Windows
Analysis Report
BankAcc Confirmation Letter 002.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 5616 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\B ankAcc Con firmation Letter 002 .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6612 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5268 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 08 --field -trial-han dle=1664,i ,170525314 5010471909 3,75347096 3211495248 9,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
x1.i.lencr.org | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.202.204.11 | unknown | United States | 14618 | AMAZON-AESUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1560169 |
Start date and time: | 2024-11-21 13:46:40 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 4s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | BankAcc Confirmation Letter 002.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/30@1/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 172.64.41.3, 162.159.61.3, 107.22.247.231, 34.193.227.236, 18.207.85.246, 54.144.73.197, 2.23.197.184, 199.232.210.172, 95.101.148.135, 2.19.126.149, 2.19.126.143
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- VT rate limit hit for: BankAcc Confirmation Letter 002.pdf
Time | Type | Description |
---|---|---|
07:47:43 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
52.202.204.11 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Rhysida | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DanaBot | Browse |
| ||
Get hash | malicious | BlackMoon | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AMAZON-AESUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.224320099999662 |
Encrypted: | false |
SSDEEP: | 6:HEOFiSVq2P92nKuAl9OmbnIFUt8YEMFlgZmw+YEMFlIkwO92nKuAl9OmbjLJ:kOFiSVv4HAahFUt8/ag/+/aI5LHAaSJ |
MD5: | 485C0480651751087D723FF0A00D0286 |
SHA1: | 750D12E64F1CC91B795B7794D90E4EFF2E3BBEF5 |
SHA-256: | E8254310DF92779E91AA3C1FE51C6D4D063000AC09EDC4AE815444FD095D4CB0 |
SHA-512: | BD7145F183E6F9B6DB6E1DAD2880FF55BFF96897F87859D885A16904E8AD989695DDACEBCC4230479BEAB0F856C62F285277F7ABF79CF52041941FD2FF7DEE5B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.224320099999662 |
Encrypted: | false |
SSDEEP: | 6:HEOFiSVq2P92nKuAl9OmbnIFUt8YEMFlgZmw+YEMFlIkwO92nKuAl9OmbjLJ:kOFiSVv4HAahFUt8/ag/+/aI5LHAaSJ |
MD5: | 485C0480651751087D723FF0A00D0286 |
SHA1: | 750D12E64F1CC91B795B7794D90E4EFF2E3BBEF5 |
SHA-256: | E8254310DF92779E91AA3C1FE51C6D4D063000AC09EDC4AE815444FD095D4CB0 |
SHA-512: | BD7145F183E6F9B6DB6E1DAD2880FF55BFF96897F87859D885A16904E8AD989695DDACEBCC4230479BEAB0F856C62F285277F7ABF79CF52041941FD2FF7DEE5B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.208038290412672 |
Encrypted: | false |
SSDEEP: | 6:HE1Oq2P92nKuAl9Ombzo2jMGIFUt8YEGTZmw+YEzFzkwO92nKuAl9Ombzo2jMmLJ:k1Ov4HAa8uFUt8/6/+/p5LHAa8RJ |
MD5: | 0C785238EF01D29F13AE6B0AC4AE15BA |
SHA1: | B3B7C868F15FD25C7B043C397233B56FEE53DCA3 |
SHA-256: | 3231E8FF1E0F54E05B1E8992B0D5C76479A4E33CE004BFF836EDD17BC104774D |
SHA-512: | 4EB75286E0ECB9F199767FFBF70537FE4D7508DE85A33405E674F56A956F724737A427F12CC8072269DD4474581DD1FDB2FF504661D75D57F8DF4D006A17F3F0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.208038290412672 |
Encrypted: | false |
SSDEEP: | 6:HE1Oq2P92nKuAl9Ombzo2jMGIFUt8YEGTZmw+YEzFzkwO92nKuAl9Ombzo2jMmLJ:k1Ov4HAa8uFUt8/6/+/p5LHAa8RJ |
MD5: | 0C785238EF01D29F13AE6B0AC4AE15BA |
SHA1: | B3B7C868F15FD25C7B043C397233B56FEE53DCA3 |
SHA-256: | 3231E8FF1E0F54E05B1E8992B0D5C76479A4E33CE004BFF836EDD17BC104774D |
SHA-512: | 4EB75286E0ECB9F199767FFBF70537FE4D7508DE85A33405E674F56A956F724737A427F12CC8072269DD4474581DD1FDB2FF504661D75D57F8DF4D006A17F3F0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3016a639-bc09-4fdc-b685-460bd3384cd3.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.048635641790579 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqCL2sBdOg2H5Jcaq3QYiubxnP7E4TfF+:Y2sRds3bdMH5w3QYhbxP7np+ |
MD5: | 05194B01E11EE11E0572D82F6118048D |
SHA1: | 90B9B961274F48D4595A00C3F56572168019671D |
SHA-256: | 8A38C91D0D9A92CFCB190AAB563C0A90AAFF4168C0179F7445DA35D745ACEF97 |
SHA-512: | 47FB13C7F7A32E645B062BF8E188E38ACB541F3D4E6695C163D909F2B9D9837F4FC87578DEA134B0886BE368143EB252B98BB7F17892C4F59A8C89DE8EBF3226 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5a4cd2.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d6f1cdd4-65fc-4058-9fc8-19cbe99c7840.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.047195090775108 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+ |
MD5: | 70321A46A77A3C2465E2F031754B3E06 |
SHA1: | 5E7E713285D36F12ACFC68A34D8A34FD33C96B34 |
SHA-256: | 344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248 |
SHA-512: | E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.226201006747521 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUOZaiq8Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL7 |
MD5: | 051AA03F5039157B791A16733DBD929C |
SHA1: | 7B26E7DD73B199C4F9959EB42402285E2722F121 |
SHA-256: | 5F036EAD0E89C5AC4E37830741B335EB54C445008C03F4E6CAB6DD2D857F15E1 |
SHA-512: | 2FAC22ED9EAE4300F7DAE6DEE2360EDEB67C339AC13E201F4B8045CF97BEE5976C257E0E9F69FEB25F72503EADA1D6A10BAA327957B42F2D57D2F121261A54A7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.228601525809504 |
Encrypted: | false |
SSDEEP: | 6:HEfSEq2P92nKuAl9OmbzNMxIFUt8YEfSbTZmw+YEfS8kwO92nKuAl9OmbzNMFLJ:kJv4HAa8jFUt8/y/+/v5LHAa84J |
MD5: | 77D9EE4450605594F59D66E3854FF3CE |
SHA1: | 6E1259DD756B8E67B0169A1940A6BEB1A85A9B4A |
SHA-256: | FD38BD881637D31CEB91DF7ECB24607944900949C64CB464CBE12E347A38CBCD |
SHA-512: | ABD0BFB4443CC0360F160B591D139EDDDEDA06B757F98440A3F6438234588B5F49BE8720C6440E8679A9C1B3D606DBDBD6B2D3F6FE871FD1B2702D43E3ED94F7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.228601525809504 |
Encrypted: | false |
SSDEEP: | 6:HEfSEq2P92nKuAl9OmbzNMxIFUt8YEfSbTZmw+YEfS8kwO92nKuAl9OmbzNMFLJ:kJv4HAa8jFUt8/y/+/v5LHAa84J |
MD5: | 77D9EE4450605594F59D66E3854FF3CE |
SHA1: | 6E1259DD756B8E67B0169A1940A6BEB1A85A9B4A |
SHA-256: | FD38BD881637D31CEB91DF7ECB24607944900949C64CB464CBE12E347A38CBCD |
SHA-512: | ABD0BFB4443CC0360F160B591D139EDDDEDA06B757F98440A3F6438234588B5F49BE8720C6440E8679A9C1B3D606DBDBD6B2D3F6FE871FD1B2702D43E3ED94F7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241121124737Z-168.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.4252528391678023 |
Encrypted: | false |
SSDEEP: | 96:wJufHUa/UKiqgyZbMKJp0lNLxE+MEM8REMEMM35MSMI0pyNMEMEMEMEMEMEMM9VB:fUa/U9qjENHknVLglAwpzTE |
MD5: | 16A23E3F3A73ABBB31B2BD032F776F3B |
SHA1: | 88B26D25591FAD06512EF7EFB4C2C7B7801D25C9 |
SHA-256: | 04F4452859E29105D917CED122E93C7469D2C1EB8744F2DA703D943491463523 |
SHA-512: | 3AAF0C1517C001CE4B9BE8131174A29CAE65A17D3C5FC29EA12A8A067899B885360D296FEFBDE4F4D4661DA105792264625BD9EAE0120E50C2C1E104AEC213D7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7569015731729736 |
Encrypted: | false |
SSDEEP: | 3:kkFklWzil1fllXlE/HT8k/zvNNX8RolJuRdxLlGB9lQRYwpDdt:kKPeQT80pNMa8RdWBwRd |
MD5: | D448EAFCAE7CB9F32515241993B92C88 |
SHA1: | 87A1B4EE8B3BDAE2AD4FDD31C045CCD6F06126B5 |
SHA-256: | ECC3B2EA889357BBB8E7471E8B80255EC3907FBA4EEBB6DFBA88D5AB88CC191D |
SHA-512: | CDCF6CCCF416B44B363ED2121B41AD4A390DE8166FE02F46F062FEC16FA277C46E0E6AB77B1B78B69F6CD9C69BEC9C6811706D94A82AC36DC5976A369A3A45A3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.2478978672539016 |
Encrypted: | false |
SSDEEP: | 6:kKqAkT9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:bDImsLNkPlE99SNxAhUe/3 |
MD5: | 4B082321CB86280FCE9D86FBC7D3030F |
SHA1: | 993726D74D233E094CB4F88675A0EFED11BB3E88 |
SHA-256: | 039CD0B17C19D242ADC8013BDEDB8C530595D4DC0C54AC9AFCEDE389589E8B9A |
SHA-512: | 41BB80FF02308E768B91E22235BC4D1DA6B03C4F2943E99E99652FF1A09583176A8353D3C7DCFEB8C6974F3F08DBAD6B5A70D70AE938078EB159467567457EA8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2145 |
Entropy (8bit): | 5.069737471939977 |
Encrypted: | false |
SSDEEP: | 24:YFuVT3QJGm27XHZ2LSCt7aZna0TNpnayGZmmuBJvbZW4xCZqu20Z+nZO8ZMCCDxN:YWTAwmWXZYEtoitbRCwu20wD+JliWxao |
MD5: | 119B033227F7131E6BA6960E008A6E69 |
SHA1: | A85222B534054B0DC600DEAD9A9365770849D8FD |
SHA-256: | 824DDC7DCB9823CC6A93A0309BC17D8AF1F6A0222A136416DCBCB52EA11845CE |
SHA-512: | A4B47E3225C4C499F409FC08F263D07175CCEEA4D83951F51505576E6A98BA86FD9DA3BADC1499164AE0E5ECDCD67289D647B37F269405E3286DBA12D68B22D1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9854027110798539 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sphf+H4zJwtNBwtNbRZ6bRZ4kf+HF:TVl2GL7ms6ggOVpvzutYtp6PC |
MD5: | 076F578D8155B86BBFB4698D5AE8F449 |
SHA1: | E219B3F21D33E787C58231C0BA7A3B6D21A914FD |
SHA-256: | 9073173900AEBB1CABE094CBC85FDD610DC9711A0E9A54AAA48CF8E82563F5FF |
SHA-512: | B472639C16AAFCE239E3C30909041117A9DE32121BEAC15EE982CF1AB9B07B8C9A13DF9B5CEF458F6BD1B40BCADD91E360E30AFBD832CB0D1E8F78FF8E29FCC3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3396644666959285 |
Encrypted: | false |
SSDEEP: | 24:7+tZAD1RZKHs/Ds/Sphf+HPzJwtNBwtNbRZ6bRZWf1RZK5qLBx/XYKQvGJF7urss:7MZGgOVpYzutYtp6PMgqll2GL7mss |
MD5: | 0EA7B5136DF99B202CB0549BE9D835CF |
SHA1: | 37DA31F711AE04C0CE7CC8862B95BF6299619D9C |
SHA-256: | A3DFB8DBF2713B6CB82ED3FEBD4DE7067DF3DE66388070D3D7B0E4F3B27AA083 |
SHA-512: | E9B23BF3EBD17AFC0B14E589E74A256003F989429EFD969D3500CC826DF453A70E8202BF4503D47DB764336DDF3CD4EC1E1C4C31A2DA51E0A44494A22769C86B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgXLv3B/4dJUN6OiPbXg9gcc+zFYyu:6a6TZ44ADEXLfB/+UUFbszFK |
MD5: | 91C8C8EC41D460D97AE0AB7DD0090C50 |
SHA1: | 52675DF6005B9B8217A327F0551DA574948B8CA8 |
SHA-256: | 5A3E1DB21396A81FD23BE4E9C5FCE5182E1A1486E74789F6ECFC18F9A91ADF79 |
SHA-512: | 1D8517DEA3DD9627879B018324446D94646B37F70F98D007DEF6F8A58D189EA38CB17A4DEABC2847838794C34D299FA76FA91B63565962900C08BC68771EFB39 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.493870954423123 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8hlpW0YH:Qw946cPbiOxDlbYnuRK0fYH |
MD5: | 7B27AD598F672A7CDAD08FAC201FC9B4 |
SHA1: | C6B471DB6D6A5ACD39C7093E8C0F07A626615066 |
SHA-256: | 250D7A0D4EE21ACF31A8B2D1F94DCC466C4F9B74BF7A0DE023FD8CA988B83B88 |
SHA-512: | 4587D06128A79078175E3F0E0F3ACDF15A6419A7297D1489EEC3BDD409EB11C2E5E6B4BFC1CF43818BA6A899A8C64B2204E4C59A33A02BECB3E71708B32C1859 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-21 07-47-35-310.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.352430809988473 |
Encrypted: | false |
SSDEEP: | 384:SF5I+uzIZHU8dbOKnD83E+s1FtigsVcVgV3aVr9X7tuREhjtfGA2RiAQ1QlYaw/8:M3+meN |
MD5: | 78F57D45885E4E2EC2F4B4D47AEB7A52 |
SHA1: | 2987E37C758D4B634A26E7D10F6CDF1C74A7DFAC |
SHA-256: | F25559638D966463E70E718B03F36779B5EB2F189A1FD238B27537B58EA96418 |
SHA-512: | 05EEC3FCC91AF4014BF66F2198F0D14A5A54F6B091265A6319D238A18071BCC3CBC1943EF1A0CB43154A38CA04A53040BB892D6E53B698DCEF46437958F06403 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.401194365866112 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbi:W |
MD5: | 0CDEE2C56C1D2796E0E6D8AA319B7367 |
SHA1: | 17AFE3BEC7FA3FFEFDCF8BD159E488FF8BD70670 |
SHA-256: | F236F09064EC35E741E32D227DA03F067F2D07EEDB10263587767C50D62834D3 |
SHA-512: | D1F51B9AB5FB4E4D72432E901E8815BEE6839908882A5FEE03E8076A75DDE1B82BE5746152BF68440A7D5AF902179B7B0603872C941E580B48360EBC58F8A208 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.992077384177795 |
TrID: |
|
File name: | BankAcc Confirmation Letter 002.pdf |
File size: | 247'677 bytes |
MD5: | 6dbda2c52ca6bd0759d7c156962f333b |
SHA1: | 233767c1551f4eacb99119170a563f175f47a161 |
SHA256: | 3d94bdfe2fa47e61495f488c3fb43e46d2c1af99174cbe2013b7352628ca6999 |
SHA512: | 9e64aab6120e759f505b278a5223dde75e9b4de25f919b4c8eaab23f7c6ae8bb54627738e0521e15982a6aaf11236f09b55fda82da348c4ec8b8befc2a4af333 |
SSDEEP: | 6144:haLYAW3KN9FYkvK0o1a50a3wYg9jcCwylB0T9aJuXCDQm:haLYAW3KN/Yuo1a5hgYgEafDt |
TLSH: | C63412139D4DEE0B46858712BF126E3A3659324E518633FE05314FD662BBA84AF2710F |
File Content Preview: | %PDF-1.3..1 0 obj..[/PDF /Text /ImageB /ImageC /ImageI]..endobj..10 0 obj..<< /Length 2694 /Filter /FlateDecode >> stream..x..[.s....~3...c.q.....t:u^w.....Mz.t:...l(.!).._...R.D.h'Nh1...........o.......<$2.....(.R.g..a?......'...|A.....uz1.gop,...&.@.... |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.3 |
Total Entropy: | 7.992077 |
Total Bytes: | 247677 |
Stream Entropy: | 7.992896 |
Stream Bytes: | 243021 |
Entropy outside Streams: | 5.213127 |
Bytes outside Streams: | 4656 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 25 |
endobj | 25 |
stream | 8 |
endstream | 8 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
9 | 0330334353313002 | 72cc3ba647f8f9d2e7201a9581bd7921 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 21, 2024 13:47:42.947348118 CET | 49716 | 443 | 192.168.2.5 | 52.202.204.11 |
Nov 21, 2024 13:47:42.947387934 CET | 443 | 49716 | 52.202.204.11 | 192.168.2.5 |
Nov 21, 2024 13:47:42.947767973 CET | 49716 | 443 | 192.168.2.5 | 52.202.204.11 |
Nov 21, 2024 13:47:42.947767973 CET | 49716 | 443 | 192.168.2.5 | 52.202.204.11 |
Nov 21, 2024 13:47:42.947793007 CET | 443 | 49716 | 52.202.204.11 | 192.168.2.5 |
Nov 21, 2024 13:47:44.516875029 CET | 443 | 49716 | 52.202.204.11 | 192.168.2.5 |
Nov 21, 2024 13:47:44.517268896 CET | 49716 | 443 | 192.168.2.5 | 52.202.204.11 |
Nov 21, 2024 13:47:44.517286062 CET | 443 | 49716 | 52.202.204.11 | 192.168.2.5 |
Nov 21, 2024 13:47:44.518735886 CET | 443 | 49716 | 52.202.204.11 | 192.168.2.5 |
Nov 21, 2024 13:47:44.518800974 CET | 49716 | 443 | 192.168.2.5 | 52.202.204.11 |
Nov 21, 2024 13:47:44.518814087 CET | 443 | 49716 | 52.202.204.11 | 192.168.2.5 |
Nov 21, 2024 13:47:44.518858910 CET | 49716 | 443 | 192.168.2.5 | 52.202.204.11 |
Nov 21, 2024 13:47:44.519223928 CET | 49716 | 443 | 192.168.2.5 | 52.202.204.11 |
Nov 21, 2024 13:47:44.519287109 CET | 443 | 49716 | 52.202.204.11 | 192.168.2.5 |
Nov 21, 2024 13:47:44.519448996 CET | 49716 | 443 | 192.168.2.5 | 52.202.204.11 |
Nov 21, 2024 13:47:44.519459009 CET | 443 | 49716 | 52.202.204.11 | 192.168.2.5 |
Nov 21, 2024 13:47:44.562941074 CET | 49716 | 443 | 192.168.2.5 | 52.202.204.11 |
Nov 21, 2024 13:47:44.985054016 CET | 443 | 49716 | 52.202.204.11 | 192.168.2.5 |
Nov 21, 2024 13:47:44.985160112 CET | 443 | 49716 | 52.202.204.11 | 192.168.2.5 |
Nov 21, 2024 13:47:44.986157894 CET | 49716 | 443 | 192.168.2.5 | 52.202.204.11 |
Nov 21, 2024 13:47:44.986741066 CET | 49716 | 443 | 192.168.2.5 | 52.202.204.11 |
Nov 21, 2024 13:47:44.986764908 CET | 443 | 49716 | 52.202.204.11 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 21, 2024 13:47:43.378704071 CET | 49724 | 53 | 192.168.2.5 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 21, 2024 13:47:43.378704071 CET | 192.168.2.5 | 1.1.1.1 | 0x1fbc | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 21, 2024 13:47:43.606246948 CET | 1.1.1.1 | 192.168.2.5 | 0x1fbc | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 13:47:45.436234951 CET | 1.1.1.1 | 192.168.2.5 | 0x796e | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 13:47:45.436234951 CET | 1.1.1.1 | 192.168.2.5 | 0x796e | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49716 | 52.202.204.11 | 443 | 5268 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-11-21 12:47:44 UTC | 1473 | OUT | |
2024-11-21 12:47:44 UTC | 617 | IN | |
2024-11-21 12:47:44 UTC | 65 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:47:31 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 07:47:32 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 07:47:33 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |