Windows
Analysis Report
resume.pdf
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
Acrobat.exe (PID: 8004 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\r esume.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) AcroCEF.exe (PID: 7292 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) AcroCEF.exe (PID: 576 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=15 72 --field -trial-han dle=1592,i ,116722298 7695244851 7,88840728 3391272951 5,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
- • AV Detection
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
33% | ReversingLabs | Script-JS.Exploit.Heuristic | ||
39% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
e8652.dscx.akamaiedge.net | 23.209.213.129 | true | false | high | |
x1.i.lencr.org | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.209.213.129 | e8652.dscx.akamaiedge.net | United States | 23693 | TELKOMSEL-ASN-IDPTTelekomunikasiSelularID | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1640681 |
Start date and time: | 2025-03-17 15:07:13 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 19s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | resume.pdf |
Detection: | MAL |
Classification: | mal48.winPDF@15/32@2/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, audiodg.exe, Runti meBroker.exe, ShellExperienceH ost.exe, WMIADAP.exe, SIHClien t.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 2.19.104.203, 2.22 .242.11, 2.22.242.123, 54.224. 241.105, 18.213.11.84, 34.237. 241.83, 50.16.47.176, 172.64.4 1.3, 162.159.61.3, 2.16.100.16 8, 88.221.110.121, 23.199.214. 10, 4.245.163.56, 23.56.162.20 4, 2.19.106.162 - Excluded domains from analysis
(whitelisted): e4578.dscg.aka maiedge.net, chrome.cloudflare -dns.com, fs.microsoft.com, sl scr.update.microsoft.com, acro ipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delive ry.microsoft.com, ctldl.window supdate.com, p13n.adobe.io, a7 67.dspw65.akamai.net, acroipm2 .adobe.com, fe3cr.delivery.mp. microsoft.com, download.window supdate.com.edgesuite.net, arm mf.adobe.com, ssl-delivery.ado be.com.edgekey.net, a122.dscd. akamai.net, geo2.adobe.com, c. pki.goog, wu-b-net.trafficmana ger.net, storeedgefd.dsx.mp.mi crosoft.com - Not all processes where analyz
ed, report is missing behavior information
Time | Type | Description |
---|---|---|
10:08:37 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.209.213.129 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
e8652.dscx.akamaiedge.net | Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Gamaredon, UltraVNC | Browse |
| ||
Get hash | malicious | Gabagool | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELKOMSEL-ASN-IDPTTelekomunikasiSelularID | Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.231420664278425 |
Encrypted: | false |
SSDEEP: | 6:iOG7rdIq2Pwkn2nKuAl9OmbnIFUto7riSVS9ZmwC7riSc0RFzkwOwkn2nKuAl9Oe:7G9IvYfHAahFUtoRVS9/CRc0RFz5JfHi |
MD5: | C9F5BF7CD52AE8750193AD83BC339685 |
SHA1: | 5116358BB9E9648F84D125521ED2433160F5D75A |
SHA-256: | 81699F5C8F45E008BC1B16494908989FFE0BCE150E2EBD7FFE625116407611C7 |
SHA-512: | B0378ED6D766B80C6E757EE14076081154425AEDA7225AC2F7D1D8DAB89C3E6CC1F6DB689033ACC03CD53DC3705A7B6956267141128350321EBE17926A5A2465 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.231420664278425 |
Encrypted: | false |
SSDEEP: | 6:iOG7rdIq2Pwkn2nKuAl9OmbnIFUto7riSVS9ZmwC7riSc0RFzkwOwkn2nKuAl9Oe:7G9IvYfHAahFUtoRVS9/CRc0RFz5JfHi |
MD5: | C9F5BF7CD52AE8750193AD83BC339685 |
SHA1: | 5116358BB9E9648F84D125521ED2433160F5D75A |
SHA-256: | 81699F5C8F45E008BC1B16494908989FFE0BCE150E2EBD7FFE625116407611C7 |
SHA-512: | B0378ED6D766B80C6E757EE14076081154425AEDA7225AC2F7D1D8DAB89C3E6CC1F6DB689033ACC03CD53DC3705A7B6956267141128350321EBE17926A5A2465 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.191625907236325 |
Encrypted: | false |
SSDEEP: | 6:iOG7rRIAQ+q2Pwkn2nKuAl9Ombzo2jMGIFUto7rmFEAgZmwC7rfAQVkwOwkn2nK3:7Gx2+vYfHAa8uFUtoGFm/CFV5JfHAa8z |
MD5: | B96B39953894AFEB13EAD0A9B9F4CF4C |
SHA1: | E5C4CD8AC55E7315CC7CAA97880017F4D7B5AEA3 |
SHA-256: | E7D95D1FDE46B1152976E63F6E51232DB1B79A76E5CD6AD3C4B4255107E5267C |
SHA-512: | B772EDF3D760D101CA1988A6A3FC91AA21FAD1022DB21D4686DFA794DCDC89B9D95E9F22D2E61A57D6679ECFED391420AC239207EDC0EC92F46AC091886E023E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.191625907236325 |
Encrypted: | false |
SSDEEP: | 6:iOG7rRIAQ+q2Pwkn2nKuAl9Ombzo2jMGIFUto7rmFEAgZmwC7rfAQVkwOwkn2nK3:7Gx2+vYfHAa8uFUtoGFm/CFV5JfHAa8z |
MD5: | B96B39953894AFEB13EAD0A9B9F4CF4C |
SHA1: | E5C4CD8AC55E7315CC7CAA97880017F4D7B5AEA3 |
SHA-256: | E7D95D1FDE46B1152976E63F6E51232DB1B79A76E5CD6AD3C4B4255107E5267C |
SHA-512: | B772EDF3D760D101CA1988A6A3FC91AA21FAD1022DB21D4686DFA794DCDC89B9D95E9F22D2E61A57D6679ECFED391420AC239207EDC0EC92F46AC091886E023E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.97196132533112 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqOesBdOg2HNcaq3QYiubInP7E4T3y:Y2sRdsldMH83QYhbG7nby |
MD5: | 311CB8F359A5DE5F523531C864578ED2 |
SHA1: | E774DC17BF4B2D4A7DFB0A5BF281A8C503BE1532 |
SHA-256: | 4BE837D8A3963AD488E46E3BDD8E69AA5A26EEF3F46B2B64906861C44E187DA4 |
SHA-512: | B6BFFF8AB510E4A9E4E94580B375975403E9D88F78E365FEB612AC0EA2E0D19316DB00140ADB834373376C752299B26BA86C2CD6B59E6688A99C560B5D9EF79D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.97196132533112 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqOesBdOg2HNcaq3QYiubInP7E4T3y:Y2sRdsldMH83QYhbG7nby |
MD5: | 311CB8F359A5DE5F523531C864578ED2 |
SHA1: | E774DC17BF4B2D4A7DFB0A5BF281A8C503BE1532 |
SHA-256: | 4BE837D8A3963AD488E46E3BDD8E69AA5A26EEF3F46B2B64906861C44E187DA4 |
SHA-512: | B6BFFF8AB510E4A9E4E94580B375975403E9D88F78E365FEB612AC0EA2E0D19316DB00140ADB834373376C752299B26BA86C2CD6B59E6688A99C560B5D9EF79D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.254890773708146 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7u0rZk2O4Z:etJCV4FiN/jTN/2r8Mta02fEhgO73goR |
MD5: | 7DC5AA3EC29C1F6CF4D3B6D829AE1B06 |
SHA1: | 241BC981B01D0839F14A851CC0707E3F4CDBD850 |
SHA-256: | 1B8BDAD20170676AF871DE11940EFA01EF9758BF9D58DB7F76E03DF480014F65 |
SHA-512: | 3335B830800B999A16AD799B341F6C54DFF672BF048D8E7F2D026DEE23507453F1BD1E1833BB29D7E7FE93D57180292E4CFB4497B0253704C855F6BFF0DD1F17 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.210223616629786 |
Encrypted: | false |
SSDEEP: | 6:iOG7ricHAQ+q2Pwkn2nKuAl9OmbzNMxIFUto7ric1AgZmwC7ricRuAQVkwOwkn2v:7Gl+vYfHAa8jFUto3/CCV5JfHAa84J |
MD5: | 744CF8C6F2462616C0B1B54E426C236A |
SHA1: | FCB492792612E3AFF57B6DD39C29A8CEDBC3AF7E |
SHA-256: | C534C31FA762309806D594A68874BD7A421E31F5D9C29EA3479879A5D5801C3E |
SHA-512: | 19684DA43BB7217781F23327FB6AB35C19B95E7AE306ABC931BE105F63000DAC2455423E66581D7CAF671B7B2999FA09A18E493A96CFF815C7DE10B055F920ED |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.210223616629786 |
Encrypted: | false |
SSDEEP: | 6:iOG7ricHAQ+q2Pwkn2nKuAl9OmbzNMxIFUto7ric1AgZmwC7ricRuAQVkwOwkn2v:7Gl+vYfHAa8jFUto3/CCV5JfHAa84J |
MD5: | 744CF8C6F2462616C0B1B54E426C236A |
SHA1: | FCB492792612E3AFF57B6DD39C29A8CEDBC3AF7E |
SHA-256: | C534C31FA762309806D594A68874BD7A421E31F5D9C29EA3479879A5D5801C3E |
SHA-512: | 19684DA43BB7217781F23327FB6AB35C19B95E7AE306ABC931BE105F63000DAC2455423E66581D7CAF671B7B2999FA09A18E493A96CFF815C7DE10B055F920ED |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 3.1729315398407825 |
Encrypted: | false |
SSDEEP: | 384:DNEZNnCVLEzKSrMPAMX7AQ/7ntk92vQpnG7gh+:WTn4LuKoMoM8QDntkAS0 |
MD5: | CE37A740E2E585A7B4CF5CF286B5F0F7 |
SHA1: | 4A7D16A05EDC72976E9328EFC7B4FDCF5C8E90A0 |
SHA-256: | 435611E778F71FCAD24037EB53E47FDBB88BA6BE12F77DB14F77C9842A36C641 |
SHA-512: | DEDAE0FA4ED49B56C6BD219B82D4F80E0197872536ADBCD74B205FB7C616D70DFA1E55EA3250D45F7D001F1BB71BD126A51ED1D9A70792648147DE86A3EE4CB6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445016818775081 |
Encrypted: | false |
SSDEEP: | 384:yezci5tIiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rvs3OazzU89UTTgUL |
MD5: | 09F719F374F4A7BF006D97438684E195 |
SHA1: | 5FF8A89A0704324CC6489418782B5C1122FAE966 |
SHA-256: | FE0E6C8CCD3FE0446BFCC5D20E5FB72E984F302BA256B98EEC9DFA5698340279 |
SHA-512: | 46E57AB2A7A0F93EFB1DA3C50133AB717A6D1857BD7E33B4DB164FBAEE6CC8CE28A14FA42E2C120E27CD4F6026FEB69EEEB3DDD7846C42702C5F69860E2D6AF7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7740207882347723 |
Encrypted: | false |
SSDEEP: | 48:7M2p/E2ioyVYioy9oWoy1Cwoy1kKOioy1noy1AYoy1Wioy1hioybioyqoy1noy1x:7xpjuYF/XKQTmb9IVXEBodRBku |
MD5: | 640FBB354AB917205509A4FAAA35F019 |
SHA1: | 2F04AF00442554DD5D5E2E8CBE6D8750752D3B1F |
SHA-256: | E5186B94A7E4BEDC62261A4D3EBF2D706F448B9B2DE4636D32142873E96E2F27 |
SHA-512: | 0E3A6F9B9A1661C8A2228BDD66C870AE38472D3DE291749F7B84AFB1D3088D4BC11F07A6132D0F066E671AA905C0DD95553A301B1232F89A705F17482377D92C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73305 |
Entropy (8bit): | 7.996028107841645 |
Encrypted: | true |
SSDEEP: | 1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/ |
MD5: | 83142242E97B8953C386F988AA694E4A |
SHA1: | 833ED12FC15B356136DCDD27C61A50F59C5C7D50 |
SHA-256: | D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755 |
SHA-512: | BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.746029011189199 |
Encrypted: | false |
SSDEEP: | 3:kkFkl0vhfllXlE/HT8k+Xh/tNNX8RolJuRdxLlGB9lQRYwpDdt:kKtv6T8HJTNMa8RdWBwRd |
MD5: | 0818C4309A705F50E768B3E9A5EEF6F8 |
SHA1: | 9AC6217EE24919090E69D62F4A9F1CAD4F280F6F |
SHA-256: | D254922A5C144896442513822E1C0BEFD7E9E9DCC90B800751E55B59F041D483 |
SHA-512: | 63EBAC7C3A7C01B3F94DD0A2C84BE7D50FFDF80EA654A40A2ACDE8890B322476FA597E00665426F25F90945E3F99865BA38AC72B061D9E978FAD16C165F9E2A9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 330 |
Entropy (8bit): | 3.1650403202001045 |
Encrypted: | false |
SSDEEP: | 6:kKMbmcvSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:kbmCkPlE99SNxAhUeq8S |
MD5: | 8B4A3A378634153C3C92CEA8C40F2597 |
SHA1: | 566010244EC685B8E295E02A24BF665246E583DF |
SHA-256: | 10485B6D7C26F9C13D830582BB2E0938B2F2788A5BCC8E5804C55DE255F9E925 |
SHA-512: | A324CC95549A5126C5F366B3620B2004255549BDFD396F8AE40B824C642D20C9DD693936C9598BB586F9E9ECD05F77E39ADDD76743F0E685743AA6559646805A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 244540 |
Entropy (8bit): | 3.3415042960460593 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn |
MD5: | 758B42992DDFC41CB5E57069C621B54A |
SHA1: | D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD |
SHA-256: | 55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D |
SHA-512: | 437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2145 |
Entropy (8bit): | 5.066158471476206 |
Encrypted: | false |
SSDEEP: | 48:Yl2sL0/EY0bMSlMtCM5mMOpiMAW0MretMSMmkaMY:Bv/SYtt55V6AWLre6JmkhY |
MD5: | 8BEC052DAB036DABFEAEF1613E6BCD64 |
SHA1: | 9CA7BD8B4C5ABA49B89A054992B9D52550D9A09B |
SHA-256: | 5F0CF87F0B98D0D0A6AEC7691A69227DCF116243CD5E97CE35B5CA531D46265A |
SHA-512: | 000CA601907CD0AC16BBB6CDFC87FCC027B9B2AC10D72B715494E3B9AE740E80D89B634177082A150EFA0650E74BDD91DBB35EAFBCFC40DA9AC8D4B440F8C026 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1883080422906038 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUBtSvR9H9vxFGiDIAEkGVvpNZ:lNVmswUUUUUUUUH+FGSItn |
MD5: | 85B6E58B37849084E8B7381776EA5CA8 |
SHA1: | 1A0C8687F341CC4C216217D1DA37317E0EF09F4D |
SHA-256: | 299EC7B6BF1665B2014BEBF4B329BF651D7B4E3669CF5192634B0CEBF56AE8F3 |
SHA-512: | 2B4FC5422335B87BE5275EFE69DAD47596129B4E1F871BB676156981C817AC95BD0ED9870ACC79ECFECBD9D9E8D678FAA2EC49986683BB9593FEE3DD280CA26D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6091198662068373 |
Encrypted: | false |
SSDEEP: | 48:7MLKUUUUUUUUUUBVvR9H9vxFGiDIAEkGVvlhqFl2GL7msv:7xUUUUUUUUUUrFGSItdKVmsv |
MD5: | A7A532305911756B05268B499A96FF64 |
SHA1: | A1E31A5EBC734110D8FE604B931E005211929FEC |
SHA-256: | 12887BE9951F27C7873976C15FA428C83820FF2BBB7FC52692FBB81DD406C641 |
SHA-512: | 41EC15E26E95BBB3F3C8921EBBEA16724F09383CE475350CB363205A90225F913B11672183E8AEE74663BB737A4625967F0433690ABDCD6491C667FE34C83942 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5197430193686525 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8NlEdNclrCH:Qw946cPbiOxDlbYnuRKdclrw |
MD5: | 1BA9275768340DDDB08510DE024F1B5C |
SHA1: | C839CEC8D99B49C19984619E9A48346450DC5886 |
SHA-256: | C301B2FBD3DA3DD285AA5BC5F3D53B4B306BB81E4D8BCF66997BED8AFD5ACDEB |
SHA-512: | 638EBD8D760DB0E57DE01B6270C3D50AD2BABE6E45678D01D5301DAF1D5BEAABBBAE96BA487889A9CB4DC3F33475EE84A3F6C3428D06FFAF8D2FE9ED91FCCA84 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.314811756405892 |
Encrypted: | false |
SSDEEP: | 384:Epz8l8u8tPLPsC11CUCNCjCNOCAC8CyC5Qbmumi4k4wlhl1l2lHl5LzCzOzQGahM:oG/ |
MD5: | 57266448D68B76DDC8BD1C5F0CB0D767 |
SHA1: | 1CF7012F4D4D1B7F94F2B596BF28C91A9341FA24 |
SHA-256: | 92780B613DF959F5A547C3BCB962B7593A5C484A9C19DD50EDB099C7DDBDC4BA |
SHA-512: | 0235F58CD65006B1267ADDACE8C8636C00F0824962431347750969575C271ABAF0A027870515EDB9FDB4A705F35B52EBAC94E05AC31A51A8F797401C4D02D6D6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.3909356054969635 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rz:/ |
MD5: | 4DB10460E714EC921037C9AB2CCC97E0 |
SHA1: | 13E68ED7DC89B5FBDCB99EB4341374021B7297B0 |
SHA-256: | 0D31BE0341B738E37E64C0EA5DA463B99F76CCC30F1C36577035997F7DB20367 |
SHA-512: | 07DC4D3617C14E848ABA91A6B521FFDFFE11512DD706384CC515E6E3125D99BA7FAB75ECBB48375CCC0DC709D2B18CFD4E5E6DF37779D6722917EBCCB3C0871B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/VRaWL07oXGZ4YIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:tRaWLxXGZ4ZGh3mlind9i4ufFXpAXkru |
MD5: | 41034A6B023B6BB9C723DA146E190954 |
SHA1: | 22C95166FF8A1C4D2AAC25B75D804CEBAAA6ACF2 |
SHA-256: | 52BB8B0CA62248721986D650004C11ACCB0C988B6FBA645D9B4E3557CA87A15D |
SHA-512: | 6F8CD54BBB750E32FEBD78895F433CCF0C553C56E6B7DDEA03E3EA36ED283084CF6EA6FA8999162999D184B0F04B6E6DAB7F6FC27648EE517F744D7E8DBC8AAD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.66829583405449 |
Encrypted: | false |
SSDEEP: | 3:So6FwHn:So6FwHn |
MD5: | DD4A3BD8B9FF61628346391EA9987E1D |
SHA1: | 474076C122CACAAF112469FC62976BB69187AA2B |
SHA-256: | 7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486 |
SHA-512: | FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.978595472729409 |
TrID: |
|
File name: | resume.pdf |
File size: | 216'375 bytes |
MD5: | 930fc7badacf1a19816a97775662ae54 |
SHA1: | d950e144b4c5a3eaacd2d9ed22b4c63264f70426 |
SHA256: | 4dc9b0c20ea61d91d6a1b5bdce76fb5365de0762efb8f6c2925113c6a8950cae |
SHA512: | 585d5d16ed27e2e647d94bb7ce053ea4cb73c40a1ccad7502cb71d066b82fc17b605d23c2d04e25521e1785471a3fa678e26caee8d1075f271f69268042236e6 |
SSDEEP: | 6144:BahViqwtQgMGSsMoca/wuLQY7tXirGLz6VMgt:Be2QOSsPJPLQY7krGazt |
TLSH: | 45241258E9E1CF937FC116DAFD66C34E07DBFE0960CC6A00A1A4F806E6A1D248E714D6 |
File Content Preview: | %PDF-1.4.%.....1 0 obj..<<./Subtype /Form./Type /XObject./Matrix [1 0 0 1 0 0]./FormType 1./Resources .<<./ProcSet 2 0 R./XObject .<<./Im0 3 0 R.>>.>>./Length 39./BBox [0 0 556 719].>>.stream.q.556.029 0 0 719.037 0 0 cm./Im0 Do.Q..endstream .endobj..2 0 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.978595 |
Total Bytes: | 216375 |
Stream Entropy: | 7.979552 |
Stream Bytes: | 214105 |
Entropy outside Streams: | 5.059198 |
Bytes outside Streams: | 2270 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 20 |
endobj | 20 |
stream | 6 |
endstream | 6 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 2 |
/JavaScript | 3 |
/AA | 0 |
/OpenAction | 1 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
ID | DHASH | MD5 | Preview |
---|---|---|---|
3 | 0000000000000000 | 99004603b53a96dd2f1abe47a983d3d9 |
Download Network PCAP: filtered – full
- Total Packets: 7
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 17, 2025 15:08:37.922615051 CET | 49731 | 80 | 192.168.2.4 | 23.209.213.129 |
Mar 17, 2025 15:08:37.927577972 CET | 80 | 49731 | 23.209.213.129 | 192.168.2.4 |
Mar 17, 2025 15:08:37.927660942 CET | 49731 | 80 | 192.168.2.4 | 23.209.213.129 |
Mar 17, 2025 15:08:37.927757978 CET | 49731 | 80 | 192.168.2.4 | 23.209.213.129 |
Mar 17, 2025 15:08:37.933080912 CET | 80 | 49731 | 23.209.213.129 | 192.168.2.4 |
Mar 17, 2025 15:08:38.549935102 CET | 80 | 49731 | 23.209.213.129 | 192.168.2.4 |
Mar 17, 2025 15:08:38.549956083 CET | 80 | 49731 | 23.209.213.129 | 192.168.2.4 |
Mar 17, 2025 15:08:38.550012112 CET | 49731 | 80 | 192.168.2.4 | 23.209.213.129 |
Mar 17, 2025 15:08:48.410603046 CET | 49731 | 80 | 192.168.2.4 | 23.209.213.129 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 17, 2025 15:08:37.911751032 CET | 55106 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 17, 2025 15:08:37.919199944 CET | 53 | 55106 | 1.1.1.1 | 192.168.2.4 |
Mar 17, 2025 15:08:54.575344086 CET | 58835 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 17, 2025 15:08:54.583444118 CET | 53 | 58835 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 17, 2025 15:08:37.911751032 CET | 192.168.2.4 | 1.1.1.1 | 0xd2f5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 17, 2025 15:08:54.575344086 CET | 192.168.2.4 | 1.1.1.1 | 0x906e | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 17, 2025 15:08:37.919199944 CET | 1.1.1.1 | 192.168.2.4 | 0xd2f5 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 15:08:37.919199944 CET | 1.1.1.1 | 192.168.2.4 | 0xd2f5 | No error (0) | e8652.dscx.akamaiedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 15:08:37.919199944 CET | 1.1.1.1 | 192.168.2.4 | 0xd2f5 | No error (0) | 23.209.213.129 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 15:08:54.583444118 CET | 1.1.1.1 | 192.168.2.4 | 0x906e | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 15:08:54.583444118 CET | 1.1.1.1 | 192.168.2.4 | 0x906e | No error (0) | e8652.dscx.akamaiedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 15:08:54.583444118 CET | 1.1.1.1 | 192.168.2.4 | 0x906e | No error (0) | 23.209.213.129 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49731 | 23.209.213.129 | 80 | 7292 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 17, 2025 15:08:37.927757978 CET | 115 | OUT | |
Mar 17, 2025 15:08:38.549935102 CET | 1236 | IN | |
Mar 17, 2025 15:08:38.549956083 CET | 509 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 10:08:22 |
Start date: | 17/03/2025 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63e5c0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 10:08:24 |
Start date: | 17/03/2025 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7273d0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 10:08:25 |
Start date: | 17/03/2025 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7273d0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |