Windows
Analysis Report
Resume - Ms. Nilar Htet.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- Acrobat.exe (PID: 424 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\R esume - Ms . Nilar Ht et.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6724 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7088 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=15 68 --field -trial-han dle=1604,i ,734980485 7027900102 ,109847976 0583261649 1,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
x1.i.lencr.org | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.47.168.24 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1559180 |
Start date and time: | 2024-11-20 09:25:58 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Resume - Ms. Nilar Htet.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@15/51@2/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 199.232.214.172, 184.28.88.176, 54.227.187.23, 52.5.13.197, 23.22.254.206, 52.202.204.11, 162.159.61.3, 172.64.41.3, 2.23.197.184, 2.19.126.143, 2.19.126.149, 23.200.0.21
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateFile calls found.
- VT rate limit hit for: Resume - Ms. Nilar Htet.pdf
Time | Type | Description |
---|---|---|
03:26:42 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.47.168.24 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Ducktail | Browse | |||
Get hash | malicious | Ducktail | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | PureLog Stealer, XWorm | Browse | |||
Get hash | malicious | Metasploit | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | ScreenConnect Tool, Phisher | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.1235291067658455 |
Encrypted: | false |
SSDEEP: | 6:H/veQ+q2PRN2nKuAl9OmbnIFUt8Y/XNgZmw+Y/XNQVkwORN2nKuAl9OmbjLJ:fveVvaHAahFUt8YXNg/+YXNI5JHAaSJ |
MD5: | 61F5C3E0BA7090DCDA4DBD71114211E8 |
SHA1: | 2E8745E7E0931DD9F2E7BBB2C61AAAA230769DBE |
SHA-256: | 2537EA02841194954FCE9377CB85EEE5101F03FB54D119019382C506182C4BBD |
SHA-512: | 3A3CA2ECD7A30C6094DAA406185D53548E7496FE7376036F935A65C2B6712ACBC638C9E179DD3469ADB23517E395A680F8FBBD4A4E1D8CB35683D27463F44545 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.1235291067658455 |
Encrypted: | false |
SSDEEP: | 6:H/veQ+q2PRN2nKuAl9OmbnIFUt8Y/XNgZmw+Y/XNQVkwORN2nKuAl9OmbjLJ:fveVvaHAahFUt8YXNg/+YXNI5JHAaSJ |
MD5: | 61F5C3E0BA7090DCDA4DBD71114211E8 |
SHA1: | 2E8745E7E0931DD9F2E7BBB2C61AAAA230769DBE |
SHA-256: | 2537EA02841194954FCE9377CB85EEE5101F03FB54D119019382C506182C4BBD |
SHA-512: | 3A3CA2ECD7A30C6094DAA406185D53548E7496FE7376036F935A65C2B6712ACBC638C9E179DD3469ADB23517E395A680F8FBBD4A4E1D8CB35683D27463F44545 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 331 |
Entropy (8bit): | 5.125099233918783 |
Encrypted: | false |
SSDEEP: | 6:HeN9+q2PRN2nKuAl9Ombzo2jMGIFUt8YSZmw+YtN9VkwORN2nKuAl9Ombzo2jMmd:LvaHAa8uFUt8D/+OD5JHAa8RJ |
MD5: | 5A8B616F5831227316E7FFC7B9B7CDE9 |
SHA1: | 1ED0485D5C216E91923C9B95CD81CA93859651E1 |
SHA-256: | 88D2E38F6A4276CD113EEAA321CDCB0FE152FFDC3D9632D98E58DA1714809EF1 |
SHA-512: | 1DC4993D9EC1CEC07C5A5690F8A63E683B84086838641566DD20CD3753660C368E070DBF00F0198EDE9F8BF59C1F556BEAF92C553618AD2B50C3A1C8BA28E498 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 331 |
Entropy (8bit): | 5.125099233918783 |
Encrypted: | false |
SSDEEP: | 6:HeN9+q2PRN2nKuAl9Ombzo2jMGIFUt8YSZmw+YtN9VkwORN2nKuAl9Ombzo2jMmd:LvaHAa8uFUt8D/+OD5JHAa8RJ |
MD5: | 5A8B616F5831227316E7FFC7B9B7CDE9 |
SHA1: | 1ED0485D5C216E91923C9B95CD81CA93859651E1 |
SHA-256: | 88D2E38F6A4276CD113EEAA321CDCB0FE152FFDC3D9632D98E58DA1714809EF1 |
SHA-512: | 1DC4993D9EC1CEC07C5A5690F8A63E683B84086838641566DD20CD3753660C368E070DBF00F0198EDE9F8BF59C1F556BEAF92C553618AD2B50C3A1C8BA28E498 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF419fbe.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a18afa0a-ac60-41a1-9454-1d365aa47b8c.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\cde83237-edc8-4081-b86c-f46036a2e43d.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.981202135099884 |
Encrypted: | false |
SSDEEP: | 6:YHpoNXR8+eqq59Zr7SsDHF4R8HOVWj2HEBkAa9a1o3/QBR7Y53h6ubU74MS7PMV/:YHO8sqAsBdOg2H+caq3QYiubrP7E4T3y |
MD5: | 1041D8469D8D09CED8E94A497051C783 |
SHA1: | 29C0CBD1EAC0DE20C62BABCA36A3A98825939DDC |
SHA-256: | 0A293021BE97C825DAF830ADB6D6EF0869C1DA3AB8FA766759ECC7D0C3BF346E |
SHA-512: | D3B72E7F37DA4224BFFF42E19F7861D3A063E7325D1DC936BAC0C6C9EBAA641D4381AB783FECB99EB088C0489994D217791AEF98A3AFF60F51A35483F4C64655 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.229980671497029 |
Encrypted: | false |
SSDEEP: | 96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xeCJCM:OLT0bTIeYa51Ogu/0OZARBT8kN88CJv |
MD5: | 8C4DD64E080B1D189076E9F937FC143B |
SHA1: | 636794C8EA23810B9EEE7E44D4A1ED04491F0CAC |
SHA-256: | 8D7C15B8B9C514B71EE2BC32DC35234FCA7C833CF481F69384C2F6E5B6ED2D17 |
SHA-512: | 40556083C4686D06129CE6A3CD8E6BA9E2BBF02BBFAE3784CDF1204F8633EF04281C3B04EA006FE1718B19090981AEBD1CC1E86832891C548395E52322C8AB9C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 319 |
Entropy (8bit): | 5.146153087027008 |
Encrypted: | false |
SSDEEP: | 6:H7o+q2PRN2nKuAl9OmbzNMxIFUt8Y7/NJZmw+Y7EVkwORN2nKuAl9OmbzNMFLJ:b9vaHAa8jFUt8c/X/+cE5JHAa84J |
MD5: | 262077E12161C7F029373CD1664D586F |
SHA1: | 128E08DAB4EAD3EEB1AFFDA454C3C843EFE9FAED |
SHA-256: | DFD242659B44CBA25B48ABF1E390FBC89840DAE72B3EA2B83C8F0A179F0DDC2F |
SHA-512: | 88F0860F92F5DD923F2E599C0EAC8D0BE7B6B288676B1CB019628F4F891C6FEA9E0840D095E0EF013D6C5C154BD73B4E0FF40588DDA4E24072A999F2B25BAC35 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 319 |
Entropy (8bit): | 5.146153087027008 |
Encrypted: | false |
SSDEEP: | 6:H7o+q2PRN2nKuAl9OmbzNMxIFUt8Y7/NJZmw+Y7EVkwORN2nKuAl9OmbzNMFLJ:b9vaHAa8jFUt8c/X/+cE5JHAa84J |
MD5: | 262077E12161C7F029373CD1664D586F |
SHA1: | 128E08DAB4EAD3EEB1AFFDA454C3C843EFE9FAED |
SHA-256: | DFD242659B44CBA25B48ABF1E390FBC89840DAE72B3EA2B83C8F0A179F0DDC2F |
SHA-512: | 88F0860F92F5DD923F2E599C0EAC8D0BE7B6B288676B1CB019628F4F891C6FEA9E0840D095E0EF013D6C5C154BD73B4E0FF40588DDA4E24072A999F2B25BAC35 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241120082633Z-166.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 3.370740073604283 |
Encrypted: | false |
SSDEEP: | 768:9MSLvyJ1RU5CQozyjAcxGiIm211iMi6g8pkYA702UvtV8GpTn0RxAoz/ZKwYypC7:9MSLvy2jYT |
MD5: | C1D585984466A1ED54455099E840DA8F |
SHA1: | 9672AA24805F6186FBEE1440887EA014991C0934 |
SHA-256: | 2DB1E4A5FACBE9E0B9AD4CA203DBA69A33B55C0CFB7ED34CE9DDBA38539E4F96 |
SHA-512: | 5B34F4594C85E70A6A734DDA99B67E8F5E2E70360EFC425787B63A9C95C65983E88EC48A6C8705495E42ED4EB062D7927D51DE2BE08EA89EC7E07E716F22B8B7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.293325457856636 |
Encrypted: | false |
SSDEEP: | 192:/edRBTVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:/eZci5H5FY+EUUUTTcHqFzqFP |
MD5: | 60D9215972BC7671E62BED38B50FAB17 |
SHA1: | D1A8B76E66476F7FBE4770851DD1CC05BB2ACAA7 |
SHA-256: | 541AFC165376795681B300B1A0F4BCC9F6D52068601BFAD0D39874D74B2D98CE |
SHA-512: | 8ABEA29A2B9AE4FB91AE5672AE286BC2794457DD95295AA7E6146136EE92607A319C69DBDEED91AC0F5757D3DF92614572B79FFF2806FB16B4C68C7ACCE9F051 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 2.2019441070472334 |
Encrypted: | false |
SSDEEP: | 24:7+tyMEWewKeqLazkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9n:7MbUeqemFTIF3XmHjBoGGR+jMz+Lh9 |
MD5: | 2B5238D49C5C18EAFD8FF9F97220CFF6 |
SHA1: | 0EE179DAE1D521F9738C2B17E10F82B17F995881 |
SHA-256: | 1EBA3B54E6149BDB8C21F5D1882667EE4AC0D48FC91A15A3B7B42AA6F9D99C1F |
SHA-512: | C399D2B1A5C2B245D2C7711D26CEFA990C87C966540E7AFF68EFA2B5C97F86E8E81FB1D2345F303D50C511756AFFC1A45A152FC5DC1C65E8B4EF8505CECE215D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7895108629891827 |
Encrypted: | false |
SSDEEP: | 3:kkFklFF9el1fllXlE/HT8k9Sh1NNX8RolJuRdxLlGB9lQRYwpDdt:kKxQT80Y7NMa8RdWBwRd |
MD5: | C2E55AC2E302CBABE750D72ED0A46F52 |
SHA1: | AA51C5411BF3236752B1427C8449DDD0632076E2 |
SHA-256: | 27E85845431F6351860D1F262F695DF4745738CC1F0137CD4F0F307595401AC7 |
SHA-512: | 73C6334C4FCB8884164D63E8CB78FD8F92312B7E646FB9CCC2E313B3CCF580931C8980F8B4EB04FB4DC88530BCF4D7D66A7BDEBCA37C2C9A10AE029158C005D1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.2478978672539016 |
Encrypted: | false |
SSDEEP: | 6:kKF9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:UDImsLNkPlE99SNxAhUe/3 |
MD5: | 5CBAE0C72CF927FF9E65EB86F3E453E4 |
SHA1: | 3F7F0FB522336A9A26C6C30FBB332DFFFD93BA77 |
SHA-256: | BCAA911C7BFBB773B58144EF45DC64C36736ABD87763814631DFC4FD5B969F34 |
SHA-512: | 57B7B83FE7F5687D1886908E05F4C247860F3E6619FC9B551FF3757A0986956ED95DF5A15FEE521A5BABE207C0D9AB1AFEEAEDEFBE983C95F0AD97111D3B3C55 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.388911785648542 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJM3g98kUwPeUkwRe9:YvXKXUvsvn2QWRuUhUUGMbLUkee9 |
MD5: | 9C33EC59752716629740A129206839E6 |
SHA1: | F61B1502D9C5D3C4820C81848383A8EB2F3B50DD |
SHA-256: | 91DE56A5CC0A219B97F22DB566D04771452BE69ADA7E6F344F4C0CF00D00BD89 |
SHA-512: | 4B247006B3029BA496875B276085FFD34DCD81DEB76BE6366C329D3F5974ADAEEBD87A15DA408B087DA5F5161160333A1974CC0A73DA2605152FB39A33C54E1E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.33686584741301 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJfBoTfXpnrPeUkwRe9:YvXKXUvsvn2QWRuUhUUGWTfXcUkee9 |
MD5: | C3020EDC0640529B167D1C8E3D25D4F0 |
SHA1: | 1FC5E03824F256962D3CF92223A0AA2FB9E110EA |
SHA-256: | 223721EA66D3245F10026AC00BED6EBFD7AFB1DC12D8776880BE38BE63A8F1A3 |
SHA-512: | 73BE0332C30B1CBEDAC8C7DF65BB19C2A98D3141965A6B5431FC5D5A36A5EA45DBE8DFDD01509623ACF4A0695E0ABA875EF6EE96239DCA6826B9564E27DEF0C5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.315125342770818 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJfBD2G6UpnrPeUkwRe9:YvXKXUvsvn2QWRuUhUUGR22cUkee9 |
MD5: | DA7FB6247FD4159F242AB1A224954B11 |
SHA1: | B6E8565C6A22B0757249D0882E7A2695F07CB58C |
SHA-256: | 12E38FA4E5E771FE4F373B1E73422B52E258E2DBAA1F143EEB3A3D452DAF10C6 |
SHA-512: | D34E3770197B51AF2563993E1977D16A23F6284D2E6AACAA5A9D28694E66792D8A786F272D8DDEB749188538309A151B68A8D9D30E802EB708D3790020240388 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.378188409453795 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJfPmwrPeUkwRe9:YvXKXUvsvn2QWRuUhUUGH56Ukee9 |
MD5: | E8D365A9C9173C66381DB9ADEEC8A162 |
SHA1: | E827F5D68618201AAAC216AF0EA9D64F1CB98CF3 |
SHA-256: | 4F0CEDB868E7885BFF40071C44D978A1F5ED359D449E899699154E8A3AD2CF32 |
SHA-512: | 8D850D51422EF8DAE7F3D98549B7F209E5158B958CBDB0F9BEA6815E416446771813675B45293B3DB11817417C067746239E078A756A64204C9ECE4A7B914440 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1123 |
Entropy (8bit): | 5.691381555179961 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZvnkUxpLgE9cQx8LennAvzBvkn0RCmK8czOCCSxQF:YvckUxhgy6SAFv5Ah8cv/WF |
MD5: | 8CEB67D254286DCDB74D0AA372F454AE |
SHA1: | 1015EB4DD88FC0DF0D002F4283E65DA80F8DBF6D |
SHA-256: | 5607C99F863F51A6AE191A1C14FC35F1F7A75F1EDC2D710CE6EDA66A013254B5 |
SHA-512: | D3F2024B19D7EE3A27AF01648250BD5BBD888B687A5974630214FFECF6B4281E3BB22022CBDD059411D9507DEB2A98CA629F922BE007DAF131C8454AB67ED2E5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1122 |
Entropy (8bit): | 5.68438169566763 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZvnkUtVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBoQF:YvckUtFgSNycJUAh8cvYHUF |
MD5: | 7659D627E0E2E87B45D03D4E620A9300 |
SHA1: | 3AED1389E61608E6A47605068385944383069923 |
SHA-256: | 3651194120A6895EE1ACEEAAFAB2C4C75E31C007F2A9C51C0501691A20343EC4 |
SHA-512: | 0985AB07E63F69DFB38C18F3B342770E924E69BAA701C8A859836FE536BF79BC44AA7017DD95FC7C601EC73A0091F59FE144E97F649D8E62E9E12FE572F9DC69 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.328180111358799 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJfQ1rPeUkwRe9:YvXKXUvsvn2QWRuUhUUGY16Ukee9 |
MD5: | 611B1AF8EC4E12C52B497208EBF863A1 |
SHA1: | A36B89BF1CD8021C9CAC6F78FA02C5B64948A95A |
SHA-256: | 879A28C5240EDB7B82E8A4498A9417A46A27BCBDAE2BE93F7EBE892847FA3309 |
SHA-512: | 9FD5509B1C0CF761015438A30B34B333237081533C5915F62FB5416E35BDF77B9C04D8733F4960C907423D364E41573B9461274C5FEDE56C1EA2CA95AA215109 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1102 |
Entropy (8bit): | 5.6770695564007285 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZvnkUs2LgErcXWl7y0nAvzIBcSJCBViVoQF:YvckUsogH47yfkB5kVWF |
MD5: | F867508452C7ED4975BA63BDCD7F9070 |
SHA1: | 5FF282367808285B494FD43C6CF3DAA83AB3F50B |
SHA-256: | 9A577C45EF60340A2E90EE70928E82A0E4EAA0CDDA51A7087515140659A93817 |
SHA-512: | C2D107DEB877A2DD48301AC61FE6F96DEA7A125F20C0A6A09063FA8C9000E8F7504CB0020ECF5C7F179E5B7C10D334779E1E5FDD5DD04F11EEEAB76E82793EAF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.701578012856769 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZvnkUsKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5oQF:YvckUsEgqprtrS5OZjSlwTmAfSKbF |
MD5: | 88D75C7613B2A03252D3B144B3511C3A |
SHA1: | AD8E17AB4C4C9B064CE3B91B19B94CFA12530287 |
SHA-256: | 3B45A9DCF7DE93033071429C0247B36054DE91633C7A6810D65056F08C43FE22 |
SHA-512: | 7A238C6F352A0722273292550EE279AD5CAAC32AA3909EA3FA9A5FA76DC064F18C5278E3DB94D38811E4730F63014AAE1E2324DAA51913B9DF141E23E68FBC1F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.332728788718154 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJfYdPeUkwRe9:YvXKXUvsvn2QWRuUhUUGg8Ukee9 |
MD5: | FF44EBA1A9F0C1C5E78622F122F3882D |
SHA1: | 7DDEEE0447590E0CF157E3C6A2825EDDB8848D0A |
SHA-256: | DB0DF971E52FD3FCCBE343329C0E3132C9256337873C138CD95577B807C67BD6 |
SHA-512: | 61FE617147172034FD11908AA3A4C219BFCCA414945D2603E0E5D64935A9BF462E6567ADA2ED6E277ED9DC0502621ECE4D585A9274BBAE5F84D9DCDAADE4A5F9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 284 |
Entropy (8bit): | 5.319355372610009 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJf+dPeUkwRe9:YvXKXUvsvn2QWRuUhUUG28Ukee9 |
MD5: | F1B48F068F40FF82890F3D71B3478C4C |
SHA1: | DB19661975AEF8A2DFBF40A48CCDDFBA40712283 |
SHA-256: | 7EF1380D314AEC3FC579065DF80F7C1249E9FAF8836FAB719C4A6A4F8443C493 |
SHA-512: | B7ABAE143F23F13914E802E7A87B3AD119DFB3FEA7F0C6F9483B44904964A6E8FD2462E5DE7929C80CC64B0CD46AD3CA6B450840B2CA4701CF299B6727550BB7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.3160509462633705 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJfbPtdPeUkwRe9:YvXKXUvsvn2QWRuUhUUGDV8Ukee9 |
MD5: | AD7A2DA1D6A4605F676EA50E66FE67AE |
SHA1: | BA4A55913C420661524E30B53AEB11BDBB0BA09B |
SHA-256: | FB46F4686FA2F664A151F30593E2EA4D7272A3120272BF9203A74E50336E13A8 |
SHA-512: | 120B2DCC8AAD14F6F5D4D3751BDA31DD9F7D95FCB3841EFB6C1252DDA17F546FEFE4E84E36D0011A3189A0855E08917BB4AE16DEF5E1F4EF4FC7C5374292F5D1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.3192355317979345 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJf21rPeUkwRe9:YvXKXUvsvn2QWRuUhUUG+16Ukee9 |
MD5: | 0F65CA0FCFD750B00262AC43D581A1D1 |
SHA1: | 4DE1F80FEF19E30759CE179A5DBDF746BE128402 |
SHA-256: | AAA90295645229BBB5EBD0135F80693AD403E89AC84C120A0B9F90A7308F534D |
SHA-512: | F87B83F73A6B135926E278E3D4B8FB9245147CF63DF9C6035701986F68DD722809E1C0C9AD711B79C4FA15B6088A23FCCFE4EE42ACD8F0D97820D0E5DCEAA5D7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1090 |
Entropy (8bit): | 5.666683372148608 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZvnkURamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSxQF:YvckUdBgkDMUJUAh8cvMWF |
MD5: | 4B416F046E0B305C764AB3D6F47F379D |
SHA1: | 550C91FFAAEB8E88A6E7E5E86BCCA5563AD46C65 |
SHA-256: | CE2E3560D5D05F73F45ABDF9ADE4664D1DEF777B259A45E4875BE348434D9C46 |
SHA-512: | 1C995F22B9AF14DFBAD797653E28ED552918AE1E12D4DC5925F31B7B26EBB09771112AD5205C88A2BC84DA435540C8FDEE13BB61FDCA550B7FF46C570DD644E4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.294495853001488 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJfshHHrPeUkwRe9:YvXKXUvsvn2QWRuUhUUGUUUkee9 |
MD5: | C9E1C83919618C29A361837E91616963 |
SHA1: | 5D492E584ADC102454A7A9C46DD46D128A460E0E |
SHA-256: | A7532F29D54748F69E81E05B19C43CEA0CF3D345ACA32E9D0CC98615C2DAB389 |
SHA-512: | CF841005708329D547DCD39FAB20D17901421B180F40ECA82AE527520DB5F3BC639060B7ACA4E615D753645A1906CD48A6A8F171A14342725E3A486A35EE2941 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.375499992161712 |
Encrypted: | false |
SSDEEP: | 12:YvXKXUvsvn2QWRuUhUUGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWUQ:Yv6XZvnkU6168CgEXX5kcIfANhxQF |
MD5: | 7174E46C9D27E84A57F77A6213993EB8 |
SHA1: | 4A69F38D10654ED075CF1580CE6A288378521A39 |
SHA-256: | 8C3E1C3EF6B2CB863C451AEA8EF7B1A20D6BF8CE1659EF398DCA9F90A06DC181 |
SHA-512: | 2A2EEDC075FE18D2C4C2D9A21DF59132C9D901DFE0296F0D66E121F79D55C6AA804F79B9E1BFC2FA27C3A3EB77A87C9B886B562BFC16F16EA3A3975442C4945E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2817 |
Entropy (8bit): | 5.125242087361248 |
Encrypted: | false |
SSDEEP: | 48:YDV0da2YcBUoyMxVIp8yOZ6Te+0DND9/Q:QV0vkMxVIpxOsK+0D3/Q |
MD5: | 3A4FAE69618531A69A81C4AE03063305 |
SHA1: | D3F8B0C50BEB9275B0C1803B08A10030DC06656B |
SHA-256: | A8108564CAD0A951D2485267F1D0EBA8F56A101343763CFD80A7B3E524D7BD5E |
SHA-512: | 94B781CD7873340863AD701DB1C751BFB68E112D5CF5705E685278C87E7A747D4056EC6CAD69422BADB89FFC35C040E65BDED736FDD8BB737613361A0137620D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9948480700655941 |
Encrypted: | false |
SSDEEP: | 24:TLKufx/XYKQvGJF7ursEY9QmQ6PfdHfPgLpYB6duVbtkctcOcRfPgLF:TGufl2GL7msEYXtNHCYcuDkRk |
MD5: | DB88137BF4AA4508545E4DE7CB8352CA |
SHA1: | 0D1AA01A1C6F2D81AABB2EE634EBA798A1E4032B |
SHA-256: | B343954FF135E186C2ADADCD0AD94474126F08C0402285F200F61D7AA6E079CD |
SHA-512: | 8EF3458B853BE92CE796AB7CD4B67428F467247F339CD81CA25F48F50D5FAF8493070801A0647CA37D350BC9AB8EEE44C561D4D674A3688A77D4C620975A6AE2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3555801295794863 |
Encrypted: | false |
SSDEEP: | 24:7+tOSY9QmQ6QecfPgLpYB6duVbtkctcOcRfPgLGnqLhx/XYKQvGJF7ursy2:7M/YXtrcCYcuDkRJqFl2GL7msZ |
MD5: | 5CB903205C6485B6458A5DA6B9273CA6 |
SHA1: | A8755B387BD2D11F1E600BC09D37FE546C384330 |
SHA-256: | 41FFA3C78B1AC067628AF08488BA7E6A43D54CDAB5F557D88A813F12C1C6973D |
SHA-512: | 4C2E1B6F6708F27F93F844C4E5A3AEA55773150BED394F1903A424AD84FC6F8C8811CBF0AA56CCD26B2D57812D1919BA9B323879934D92E140EF3B4AB9C7DD5B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgak2KJ0NxFlQ5C06JEkRLdajnYyu:6a6TZ44ADEakr0NblSQdwnK |
MD5: | E9D5DF51ECF6AD02CF69D8EAD4D3AAFF |
SHA1: | 286C61FDE1BBA89ECE2A88371BE3F4E69520EDF4 |
SHA-256: | D62C5FD36306EB49B27A1B8EBD0538DCD76E7CC66F2D71B056987A23DFB4EFAE |
SHA-512: | 267E834B9A63A0324CDBE1C255D4EACFD4ED6F93226E8DDB4C7F0BA8AA4068513FE80D0B0A0024CB9DD4A3C48F96DF5E2B5E7CB9DEBF78A6DED1FC93D59B5C65 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5162684137903053 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8QOOltqwle:Qw946cPbiOxDlbYnuRKZOOXqww |
MD5: | 0F04594B91958050ACD343A0450618CC |
SHA1: | 9C382C9BF84DEF956E24CAA1C5F9DAB74295E2B4 |
SHA-256: | 5ABC1BF0B860642946D8C11D594A08DAF6671549FA8ACE4BFB24E7508FF138B4 |
SHA-512: | A1C2F2775EB302E715B530920647733937C857346BBF5FF776BE647C776CE4FEF06B7645EA585A67D74F52B4C18435C1FED25C1E4DAADD223B0929005B3D6AE0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-20 03-26-31-498.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | 384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.362121554784381 |
Encrypted: | false |
SSDEEP: | 384:lWKDKK20ES1FpPZ019+ZZLuD7w7kQoshLoB79RbiWSDFrs/AGzaGOnOn2vps9iys:r7L |
MD5: | 6057C4241B107AFDDF3CF35C37E4461E |
SHA1: | 1086046F2FC8296A5DE7671ED9F766B96E2616B4 |
SHA-256: | 1DC6AE111E55054CAC625198A933B4A726C60F3DEAB6A16FC491658FD623F11A |
SHA-512: | 0291393ED0671A27AB2C3BBB2A8C0D6EE865F766CF785148D9F0BAA9DEDF1DC3CC3A09FEDDEE6F6FA972BD04C67568F9C8CAC03AF6110B135C8EDCF8DE3CACF6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.4164319314341425 |
Encrypted: | false |
SSDEEP: | 192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbKcbVGIDtcb9:fhWlA/TVWvDG |
MD5: | 5C2E94CB7E9A0DBE8A6C4658840B4601 |
SHA1: | 970C32F277EB6CADF100B544CCCC70E7D0C0E216 |
SHA-256: | CA9F9192AB6A827D1DE5EE047C4BD9633EE63453065C6A3A8995702725109F04 |
SHA-512: | 17CC1F0F24104ED9393869CBB6309AD932E1365A590886C2F4C8985C2E460E37B43C61499314AF3AC0598775D04AD33C061E1F5FEDEAA8D115A9A8779F871537 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/gWL07oXGZIZwYIGNPJ5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07c:4WLxXGZIZwZGd3mlind9i4ufFXpAXkrj |
MD5: | 6455D4D4FB0840FC05FEC57993FD113B |
SHA1: | E4115E9861BCCD2595E12947BCE232E89F589775 |
SHA-256: | 7E396DED5CA9391334E4A4C39700F25D6DACEBBD80E63E1D4A19275165523916 |
SHA-512: | CC1088CB870FB226929D9B4200112678BD933A648809BE6CD682FE1EF78531EC92E9BE248CB09C7B71E98FDA63EB9BC92F783E54886E75C52185A1B281ABBF44 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:bWNh3P6+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:C3PDegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 59EE5E2FB56A099CAA8EDFD7AF821ED6 |
SHA1: | F5DC4F876768D57B69EC894ADE0A66E813BFED92 |
SHA-256: | E100AAAA4FB2B3D78E3B6475C3B48BE189C5A39F73CFC2D22423F2CE928D3E75 |
SHA-512: | 77A45C89F6019F92576D88AE67B59F9D6D36BA6FDC020419DAB55DBD8492BA97B3DAC18278EB0210F90758B3D643EA8DCF8EC2BD1481930A59B8BB515E7440FE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98682 |
Entropy (8bit): | 6.445287254681573 |
Encrypted: | false |
SSDEEP: | 1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L |
MD5: | 7113425405A05E110DC458BBF93F608A |
SHA1: | 88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF |
SHA-256: | 7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46 |
SHA-512: | 6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 737 |
Entropy (8bit): | 7.501268097735403 |
Encrypted: | false |
SSDEEP: | 12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa |
MD5: | 5274D23C3AB7C3D5A4F3F86D4249A545 |
SHA1: | 8A3778F5083169B281B610F2036E79AEA3020192 |
SHA-256: | 8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97 |
SHA-512: | FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14456 |
Entropy (8bit): | 4.2098179599164975 |
Encrypted: | false |
SSDEEP: | 192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ |
MD5: | 32FCA302C8B872738373D7CCB1E75FD4 |
SHA1: | DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1 |
SHA-256: | CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6 |
SHA-512: | 57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.950242578442586 |
TrID: |
|
File name: | Resume - Ms. Nilar Htet.pdf |
File size: | 1'024'188 bytes |
MD5: | d64856d9a6627005f1ad675e9e3141f1 |
SHA1: | ca0ee1e6b68a47370b220595e3cd1a505a4aa709 |
SHA256: | 76dc5cb613a95b031765b5454c76819f528357ffb85f933088671e0ef73e6bf2 |
SHA512: | a270839342b4ad82b0f6142ebf9b89a04f8a4d8f3fde1909158ad0079e3203e619bc88f2547ea33d1bf87f6a516e37f31a61c28d4a2f9c33bb10948002680585 |
SSDEEP: | 24576:PtfSq3hXGEGxYvQhRezoNaVCLJz8e/EJLqSZIq:PtfSq3h21evKNaVCZ1MgSOq |
TLSH: | 8325F160D751503BB9488220B509229B81683DBB78B8EE0109C33D1F5BABFFDEE75D59 |
File Content Preview: | %PDF-1.3.%............3 0 obj.<< /Filter /FlateDecode /Length 15362 >>.stream.x...].37r...+t.........2Y... .... .3.;A0. q.....".,v.[ju.....QO........y....^o...}.....s...l..........].../ih.....~...._.3...~..<p.>o..x.....4.W{.....?_...........o...W....]mt.w |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.3 |
Total Entropy: | 7.950243 |
Total Bytes: | 1024188 |
Stream Entropy: | 7.952476 |
Stream Bytes: | 1004521 |
Entropy outside Streams: | 5.124660 |
Bytes outside Streams: | 19667 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 109 |
endobj | 108 |
stream | 55 |
endstream | 55 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 3 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
5 | 0000000000000000 | 98f8257a694597cdcc4f034518243d5b | |
9 | 0000000000000000 | 73127489431151b8b59c7f60295daef9 | |
10 | 0000000000000000 | 95434c15917c3b51a14b6c7d965bfc65 | |
11 | 0000000000000000 | dc5046b81b4387ffe55f017b436808c9 | |
12 | 0000000000000000 | 8fe6d6ab88b791422224a62c78a85a61 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 20, 2024 09:26:42.896569014 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:26:42.896610975 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:26:42.896688938 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:26:42.896939039 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:26:42.896956921 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:26:43.459379911 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:26:43.459784985 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:26:43.459810019 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:26:43.460917950 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:26:43.461083889 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:26:43.463396072 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:26:43.463505983 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:26:43.463613987 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:26:43.507337093 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:26:43.513639927 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:26:43.513664961 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:26:43.561647892 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:26:43.562114000 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:26:43.562217951 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:26:43.563848972 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:26:43.564199924 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:26:43.564215899 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 20, 2024 09:26:42.476519108 CET | 51172 | 53 | 192.168.2.16 | 1.1.1.1 |
Nov 20, 2024 09:26:56.581393003 CET | 57219 | 53 | 192.168.2.16 | 1.1.1.1 |
Nov 20, 2024 09:27:05.021539927 CET | 53 | 52406 | 1.1.1.1 | 192.168.2.16 |
Nov 20, 2024 09:27:06.590565920 CET | 53 | 63762 | 162.159.36.2 | 192.168.2.16 |
Nov 20, 2024 09:27:07.077996969 CET | 53 | 58459 | 1.1.1.1 | 192.168.2.16 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 20, 2024 09:26:42.476519108 CET | 192.168.2.16 | 1.1.1.1 | 0x3e86 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 09:26:56.581393003 CET | 192.168.2.16 | 1.1.1.1 | 0x14ec | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 20, 2024 09:26:29.969464064 CET | 1.1.1.1 | 192.168.2.16 | 0xf179 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:26:29.969464064 CET | 1.1.1.1 | 192.168.2.16 | 0xf179 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:26:42.485065937 CET | 1.1.1.1 | 192.168.2.16 | 0x3e86 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 09:26:56.588928938 CET | 1.1.1.1 | 192.168.2.16 | 0x14ec | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49713 | 23.47.168.24 | 443 | 7088 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-11-20 08:26:43 UTC | 390 | OUT | |
2024-11-20 08:26:43 UTC | 247 | IN | |
2024-11-20 08:26:43 UTC | 120 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:26:27 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff608e00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 3 |
Start time: | 03:26:29 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d66e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 03:26:29 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d66e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |