Edit tour
Windows
Analysis Report
DTG.pdf
Overview
General Information
| Sample name: | DTG.pdf |
| Analysis ID: | 1642017 |
| MD5: | 7291c170fd32bab98a9305052c5d1207 |
| SHA1: | 6d9399ad467c9bde39eca88558c0b1b3226b7386 |
| SHA256: | 61455e571bd64004e29906022ef58547429cd182fd95468c307714d091ff09d4 |
| Infos: | |
 | |
Detection
| Score: | 52 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
AI detected landing page (webpage, office document or email)
Creates files inside the system directory
Deletes files inside the Windows folder
IP address seen in connection with other malware
Classification
- System is w10x64
Acrobat.exe (PID: 7128 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\D TG.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 4996 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7204 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 48 --field -trial-han dle=1588,i ,151253192 1312188702 1,13897611 1385044997 56,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
chrome.exe (PID: 2288 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "http s://aniffs .com/o/?c3 Y9bzM2NV8x X29uZSZyYW 5kPVVuSlFP VVU9JnVpZD 1VU0VSMjYw MjIwMjVVMz MwMjI2NTE= N0123N[EMA IL]" MD5: E81F54E6C1129887AEA47E7D092680BF) - chrome.exe (PID: 1360 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=1980,i ,267501986 1959795683 ,166594787 6910831777 3,262144 - -variation s-seed-ver sion --moj o-platform -channel-h andle=1932 /prefetch :3 MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
- • AV Detection
- • Phishing
- • Compliance
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira URL Cloud: | ||
Phishing | |
|---|
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | IP Address: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File deleted: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | 1 Browser Extensions | 1 Process Injection | 11 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira URL Cloud | phishing | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
| aniffs.com | 162.214.69.41 | true | false | unknown | |
| e8652.dscx.akamaiedge.net | 72.246.169.163 | true | false | high | |
| edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | 84.201.210.39 | true | false | high | |
| www.google.com | 142.250.185.132 | true | false | high | |
| x1.i.lencr.org | unknown | unknown | false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 142.250.185.132 | www.google.com | United States | 15169 | GOOGLEUS | false | |
| 72.246.169.163 | e8652.dscx.akamaiedge.net | United States | 16625 | AKAMAI-ASUS | false | |
| 162.214.69.41 | aniffs.com | United States | 46606 | UNIFIEDLAYER-AS-1US | false |
| IP |
|---|
| 192.168.2.6 |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1642017 |
| Start date and time: | 2025-03-18 18:36:39 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 23s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 20 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | DTG.pdf |
| Detection: | MAL |
| Classification: | mal52.winPDF@62/46@5/4 |
| Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, WMIADAP.exe, SIHCl ient.exe, SgrmBroker.exe, conh ost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 2.18.96.131, 52.6. 155.20, 3.233.129.217, 52.22.4 1.97, 3.219.243.226, 172.64.41 .3, 162.159.61.3, 2.22.242.123 , 2.22.242.11, 199.232.210.172 , 216.58.206.67, 142.250.185.2 38, 172.217.18.14, 142.250.110 .84, 142.250.184.238, 216.58.2 12.142, 142.250.186.46, 216.58 .206.42, 142.250.185.202, 142. 250.186.106, 142.250.186.42, 1 42.250.186.74, 142.250.186.138 , 142.250.185.234, 172.217.23. 106, 142.250.186.170, 172.217. 16.138, 172.217.16.202, 172.21 7.18.10, 142.250.184.234, 216. 58.206.74, 142.250.184.202, 14 2.250.181.234, 142.250.186.142 , 142.250.186.174, 172.217.16. 142, 2.16.100.168, 142.250.185 .110, 216.58.206.46, 199.232.2 14.172, 142.250.184.195, 142.2 50.185.195, 142.250.186.110, 1 42.250.185.78, 216.58.206.78, 88.221.110.91, 23.60.203.209, 172.202.163.200, 23.56.162.204 - Excluded domains from analysis
(whitelisted): e4578.dscg.aka maiedge.net, chrome.cloudflare -dns.com, slscr.update.microso ft.com, clientservices.googlea pis.com, a767.dspw65.akamai.ne t, acroipm2.adobe.com, clients 2.google.com, redirector.gvt1. com, ssl-delivery.adobe.com.ed gekey.net, a122.dscd.akamai.ne t, update.googleapis.com, wu-b -net.trafficmanager.net, optim izationguide-pa.googleapis.com , clients1.google.com, fs.micr osoft.com, accounts.google.com , acroipm2.adobe.com.edgesuite .net, ctldl.windowsupdate.com. delivery.microsoft.com, ctldl. windowsupdate.com, p13n.adobe. io, fe3cr.delivery.mp.microsof t.com, download.windowsupdate. com.edgesuite.net, edgedl.me.g vt1.com, armmf.adobe.com, clie nts.l.google.com, geo2.adobe.c om - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found .
| Time | Type | Description |
|---|---|---|
| 13:37:47 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 72.246.169.163 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| e8652.dscx.akamaiedge.net | Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| bg.microsoft.map.fastly.net | Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| |
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | DanaBot | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| UNIFIEDLAYER-AS-1US | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Stealerium | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 298 |
| Entropy (8bit): | 5.259723390614795 |
| Encrypted: | false |
| SSDEEP: | 6:iOGotBVq2PN72nKuAl9OmbnIFUtooKlgZmwCoKlIkwON72nKuAl9OmbjLJ:7GobVvVaHAahFUtooKlg/CoKlI5OaHAR |
| MD5: | ED70EACEDDFB4B8B3E809692195DEF50 |
| SHA1: | EB2204F78D94576E870C15F02A730A68B681BA2A |
| SHA-256: | 332253A9E2CF64DF55D1DA2FDA2E1A9716C95AAE8ACD93D6E2C859410BDEB49F |
| SHA-512: | 9D7B3D6AAE1ED42944B63096990DE2FA104740A102A0406B560C704CFE25EC838CB8B17DB62019A3D9564BC9E8B3A8BFEA6A40CB93E2C03E30EFA8445DED9AB2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 298 |
| Entropy (8bit): | 5.259723390614795 |
| Encrypted: | false |
| SSDEEP: | 6:iOGotBVq2PN72nKuAl9OmbnIFUtooKlgZmwCoKlIkwON72nKuAl9OmbjLJ:7GobVvVaHAahFUtooKlg/CoKlI5OaHAR |
| MD5: | ED70EACEDDFB4B8B3E809692195DEF50 |
| SHA1: | EB2204F78D94576E870C15F02A730A68B681BA2A |
| SHA-256: | 332253A9E2CF64DF55D1DA2FDA2E1A9716C95AAE8ACD93D6E2C859410BDEB49F |
| SHA-512: | 9D7B3D6AAE1ED42944B63096990DE2FA104740A102A0406B560C704CFE25EC838CB8B17DB62019A3D9564BC9E8B3A8BFEA6A40CB93E2C03E30EFA8445DED9AB2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 342 |
| Entropy (8bit): | 5.151671405304191 |
| Encrypted: | false |
| SSDEEP: | 6:iOG8BGkQ+q2PN72nKuAl9Ombzo2jMGIFUtoopdWZmwCopQVkwON72nKuAl9Ombzz:7G8Bc+vVaHAa8uFUto8W/CbV5OaHAa8z |
| MD5: | BD80C7EA28A2B9F5D2DF3D5BDE2B210D |
| SHA1: | 05678C0DB814C73F8AAF76424F51E71AAC96656F |
| SHA-256: | 685A34255483F26D8A7786E23578288C9DF497858C1963BD0554681C145353F3 |
| SHA-512: | F409B6C981F03C71D06D4B03A126EE7C94C0898F56AB9D4C03020166EE3C9C245051A5F0D6923463658BCBC01F48140F1F25BB7CB3C6412F17BDB75656B8BDD6 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 342 |
| Entropy (8bit): | 5.151671405304191 |
| Encrypted: | false |
| SSDEEP: | 6:iOG8BGkQ+q2PN72nKuAl9Ombzo2jMGIFUtoopdWZmwCopQVkwON72nKuAl9Ombzz:7G8Bc+vVaHAa8uFUto8W/CbV5OaHAa8z |
| MD5: | BD80C7EA28A2B9F5D2DF3D5BDE2B210D |
| SHA1: | 05678C0DB814C73F8AAF76424F51E71AAC96656F |
| SHA-256: | 685A34255483F26D8A7786E23578288C9DF497858C1963BD0554681C145353F3 |
| SHA-512: | F409B6C981F03C71D06D4B03A126EE7C94C0898F56AB9D4C03020166EE3C9C245051A5F0D6923463658BCBC01F48140F1F25BB7CB3C6412F17BDB75656B8BDD6 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.972225950634431 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqmRasBdOg2HNcaq3QYiubcP7E4T3y:Y2sRds3VdMH83QYhbA7nby |
| MD5: | DFC54A53E0A65A1802A10F2C246DBCD4 |
| SHA1: | AA8129DD56E3D7406AC025EBE0275CFEFA20D270 |
| SHA-256: | 089BAC3679E8614473C13A9AEF50BD20FF5069B857A563A281B5C9DDAE0B25D1 |
| SHA-512: | 49BC893FA0AB06DAF38BE9B835AF59CFA2FA8FC2F62200FDAABACD8A35A5E720EA06B51B9231B92A5C4BC71006E8985245666B27D720CC9436A8BAE60451212D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.972225950634431 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqmRasBdOg2HNcaq3QYiubcP7E4T3y:Y2sRds3VdMH83QYhbA7nby |
| MD5: | DFC54A53E0A65A1802A10F2C246DBCD4 |
| SHA1: | AA8129DD56E3D7406AC025EBE0275CFEFA20D270 |
| SHA-256: | 089BAC3679E8614473C13A9AEF50BD20FF5069B857A563A281B5C9DDAE0B25D1 |
| SHA-512: | 49BC893FA0AB06DAF38BE9B835AF59CFA2FA8FC2F62200FDAABACD8A35A5E720EA06B51B9231B92A5C4BC71006E8985245666B27D720CC9436A8BAE60451212D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5859 |
| Entropy (8bit): | 5.250205025075013 |
| Encrypted: | false |
| SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE73C5TZ:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhY |
| MD5: | 9A2361B27925237230CACD52724473AD |
| SHA1: | 28E9AD37F1842CC6C4E06D5E4D118B15D262C8BE |
| SHA-256: | 279CC88733F9A2722D437A18A1F7E2AA9DD894E31CDBD0C706279EEE0DBC1B3F |
| SHA-512: | AD78A2AE6E329E304308EDDC44DBD3A3BA91AAF80E28F3153C21F24F3F910C0E22DFD895980794E45C3E8D81595010559554C6D664B21CD075400D60F46BD78B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 330 |
| Entropy (8bit): | 5.159528211638248 |
| Encrypted: | false |
| SSDEEP: | 6:iOGKpQ+q2PN72nKuAl9OmbzNMxIFUtoKVMdWZmwCKNQVkwON72nKuAl9OmbzNMFd:7Gz+vVaHAa8jFUtofW/CnV5OaHAa84J |
| MD5: | F77FAD8A1332535A33A8FB3CD4EBECB5 |
| SHA1: | 6183D8C34054D852DC751DCB3E69D738AE554D18 |
| SHA-256: | 5055CD21F1AB85ABFD974804A5EAD882379755F60A24D3A19A17AE211A237CF5 |
| SHA-512: | E7EF0B11BC14011E1ED604AE9ED1EE623C98BBFAF032C4540C05D332A968B1124C9286DE56415A61778108D5A7CCE986BD469E0055BF94E23B0EF634DDA71D10 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 330 |
| Entropy (8bit): | 5.159528211638248 |
| Encrypted: | false |
| SSDEEP: | 6:iOGKpQ+q2PN72nKuAl9OmbzNMxIFUtoKVMdWZmwCKNQVkwON72nKuAl9OmbzNMFd:7Gz+vVaHAa8jFUtofW/CnV5OaHAa84J |
| MD5: | F77FAD8A1332535A33A8FB3CD4EBECB5 |
| SHA1: | 6183D8C34054D852DC751DCB3E69D738AE554D18 |
| SHA-256: | 5055CD21F1AB85ABFD974804A5EAD882379755F60A24D3A19A17AE211A237CF5 |
| SHA-512: | E7EF0B11BC14011E1ED604AE9ED1EE623C98BBFAF032C4540C05D332A968B1124C9286DE56415A61778108D5A7CCE986BD469E0055BF94E23B0EF634DDA71D10 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60406 |
| Entropy (8bit): | 1.8641571686893625 |
| Encrypted: | false |
| SSDEEP: | 192:4BNnXaToOdPsc1jQA58dJQmRkwbYjcYxTygRPQ0xP8+b0buCwX3OiIaQuE:47nXalsoN8vkY2R4SLCs3t9Qt |
| MD5: | DDB9DD33A3AA0256C96E83DF0A2032E8 |
| SHA1: | 8BC8FD7B3C9CDAE90B20E90855DAF00F6E9CEFBF |
| SHA-256: | 26FF0CF0661D7B863A92DDA0EEA901B7D66E20C865493D2269503751BCE60D40 |
| SHA-512: | 24B1E614C750A2E57F4F6ECEB505788480B1FD37B980A1852A500612DDFBC12660CF00FC84FBB6D61E514AA399CAA6241A21DB638141111A25DDB6761FB06234 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.445177150093161 |
| Encrypted: | false |
| SSDEEP: | 384:ye6ci5tpiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mKs3OazzU89UTTgUL |
| MD5: | 336703201A40243D68CAFAE6A056F5E4 |
| SHA1: | 0834DC09C3B8CD1DAE39C0302A74653E7A982DFD |
| SHA-256: | 5E2DF8419A685A8FFEFE28CAEE2D84461D73665C0EF21A8B2E4689D2F8FE659F |
| SHA-512: | B020680D6A1FCCAB2749E719BD925EFA1573547B0A174D731532661B95D9D680C995CF697897FB26141396EA47508E03D02D23F8DBACDF611E5174EF0C3998E6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.77092263201687 |
| Encrypted: | false |
| SSDEEP: | 48:7MDJioyVrioyXoy1C7oy16oy19KOioy1noy1AYoy1Wioy1oioykioyBoy1noy1Of:7IJurZQXjBi2b9IVXEBodRBkD |
| MD5: | E9B00311198A72DF04641BA84CA7B135 |
| SHA1: | D60D1F133D9664FA3DF957017B54410DD7075939 |
| SHA-256: | AFB030919145294D03F32F02E81C6FEF2259CF91612BC8A1BA66EB3F0DDEE20C |
| SHA-512: | C94C59597FDC9D67E337CAA33ABE9D192AC11ECCEF01A2558175E7C5F1225C064F49BF7A6E5E9E0735547B32BE2FEE67E0DA3D2B9F9005953A24FA2D286C931C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1391 |
| Entropy (8bit): | 7.705940075877404 |
| Encrypted: | false |
| SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
| MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
| SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
| SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
| SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 73305 |
| Entropy (8bit): | 7.996028107841645 |
| Encrypted: | true |
| SSDEEP: | 1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/ |
| MD5: | 83142242E97B8953C386F988AA694E4A |
| SHA1: | 833ED12FC15B356136DCDD27C61A50F59C5C7D50 |
| SHA-256: | D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755 |
| SHA-512: | BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192 |
| Entropy (8bit): | 2.7673182398396405 |
| Encrypted: | false |
| SSDEEP: | 3:kkFkl5ZTd/XfllXlE/HT8kio/jNNX8RolJuRdxLlGB9lQRYwpDdt:kK4d/IT88pNMa8RdWBwRd |
| MD5: | C2AB131EDCACEE5E0189536B8FB7D1B8 |
| SHA1: | 3D0825BFA606B526AC5386F8CC498B2C4AE7B974 |
| SHA-256: | BABD5DE2051F1B1BD309291B4C8C5787227DE613BB8EB2AE3F026FD8E54C4112 |
| SHA-512: | 9F0C17F9728B5643C0060BC2DA090AA0464ACAD2E1D393938DACABF47B5C602437164EBC7DDC19DC37987960CC0D9F37BC2FCA586DE21248A948271E38A2DA9C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 330 |
| Entropy (8bit): | 3.287136292755414 |
| Encrypted: | false |
| SSDEEP: | 6:kKPkLlemcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:nbmfZkPlE99SNxAhUeq8S |
| MD5: | F0B9FDA3FEB70D5A7A33817BFED71BE0 |
| SHA1: | F516BD643F7102B052A84650C953022551967A6C |
| SHA-256: | 67D87BAF04BF80519E3178600EA62A31DB41DCA05892EA074F51BB4ED3504B0F |
| SHA-512: | D38C35C6D8CE6AAF8F44322629930830EDA848E2C3E73E29777BE9D78069FDC0CC0F65ED6B8867AC2F39776C10A642E9B50BD381F791BB723D9670520B11E799 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 229689 |
| Entropy (8bit): | 3.3860380622488884 |
| Encrypted: | false |
| SSDEEP: | 1536:qKPCWiyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:XPCwJ/3AYvYwgXFoL+sn |
| MD5: | E9535180F83BA631DBD0AF1B32094DA4 |
| SHA1: | B51C45130BCBBA85C39333B86AE2F9AEF1FB5430 |
| SHA-256: | 2D5C6A18C2CADB9324162240AE8845318D2E8565C2E4B1A1CF3A22B72ACAD9BC |
| SHA-512: | B4B57C412BD30E1322316EB4AA8693DEDB7AE5B5600EC8A0B134BCB12FA598EB50269A542454C227EA1E7462F06484652A219A5E11A05FF1902D16B10ECC6EC5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.345547487864174 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJM3g98kUwPeUkwRe9:YvXKXSLf0cDsGMbLUkee9 |
| MD5: | BBCEB4E058558B88D8E56D1F832943D6 |
| SHA1: | AAEB12558D8BE95361843C2742B0536051821B0E |
| SHA-256: | 67E89F512CA1A26F73D874ABF4DE46C18EE31D4E983FC36F2D430129D21F790C |
| SHA-512: | 6DAF2FCB14225BDB06461AC483E187AC69F5D1FB539C671F2A8F6892A57BC3E292CB3B6D4625E2F387F5B080FF0F838DA454AB620FA9054AF93EC9DE365488A1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.296765910238248 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfBoTfXpnrPeUkwRe9:YvXKXSLf0cDsGWTfXcUkee9 |
| MD5: | 953C34329FDDB72B359EFDC8304F92B5 |
| SHA1: | DD6B5D9FE32BF17E0413EBA2616BFE747BCE27A6 |
| SHA-256: | C8DBAD5E52FFF62A671BC60E82E6841AEA185369B57CB3DD16F163DFC5513855 |
| SHA-512: | 17E8417DB7B8ADB637C0F9A34D2D11443F020CA2F00CC9C1D8975DD9564721E8690D2AF19858E4B577D7AEF9922383558F0F38EA1EE7BBDA1B8099C1F75A3DD2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.274238159441876 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfBD2G6UpnrPeUkwRe9:YvXKXSLf0cDsGR22cUkee9 |
| MD5: | FDDD164813D5529A8CDBADB2EC68164A |
| SHA1: | 63E60119636F6E9E4BC35248553CB9763027EB01 |
| SHA-256: | 907683CF3A9A782B2ACEDD75C2D968D65B2AC45988FF5357FF43659D794DD14D |
| SHA-512: | 12BC4DFB79A796B0378723AEA72DDCB8A13D713354E3192AF7D2BD8E6613BB111D5F1955D3657ACB31F473687EDB3FA331B7C584380C48301215C79B03CFEE25 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.3249449442841446 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfPmwrPeUkwRe9:YvXKXSLf0cDsGH56Ukee9 |
| MD5: | AF32B0F8B545E6195DAA30F74B104237 |
| SHA1: | 891DD7DB79E9CF16B197D80BFAEB08907CDF37B3 |
| SHA-256: | 46A2B9685E43E14EF3858A6D640F5BCCF09FF8CE6373B54723CB36DE81B6C88D |
| SHA-512: | 4C17D3379E4E87FC0159799FC1FA9D11451EBA8CD59C649E1155DC46C3602E1098F0FDFAD1F6E0BA32F6F6EA375EC531B88726C36B63E8526DF6ACFF6F69DB90 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2113 |
| Entropy (8bit): | 5.838067496150041 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XSLfZDJpLgEGycjycR84bNerISIedJGWQxiE5iODneLKnlYMfNcQbpEsrAr3a:YvvLdJhgly48Y/TWCjiOumNcvKOrkUm1 |
| MD5: | 46C3751E50EA79456A46D88E8617FD96 |
| SHA1: | 7BAE9CD16C74826F5E60F45BEFE4E852548A9B8B |
| SHA-256: | 006FB7956F1CB25B861994268A705D1D8699912E5684FE2EA6C3522CD55311EE |
| SHA-512: | 9B3B2ECB2B588169E77A3705F8CFC81A78072E7F953AAC640FA91957CFBB288AF905E5BFEAB93186B6FAA965B764A2E4BEC48341D4BA4649E21ACA1EEE28625A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.2726109143406825 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJf8dPeUkwRe9:YvXKXSLf0cDsGU8Ukee9 |
| MD5: | CFC9109C64E38BB88DBECEA4832CD84A |
| SHA1: | 11C74B221939641ACAA87DC6E09EE04B71539067 |
| SHA-256: | 5A96B0C8421585A06629600508907C8F001B4D4A05F753844137FBBA9E04C40F |
| SHA-512: | C3B15022603007A076BA3F5D2D6DC029067EB88744927F3CE4ACFA1D1A09F3834262A0A557CCC364A838DB453593473F7AEAF8917BEEF146A36B684BA4ECE158 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.2766609456667 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfQ1rPeUkwRe9:YvXKXSLf0cDsGY16Ukee9 |
| MD5: | 7D21954CA837DCA2D5E46D0FE15A0E7F |
| SHA1: | 81D363FC1605A09342909519C460481B4014FAFF |
| SHA-256: | 842F5258BB5BD6F578DDDC7A5E54E6BBFF79E47BEB63B977488ECB64B89CC4E5 |
| SHA-512: | 0CF30ADFE7BFA1898A08FEE0EA90F99817DB5BACA2AB8A20FD9710D8FBDBED8D4487C38F3A3451DC78C27482A7F533D18B2EC4C637A92B735246FE4D8CB1A328 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2064 |
| Entropy (8bit): | 5.819479880844224 |
| Encrypted: | false |
| SSDEEP: | 48:YvvLdEogbN48l/GiyLVzyODRHKOkQDcSmjWAm1:Gjdjg54Y/IVO4QOkQoSmu1 |
| MD5: | 3D888F758DFD190AE2C3C4DA0073A60D |
| SHA1: | 62489A3E54C6B14BA7AAF87990EE5084BB97A21D |
| SHA-256: | B2EA1B533BF8827090E38E503DA7FB4C2144B7E644AA8A5D008CBD15D3160A81 |
| SHA-512: | 4EB5E496A15CEEE316890259FCE55769D231FD3E6DBA1DF2022FA989022DFD633F31D863790B764A6F7E61C2918EE75579C3D30F1AB8D3302A63A3ABDEB2D9E4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.300211634270544 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfzdPeUkwRe9:YvXKXSLf0cDsGb8Ukee9 |
| MD5: | 37E195E46B9AFC59931CFD46946000A7 |
| SHA1: | 3623D50B719C968BAACE037A75DEDF02FD1CF538 |
| SHA-256: | 56C66DA2D598C3CE5A0ECB3B907FD649E8F8B2A565CC0AE8F323C029CE192A8B |
| SHA-512: | 8C03DDF838FF6FBA376140ED0FA884D2E1761A720FE5417C64390E0F955184D021DCECA0475C6845841961DA45AC86D8DB77F8D1DB22ECB8B206F4DA22B5AD9D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.281247800352233 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfYdPeUkwRe9:YvXKXSLf0cDsGg8Ukee9 |
| MD5: | AD8581A4E38D00EB3BCC8BD5EF72EB45 |
| SHA1: | 73483AA25A8824EB7B6E4886917D99B5B8ADB1BB |
| SHA-256: | 35949B44931B6C9545A126EDF37F507624B64A12F1B9A65B2AD460BAC420F07E |
| SHA-512: | 52F82587D6FEB9EB3C89CF522D3DDF70E676BDBAD7279BB977CA8B0AC70E80561B6040E473ACE4B96E0A39872837F8669604A0A7D0B4741B947109A2E656703A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284 |
| Entropy (8bit): | 5.266968028815111 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJf+dPeUkwRe9:YvXKXSLf0cDsG28Ukee9 |
| MD5: | 4177E00F235530D49D0C8475A91A5B31 |
| SHA1: | 08C5750D06190884D06E406D03466F3AACC5D745 |
| SHA-256: | 51EA2486DB1B397892AC10B0C0B632E31B5ED98C06546E09E84C81CBBF242D74 |
| SHA-512: | 8DB66626FEFE69E732783FB09972018ACBD4C35860D264DA4CBE23D8CBCA3A930F4EF081F2A1838F4EDAA694AB3626ECCC0A8E7B8CD75CBD6AA584768B1F43D9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.264923779123332 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfbPtdPeUkwRe9:YvXKXSLf0cDsGDV8Ukee9 |
| MD5: | 4AA75B1CAF5A00B15E3D00F6F2DED76F |
| SHA1: | 4F07B3860A075D18B610CDA66EFF8D42C8DD904D |
| SHA-256: | 2366AD668797DB657B2942D4369848F90C1CFBA68D2F209F4E44A3EE800D3C91 |
| SHA-512: | 9BDA2A35CDAD391254186AF3468256335C2B124E9DD64DF067639F3F9906C6E441B42C71449C79498AF508A051DC10D460472DE08194F08C5173EA959A4C3F88 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.268885509077539 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJf21rPeUkwRe9:YvXKXSLf0cDsG+16Ukee9 |
| MD5: | B723D068E6587D6EC4DEE5744014C725 |
| SHA1: | B869B31BA4B2F5AC376FFF0F1B8D8CC0DE395B3F |
| SHA-256: | 62E8D2956C35622D6FA1C0F196CC47B94E6B9060BB7431759EA7E137F6B44866 |
| SHA-512: | 47009F378051951EC1C44A4BA2F29A2E812EDC05E9E578E61A59005E5AE79A2E8E20814208220BD41CC3346ACF484093D15984A5E187C8E7B20E82D9A9BCC771 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2012 |
| Entropy (8bit): | 5.834356865553892 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XSLfZD5amXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOBIM:YvvLdFBgBG48j/SiyLVWOAI13kUm1 |
| MD5: | 1230EA0A47492154D51C5F948BFE8C2E |
| SHA1: | EFCE9150BBDB792C5FEBC5169E32CB085F7C0143 |
| SHA-256: | 05BAD88171AD8764D49DFF4DBF2F8ECC5AFEAEDAA4E6A51E1F133A3B8DEE7FC8 |
| SHA-512: | F76CD5A4004FB584A61A7A3009426748DDA2C8FBF029543FEE654B9AF6FDADDDEF816CFAB87F46D363E0EFA65ACE601DE25573A87A8278536AF1037DDFE86989 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.244594095165946 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfshHHrPeUkwRe9:YvXKXSLf0cDsGUUUkee9 |
| MD5: | AB1D9856A680E381A69679B71A921CAB |
| SHA1: | CDF3BE7BD4BC7B09AE1E91433F1B23E422A8AE64 |
| SHA-256: | 834B5B53D163BBDEF4CA0FB8FD98E1693029583F759DC634B3B0A9A4A96041FC |
| SHA-512: | 9E4CC0A5403F64BAFE820314599B102B01D7881A7D591525FF3145D774A2EEFB96488398E7DB7ABE0E8BB0C4A541CD8FF79F7F08E3879F6C0F6E7C7138B92228 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 282 |
| Entropy (8bit): | 5.249790177636265 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJTqgFCrPeUkwRe9:YvXKXSLf0cDsGTq16Ukee9 |
| MD5: | 48E81EF9CD262521447E9FDB616D0117 |
| SHA1: | C998F4D48CB7CE24CEDAF53DA1E13202E45EF632 |
| SHA-256: | ABB6E792DF8A55E0CB2188467169553F3D436677CADFAC43FF48B49FD9A79EBE |
| SHA-512: | 7988DB248D23D4C37A3E86105FE5DF15B87A03BBCBA929EC3E899468395EA52F715090FD04078FE77F6A79E5E3DEE66F398266AD8A7EEE65B12B412193C67D7C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2815 |
| Entropy (8bit): | 5.122073106561737 |
| Encrypted: | false |
| SSDEEP: | 48:Ylc8IUI0PA0N3q+dKQqOlnjp0bOTi8mK5j4/709hJRl:qo0N6KBthOKdgKf |
| MD5: | 34D7083349824504B37EC6D69AC22FA2 |
| SHA1: | 068D0E2E9D2247645EE8DB8ACC0CB73C1446E72F |
| SHA-256: | F8DC3D1319F1891904300E7FAF860EB7684FF5CF0F7E4EC998722F3C97D8D7D4 |
| SHA-512: | 5F12D0484E52D5598CE4FDE850E83CC2B26768CCC07065E15B0D789FBCEF98373F4123B9AF63B1E7114BFA12A7D379AF9CB3AA134505585A6ECF2F75DC4AC5C5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.1448841687994387 |
| Encrypted: | false |
| SSDEEP: | 24:TLhx/XYKQvGJF7ursVfvxbRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUm:TFl2GL7msLXc+XcGNFlRYIX2v3ka |
| MD5: | 00843D0EC9E1E70AE2FE4818F1B841BA |
| SHA1: | ACB07217957A27C15E70F18791D2EB61A063591F |
| SHA-256: | 44787C629CA0C42263E226EF45B87CE277DB087E64DEEAC145D1D882161B3B41 |
| SHA-512: | A6FD15B6BAF151C1A19C2370BC1058277B92095ADEF2A9D8D5F1ABD051136042E546EADAF206A50A9B091B116BD41A0CA934FAE2C79F0F6F303427974F08DE53 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.5504602361687334 |
| Encrypted: | false |
| SSDEEP: | 24:7+tw1fvxbUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxBqLxxs:7Mw8Xc+XcGNFlRYIX2vEqVl2GL7msun |
| MD5: | B20722EC68C343A308EC501BCAAE9A9E |
| SHA1: | 93CA46CEB83BCC8B335B681D892566F53712AA9A |
| SHA-256: | F7FE9FF5066F2BD92B2C42B392B1386FF027AFEF85FBEB018A1092DF6425B577 |
| SHA-512: | C1B765287347D696501AF7D757A301A2A22428B8901F435EF98DD26FAEE8C7E15851BD7E36DE089A53ED74F877CFD2AD27FF27AF41D88029BBC4A8FDBCCD268D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5309417490522437 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKUVlEKeCH:Qw946cPbiOxDlbYnuRKSUcKzH |
| MD5: | 70E8B6DC01398AF45A324F0B75E7F7F2 |
| SHA1: | 407B4FF2B391B9035F42ECBC9549413A16CABA9B |
| SHA-256: | 22E33B1ACA6376A8C13EEA1DFCCD3FFE3D743A444E44863E2F8B322C85671A8F |
| SHA-512: | 2EA7944517A86EC2008EF6460932FA261FFB602244D4F09149444C4C3FEC440FBFFD143750C15A2B6522F308E128FA6EBFDE6A21E819403A19EB561981ED074A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 358 |
| Entropy (8bit): | 5.107170789398399 |
| Encrypted: | false |
| SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOtjBMTCSyAAO:IngVMre9T0HQIDmy9g06JXwTlX |
| MD5: | A1727E012D9B183ED21674BCF94A9C6D |
| SHA1: | D7CF63D31BA8ACFB827787D4181279E4E54B1151 |
| SHA-256: | 4E0D7FA4DC658186355E12F5D7643A26E40EDA6D877D0A8195262A52C61142C8 |
| SHA-512: | B7D41F4E62753261A3EF881AB3017285854E61C4B4D7AA725DD17513D3EAF4D4732D572723DC27862719DB2598FB0AC3CBDB3B5B4EBF8979656AA93D01FB8FD8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.338264912747007 |
| Encrypted: | false |
| SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
| MD5: | 128A51060103D95314048C2F32A15C66 |
| SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
| SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
| SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15112 |
| Entropy (8bit): | 5.351719444954036 |
| Encrypted: | false |
| SSDEEP: | 384:Ci8jxDEXvc5PtA6U5drrACea+tkj2YNfgTHR7D0hogXEW6uxOxOxDxJxxgxRxgxQ:HiH |
| MD5: | AA24050EC4C44E3A5E5F608D11297B83 |
| SHA1: | 6ED262070BE171FB743B2896153EDFFE255810BE |
| SHA-256: | 0AFF230A5CCCD6EE4F229ED5D654F03025B11631D6A2ACE12FB7393643133912 |
| SHA-512: | A65CC3F91F0DD1233B2F02E9D9E46F340A5F110CC0B6AE0A9CEF0081FF4F45494D0639FDD9BAFA61643023F840DDF2BB28CB91BCC9D25440F94C3CA1A8650797 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.403280230923564 |
| Encrypted: | false |
| SSDEEP: | 192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbrLDcbmIPrZcbd:V3fOCIdJDe6PO |
| MD5: | AB5E76E4E844BB4CF1B726382783363E |
| SHA1: | 3B4C196BA5B5BCB9496E68D732ADCB4A6139C52B |
| SHA-256: | EF34E522A8A239D762C9937031F0B80D031DEFA2467A6D970DFC15AFB4C7835C |
| SHA-512: | 436CEF45E8524EE5D26C468779AE4E05EBE613827A41A018B1B0E989AE43EF51C63DAB0483369C11F6AC0FA28F52094D3ABE2EF089AE8ED08DD361FBDB8D7DBC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m |
| MD5: | 774036904FF86EB19FCE18B796528E1E |
| SHA1: | 2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16 |
| SHA-256: | D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD |
| SHA-512: | 9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
| MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
| SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
| SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
| SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.952766882275829 |
| TrID: |
|
| File name: | DTG.pdf |
| File size: | 284'371 bytes |
| MD5: | 7291c170fd32bab98a9305052c5d1207 |
| SHA1: | 6d9399ad467c9bde39eca88558c0b1b3226b7386 |
| SHA256: | 61455e571bd64004e29906022ef58547429cd182fd95468c307714d091ff09d4 |
| SHA512: | af92779ba737da49db7707f1a9b6fd94d8f0a8de8d7095bea440f7233bdaceac1301ca5c1cd452bc5349b0c0a75b94630f4f3681a446087e3c59634fbc613932 |
| SSDEEP: | 6144:q92tFjwVXav0hyATNMPY+bVtDY5WD37O0akyzAxpfZ:qS92aKEf5tDW43naox/ |
| TLSH: | 295412749052C057CD3E18719B53694B86AF5981250B3C6E7E2C67C34B01D8BBE3AEDE |
| File Content Preview: | %PDF-1.6.%......186 0 obj.<</Filter/FlateDecode/First 5/Length 242/N 1/Type/ObjStm>>stream..h.DPMo.0..+.Y..o[......y0.@v..P.......7...-..s}.UJ.l......7..=... .`m*!..Ti..E.6Ib4.}...*../.m..c.zK...)......1.W..?.:.w...'uY..7........XW.0........D.:5.......9.R |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.6 |
| Total Entropy: | 7.952767 |
| Total Bytes: | 284371 |
| Stream Entropy: | 7.953243 |
| Stream Bytes: | 281226 |
| Entropy outside Streams: | 5.307766 |
| Bytes outside Streams: | 3145 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 28 |
| endobj | 28 |
| stream | 26 |
| endstream | 26 |
| xref | 0 |
| trailer | 0 |
| startxref | 1 |
| /Page | 0 |
| /Encrypt | 0 |
| /ObjStm | 7 |
| /URI | 2 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 52 | 0000000000000000 | c80422cd288128bea9f0e36a979a1889 |  |
| 53 | 0f1f33633363070f | 1b43e5d068dc28661442c5142138a6a9 |  |
| 54 | 4cab4b5545290acd | 24d499ef8b3f1e6fdf53886146ab9ddb |  |
| 55 | 706ccccc78b08e38 | aa07ad15419a33e8331c2b1c694392cd |  |
| 56 | 78cccccc68b0abf9 | 0fcb5355b214d58de21ae7ee55ae0be9 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeDownload Network PCAP: filtered – full
- Total Packets: 53
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 18, 2025 18:37:31.427479029 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
| Mar 18, 2025 18:37:31.739224911 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
| Mar 18, 2025 18:37:32.348486900 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
| Mar 18, 2025 18:37:33.551640034 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
| Mar 18, 2025 18:37:35.957899094 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
| Mar 18, 2025 18:37:40.007447958 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
| Mar 18, 2025 18:37:40.319545031 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
| Mar 18, 2025 18:37:40.772643089 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
| Mar 18, 2025 18:37:40.941937923 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
| Mar 18, 2025 18:37:42.144303083 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
| Mar 18, 2025 18:37:44.559060097 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
| Mar 18, 2025 18:37:47.498661041 CET | 49702 | 80 | 192.168.2.6 | 72.246.169.163 |
| Mar 18, 2025 18:37:47.503639936 CET | 80 | 49702 | 72.246.169.163 | 192.168.2.6 |
| Mar 18, 2025 18:37:47.503736973 CET | 49702 | 80 | 192.168.2.6 | 72.246.169.163 |
| Mar 18, 2025 18:37:47.503829002 CET | 49702 | 80 | 192.168.2.6 | 72.246.169.163 |
| Mar 18, 2025 18:37:47.508721113 CET | 80 | 49702 | 72.246.169.163 | 192.168.2.6 |
| Mar 18, 2025 18:37:48.140383959 CET | 80 | 49702 | 72.246.169.163 | 192.168.2.6 |
| Mar 18, 2025 18:37:48.140429020 CET | 80 | 49702 | 72.246.169.163 | 192.168.2.6 |
| Mar 18, 2025 18:37:48.140507936 CET | 49702 | 80 | 192.168.2.6 | 72.246.169.163 |
| Mar 18, 2025 18:37:49.367980957 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
| Mar 18, 2025 18:37:50.383513927 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
| Mar 18, 2025 18:37:58.529719114 CET | 49702 | 80 | 192.168.2.6 | 72.246.169.163 |
| Mar 18, 2025 18:37:58.974015951 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
| Mar 18, 2025 18:38:01.023816109 CET | 49710 | 443 | 192.168.2.6 | 162.214.69.41 |
| Mar 18, 2025 18:38:01.023850918 CET | 443 | 49710 | 162.214.69.41 | 192.168.2.6 |
| Mar 18, 2025 18:38:01.024024963 CET | 49710 | 443 | 192.168.2.6 | 162.214.69.41 |
| Mar 18, 2025 18:38:01.024719954 CET | 49710 | 443 | 192.168.2.6 | 162.214.69.41 |
| Mar 18, 2025 18:38:01.024734974 CET | 443 | 49710 | 162.214.69.41 | 192.168.2.6 |
| Mar 18, 2025 18:38:01.464107037 CET | 49710 | 443 | 192.168.2.6 | 162.214.69.41 |
| Mar 18, 2025 18:38:01.504328012 CET | 443 | 49710 | 162.214.69.41 | 192.168.2.6 |
| Mar 18, 2025 18:38:01.884916067 CET | 443 | 49710 | 162.214.69.41 | 192.168.2.6 |
| Mar 18, 2025 18:38:01.885008097 CET | 49710 | 443 | 192.168.2.6 | 162.214.69.41 |
| Mar 18, 2025 18:38:01.885029078 CET | 49710 | 443 | 192.168.2.6 | 162.214.69.41 |
| Mar 18, 2025 18:38:05.146306992 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
| Mar 18, 2025 18:38:05.146403074 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
| Mar 18, 2025 18:38:05.146564007 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
| Mar 18, 2025 18:38:05.146903992 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
| Mar 18, 2025 18:38:05.146938086 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
| Mar 18, 2025 18:38:05.791057110 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
| Mar 18, 2025 18:38:05.791131973 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
| Mar 18, 2025 18:38:05.792109013 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
| Mar 18, 2025 18:38:05.792123079 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
| Mar 18, 2025 18:38:05.792633057 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
| Mar 18, 2025 18:38:05.833122015 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
| Mar 18, 2025 18:38:15.672274113 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
| Mar 18, 2025 18:38:15.672461987 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
| Mar 18, 2025 18:38:15.672643900 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
| Mar 18, 2025 18:38:16.212575912 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
| Mar 18, 2025 18:38:16.212635994 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
| Mar 18, 2025 18:38:21.583373070 CET | 49685 | 80 | 192.168.2.6 | 142.250.185.227 |
| Mar 18, 2025 18:38:21.588480949 CET | 80 | 49685 | 142.250.185.227 | 192.168.2.6 |
| Mar 18, 2025 18:38:21.588597059 CET | 49685 | 80 | 192.168.2.6 | 142.250.185.227 |
| Mar 18, 2025 18:38:22.790303946 CET | 49686 | 443 | 192.168.2.6 | 2.19.122.32 |
| Mar 18, 2025 18:38:22.790596008 CET | 49689 | 80 | 192.168.2.6 | 2.23.77.188 |
| Mar 18, 2025 18:38:50.640295029 CET | 443 | 49681 | 2.23.227.215 | 192.168.2.6 |
| Mar 18, 2025 18:38:50.640333891 CET | 443 | 49681 | 2.23.227.215 | 192.168.2.6 |
| Mar 18, 2025 18:38:50.640459061 CET | 49681 | 443 | 192.168.2.6 | 2.23.227.215 |
| Mar 18, 2025 18:39:05.131349087 CET | 49736 | 443 | 192.168.2.6 | 142.250.185.132 |
| Mar 18, 2025 18:39:05.131391048 CET | 443 | 49736 | 142.250.185.132 | 192.168.2.6 |
| Mar 18, 2025 18:39:05.135411024 CET | 49736 | 443 | 192.168.2.6 | 142.250.185.132 |
| Mar 18, 2025 18:39:05.135641098 CET | 49736 | 443 | 192.168.2.6 | 142.250.185.132 |
| Mar 18, 2025 18:39:05.135649920 CET | 443 | 49736 | 142.250.185.132 | 192.168.2.6 |
| Mar 18, 2025 18:39:05.785361052 CET | 443 | 49736 | 142.250.185.132 | 192.168.2.6 |
| Mar 18, 2025 18:39:05.785650015 CET | 49736 | 443 | 192.168.2.6 | 142.250.185.132 |
| Mar 18, 2025 18:39:05.785712957 CET | 443 | 49736 | 142.250.185.132 | 192.168.2.6 |
| Mar 18, 2025 18:39:07.161570072 CET | 49682 | 443 | 192.168.2.6 | 20.190.160.4 |
| Mar 18, 2025 18:39:07.161683083 CET | 49684 | 80 | 192.168.2.6 | 2.23.77.188 |
| Mar 18, 2025 18:39:07.168185949 CET | 443 | 49682 | 20.190.160.4 | 192.168.2.6 |
| Mar 18, 2025 18:39:07.168224096 CET | 80 | 49684 | 2.23.77.188 | 192.168.2.6 |
| Mar 18, 2025 18:39:07.168256044 CET | 49682 | 443 | 192.168.2.6 | 20.190.160.4 |
| Mar 18, 2025 18:39:07.168318987 CET | 49684 | 80 | 192.168.2.6 | 2.23.77.188 |
| Mar 18, 2025 18:39:15.665606976 CET | 443 | 49736 | 142.250.185.132 | 192.168.2.6 |
| Mar 18, 2025 18:39:15.665657997 CET | 443 | 49736 | 142.250.185.132 | 192.168.2.6 |
| Mar 18, 2025 18:39:15.665808916 CET | 49736 | 443 | 192.168.2.6 | 142.250.185.132 |
| Mar 18, 2025 18:39:17.600610018 CET | 49736 | 443 | 192.168.2.6 | 142.250.185.132 |
| Mar 18, 2025 18:39:17.600684881 CET | 443 | 49736 | 142.250.185.132 | 192.168.2.6 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 18, 2025 18:37:47.487986088 CET | 54534 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 18, 2025 18:37:47.495680094 CET | 53 | 54534 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:38:00.673254013 CET | 57022 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 18, 2025 18:38:00.673561096 CET | 61722 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 18, 2025 18:38:00.683669090 CET | 53 | 63027 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:38:00.951234102 CET | 53 | 55238 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:38:00.975740910 CET | 53 | 57022 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:38:00.978255987 CET | 53 | 61722 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:38:01.695046902 CET | 53 | 55376 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:38:01.833863974 CET | 53 | 51122 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:38:04.467853069 CET | 53 | 49658 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:38:05.068851948 CET | 50027 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 18, 2025 18:38:05.068980932 CET | 55681 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 18, 2025 18:38:05.144733906 CET | 53 | 50027 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:38:05.144866943 CET | 53 | 55681 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:38:18.842413902 CET | 53 | 63797 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:38:37.602087975 CET | 53 | 49424 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:38:38.088260889 CET | 138 | 138 | 192.168.2.6 | 192.168.2.255 |
| Mar 18, 2025 18:39:00.391877890 CET | 53 | 65211 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:39:00.561589003 CET | 53 | 58803 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:39:03.903537035 CET | 53 | 59099 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:39:30.405385017 CET | 53 | 54050 | 1.1.1.1 | 192.168.2.6 |
| Mar 18, 2025 18:40:15.732698917 CET | 53 | 62333 | 1.1.1.1 | 192.168.2.6 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 18, 2025 18:37:47.487986088 CET | 192.168.2.6 | 1.1.1.1 | 0xac85 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 18, 2025 18:38:00.673254013 CET | 192.168.2.6 | 1.1.1.1 | 0x49f4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 18, 2025 18:38:00.673561096 CET | 192.168.2.6 | 1.1.1.1 | 0x1709 | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 18, 2025 18:38:05.068851948 CET | 192.168.2.6 | 1.1.1.1 | 0x5e85 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 18, 2025 18:38:05.068980932 CET | 192.168.2.6 | 1.1.1.1 | 0x2b32 | Standard query (0) | 65 | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 18, 2025 18:37:47.495680094 CET | 1.1.1.1 | 192.168.2.6 | 0xac85 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 18, 2025 18:37:47.495680094 CET | 1.1.1.1 | 192.168.2.6 | 0xac85 | No error (0) | e8652.dscx.akamaiedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 18, 2025 18:37:47.495680094 CET | 1.1.1.1 | 192.168.2.6 | 0xac85 | No error (0) | 72.246.169.163 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:37:48.181345940 CET | 1.1.1.1 | 192.168.2.6 | 0xce21 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:37:48.181345940 CET | 1.1.1.1 | 192.168.2.6 | 0xce21 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:38:00.975740910 CET | 1.1.1.1 | 192.168.2.6 | 0x49f4 | No error (0) | 162.214.69.41 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:38:01.302184105 CET | 1.1.1.1 | 192.168.2.6 | 0x308a | No error (0) | 84.201.210.39 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:38:01.302184105 CET | 1.1.1.1 | 192.168.2.6 | 0x308a | No error (0) | 217.20.57.19 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:38:01.302184105 CET | 1.1.1.1 | 192.168.2.6 | 0x308a | No error (0) | 217.20.57.34 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:38:01.302184105 CET | 1.1.1.1 | 192.168.2.6 | 0x308a | No error (0) | 217.20.57.35 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:38:05.144733906 CET | 1.1.1.1 | 192.168.2.6 | 0x5e85 | No error (0) | 142.250.185.132 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:38:05.144866943 CET | 1.1.1.1 | 192.168.2.6 | 0x2b32 | No error (0) | 65 | IN (0x0001) | false | |||
| Mar 18, 2025 18:38:16.936546087 CET | 1.1.1.1 | 192.168.2.6 | 0x5318 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:38:16.936546087 CET | 1.1.1.1 | 192.168.2.6 | 0x5318 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:38:48.679469109 CET | 1.1.1.1 | 192.168.2.6 | 0xad3d | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:38:48.679469109 CET | 1.1.1.1 | 192.168.2.6 | 0xad3d | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:39:13.451139927 CET | 1.1.1.1 | 192.168.2.6 | 0x20be | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:39:13.451139927 CET | 1.1.1.1 | 192.168.2.6 | 0x20be | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:39:45.499120951 CET | 1.1.1.1 | 192.168.2.6 | 0xa2f2 | No error (0) | 217.20.57.19 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:39:45.499120951 CET | 1.1.1.1 | 192.168.2.6 | 0xa2f2 | No error (0) | 217.20.57.18 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:39:45.499120951 CET | 1.1.1.1 | 192.168.2.6 | 0xa2f2 | No error (0) | 217.20.57.35 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:39:45.499120951 CET | 1.1.1.1 | 192.168.2.6 | 0xa2f2 | No error (0) | 84.201.210.39 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2025 18:39:45.499120951 CET | 1.1.1.1 | 192.168.2.6 | 0xa2f2 | No error (0) | 217.20.57.34 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49702 | 72.246.169.163 | 80 | 4996 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 18, 2025 18:37:47.503829002 CET | 115 | OUT | |
| Mar 18, 2025 18:37:48.140383959 CET | 1236 | IN | |
| Mar 18, 2025 18:37:48.140429020 CET | 509 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 1 |
| Start time: | 13:37:32 |
| Start date: | 18/03/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff667860000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 13:37:34 |
| Start date: | 18/03/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff797640000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 13:37:35 |
| Start date: | 18/03/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff797640000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 13 |
| Start time: | 13:37:58 |
| Start date: | 18/03/2025 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff63b000000 |
| File size: | 3'388'000 bytes |
| MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 14 |
| Start time: | 13:37:59 |
| Start date: | 18/03/2025 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff63b000000 |
| File size: | 3'388'000 bytes |
| MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
⊘No disassembly
