Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
jO7FHDAZ6f.pdf

Overview

General Information

Sample name:jO7FHDAZ6f.pdf
renamed because original name is a hash value
Original sample name:00000a7b9b21e8e7ab8754e3023a06dd5d4df63da61a01c0f2da9ebc4ed42842.pdf
Analysis ID:1558529
MD5:44929fe50c9bd744987b6a84d88187a1
SHA1:17988aa3d64d53bc844b122e6afc464161feb6d6
SHA256:00000a7b9b21e8e7ab8754e3023a06dd5d4df63da61a01c0f2da9ebc4ed42842
Infos:
Errors
  • Corrupt sample or wrongly selected analyzer.

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found potential malicious PDF (bad image similarity)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
IP address seen in connection with other malware
Shows file infection / information gathering behavior (enumerates multiple directory for files)

Classification

Process Tree

  • System is w7x64
  • AcroRd32.exe (PID: 3256 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\jO7FHDAZ6f.pdf" MD5: 2F8D93826B8CBF9290BC57535C7A6817)
    • RdrCEF.exe (PID: 3432 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 MD5: 326A645391A97C760B60C558A35BB068)
  • chrome.exe (PID: 1056 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "https://ttraff.me/123?keyword=super+cleaner+2020+apkpure" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
    • chrome.exe (PID: 1448 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 --field-trial-handle=1232,i,4480364503558093569,10111975475138914287,131072 /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Modification of IE Registry Settings
Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe, ProcessId: 3256, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: jO7FHDAZ6f.pdfAvira: detected
Multi AV Scanner detection for submitted file
Source: jO7FHDAZ6f.pdfReversingLabs: Detection: 51%
Machine Learning detection for sample
Source: jO7FHDAZ6f.pdfJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\GoogleJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeDirectory queried: number of queries: 1010
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: global trafficDNS traffic detected: DNS query: ttraff.me
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: support.google.com
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://cdn.shopify.com/s/files/1/0268/7326/6352/files/police_incident_report_form.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://cdn.shopify.com/s/files/1/0433/6916/9054/files/dka_treatment_guidelines_2020_ada.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://cdn.shopify.com/s/files/1/0435/3284/5207/files/future_where_ya_from_mp3_download.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://s3.amazonaws.com/fasanag/1663838111.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://s3.amazonaws.com/felasorarabipis/logical_connectors_exercises_with_answers.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://s3.amazonaws.com/henghuili-files/balanced_scorecard_conceito.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://s3.amazonaws.com/henghuili-files2/97513405289.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://s3.amazonaws.com/kavitokolezub/arquitectura_moderna_en_latinoamerica.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://s3.amazonaws.com/memul/tojixedunurajilekan.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://s3.amazonaws.com/subud/jokupuratifupawelipika.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://s3.amazonaws.com/wonoti/23152353687.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://s3.amazonaws.com/xanebavifamopez/73340951774.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://s3.amazonaws.com/zetare/labofadokilex.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://s3.amazonaws.com/zirojopemup/20186772622.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://s3.amazonaws.com/zuxadol/11614902076.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://ttraff.me/123?keyword=super
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://uploads.strikinglycdn.com/files/470d0046-f4a5-472a-9023-dd88432b3562/66520943261.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://uploads.strikinglycdn.com/files/5927a431-c229-45bd-aa11-512bbc638af8/xapuzimesuzu.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://uploads.strikinglycdn.com/files/6f5b1d1f-68f9-416a-b7b0-776b388baa9b/faxepowodudalufikazokif
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://uploads.strikinglycdn.com/files/771e1098-d86e-4cb0-ac24-bb2ed5a39624/jinevukuxigutulex.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://uploads.strikinglycdn.com/files/8a7f9763-a774-47ca-b392-ad9ca644292f/costco_pre_cooked_ribs.
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://uploads.strikinglycdn.com/files/ab6886ab-e467-4b1a-97df-74f1a5bcf0cd/87554276710.pdf)
Source: jO7FHDAZ6f.pdfString found in binary or memory: https://uploads.strikinglycdn.com/files/c1b9c567-1954-4131-85ca-85ab9fe81445/56063045491.pdf)
Source: unknownNetwork traffic detected: HTTP traffic on port 49184 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49185 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49178
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49176
Source: unknownNetwork traffic detected: HTTP traffic on port 49182 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49185
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49184
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49182
Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49176 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49178 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443

System Summary

barindex
Found potential malicious PDF (bad image similarity)
Source: jO7FHDAZ6f.pdfStatic PDF information: Image stream: 7
Source: classification engineClassification label: mal68.winPDF@29/9@6/5
Source: jO7FHDAZ6f.pdfInitial sample: https://ttraff.me/123?keyword=super+cleaner+2020+apkpure
Source: jO7FHDAZ6f.pdfInitial sample: https://s3.amazonaws.com/kavitokolezub/arquitectura_moderna_en_latinoamerica.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://cdn.shopify.com/s/files/1/0268/7326/6352/files/police_incident_report_form.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://s3.amazonaws.com/wonoti/23152353687.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://s3.amazonaws.com/zirojopemup/20186772622.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://s3.amazonaws.com/henghuili-files/balanced_scorecard_conceito.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://s3.amazonaws.com/henghuili-files2/97513405289.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://uploads.strikinglycdn.com/files/5927a431-c229-45bd-aa11-512bbc638af8/xapuzimesuzu.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://s3.amazonaws.com/xanebavifamopez/73340951774.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://s3.amazonaws.com/zetare/labofadokilex.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://s3.amazonaws.com/felasorarabipis/logical_connectors_exercises_with_answers.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://uploads.strikinglycdn.com/files/470d0046-f4a5-472a-9023-dd88432b3562/66520943261.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://uploads.strikinglycdn.com/files/c1b9c567-1954-4131-85ca-85ab9fe81445/56063045491.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://uploads.strikinglycdn.com/files/ab6886ab-e467-4b1a-97df-74f1a5bcf0cd/87554276710.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://uploads.strikinglycdn.com/files/8a7f9763-a774-47ca-b392-ad9ca644292f/costco_pre_cooked_ribs.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://cdn.shopify.com/s/files/1/0433/6916/9054/files/dka_treatment_guidelines_2020_ada.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://uploads.strikinglycdn.com/files/771e1098-d86e-4cb0-ac24-bb2ed5a39624/jinevukuxigutulex.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://s3.amazonaws.com/fasanag/1663838111.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://cdn.shopify.com/s/files/1/0435/3284/5207/files/future_where_ya_from_mp3_download.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://s3.amazonaws.com/subud/jokupuratifupawelipika.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://uploads.strikinglycdn.com/files/6f5b1d1f-68f9-416a-b7b0-776b388baa9b/faxepowodudalufikazokifiz.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://s3.amazonaws.com/memul/tojixedunurajilekan.pdf
Source: jO7FHDAZ6f.pdfInitial sample: https://s3.amazonaws.com/zuxadol/11614902076.pdf
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\GoogleJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIconsJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_sbxJump to behavior
Source: jO7FHDAZ6f.pdfReversingLabs: Detection: 51%
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\jO7FHDAZ6f.pdf"
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: unknownProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "https://ttraff.me/123?keyword=super+cleaner+2020+apkpure"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 --field-trial-handle=1232,i,4480364503558093569,10111975475138914287,131072 /prefetch:8
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 --field-trial-handle=1232,i,4480364503558093569,10111975475138914287,131072 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\GoogleJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: jO7FHDAZ6f.pdfInitial sample: PDF keyword /JS count = 0
Source: jO7FHDAZ6f.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: jO7FHDAZ6f.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: jO7FHDAZ6f.pdfInitial sample: PDF keyword obj count = 59
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeDirectory queried: number of queries: 1010

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		Windows Management InstrumentationPath Interception1
Process Injection		3
Masquerading		OS Credential Dumping1
File and Directory Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
jO7FHDAZ6f.pdf51%ReversingLabsDocument-PDF.Phishing.PhishingX
jO7FHDAZ6f.pdf100%AviraHTML/Malicious.PDF.Gen
jO7FHDAZ6f.pdf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://s3.amazonaws.com/fasanag/1663838111.pdf)0%Avira URL Cloudsafe
https://s3.amazonaws.com/zirojopemup/20186772622.pdf)0%Avira URL Cloudsafe
https://ttraff.me/123?keyword=super0%Avira URL Cloudsafe
https://s3.amazonaws.com/kavitokolezub/arquitectura_moderna_en_latinoamerica.pdf)0%Avira URL Cloudsafe
https://s3.amazonaws.com/henghuili-files2/97513405289.pdf)0%Avira URL Cloudsafe
https://s3.amazonaws.com/zetare/labofadokilex.pdf)0%Avira URL Cloudsafe
https://s3.amazonaws.com/zuxadol/11614902076.pdf)0%Avira URL Cloudsafe
https://s3.amazonaws.com/subud/jokupuratifupawelipika.pdf)0%Avira URL Cloudsafe
https://s3.amazonaws.com/memul/tojixedunurajilekan.pdf)0%Avira URL Cloudsafe
https://s3.amazonaws.com/henghuili-files/balanced_scorecard_conceito.pdf)0%Avira URL Cloudsafe
https://s3.amazonaws.com/felasorarabipis/logical_connectors_exercises_with_answers.pdf)0%Avira URL Cloudsafe
https://s3.amazonaws.com/wonoti/23152353687.pdf)0%Avira URL Cloudsafe
https://s3.amazonaws.com/xanebavifamopez/73340951774.pdf)0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ttraff.me
172.232.4.213
truefalse
    		unknown
    www.google.com
    		142.250.186.100
    		truefalse
      		high
      support.google.com
      		142.250.186.110
      		truefalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://s3.amazonaws.com/zirojopemup/20186772622.pdf)jO7FHDAZ6f.pdffalse
        • Avira URL Cloud: safe
        		unknown
        https://cdn.shopify.com/s/files/1/0435/3284/5207/files/future_where_ya_from_mp3_download.pdf)jO7FHDAZ6f.pdffalse
          		high
          https://s3.amazonaws.com/henghuili-files2/97513405289.pdf)jO7FHDAZ6f.pdffalse
          • Avira URL Cloud: safe
          		unknown
          https://ttraff.me/123?keyword=superjO7FHDAZ6f.pdffalse
          • Avira URL Cloud: safe
          		unknown
          https://uploads.strikinglycdn.com/files/771e1098-d86e-4cb0-ac24-bb2ed5a39624/jinevukuxigutulex.pdf)jO7FHDAZ6f.pdffalse
            		high
            https://cdn.shopify.com/s/files/1/0268/7326/6352/files/police_incident_report_form.pdf)jO7FHDAZ6f.pdffalse
              		high
              https://s3.amazonaws.com/kavitokolezub/arquitectura_moderna_en_latinoamerica.pdf)jO7FHDAZ6f.pdffalse
              • Avira URL Cloud: safe
              		unknown
              https://uploads.strikinglycdn.com/files/8a7f9763-a774-47ca-b392-ad9ca644292f/costco_pre_cooked_ribs.jO7FHDAZ6f.pdffalse
                		high
                https://s3.amazonaws.com/zetare/labofadokilex.pdf)jO7FHDAZ6f.pdffalse
                • Avira URL Cloud: safe
                		unknown
                https://uploads.strikinglycdn.com/files/ab6886ab-e467-4b1a-97df-74f1a5bcf0cd/87554276710.pdf)jO7FHDAZ6f.pdffalse
                  		high
                  https://uploads.strikinglycdn.com/files/5927a431-c229-45bd-aa11-512bbc638af8/xapuzimesuzu.pdf)jO7FHDAZ6f.pdffalse
                    		high
                    https://s3.amazonaws.com/fasanag/1663838111.pdf)jO7FHDAZ6f.pdffalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://uploads.strikinglycdn.com/files/6f5b1d1f-68f9-416a-b7b0-776b388baa9b/faxepowodudalufikazokifjO7FHDAZ6f.pdffalse
                      		high
                      https://s3.amazonaws.com/henghuili-files/balanced_scorecard_conceito.pdf)jO7FHDAZ6f.pdffalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://s3.amazonaws.com/zuxadol/11614902076.pdf)jO7FHDAZ6f.pdffalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://s3.amazonaws.com/memul/tojixedunurajilekan.pdf)jO7FHDAZ6f.pdffalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://s3.amazonaws.com/subud/jokupuratifupawelipika.pdf)jO7FHDAZ6f.pdffalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://s3.amazonaws.com/felasorarabipis/logical_connectors_exercises_with_answers.pdf)jO7FHDAZ6f.pdffalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://s3.amazonaws.com/xanebavifamopez/73340951774.pdf)jO7FHDAZ6f.pdffalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://s3.amazonaws.com/wonoti/23152353687.pdf)jO7FHDAZ6f.pdffalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://uploads.strikinglycdn.com/files/470d0046-f4a5-472a-9023-dd88432b3562/66520943261.pdf)jO7FHDAZ6f.pdffalse
                        		high
                        https://uploads.strikinglycdn.com/files/c1b9c567-1954-4131-85ca-85ab9fe81445/56063045491.pdf)jO7FHDAZ6f.pdffalse
                          		high
                          https://cdn.shopify.com/s/files/1/0433/6916/9054/files/dka_treatment_guidelines_2020_ada.pdf)jO7FHDAZ6f.pdffalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            172.232.4.213
                            		ttraff.meUnited States
                            		20940AKAMAI-ASN1EUfalse
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse
                            142.250.186.110
                            		support.google.comUnited States
                            		15169GOOGLEUSfalse
                            142.250.186.100
                            		www.google.comUnited States
                            		15169GOOGLEUSfalse

                            Private

                            IP
                            192.168.2.255

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1558529
                            Start date and time:2024-11-19 14:53:07 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 4m 6s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowspdfcookbook.jbs
                            Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                            Number of analysed new started processes analysed:8
                            Number of new started drivers analysed:2
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:jO7FHDAZ6f.pdf
                            renamed because original name is a hash value
                            Original Sample Name:00000a7b9b21e8e7ab8754e3023a06dd5d4df63da61a01c0f2da9ebc4ed42842.pdf
                            Detection:MAL
                            Classification:mal68.winPDF@29/9@6/5
                            Cookbook Comments:
                            • Found application associated with file extension: .pdf
                            • Found PDF document
                            • URL browsing timeout or error
                            • Close Viewer

                            Errors

                            • Corrupt sample or wrongly selected analyzer.

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe, vga.dll, WMIADAP.exe
                            • Excluded IPs from analysis (whitelisted): 2.20.232.204, 96.16.122.53, 96.16.122.55, 96.16.122.48, 96.16.122.51, 96.16.122.54, 96.16.122.57, 96.16.122.50, 96.16.122.56, 96.16.122.46, 184.25.51.83, 184.25.51.66, 184.30.20.134, 142.250.185.99, 142.250.185.110, 142.250.27.84, 142.250.186.170, 142.250.185.106, 216.58.206.74, 142.250.186.138, 142.250.185.138, 216.58.212.138, 142.250.184.234, 172.217.18.10, 142.250.184.202, 142.250.186.106, 172.217.23.106, 172.217.16.202, 142.250.185.170, 216.58.212.170, 142.250.185.202, 142.250.185.74, 142.250.186.99, 172.217.18.3, 142.250.185.163, 142.250.186.78
                            • Excluded domains from analysis (whitelisted): accounts.google.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, clientservices.googleapis.com, acroipm2.adobe.com, ssl.adobe.com.edgekey.net, clients2.google.com, armmf.adobe.com, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtOpenFile calls found.
                            • Report size getting too big, too many NtQueryDirectoryFile calls found.
                            • VT rate limit hit for: jO7FHDAZ6f.pdf

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            08:54:05API Interceptor222x Sleep call for process: AcroRd32.exe modified
                            08:54:12API Interceptor62x Sleep call for process: RdrCEF.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            239.255.255.250https://www-airport-lk.mail-gov.org/8e8f2a7a/doc.rtfGet hashmaliciousUnknownBrowse
                              https://www.google.ru/url?q=sf_rand_string_uppercase(33)uQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%C2%A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%6E%77%2E%71%76%6F%70%69%6F%31%2E%7A%61%2E%63%6F%6D%2F%66%6C%6F%65%2F%6B%69%6D%6D%2F%70%65%64%64%2Fsf_rand_string_mixed(24)/smigelskis@alpenacounty.orgGet hashmaliciousUnknownBrowse
                                eek call.emlGet hashmaliciousUnknownBrowse
                                  Review_&_Aprove_Your_Next_Payment76770.htmlGet hashmaliciousUnknownBrowse
                                    https://uxfol.io/p/7d34b6df/0299cc7bGet hashmaliciousUnknownBrowse
                                      https://accounts.isdinproviders.com/document/pXfhPTQ4eGet hashmaliciousUnknownBrowse
                                        http://www.amartha.kotakwarna.co.idGet hashmaliciousUnknownBrowse
                                          https://uxfol.io/p/7d34b6df/0299cc7bGet hashmaliciousUnknownBrowse
                                            https://dorentop.es/yorii/Odrivex/Get hashmaliciousUnknownBrowse
                                              https://gees.z13.web.core.windows.net/Get hashmaliciousUnknownBrowse
                                                172.232.4.213gUJak0onLk.elfGet hashmaliciousUnknownBrowse
                                                • messiahfitness.org/
                                                ILTgEaPqmE.exeGet hashmaliciousUnknownBrowse
                                                • englishboard.net/index.php

                                                Domains

                                                No context

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                AKAMAI-ASN1EUSP3IUr6MfJ.exeGet hashmaliciousAsyncRATBrowse
                                                • 172.233.187.199
                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                • 23.206.195.168
                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                • 23.221.22.214
                                                https://website-70396.convertflowpages.com/firstmarkinsuranceGet hashmaliciousHTMLPhisherBrowse
                                                • 172.233.61.221
                                                owari.sh4.elfGet hashmaliciousUnknownBrowse
                                                • 172.232.16.214
                                                owari.mpsl.elfGet hashmaliciousUnknownBrowse
                                                • 104.85.26.118
                                                owari.ppc.elfGet hashmaliciousUnknownBrowse
                                                • 172.237.240.232
                                                Portfolio Review _2024.htmlGet hashmaliciousUnknownBrowse
                                                • 2.19.97.184
                                                FRSSDE.exeGet hashmaliciousRemcosBrowse
                                                • 23.222.241.146
                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                • 23.221.22.215

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

                                                Download File
                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                File Type:data
                                                Category:modified
                                                Size (bytes):270336
                                                Entropy (8bit):0.0018811398465979306
                                                Encrypted:false
                                                SSDEEP:3:MsEllllkEthXllkl2zEfqvgu/:/M/xT02zhl/
                                                MD5:222E5D8EC1F8FD543C5B3F328752A996
                                                SHA1:90DE6F0F2A8E115926C4EA14C2F3AC1DB07958FC
                                                SHA-256:13A0E61B76D21FEA42C20F581E2DC5E6266A2DC0E7C101AB86C385398DFBC022
                                                SHA-512:9C068091DEAD9A1AB5E1066AAA85C42F38DA483D43172166B3F3E9BA8E21C6FC451E65F51FB5D3165460F649452BB67DB89FDD32DACD52872248085D55B6D280
                                                Malicious:false
                                                Reputation:low
                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                Download File
                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):292
                                                Entropy (8bit):5.252368157078351
                                                Encrypted:false
                                                SSDEEP:6:HU9hpIq2PP2nKuAl9OmbnIFUt8YU99FZZmw+YU9qC7kwOP2nKuAl9OmbjLJ:+IvWHAahFUt81/+v757HAaSJ
                                                MD5:1815A9196671A53DBD88DAC2DE238681
                                                SHA1:F9C0F3093E31A19B6907467317127C574CB610FB
                                                SHA-256:237B903DE9AC457C0E0762E4B3B914626F2E894BA08DCF387DB26CCA994F9C4F
                                                SHA-512:1AD6FFB398EAE69311D551A7F5D24E5737C0AC063A2F68E839FA8E787C23FA4B7A9F0A70E6222AB4647417BA8451F8C5316A6BBEA023A3812086BDBB739E29A0
                                                Malicious:false
                                                Reputation:low
                                                Preview:2024/11/19-08:54:14.477 3520 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/19-08:54:14.482 3520 Recovering log #3.2024/11/19-08:54:14.486 3520 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                Download File
                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):292
                                                Entropy (8bit):5.252368157078351
                                                Encrypted:false
                                                SSDEEP:6:HU9hpIq2PP2nKuAl9OmbnIFUt8YU99FZZmw+YU9qC7kwOP2nKuAl9OmbjLJ:+IvWHAahFUt81/+v757HAaSJ
                                                MD5:1815A9196671A53DBD88DAC2DE238681
                                                SHA1:F9C0F3093E31A19B6907467317127C574CB610FB
                                                SHA-256:237B903DE9AC457C0E0762E4B3B914626F2E894BA08DCF387DB26CCA994F9C4F
                                                SHA-512:1AD6FFB398EAE69311D551A7F5D24E5737C0AC063A2F68E839FA8E787C23FA4B7A9F0A70E6222AB4647417BA8451F8C5316A6BBEA023A3812086BDBB739E29A0
                                                Malicious:false
                                                Reputation:low
                                                Preview:2024/11/19-08:54:14.477 3520 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/19-08:54:14.482 3520 Recovering log #3.2024/11/19-08:54:14.486 3520 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF662d96.TMP (copy)

                                                Download File
                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):292
                                                Entropy (8bit):5.252368157078351
                                                Encrypted:false
                                                SSDEEP:6:HU9hpIq2PP2nKuAl9OmbnIFUt8YU99FZZmw+YU9qC7kwOP2nKuAl9OmbjLJ:+IvWHAahFUt81/+v757HAaSJ
                                                MD5:1815A9196671A53DBD88DAC2DE238681
                                                SHA1:F9C0F3093E31A19B6907467317127C574CB610FB
                                                SHA-256:237B903DE9AC457C0E0762E4B3B914626F2E894BA08DCF387DB26CCA994F9C4F
                                                SHA-512:1AD6FFB398EAE69311D551A7F5D24E5737C0AC063A2F68E839FA8E787C23FA4B7A9F0A70E6222AB4647417BA8451F8C5316A6BBEA023A3812086BDBB739E29A0
                                                Malicious:false
                                                Reputation:low
                                                Preview:2024/11/19-08:54:14.477 3520 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/19-08:54:14.482 3520 Recovering log #3.2024/11/19-08:54:14.486 3520 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

                                                Download File
                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):131072
                                                Entropy (8bit):0.007818402565218801
                                                Encrypted:false
                                                SSDEEP:3:ImtV+7M1xVlt/XSxdlt4dV1gt/lop:IiV+gxlKxdX4m1lo
                                                MD5:99A1861B153254A6F8FE2AF60FFEEF36
                                                SHA1:ACB2F19C7CBBC53A52177D5584DBA5B5DFBE6451
                                                SHA-256:2C39CAF92A3108E56ECB3A7D099F91B854519E6E846B6F19363E389A31794BF4
                                                SHA-512:B7A3A1206A7B35425190D2D1C0973CA54712E22E247B5AB35CCDC314564E39E487C10950BD9A3858CC229691B43B15E948B7D7B152B105BB5A0F4EBDD093D9C5
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview:VLnk.....?......LhXJ ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241119135412Z-178.bmp

                                                Download File
                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                Category:dropped
                                                Size (bytes):65110
                                                Entropy (8bit):0.1899168454576614
                                                Encrypted:false
                                                SSDEEP:12:ptMthyxMM5qq5tILYAL8Elc/0FLVIJNQ+SA411uXUUd84BxhNk:DMthgnB5tRAL8EXhVIJm+S9/ukUdl6
                                                MD5:897DE8453824584C93E41BF43824A2B1
                                                SHA1:869665E53AAC2AAD037CE25C712B91047338C760
                                                SHA-256:A828D2E01E835F24A0C380711E38762D49B092ACD15C1B866E62990122F32EC5
                                                SHA-512:40A0CA612EE77B94646A35539928197A3C85DE7602BA54EDF55E9B05C66FAB21EC7A40C906D1C42763716997A4E0649E784318B74EAA8E0B9DD91AF852F576E6
                                                Malicious:false
                                                Reputation:low
                                                Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                Download File
                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3024000, file counter 14, database pages 15, cookie 0x5, schema 4, UTF-8, version-valid-for 14
                                                Category:dropped
                                                Size (bytes):61440
                                                Entropy (8bit):3.575679203791139
                                                Encrypted:false
                                                SSDEEP:384:Xeh9dThKtELJ8DAcLKuZsLRGlKhsvXh+vSc:DAeZsLQhUSc
                                                MD5:0578F888DE89FBA4B4DB72A40AB9BCC7
                                                SHA1:D30D4E117B5EEF560F897877F631E5504A579849
                                                SHA-256:EAB57D0AE2A228ACE2FD2B01EF52ADC67AD40396F97B03E981BED3841A0A9FD7
                                                SHA-512:7180EDA1E509B8B586D5DFE9516B7B9117BC65D979987CD805638B74A28048223A3334211ED038267B3664048F0008FE97E40C0B2F0978FA24137866827056BF
                                                Malicious:false
                                                Preview:SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                Download File
                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                File Type:SQLite Rollback Journal
                                                Category:dropped
                                                Size (bytes):8720
                                                Entropy (8bit):3.3088002767346287
                                                Encrypted:false
                                                SSDEEP:48:7MT2iomVmBsmom1CZiomCBszom1Nom1Aiom1RROiom1Com1pom1kiomVPiomgtqq:7NCm6rZf6uhICPtt49IVXEBodRBkY
                                                MD5:57D070D566D0BCF260E3474839FE9F6B
                                                SHA1:220D62D367FC302A44DB955C2E827AB473F7133C
                                                SHA-256:460165F107DE8DCE8D4639C03FCF791CA37FFBF69793CFEAE0466459C7FC6C23
                                                SHA-512:CC9109819E04C9D3C6F46B7861BB0595A4624F6BBFC8DCF601642EC92B8F6C8227816AE6DA227C0A835FDA0B5815300DB2CEC683529C3FA09FEE4FE054ACF99E
                                                Malicious:false
                                                Preview:.... .c.....7.Qu..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................W....X.W.L...y.......~........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

                                                Download File
                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):72643
                                                Entropy (8bit):5.393779678652009
                                                Encrypted:false
                                                SSDEEP:768:PCbTjMYOpdyVFWqnPvBRSiRkTIVzY3iUjWsDKXUrhIYyu:AlOpdyVFWcPvBBRkTIdY3b6UeK
                                                MD5:566FBD8C8CFF42236CACCE7CD9D0873D
                                                SHA1:E30A818529B8A951E686FECF21436D08E07E7BC6
                                                SHA-256:739DD58FA3BB2950B08D1C655E2506B6DBFB211FC90FE77CA63FC31564F475BA
                                                SHA-512:498D72BE83AAE3291F4A4684DE03426DE377E21BE002AA3F1F85E284DBF4B4EEB2CE7EC96E5257FF3230E53DA9D3DF92A10167C7FD865AE7AB2E4156436D2B90
                                                Malicious:false
                                                Preview:4.458.88.FID.2:o:........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.94.FID.2:o:........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.82.FID.2:o:........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.85.FID.2:o:........:F:Aparajita.P:Aparajita.L:&.........................."F:Aparajita.#.99.FID.2:o:........:F:Aparajita-Italic.P:Aparajita Italic.L:&.........................."F:Aparajita.#.95.FID.2:o:........:F:Aparajita-Bold.P:Aparajita Bold.L:&.........................."F:Aparajita.#.108.FID.2:o:........:F:Aparajita-BoldItalic.P:Aparajita Bold Italic.L:&.........................."F:Aparajita.#.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$....

                                                Static File Info

                                                General

                                                File type:PDF document, version 1.4, 0 pages
                                                Entropy (8bit):7.623595343186488
                                                TrID:
                                                • Adobe Portable Document Format (5005/1) 100.00%
                                                File name:jO7FHDAZ6f.pdf
                                                File size:43'880 bytes
                                                MD5:44929fe50c9bd744987b6a84d88187a1
                                                SHA1:17988aa3d64d53bc844b122e6afc464161feb6d6
                                                SHA256:00000a7b9b21e8e7ab8754e3023a06dd5d4df63da61a01c0f2da9ebc4ed42842
                                                SHA512:3ca85b04edb2edcdb53565b6bfe2f182a73bbdaf07da3ffe05c527bcd87449b97a9e07cc4ab6d32d0522e7b10019d5b1a66512abc0cab7be1d9ddf4e88e1b6db
                                                SSDEEP:768:9gGzpDNpiGCRHHS988EfH+NLsFjGYeK+V+hhWtQM+gpLR6+W+q1XDu:+GFBpiBHr9H+WtGYbq+LUQM+OR6j1XDu
                                                TLSH:F0138D7EF84C1C9CE6D3C786D976BCAD912F73265ACD34C124B48B03B825865A7062E7
                                                File Content Preview:%PDF-1.4.1 0 obj.<<./Title (...S.u.p.e.r. .c.l.e.a.n.e.r. .2.0.2.0. .a.p.k.p.u.r.e)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...5)./Producer (...Q.t. .4...8...7)./CreationDate (D:20201021140259+03'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM

                                                File Icon

                                                Icon Hash:62ceacaeb29e8aa0

                                                Static PDF Info

                                                General

                                                Header:%PDF-1.4
                                                Total Entropy:7.623595
                                                Total Bytes:43880
                                                Stream Entropy:7.947211
                                                Stream Bytes:32600
                                                Entropy outside Streams:5.217424
                                                Bytes outside Streams:11280
                                                Number of EOF found:2
                                                Bytes after EOF:

                                                Keywords Statistics

                                                NameCount
                                                obj59
                                                endobj59
                                                stream8
                                                endstream8
                                                xref2
                                                trailer2
                                                startxref2
                                                /Page2
                                                /Encrypt0
                                                /ObjStm0
                                                /URI46
                                                /JS0
                                                /JavaScript0
                                                /AA0
                                                /OpenAction0
                                                /AcroForm0
                                                /JBIG2Decode0
                                                /RichMedia0
                                                /Launch0
                                                /EmbeddedFile0

                                                Image Streams

                                                IDDHASHMD5Preview
                                                783c4748d4c708c805ae18d2a4e3a5934a3d42908fa095ea3

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Nov 19, 2024 14:54:34.573930979 CET49168443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:54:34.573983908 CET44349168172.232.4.213192.168.2.22
                                                Nov 19, 2024 14:54:34.574042082 CET49168443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:54:34.574589014 CET49169443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:54:34.574626923 CET44349169172.232.4.213192.168.2.22
                                                Nov 19, 2024 14:54:34.574672937 CET49169443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:54:34.574990988 CET49168443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:54:34.575007915 CET44349168172.232.4.213192.168.2.22
                                                Nov 19, 2024 14:54:34.575172901 CET49169443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:54:34.575191975 CET44349169172.232.4.213192.168.2.22
                                                Nov 19, 2024 14:54:38.929389000 CET49171443192.168.2.22142.250.186.100
                                                Nov 19, 2024 14:54:38.929440975 CET44349171142.250.186.100192.168.2.22
                                                Nov 19, 2024 14:54:38.929507017 CET49171443192.168.2.22142.250.186.100
                                                Nov 19, 2024 14:54:38.929718971 CET49171443192.168.2.22142.250.186.100
                                                Nov 19, 2024 14:54:38.929747105 CET44349171142.250.186.100192.168.2.22
                                                Nov 19, 2024 14:55:04.577661991 CET49168443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:55:04.577739954 CET49169443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:55:04.619338036 CET44349168172.232.4.213192.168.2.22
                                                Nov 19, 2024 14:55:04.623332024 CET44349169172.232.4.213192.168.2.22
                                                Nov 19, 2024 14:55:06.037424088 CET49175443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:55:06.037465096 CET44349175172.232.4.213192.168.2.22
                                                Nov 19, 2024 14:55:06.037527084 CET49175443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:55:06.042084932 CET49176443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:55:06.042124033 CET44349176172.232.4.213192.168.2.22
                                                Nov 19, 2024 14:55:06.042176008 CET49176443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:55:06.043157101 CET49175443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:55:06.043173075 CET44349175172.232.4.213192.168.2.22
                                                Nov 19, 2024 14:55:06.043618917 CET49176443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:55:06.043634892 CET44349176172.232.4.213192.168.2.22
                                                Nov 19, 2024 14:55:08.935831070 CET49171443192.168.2.22142.250.186.100
                                                Nov 19, 2024 14:55:08.979346991 CET44349171142.250.186.100192.168.2.22
                                                Nov 19, 2024 14:55:13.071963072 CET49178443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:55:13.072000027 CET44349178142.250.186.110192.168.2.22
                                                Nov 19, 2024 14:55:13.072066069 CET49178443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:55:13.072490931 CET49179443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:55:13.072549105 CET44349179142.250.186.110192.168.2.22
                                                Nov 19, 2024 14:55:13.072603941 CET49179443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:55:13.073720932 CET49178443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:55:13.073741913 CET44349178142.250.186.110192.168.2.22
                                                Nov 19, 2024 14:55:13.074604988 CET49179443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:55:13.074629068 CET44349179142.250.186.110192.168.2.22
                                                Nov 19, 2024 14:55:36.048710108 CET49175443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:55:36.048794031 CET49176443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:55:36.095333099 CET44349175172.232.4.213192.168.2.22
                                                Nov 19, 2024 14:55:36.095350981 CET44349176172.232.4.213192.168.2.22
                                                Nov 19, 2024 14:55:38.979052067 CET49182443192.168.2.22142.250.186.100
                                                Nov 19, 2024 14:55:38.979094982 CET44349182142.250.186.100192.168.2.22
                                                Nov 19, 2024 14:55:38.979177952 CET49182443192.168.2.22142.250.186.100
                                                Nov 19, 2024 14:55:38.979410887 CET49182443192.168.2.22142.250.186.100
                                                Nov 19, 2024 14:55:38.979424000 CET44349182142.250.186.100192.168.2.22
                                                Nov 19, 2024 14:55:43.082022905 CET49178443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:55:43.082149982 CET49179443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:55:43.123337030 CET44349178142.250.186.110192.168.2.22
                                                Nov 19, 2024 14:55:43.123338938 CET44349179142.250.186.110192.168.2.22
                                                Nov 19, 2024 14:55:44.131659031 CET49184443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:55:44.131716013 CET44349184142.250.186.110192.168.2.22
                                                Nov 19, 2024 14:55:44.131778002 CET49184443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:55:44.135440111 CET49185443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:55:44.135490894 CET44349185142.250.186.110192.168.2.22
                                                Nov 19, 2024 14:55:44.135544062 CET49185443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:55:44.136245966 CET49184443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:55:44.136262894 CET44349184142.250.186.110192.168.2.22
                                                Nov 19, 2024 14:55:44.137145042 CET49185443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:55:44.137161970 CET44349185142.250.186.110192.168.2.22
                                                Nov 19, 2024 14:55:49.618782997 CET49169443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:55:49.618793964 CET44349169172.232.4.213192.168.2.22
                                                Nov 19, 2024 14:55:49.618814945 CET49168443192.168.2.22172.232.4.213
                                                Nov 19, 2024 14:55:49.618829966 CET44349168172.232.4.213192.168.2.22
                                                Nov 19, 2024 14:55:53.979052067 CET49171443192.168.2.22142.250.186.100
                                                Nov 19, 2024 14:55:53.979075909 CET44349171142.250.186.100192.168.2.22
                                                Nov 19, 2024 14:56:08.986110926 CET49182443192.168.2.22142.250.186.100
                                                Nov 19, 2024 14:56:09.031342030 CET44349182142.250.186.100192.168.2.22
                                                Nov 19, 2024 14:56:14.137334108 CET49184443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:56:14.137763023 CET49185443192.168.2.22142.250.186.110
                                                Nov 19, 2024 14:56:14.183326006 CET44349185142.250.186.110192.168.2.22
                                                Nov 19, 2024 14:56:14.183336973 CET44349184142.250.186.110192.168.2.22

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Nov 19, 2024 14:54:20.683662891 CET137137192.168.2.22192.168.2.255
                                                Nov 19, 2024 14:54:21.433444977 CET137137192.168.2.22192.168.2.255
                                                Nov 19, 2024 14:54:22.183346987 CET137137192.168.2.22192.168.2.255
                                                Nov 19, 2024 14:54:29.674350023 CET137137192.168.2.22192.168.2.255
                                                Nov 19, 2024 14:54:30.423891068 CET137137192.168.2.22192.168.2.255
                                                Nov 19, 2024 14:54:31.173913956 CET137137192.168.2.22192.168.2.255
                                                Nov 19, 2024 14:54:34.525907040 CET6392653192.168.2.228.8.8.8
                                                Nov 19, 2024 14:54:34.526423931 CET6551053192.168.2.228.8.8.8
                                                Nov 19, 2024 14:54:34.529489040 CET53527818.8.8.8192.168.2.22
                                                Nov 19, 2024 14:54:34.537998915 CET53548428.8.8.8192.168.2.22
                                                Nov 19, 2024 14:54:34.548852921 CET53655108.8.8.8192.168.2.22
                                                Nov 19, 2024 14:54:34.556566954 CET53639268.8.8.8192.168.2.22
                                                Nov 19, 2024 14:54:34.752820969 CET137137192.168.2.22192.168.2.255
                                                Nov 19, 2024 14:54:35.502054930 CET137137192.168.2.22192.168.2.255
                                                Nov 19, 2024 14:54:36.252135992 CET137137192.168.2.22192.168.2.255
                                                Nov 19, 2024 14:54:38.921108007 CET6492853192.168.2.228.8.8.8
                                                Nov 19, 2024 14:54:38.921509981 CET5739053192.168.2.228.8.8.8
                                                Nov 19, 2024 14:54:38.928384066 CET53573908.8.8.8192.168.2.22
                                                Nov 19, 2024 14:54:38.928426981 CET53649288.8.8.8192.168.2.22
                                                Nov 19, 2024 14:54:49.601824045 CET53624538.8.8.8192.168.2.22
                                                Nov 19, 2024 14:55:13.058881044 CET6500953192.168.2.228.8.8.8
                                                Nov 19, 2024 14:55:13.060055017 CET6495653192.168.2.228.8.8.8
                                                Nov 19, 2024 14:55:13.067868948 CET53650098.8.8.8192.168.2.22
                                                Nov 19, 2024 14:55:13.071419954 CET53649568.8.8.8192.168.2.22
                                                Nov 19, 2024 14:55:34.317547083 CET53646878.8.8.8192.168.2.22
                                                Nov 19, 2024 14:55:38.298150063 CET53562078.8.8.8192.168.2.22
                                                Nov 19, 2024 14:55:52.950228930 CET138138192.168.2.22192.168.2.255
                                                Nov 19, 2024 14:56:04.330826998 CET53546958.8.8.8192.168.2.22

                                                ICMP Packets

                                                TimestampSource IPDest IPChecksumCodeType
                                                Nov 19, 2024 14:54:34.556294918 CET192.168.2.228.8.8.8d053(Port unreachable)Destination Unreachable
                                                Nov 19, 2024 14:55:38.298224926 CET192.168.2.228.8.8.8d03b(Port unreachable)Destination Unreachable

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Nov 19, 2024 14:54:34.525907040 CET192.168.2.228.8.8.80xae27Standard query (0)ttraff.meA (IP address)IN (0x0001)false
                                                Nov 19, 2024 14:54:34.526423931 CET192.168.2.228.8.8.80xdfa7Standard query (0)ttraff.me65IN (0x0001)false
                                                Nov 19, 2024 14:54:38.921108007 CET192.168.2.228.8.8.80x4e35Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                Nov 19, 2024 14:54:38.921509981 CET192.168.2.228.8.8.80x33b5Standard query (0)www.google.com65IN (0x0001)false
                                                Nov 19, 2024 14:55:13.058881044 CET192.168.2.228.8.8.80x2754Standard query (0)support.google.comA (IP address)IN (0x0001)false
                                                Nov 19, 2024 14:55:13.060055017 CET192.168.2.228.8.8.80x44fdStandard query (0)support.google.com65IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Nov 19, 2024 14:54:34.556566954 CET8.8.8.8192.168.2.220xae27No error (0)ttraff.me172.232.4.213A (IP address)IN (0x0001)false
                                                Nov 19, 2024 14:54:34.556566954 CET8.8.8.8192.168.2.220xae27No error (0)ttraff.me172.232.31.180A (IP address)IN (0x0001)false
                                                Nov 19, 2024 14:54:34.556566954 CET8.8.8.8192.168.2.220xae27No error (0)ttraff.me172.232.25.148A (IP address)IN (0x0001)false
                                                Nov 19, 2024 14:54:38.928384066 CET8.8.8.8192.168.2.220x33b5No error (0)www.google.com65IN (0x0001)false
                                                Nov 19, 2024 14:54:38.928426981 CET8.8.8.8192.168.2.220x4e35No error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
                                                Nov 19, 2024 14:55:13.067868948 CET8.8.8.8192.168.2.220x2754No error (0)support.google.com142.250.186.110A (IP address)IN (0x0001)false

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:08:54:05
                                                Start date:19/11/2024
                                                Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\jO7FHDAZ6f.pdf"
                                                Imagebase:0x2e0000
                                                File size:2'525'680 bytes
                                                MD5 hash:2F8D93826B8CBF9290BC57535C7A6817
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:2
                                                Start time:08:54:11
                                                Start date:19/11/2024
                                                Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                                                Imagebase:0x9e0000
                                                File size:9'805'808 bytes
                                                MD5 hash:326A645391A97C760B60C558A35BB068
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:4
                                                Start time:08:54:31
                                                Start date:19/11/2024
                                                Path:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "https://ttraff.me/123?keyword=super+cleaner+2020+apkpure"
                                                Imagebase:0x13f6f0000
                                                File size:3'151'128 bytes
                                                MD5 hash:FFA2B8E17F645BCC20F0E0201FEF83ED
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:5
                                                Start time:08:54:33
                                                Start date:19/11/2024
                                                Path:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 --field-trial-handle=1232,i,4480364503558093569,10111975475138914287,131072 /prefetch:8
                                                Imagebase:0x13f6f0000
                                                File size:3'151'128 bytes
                                                MD5 hash:FFA2B8E17F645BCC20F0E0201FEF83ED
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                Disassembly

                                                No disassembly