Windows
Analysis Report
malicious.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- Acrobat.exe (PID: 6944 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\m alicious.p df" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6216 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6552 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 60 --field -trial-han dle=1568,i ,310023464 0448573471 ,167817186 1368792776 1,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- rundll32.exe (PID: 7548 cmdline:
C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Rundll32 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | 217.20.57.18 | true | false | high | |
x1.i.lencr.org | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.47.168.24 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1559186 |
Start date and time: | 2024-11-20 09:35:44 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 37s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | malicious.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@16/49@1/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.202.204.11, 23.22.254.206, 52.5.13.197, 54.227.187.23, 162.159.61.3, 172.64.41.3, 2.23.197.184, 199.232.210.172, 2.19.126.149, 2.19.126.143
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- VT rate limit hit for: malicious.pdf
Time | Type | Description |
---|---|---|
03:36:27 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.47.168.24 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Ducktail | Browse | |||
Get hash | malicious | Ducktail | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | PureLog Stealer, XWorm | Browse | |||
Get hash | malicious | Metasploit | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | Get hash | malicious | ScreenConnect Tool, Phisher | Browse |
| |
Get hash | malicious | LockBit ransomware | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | ScreenConnect Tool, Phisher | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.2163589422042405 |
Encrypted: | false |
SSDEEP: | 6:H4NhCVq2PRN2nKuAl9OmbnIFUt8Y4NSgZmw+Y4NSIkwORN2nKuAl9OmbjLJ:Y2vaHAahFUt8Jl/+J35JHAaSJ |
MD5: | 6E6B9013FE2054E6C3C2236B903CD945 |
SHA1: | E688FA323AFED3654CE45D035CF3AD6EEB6EDC03 |
SHA-256: | 1FA0CF9F7DC63990B33C3160D4ABF616D67B83B375BFF213AA94099B1364A88E |
SHA-512: | FC6F8BC5D331E7319F5D53DD55FDC505286BF83E91122C207C6784ECDAECA2A9450498B57F6D693589A176D6C86E60337878132D8D84F7A9B9B1B7C63BE2A18E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.2163589422042405 |
Encrypted: | false |
SSDEEP: | 6:H4NhCVq2PRN2nKuAl9OmbnIFUt8Y4NSgZmw+Y4NSIkwORN2nKuAl9OmbjLJ:Y2vaHAahFUt8Jl/+J35JHAaSJ |
MD5: | 6E6B9013FE2054E6C3C2236B903CD945 |
SHA1: | E688FA323AFED3654CE45D035CF3AD6EEB6EDC03 |
SHA-256: | 1FA0CF9F7DC63990B33C3160D4ABF616D67B83B375BFF213AA94099B1364A88E |
SHA-512: | FC6F8BC5D331E7319F5D53DD55FDC505286BF83E91122C207C6784ECDAECA2A9450498B57F6D693589A176D6C86E60337878132D8D84F7A9B9B1B7C63BE2A18E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.143808450002254 |
Encrypted: | false |
SSDEEP: | 6:H4Lw3+q2PRN2nKuAl9Ombzo2jMGIFUt8Y4kZmw+Y4BUENVkwORN2nKuAl9Ombzos:YLwOvaHAa8uFUt8Jk/+JiEz5JHAa8RJ |
MD5: | 90EC36CCC4606BFED127025F1438A0BE |
SHA1: | 613E1251EEF16D3373BB4F8C930B8049493429FA |
SHA-256: | F7BF38A99C049EC6188C5D3FC596BCCC3D72A8DFADE0EBE9A494CE49E9A323D3 |
SHA-512: | 09A6F44815721BB2D92384AA01E79D1F9B4602AABF7FF49A0335F5259A077B8C580B480E429E5F11A02B665C670EA1C1A5B2DF6EC4734D03E6917FA6B5A60471 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.143808450002254 |
Encrypted: | false |
SSDEEP: | 6:H4Lw3+q2PRN2nKuAl9Ombzo2jMGIFUt8Y4kZmw+Y4BUENVkwORN2nKuAl9Ombzos:YLwOvaHAa8uFUt8Jk/+JiEz5JHAa8RJ |
MD5: | 90EC36CCC4606BFED127025F1438A0BE |
SHA1: | 613E1251EEF16D3373BB4F8C930B8049493429FA |
SHA-256: | F7BF38A99C049EC6188C5D3FC596BCCC3D72A8DFADE0EBE9A494CE49E9A323D3 |
SHA-512: | 09A6F44815721BB2D92384AA01E79D1F9B4602AABF7FF49A0335F5259A077B8C580B480E429E5F11A02B665C670EA1C1A5B2DF6EC4734D03E6917FA6B5A60471 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4e4ac4f8-7fc3-46d5-8769-95c6ae06ad90.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.2315002506578026 |
Encrypted: | false |
SSDEEP: | 96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xeyjSf:OLT0bTIeYa51Ogu/0OZARBT8kN88yjSf |
MD5: | 61E7B9B86D342B67702434B63477FC8A |
SHA1: | A44F8A8EF3C9E80C2E21D977AA6FD5E32214FCBD |
SHA-256: | 2D75AA813C92D6BFCC1B38CFC41BA6A07D49578990D8BCFE1C43520C47E88095 |
SHA-512: | 68CD1CE38B74BB9E9BA7BA9F081FB0F0EF4F0879F4E5FE10A0AD5BB16E8D975712335A9F3F33B5E4EC44D3857EC762D7AAACCA1318261CA61AE29A0CA2E8E02C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.200150351618591 |
Encrypted: | false |
SSDEEP: | 6:H4NsN3+q2PRN2nKuAl9OmbzNMxIFUt8Y4NBZmw+Y4NLVkwORN2nKuAl9OmbzNMFd:YxvaHAa8jFUt8Jv/+JX5JHAa84J |
MD5: | 8C2ACD8A052887111EA066C1F3E03ACF |
SHA1: | 331B3AA7484F9F2B10474C18335E49DA1B28988F |
SHA-256: | 63FD6C5352BD8610A14B0A103412067EF243DEE96D11D2799C4BF0997465E7EA |
SHA-512: | 203FFAAF8326FF417285C01F8D5E781D123E13EA645F9707695E12D40DA3BB9FACEFD406EE03543EFE1F70116591165A2C127DD7561D15EC4239F4B4F2C67CC8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.200150351618591 |
Encrypted: | false |
SSDEEP: | 6:H4NsN3+q2PRN2nKuAl9OmbzNMxIFUt8Y4NBZmw+Y4NLVkwORN2nKuAl9OmbzNMFd:YxvaHAa8jFUt8Jv/+JX5JHAa84J |
MD5: | 8C2ACD8A052887111EA066C1F3E03ACF |
SHA1: | 331B3AA7484F9F2B10474C18335E49DA1B28988F |
SHA-256: | 63FD6C5352BD8610A14B0A103412067EF243DEE96D11D2799C4BF0997465E7EA |
SHA-512: | 203FFAAF8326FF417285C01F8D5E781D123E13EA645F9707695E12D40DA3BB9FACEFD406EE03543EFE1F70116591165A2C127DD7561D15EC4239F4B4F2C67CC8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | 192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.216029127506309 |
Encrypted: | false |
SSDEEP: | 24:7+tPAqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+Zj:7MYqLmFTIF3XmHjBoGGR+jMz+Lhy |
MD5: | 78807E62B6C7BF323EE0D3A157B46E89 |
SHA1: | 85266E0E860018C532CD663D77B81E6516BF7C53 |
SHA-256: | CD07716C41AB0656137F1DED72CC2E676C72421C8F6F9B3859A6B6CBACB3B28A |
SHA-512: | ACBA541BA0FDD5E24B5986661AACDFBD088654002D7D5C7A300F9BD346B0F74B6F725D273ED608566CB39F6545E95F068FB18C318F12633B67120E3BBBD6584E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.770710652184824 |
Encrypted: | false |
SSDEEP: | 3:kkFklU4BvCufllXlE/HT8kUJXNNX8RolJuRdxLlGB9lQRYwpDdt:kKNMvwT8h3NMa8RdWBwRd |
MD5: | ABBC3C1B3BEDAF5FF712F32087F04DB4 |
SHA1: | 5B0C30399D6C714D0909C5EEA801998ECBA27E32 |
SHA-256: | 7D86477893104E34836C6B11B57D0AB5BA375D3A53127E42602FB72B1D78F6D8 |
SHA-512: | 6CDAD972DC42D6602F2960C6EEFE084DC63CEF17E010B4C38D768F24D223A031BA6D1ED88131E3B8B5918A225D54FED6E516CA457100AF0243A1F76312C9DEFE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 328 |
Entropy (8bit): | 3.2441017925653757 |
Encrypted: | false |
SSDEEP: | 6:kKr9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:6DImsLNkPlE99SNxAhUe/3 |
MD5: | DC6D1F45AC3BAA1A65D667D6B6357D12 |
SHA1: | 61AB31506F24F8A31EF80A9305CAE223CB42E9B3 |
SHA-256: | E4734ED09272D869AC1964C7F697EF9DC57A6B140B8E17A43D0197175BA723DD |
SHA-512: | 8CF8B719B7166D7BA5AB73EE4E4636B1AE561760C3E1AC59FA635C989037C1CF75D6681970D4866DFFCC8BA3D9B22725890A730F36F4C7143A2E95A9B31D9279 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3908011732206775 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJM3g98kUwPeUkwRe9:YvXKXMSzQWRuUhUGh5GMbLUkee9 |
MD5: | AAACBDA3E58BF21EE37245446CD5AD94 |
SHA1: | 5AD4EAF3140381F8427AEC676A411E4C95D98741 |
SHA-256: | 8E22841F9755D63FCBC7F795C7188BB8FE989607233C27F09CED661BA9D1C6E3 |
SHA-512: | 4AB36D60EFA6E5D74D10D71F50FB57E38BED0E9069AE72F7247F011AC85BD050B9C5EA472E8594A7239D4743CE54F3847156EDE7162C9AFFA19CE95BAFAE5A6E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.3419279141497915 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJfBoTfXpnrPeUkwRe9:YvXKXMSzQWRuUhUGh5GWTfXcUkee9 |
MD5: | BE56EEE25CBBA2C2C4FAE2B5143497B2 |
SHA1: | 1F2BCFD07314CBCAB77170F74804B1C029DDEA92 |
SHA-256: | 1F9165747F9E90359B345A3341C8F2730E367E66839525941164C658FD8FBB52 |
SHA-512: | AF738A2A210BA8622E674950F6BC6EFE380D8D550D76473449F66CB1E09CE33ED0C2A5E13319E14B498A7488405986AFEB37760EC24B3DAE3ECE243C420577E5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.321414483287194 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJfBD2G6UpnrPeUkwRe9:YvXKXMSzQWRuUhUGh5GR22cUkee9 |
MD5: | AF463E156EDB3D9C0C0387FB6335A245 |
SHA1: | 3138677A62EE8ED24EE1F05B42EFF3A411CCA317 |
SHA-256: | E0AD29A25C5341188E46779BD4B44368E0E220F9DCEDC46EE7E1F8A365792832 |
SHA-512: | 244C2698B1538A8BAAFEB2AABD05C548D502E3BECF6B4492E3B976C66AC67FD93AE66DB72232CD39597466ECB4067D3C01F0C485FEEFA209E95A6B9D72CE00BB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.380144091326708 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJfPmwrPeUkwRe9:YvXKXMSzQWRuUhUGh5GH56Ukee9 |
MD5: | 95D98BFCE4C82A91363F7BC35F0B8550 |
SHA1: | 8183FB198DF871251758799A3A523C097D905BE7 |
SHA-256: | 940D90A6B3D3C1D2AC5241E4C84EF61E4F428F140B22955F794684F0898B68D0 |
SHA-512: | 7A5307DF80399A1A85143C7B678FB805CC97E2D12DB96E2BE7860792673ECC5AC096E16790D8B0BB79AFCE1F67C423EDBE1088590776B2F3C851E082F2C0441D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1123 |
Entropy (8bit): | 5.690666136156512 |
Encrypted: | false |
SSDEEP: | 24:Yv6XPRUGhepLgE9cQx8LennAvzBvkn0RCmK8czOCCSJ:YvmU5hgy6SAFv5Ah8cv/J |
MD5: | 270DE7C3B45855C2EFAA4B768A01008B |
SHA1: | CA152DE15D40ADBEA7C61AF5FC4C25DB0ADE5BAD |
SHA-256: | 02F84BEFC569AC3D25140F2099D10A5675FE07AA2BCC42EF692ADA1BD4D1201B |
SHA-512: | 799AF929D00CCABF595A10C4F45945D7C1C44336CF68B6074D9603BF38D7853F60F0984236F014ADEA699C4B98FE7E1F3DCDEB656A0392DD6498F5A0452C329C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1122 |
Entropy (8bit): | 5.684108759923734 |
Encrypted: | false |
SSDEEP: | 24:Yv6XPRUGhIVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBM:YvmU1FgSNycJUAh8cvYH3 |
MD5: | 09C14CD3816B4A731A5F3C3C26F45B55 |
SHA1: | EF290F8C26F8E05FAA036B268095D6F23DD08E26 |
SHA-256: | 2A929E98872D9D295F95D811410FCF1611939A50AFABC128E12C579DD1434582 |
SHA-512: | 4967F7D8E81375E18C3A011C4BCCFD7246C3D4B20EB214A5F0FC9ECB18A0AD60EB05F26AF0E5D3D5732E05C34E658AF8F6F400CC8A0E5EC6311E815FBAAED309 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.3279625208010835 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJfQ1rPeUkwRe9:YvXKXMSzQWRuUhUGh5GY16Ukee9 |
MD5: | 58F43C87E2D83038A9967727AAA5D76F |
SHA1: | 09BACDBE1E808E2EC76AB65F69B844E6EAF47FE3 |
SHA-256: | 3F588DACCEF37EE35FF217767125616E469F21DC2D4F6B1A3D74204A8921973E |
SHA-512: | C48EB2E4815D7BECA333CFA4B9580C5D1628683EB5E99B8BC27C9EE7B94483A48175B0A72E5D3050C113803BF3D7F0A7AC5E3232FDC49ABF32C1F98884546ACB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1102 |
Entropy (8bit): | 5.6731019399467035 |
Encrypted: | false |
SSDEEP: | 24:Yv6XPRUGhN2LgErcXWl7y0nAvzIBcSJCBViVM:YvmUUogH47yfkB5kVJ |
MD5: | 1658E84D8AB973921CEB5580A64FECCF |
SHA1: | A14C161748545E21DAB7D920F7631D50E76C6EF8 |
SHA-256: | 8270CC2F790DCF45ED52009278BCF007409D19073AD8C9D66FD68491F57F551F |
SHA-512: | 350A9018A12CE15C3A5EA55DE006ED4DF06E4981E361E6F5CE7306024B68F01A67DEFBED86A5E0AA994E1895E1005DD86FF2E5B80B1041305602B76DB43B2052 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.700038267073867 |
Encrypted: | false |
SSDEEP: | 24:Yv6XPRUGhlKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5M:YvmUkEgqprtrS5OZjSlwTmAfSKq |
MD5: | 9C2A396A2CCF0B4F113E22B6427325AF |
SHA1: | 9F8660717FEA217D2E1CFDC7C55ED297DA21658C |
SHA-256: | BF734A5151F446BAC3B09014E4752610D96A04D9201FC97D5C9F1761379FE1CC |
SHA-512: | 0C0C134A6C7471C9319BD7F7E2785742C432855609AD19FE04D7FA267661BF0E7D77FBAD1AA307A70503F71B014550325B78144A33AC887A10B397DC7D7488B7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.331120036723136 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJfYdPeUkwRe9:YvXKXMSzQWRuUhUGh5Gg8Ukee9 |
MD5: | 49E2E6DAF97D1FF664418D545697832E |
SHA1: | B7FBF10F088903B5876530B6162E411EB799F9FA |
SHA-256: | 50B9D74295C2101B7082F10793E3EE62644DF75AF8745C3366B1280DAAED5FEC |
SHA-512: | 37A6686E012C9FC1C64B9A8E8FCF13FB3251B2546CEF6BB65978E6E23AB551905F611254B81A7E758BE76798504AE248ACD4450A1C04995E73494A8DB6217DB7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 284 |
Entropy (8bit): | 5.3180172884441275 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJf+dPeUkwRe9:YvXKXMSzQWRuUhUGh5G28Ukee9 |
MD5: | 9D4874D100C5D3A506105DAF523695FC |
SHA1: | C72001333405C007D61682A757211D7CCF9CD78A |
SHA-256: | 33ABF2DE9D856CAD5E47AC072D90BC9FEDD08EAEE370D63A0661FD0A05A86154 |
SHA-512: | E4E521FD59A5E004BCE56FF1818F43FB7BB6CA71D1190B05C13C4CF794A283D0CD09497D7794DC77D3E5DF5E6E3FA9005B1C87AC97374F63C010FDAB73FFE93F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.314453250983095 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJfbPtdPeUkwRe9:YvXKXMSzQWRuUhUGh5GDV8Ukee9 |
MD5: | 7CA613F02CAD3EE945AFF0EB4EC2A950 |
SHA1: | 91FE21D0C5DE9F73FA2F7EC5E332CBABBC6E384F |
SHA-256: | 046F6D5C105D30E06F930A2631E72B0FB61B4ED0E2835B962D46166D5D99BAA9 |
SHA-512: | 0DBB36560F5BE01F4E7FC35AAD32754AE1524EA8FCE8F7354ABC08931A23CEE679F1B085B411C87B85545D8E35528FEBEEDD10D1E0D82BA3582B4E87DFD2FF90 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.317950938466892 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJf21rPeUkwRe9:YvXKXMSzQWRuUhUGh5G+16Ukee9 |
MD5: | E15DE313746A34967BA29650205FA892 |
SHA1: | 767222A2C5F31C2B845A986D3E81C80EC03BAF5E |
SHA-256: | A5CEC90527F4FE2FB6BF75CBF112A3A9EFB56F539AA3139E06947A93A3F92513 |
SHA-512: | 00BA324E1DD8C1D27CB6F0269295C7901DCE0C0FCB1D90DD7354B6EFBAAD749C654D8887FFE4339FF20B5F77406F40CCA6B2B9FA272C4295BE7BC8FF4148A8BE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1090 |
Entropy (8bit): | 5.6645378415830825 |
Encrypted: | false |
SSDEEP: | 24:Yv6XPRUGhCamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSJ:YvmUVBgkDMUJUAh8cvMJ |
MD5: | DE08F6E3C2C06D2A080F7ABAA76530AF |
SHA1: | DDCB5BDCBED202A448E39528B5F1099F01ABA980 |
SHA-256: | BFD547C1EBE1D2374B9127B0C08A1C23E07DB3755626C490CF35B0BB34167189 |
SHA-512: | 39C5CC4153641359BCD991F97D76BBFC93AB4D0A5E1BCE9360E9BC1CA9F4E4E9E1CD6E33CF57B50F9C425CFC2E49D6850D8E1DB165ED501C80FB93C8D3FD2E3F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.2918118268965415 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJfshHHrPeUkwRe9:YvXKXMSzQWRuUhUGh5GUUUkee9 |
MD5: | 1940E90CFBD4A3DD9E32A7F24AD0011A |
SHA1: | 349801D6751592EF80E8BAC01403D8B7D4629B50 |
SHA-256: | 413F043B88E05BA85FA0532E0A9BA043BC6DD4DE4C2D623F8EAC00FDF19DF635 |
SHA-512: | 54C2F2C7F8D5FF1D489BA71EDD7EC34E60FBD3E16E13C5C7DA89F80DF0660A8EBBBE3F44EBC1D650D1ABEEA4901B0494B42403E1999AEE22829BA1514204D1F1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.3719901168775674 |
Encrypted: | false |
SSDEEP: | 12:YvXKXMSzQWRuUhUGh5GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW4:Yv6XPRUGhV168CgEXX5kcIfANhJ |
MD5: | DC73F1B8168D4A9A37235ACF00BD233C |
SHA1: | 8753A4D6E38BCF9853D4AFEAD7F0DB38652DA87F |
SHA-256: | BA28FE0588B7C79544914F88855C3B1EAD82974D6AC87CBAC15C2C75F427E940 |
SHA-512: | 2C343AC18DE397373690954453F8AEDAC835E10D23D77C644B75464C56EAAF8B785EB173ADDC592DA1EAE387BA7F691FB11BA90B9B2F08D8274A425681AE62F4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2817 |
Entropy (8bit): | 5.118573277634307 |
Encrypted: | false |
SSDEEP: | 24:YdVa9May+j90WxzPvUC+SEFW6pozrKJOjx0qj0S6nBCO2uzP2LSkRBMHoXLh5Z9x:YKZ08znUxSX6pMOM8tZzPCnMiNn9XcJw |
MD5: | A6101FA015B1300DF1E20B0BF7521DB6 |
SHA1: | 034BF3C3BE6B35F0E1D9AD257B3B4C6C1C753E58 |
SHA-256: | C9A257A7F6DEAD4590665C3163E4E66143DD9D4DE4C3F4F19983D00AFD3052F3 |
SHA-512: | 123F811BE3323AC23561761960EF038DCAE554B098A62D0958234F2770134584F444FDF46D1B7E945140EECDFCAFB45C1ED02A7A229AFC3D56425861A03C5609 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9886379639427479 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs67Y9QmQ6QegsNnIcLESiAieIsNnF:TVl2GL7ms67YXtrgOIcI8kOF |
MD5: | BC2E128F3FC8897B15CDCBFEFFC225CD |
SHA1: | 0A4E8FDED8305E98384C4C4A4396B49195DA91FF |
SHA-256: | C62F25E558846BEF82CC74E3F7D29DEA4493003E624930F278C12BB3BE9FC113 |
SHA-512: | 6AB6BE3B0A681921FCFF31A13689D8CB918E0ADD679FC54521760B2D30A237A0A5F626421CBFC9510EE42B38C61A6F8D40EE730723194AECA249837635F7391C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.344301020707145 |
Encrypted: | false |
SSDEEP: | 24:7+tIASY9QmQ6QegsNn7cLESiAi0mY9QVqLBx/XYKQvGJF7ursyU:7MIlYXtrgO7cI8KY8qll2GL7msP |
MD5: | 3EDD80D5A7BD209B6CAE499FEADA789D |
SHA1: | 4C0D9114A3752E7FB5894892FEF1587453FA61F5 |
SHA-256: | 1EE9A557CF5667A20B9E326E75C75E4CCE75E355A32E1602EDDE7DA1F0D7808C |
SHA-512: | 00BF5EC692FAE8F27F4C467F649ECF903D127AD2C6B25F61006479924FC2846011AB8CAC4C15DB5DCBF0ABC9828262DC0595448E6981654AC3E31BC805B94ECF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgcnH9fWTSWUytuy2+TU1Ad3tYyu:6a6TZ44ADEcndfWTSQWANtK |
MD5: | E09E23D9AD97880D63CDAF150274B0B3 |
SHA1: | 896A57657B6C27FEC63573F3E23F25FD68CBB93D |
SHA-256: | 6F7B0DD787A8D8774BF39290C7790DB63ACE8ACD9645DCD7B7A6C9B9E7569367 |
SHA-512: | 1E8AA48D1CAFCFEF6D3474749B9E32A2A0F9A6395A975C565EA7359EAD90740FD7193A7DD4C285B4F16C32B9215A0BD6069E92702F643170361942178469F26D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5097251598291805 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8QOOltI0lH:Qw946cPbiOxDlbYnuRKZOOXI09 |
MD5: | 6F11BF19A32F9199B924CD66F35BC6A5 |
SHA1: | DC79539530783626965EFAAED9568DD3C6D2F63A |
SHA-256: | 2AA5663A861B24AFE291367E69C57F7B2530FB351583CDC5FEE24704EE0DB74C |
SHA-512: | 4E1FE5C9782693182BC791178E097E5F4F004B203978FFC3C5ECB5E0274FA90AD3C3B98C6DCF7CB33D959A313AA4B1E980453761FBD92A43F6F6CE5CE417B68F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-20 03-36-16-566.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | 384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.351916412164242 |
Encrypted: | false |
SSDEEP: | 384:JS8n0+V/69taQ3LTkChsBLUVpSjrNUYDO5wk2KHyL6FMDtYluMd2soNoNQHZQ+rq:BzkL9V |
MD5: | 58A9082562295F3CC62F7B8D23520761 |
SHA1: | 1B2D553D222794CFDA4568E08285998C83ADF16F |
SHA-256: | 64CD5E4B32D640A0BD0F4718DB9C8A4EAEBD7DFE4A16AAB857101AD76E624BCD |
SHA-512: | BCC562E203A2BDFE1A1B67C3C89020E1CDF4D3AD1E1DF7C08F0483BFD91A1C69AD1B080FBAEE4C9764995A5A0B1B4C522A516348B2C75835F91A300D575AFB7F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.418924399448364 |
Encrypted: | false |
SSDEEP: | 192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbKcbFeIDxcbR:fhWlA/TV2HDu |
MD5: | 87B25FC6F050412760F93AB2E12EC0CA |
SHA1: | B81934979C5D575CBE206067488FDAEFA195DB08 |
SHA-256: | 55E46A712FD8294487925F7B1B37B5CBD21354C86C85EC6DCD9DC7EF11042546 |
SHA-512: | 3EEEC6010BB3981D159373F80FE353ED60C7E0FFA0775A198E325F6F4116E13EDA48EBEEA92052971312723E16D6132FEDC9348894C4C52B5171B64688829FEC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7ouWLgGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLgGZtwZGk3mlind9i4ufFXpAXkru |
MD5: | A8E5C37206C98D1B655FF994A420FFB6 |
SHA1: | 827237782AB5971EC205C3BCECCC7950BE9F84C3 |
SHA-256: | F1F755059AF7C2CBC36920337941AEFB18FBDB3CD14D3239CBBBCF0CB8F208EA |
SHA-512: | 12DE33EB7624458AEC44D83D4E2C09E626F8E54E177FC0C26EEBA232935F34FAAAEB71FBB025EB7C53BEA9933C46ADCE759C32516D1B80C03B6734C61D61CEB2 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.373151494401524 |
TrID: | |
File name: | malicious.pdf |
File size: | 4'673 bytes |
MD5: | 18f28301e3a28e641428a35be5412f3c |
SHA1: | 309db4d0a6dac3e7dad08ebf457e951d7211b4f2 |
SHA256: | bff4f8d4e255115b1e9259c1f7bbad7b2ffa2f0718734f78b4060eefc3bc698f |
SHA512: | 133bc47621c1108ca42f7d4370618805f7892e13cec48578a56e35b94bcfe9be1c64d5e83640d9c648bd8cbc20375ff63abc157947fb3da73b5892755fade62e |
SSDEEP: | 96:lfhAFnzA4xEN8Mtr+oMboMWRoMboMgm5dClVVVVVVVVVu6hDFDQAyYkbv1AyYkba:lJAFzAbXtr+oMboMWRoMboMgm5oDFWYn |
TLSH: | 87A1D98721DBAC844865C2689037D59D660FF36F484C9648C3EAD1B5D3BB7B18867C37 |
File Content Preview: | v+...,Z..I.-...........irV...(6..j[)j{-.W........V....xCTH...|.._q ...M2.fi...]m..`+.|...v...[.)........l.)^m.$.....(.......)^...j....Z......Q*)........l.)^m.$.....(.....o.........zk(}..j.ejx.j..5D..n.n'.......t<.........)j....r...rH+...r.h..(v..z.)j{-.W. |
Icon Hash: | 62cc8caeb29e8ae0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 20, 2024 09:36:28.007227898 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:36:28.007253885 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:36:28.007323027 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:36:28.007492065 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:36:28.007507086 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:36:28.570178032 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:36:28.570518017 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:36:28.570544958 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:36:28.572025061 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:36:28.572096109 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:36:28.574223995 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:36:28.574320078 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:36:28.574409008 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:36:28.574419975 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:36:28.621098042 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:36:28.672339916 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:36:28.672481060 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Nov 20, 2024 09:36:28.672606945 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:36:28.673415899 CET | 49713 | 443 | 192.168.2.16 | 23.47.168.24 |
Nov 20, 2024 09:36:28.673441887 CET | 443 | 49713 | 23.47.168.24 | 192.168.2.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 20, 2024 09:36:27.555752039 CET | 52326 | 53 | 192.168.2.16 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 20, 2024 09:36:27.555752039 CET | 192.168.2.16 | 1.1.1.1 | 0x9526 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 20, 2024 09:36:18.496469021 CET | 1.1.1.1 | 192.168.2.16 | 0xb576 | No error (0) | default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 09:36:18.496469021 CET | 1.1.1.1 | 192.168.2.16 | 0xb576 | No error (0) | 217.20.57.18 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:36:18.496469021 CET | 1.1.1.1 | 192.168.2.16 | 0xb576 | No error (0) | 217.20.57.34 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:36:18.496469021 CET | 1.1.1.1 | 192.168.2.16 | 0xb576 | No error (0) | 217.20.57.20 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:36:18.496469021 CET | 1.1.1.1 | 192.168.2.16 | 0xb576 | No error (0) | 217.20.57.19 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:36:18.496469021 CET | 1.1.1.1 | 192.168.2.16 | 0xb576 | No error (0) | 217.20.57.35 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:36:18.496469021 CET | 1.1.1.1 | 192.168.2.16 | 0xb576 | No error (0) | 217.20.57.36 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:36:27.562616110 CET | 1.1.1.1 | 192.168.2.16 | 0x9526 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 09:36:28.324673891 CET | 1.1.1.1 | 192.168.2.16 | 0xdcf2 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:36:28.324673891 CET | 1.1.1.1 | 192.168.2.16 | 0xdcf2 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:36:41.343367100 CET | 1.1.1.1 | 192.168.2.16 | 0xa23d | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:36:41.343367100 CET | 1.1.1.1 | 192.168.2.16 | 0xa23d | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:36:53.770317078 CET | 1.1.1.1 | 192.168.2.16 | 0xc6f7 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 09:36:53.770317078 CET | 1.1.1.1 | 192.168.2.16 | 0xc6f7 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49713 | 23.47.168.24 | 443 | 6552 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-11-20 08:36:28 UTC | 390 | OUT | |
2024-11-20 08:36:28 UTC | 247 | IN | |
2024-11-20 08:36:28 UTC | 120 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:36:12 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f24d0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 3 |
Start time: | 03:36:16 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d2d30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 03:36:17 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d2d30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 14 |
Start time: | 03:36:33 |
Start date: | 20/11/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6219a0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |