C51B290260C8B13796C58A31790AABB78441A318B36F0AA96A667432AA2BAF9002F9A0C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.777477987856341 |
Encrypted: | false |
SSDEEP: | 24:Yv6X08ObmeOarLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNG:Yvzwe5HgDv3W2aYQfgB5OUupHrQ9FJQ |
MD5: | F16C8F71C0CD3579EAFFF220CE1FF263 |
SHA1: | 508A5E410E0D225AB7949F1CBAAA877A8BE16CE4 |
SHA-256: | E9C981E4732C6244365183B97AFCB575A78339BF33B6BA0954C2C8E2E27186C9 |
SHA-512: | 63FAD18A2B306F4B425A367B5D2AD376D5E9ADC97595EBA5F177F27FC218816639E78E4897031C6822936EE57CFFB7D5155E00EB6F70A528238E5E9DA929CB71 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.304099914846463 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIrvQcVEU9MO4WsGiIPEeOF0YKqqoAvJfbPtdPeUkwRe9:YvXKXIR3MObsdTeOBZGDV8Ukee9 |
MD5: | BF2811D5A3ECD4F9A04D4AEF88B2E9DA |
SHA1: | D989F630094D593AC867C2E68B66B4D2DA6D621E |
SHA-256: | 45675BA7C75CD5943C76753AEFDA3BD734783362466A25BA418463876E99240C |
SHA-512: | 50D56A9B871F368B1595813C5ADA7F42ACA3E4A5E3B4E0FFA1434FB44C8677515713B2BBCFDE93F5951A82CD8A9D38E4A06F1A3D645029ED88E047854D42B12C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.309037817896244 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIrvQcVEU9MO4WsGiIPEeOF0YKqqoAvJf21rPeUkwRe9:YvXKXIR3MObsdTeOBZG+16Ukee9 |
MD5: | 7C8B162468026F8A46DE2BA7EF85A4CE |
SHA1: | B9C529D3006137102F58FA56444D6CBAC3D95BAE |
SHA-256: | C027B6BFB4D927878CC99CEDD3A2C28650645B589285868252B35363B621904E |
SHA-512: | 1360B334FA491B1F1486ACFBED31D2AC399F9AB5E480C2623C1C6A63BAF7A778EC30705879220BF4612BEF401FEAF8D4677D1C9F9E10C791F4DFE5A6619A8E2F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.326924156918676 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIrvQcVEU9MO4WsGiIPEeOF0YKqqoAvJfbpatdPeUkwRe9:YvXKXIR3MObsdTeOBZGVat8Ukee9 |
MD5: | C3F467D5DE6A5CAA0E744B2D5149C8CF |
SHA1: | ABDD84B688EBD964A19CC29330C9AC060FC5AB42 |
SHA-256: | 074A2EE67D11D36122173BBEEAE5F3A9D853680E04D2E4E81E3326702A12AEA5 |
SHA-512: | 807891B6ADA7F8FB39A8571C2B0A08C31F663D0272FCA4D61C97B3D1D9F8262AB1992DA5B95EC03BDAB6406603D27348A69A22BDC72B73CC498B5ABEEFD4B486 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.28642993534812 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXIrvQcVEU9MO4WsGiIPEeOF0YKqqoAvJfshHHrPeUkwRe9:YvXKXIR3MObsdTeOBZGUUUkee9 |
MD5: | 7F6083000488A5558ED508E9C7982FDC |
SHA1: | 3BB402A9529DAEC139EB0ECB3510651FABF94F37 |
SHA-256: | FB351ABCD7DE08B576E837CD25BC511F4538C7A09D7E4DC089767822A53BF3B7 |
SHA-512: | 82C4FBC37F22F01C62C304EDF2CF4F472ADD75FEA39FB71113814AB4D3FE341602D47EBCC52D92CFD86AD2193B326CD5A4101376860951FADD82D51044BAC8F1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.382319420724993 |
Encrypted: | false |
SSDEEP: | 12:YvXKXIR3MObsdTeOBZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWi:Yv6X08ObmeOv168CgEXX5kcIfANhH |
MD5: | 346C93E735F4C42A985552E9A3B432CF |
SHA1: | 947D7C8FAFDB5CBC59000D1C5F5CFAE298A3A32F |
SHA-256: | ABE0C00EBEBCD8E7D0E48164FF5A03D2D354E5A37CD4C576ED9E23A4B69CEFAB |
SHA-512: | E5F59E858DE8C2DFDAB13961905439C2F3F2FCE1B27C5F5853C0339B2E1BA5C0E3E7E59E45966E3F2F2AA529430EC7AA455DCCC62EF106AE0335D1FF5CC7CB34 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.125269218386058 |
Encrypted: | false |
SSDEEP: | 24:YIQCGdzCCDR8OKhrwx1msBBtaJfayfWcZ1WCO7jITtj0Sdud2l2LSatQA3eT5Q98:YEwqdK1n+XZ1QIN4QktQAOT+9uh |
MD5: | 773EF9AB58A3DAA32AF3E06179387899 |
SHA1: | 90AE98E460C7AF56127367A50369BC1ED9E256C9 |
SHA-256: | FE87E8D2D91F7363FFBA8974077F5F3C9F6BDFE20FEC55F5B26389195D8234BD |
SHA-512: | C471CA832C6CCEABF48F0E1DA167397AD61EC1B7E0AD7D4C5C0CEAB83E4605B26785AF77B46622B856487E76C9EF84AAAC6EF625F61FFABF3DC7D188E9A3F0DD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.4523270422970698 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsm/lAj:lNVmsw3SHtbDbPe0K3+fDZdo |
MD5: | DD693D2AC5064599A36E421D04378199 |
SHA1: | 2B4AC7FAEAC52F6815FC27A2818BC9F74F604B75 |
SHA-256: | CA233EF2C1499AD163ACE63F080477C493C6542F823D80FCAB155D053509BB0B |
SHA-512: | 372EC7874D17834F2C16F1E8E34B9F9A125A779A0C13E8A9D37E0CBFD1DE2952F45F1F9826B243788DE97D9C88D58501071332FC8DA5C9C54E0652E91FDBA258 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.9571143390967567 |
Encrypted: | false |
SSDEEP: | 48:7MUSrvrBd6dHtbGIbPe0K3+fDy2dsm27qFl2GL7msQ:7W3SHtbDbPe0K3+fDZd6KVmsQ |
MD5: | 423DECC3A8E7CD42C2E45729A3E71283 |
SHA1: | 1470EEE3FAEF2E6E167B21C7C12D66505BE439B6 |
SHA-256: | 2AEEC783CC152254B980E68421CEA15DDF4683C733A28C2BC67EBEA2F4065686 |
SHA-512: | 7F589723672FAA6B57BA90194F620D9ED7BB930DF5F8177CDA4705EF298EB43828A9074BEF95DAFCDB879D8449E362CA49D480F5B9B2890CAAC4806EAF7BB60D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5278731006694652 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8eeWalwl:Qw946cPbiOxDlbYnuRKhZ |
MD5: | DE5134CBEBB56C3EAD6AF024FADE2E66 |
SHA1: | 6CF80672900B599B168F756DFE041B46E488BFDF |
SHA-256: | 7504FFBA273E48D7B47560B3187E0EB5B8199B916533C469FE9DEEC3206EE67D |
SHA-512: | 746FB23707DD078ACC6B09FD49C5C5D10A8431E725574400707977A5C825294ED0B52F1AC7BB99A27E1588FEB65CD3A2F1F94D57ACB75CBF2855F0590865294A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-16 20-09-29-384.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.386483451061953 |
Encrypted: | false |
SSDEEP: | 384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID |
MD5: | F49CA270724D610D1589E217EA78D6D1 |
SHA1: | 22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3 |
SHA-256: | D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D |
SHA-512: | 181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-16 22-04-02-785.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15280 |
Entropy (8bit): | 5.336208401586583 |
Encrypted: | false |
SSDEEP: | 384:mEiRQRxRYRmR7R+6T6vz676o6D6aHDHlH+8R8N8T8vJQJUJtJeivonKnSnEkIm1t:m9WLOw9IY8zEdCljFe860q6eLkJKSEFm |
MD5: | 4017F71F028C0CF6BE824B7CE734AE2F |
SHA1: | FF8E788B352F2175F2FAA25A4E6A5C4C7FA4BA7B |
SHA-256: | B8A252D8DFFF074D1DE21D478BBFB853AFE17CA10217F417236CB9AF40E485E2 |
SHA-512: | E027DB72B405EEB2624BA176DEF63F81034D866BE0C68B7A5ABCD56ACFBC3AAB08D379C48B13AB790E41C327F39D45CB0121862B01653297F51C8BD43FCC2721 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1255 |
Entropy (8bit): | 5.233160702589139 |
Encrypted: | false |
SSDEEP: | 24:mGtbkqsGWvZOFPGtbkqsGWN82jGtbkqs1hoGtbkqs1AcGtbkqs1ZwLGtbkqs1Y8R:mebDsBvOebDsBN82ebDs16ebDs1xebDv |
MD5: | C5B3BF151F61BC4749ECC4525C5648E4 |
SHA1: | 1F7467BA5E9321A318FD8143B576BAE1C93A0AF9 |
SHA-256: | 98E4D7150BCD646CFE08EC7DAFA7534CAB04A0A3784E277E44FFEDF15891941A |
SHA-512: | B2C1A6DA0096B40B66058BBC5326622A9068DB13C54250ECE2DABA5BDE79A4BDA819D265C284EDD264B6DCACB648D1F6846FD3020FD849C75A2A47AAEA68595F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35814 |
Entropy (8bit): | 5.418028384274923 |
Encrypted: | false |
SSDEEP: | 768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRo:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gR6 |
MD5: | B44DB6E505F82D0DDFC5E89D1A62EE1C |
SHA1: | 8751276FEADCB51544460F6BAD57D72AF4335615 |
SHA-256: | 5F4BEA11AF28E4504977D507AFAB0038ED305F2086161B98CFB92A559FA56EED |
SHA-512: | 9911921DC01E297D2B8A68CA6B4108E27199863BE68DF940E74045AC6E541028574E29187A9E2C4E3BC7A1F1ACA2A9D0B4AE6A5A99654EABADB71B3BF91AD211 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLlGZGwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLlGZT |
MD5: | B3CBE54294848B03EB7291C644515EE9 |
SHA1: | DE3DC0B90804AD050E7E8BD42B2C02DE33B71574 |
SHA-256: | A087D5F27629D6EA2AA70EBD0BF7D7049D25F3A759441717C4789418BB948666 |
SHA-512: | 79D6722E404A26EA36C643C8047C543195F637FD888B2A3D16B0377DF640562CC4C74C4B80DD8BBA2E46B4CF7E9525CCA96F0292E34989FA24D089E1CBF3F385 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.038771023046547 |
TrID: |
|
File name: | U.,S. Xpress (2).pdf |
File size: | 90'010 bytes |
MD5: | 6cd1de8d036e91c619a7c0b1533e5697 |
SHA1: | 53a85d618512ebded13b25e7156c8fc2f8ef0def |
SHA256: | b78e9ee78f17fe781c7e403d9ab42f39fa303f99526fedb0966cd11ec0a589d4 |
SHA512: | bb110119f52877489edb31ae0d9ad2be31aecfd805040d28c53511432be7cdac169e84a059379b23b5964ae06c661e20f3973b84c20f6ef2ccd357f6f6aac09a |
SSDEEP: | 1536:Oz6wmJcD9g2ksxCsIBMyOlzNs+8/GLBFPs:i6NJka2ksxCscLOlWd/G1Fk |
TLSH: | EE93DD135914CB82A56982E8BE071E985F0B6B0DE5C23AEF301F0A8B7F647364DCD56D |
File Content Preview: | %PDF-1.6.%......7 0 obj.<</Linearized 1/L 90010/O 9/E 86117/N 1/T 89719/H [ 435 134]>>.endobj. ..12 0 obj.<</DecodeParms<</Columns 3/Predictor 12>>/Filter/FlateDecode/ID[<C864B63F1FEAEE48A2F36C1DD2EFD63F><ACD746F0C53C2F409ED5708AF218029 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.038771 |
Total Bytes: | 90010 |
Stream Entropy: | 7.020146 |
Stream Bytes: | 88609 |
Entropy outside Streams: | 5.351640 |
Bytes outside Streams: | 1401 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 11 |
endobj | 11 |
stream | 8 |
endstream | 8 |
xref | 0 |
trailer | 0 |
startxref | 2 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 2 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
11 | 0c7c633368480d55 | 0dead377f9f3477b5b25a673a6d9b4fa |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 16, 2024 20:09:39.458899975 CEST | 49712 | 443 | 192.168.2.7 | 184.25.164.138 |
Apr 16, 2024 20:09:39.458930969 CEST | 443 | 49712 | 184.25.164.138 | 192.168.2.7 |
Apr 16, 2024 20:09:39.459011078 CEST | 49712 | 443 | 192.168.2.7 | 184.25.164.138 |
Apr 16, 2024 20:09:39.459229946 CEST | 49712 | 443 | 192.168.2.7 | 184.25.164.138 |
Apr 16, 2024 20:09:39.459238052 CEST | 443 | 49712 | 184.25.164.138 | 192.168.2.7 |
Apr 16, 2024 20:09:39.792392969 CEST | 443 | 49712 | 184.25.164.138 | 192.168.2.7 |
Apr 16, 2024 20:09:39.792912006 CEST | 49712 | 443 | 192.168.2.7 | 184.25.164.138 |
Apr 16, 2024 20:09:39.792933941 CEST | 443 | 49712 | 184.25.164.138 | 192.168.2.7 |
Apr 16, 2024 20:09:39.796566010 CEST | 443 | 49712 | 184.25.164.138 | 192.168.2.7 |
Apr 16, 2024 20:09:39.796638966 CEST | 49712 | 443 | 192.168.2.7 | 184.25.164.138 |
Apr 16, 2024 20:09:39.798404932 CEST | 49712 | 443 | 192.168.2.7 | 184.25.164.138 |
Apr 16, 2024 20:09:39.798602104 CEST | 443 | 49712 | 184.25.164.138 | 192.168.2.7 |
Apr 16, 2024 20:09:39.798608065 CEST | 49712 | 443 | 192.168.2.7 | 184.25.164.138 |
Apr 16, 2024 20:09:39.844114065 CEST | 443 | 49712 | 184.25.164.138 | 192.168.2.7 |
Apr 16, 2024 20:09:39.852140903 CEST | 49712 | 443 | 192.168.2.7 | 184.25.164.138 |
Apr 16, 2024 20:09:39.852153063 CEST | 443 | 49712 | 184.25.164.138 | 192.168.2.7 |
Apr 16, 2024 20:09:39.899029016 CEST | 49712 | 443 | 192.168.2.7 | 184.25.164.138 |
Apr 16, 2024 20:09:39.904227018 CEST | 443 | 49712 | 184.25.164.138 | 192.168.2.7 |
Apr 16, 2024 20:09:39.904412985 CEST | 443 | 49712 | 184.25.164.138 | 192.168.2.7 |
Apr 16, 2024 20:09:39.904468060 CEST | 49712 | 443 | 192.168.2.7 | 184.25.164.138 |
Apr 16, 2024 20:09:39.905004978 CEST | 49712 | 443 | 192.168.2.7 | 184.25.164.138 |
Apr 16, 2024 20:09:39.905023098 CEST | 443 | 49712 | 184.25.164.138 | 192.168.2.7 |
Apr 16, 2024 20:09:39.905061007 CEST | 49712 | 443 | 192.168.2.7 | 184.25.164.138 |
Apr 16, 2024 20:09:39.905092955 CEST | 49712 | 443 | 192.168.2.7 | 184.25.164.138 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49712 | 184.25.164.138 | 443 | 7220 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 18:09:39 UTC | 475 | OUT | |
2024-04-16 18:09:39 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 20:09:26 |
Start date: | 16/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff702560000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 20:09:26 |
Start date: | 16/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c3ff0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 7 |
Start time: | 20:09:27 |
Start date: | 16/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c3ff0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |