Windows
Analysis Report
DTG.pdf
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
Acrobat.exe (PID: 7128 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\D TG.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) AcroCEF.exe (PID: 4996 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) AcroCEF.exe (PID: 7204 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 48 --field -trial-han dle=1588,i ,151253192 1312188702 1,13897611 1385044997 56,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
chrome.exe (PID: 2288 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "http s://aniffs .com/o/?c3 Y9bzM2NV8x X29uZSZyYW 5kPVVuSlFP VVU9JnVpZD 1VU0VSMjYw MjIwMjVVMz MwMjI2NTE= N0123N[EMA IL]" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 1360 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=1980,i ,267501986 1959795683 ,166594787 6910831777 3,262144 - -variation s-seed-ver sion --moj o-platform -channel-h andle=1932 /prefetch :3 MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
- • AV Detection
- • Phishing
- • Compliance
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Phishing |
---|
Source: | Joe Sandbox AI: | ||
Source: | Joe Sandbox AI: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Classification label: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | 1 Browser Extensions | 1 Process Injection | 11 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
aniffs.com | 162.214.69.41 | true | false | unknown | |
e8652.dscx.akamaiedge.net | 72.246.169.163 | true | false | high | |
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | 84.201.210.39 | true | false | high | |
www.google.com | 142.250.185.132 | true | false | high | |
x1.i.lencr.org | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.132 | www.google.com | United States | 15169 | GOOGLEUS | false | |
72.246.169.163 | e8652.dscx.akamaiedge.net | United States | 16625 | AKAMAI-ASUS | false | |
162.214.69.41 | aniffs.com | United States | 46606 | UNIFIEDLAYER-AS-1US | false |
IP |
---|
192.168.2.6 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1642017 |
Start date and time: | 2025-03-18 18:36:39 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 23s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | DTG.pdf |
Detection: | MAL |
Classification: | mal52.winPDF@62/46@5/4 |
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, WMIADAP.exe, SIHCl ient.exe, SgrmBroker.exe, conh ost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 2.18.96.131, 52.6. 155.20, 3.233.129.217, 52.22.4 1.97, 3.219.243.226, 172.64.41 .3, 162.159.61.3, 2.22.242.123 , 2.22.242.11, 199.232.210.172 , 216.58.206.67, 142.250.185.2 38, 172.217.18.14, 142.250.110 .84, 142.250.184.238, 216.58.2 12.142, 142.250.186.46, 216.58 .206.42, 142.250.185.202, 142. 250.186.106, 142.250.186.42, 1 42.250.186.74, 142.250.186.138 , 142.250.185.234, 172.217.23. 106, 142.250.186.170, 172.217. 16.138, 172.217.16.202, 172.21 7.18.10, 142.250.184.234, 216. 58.206.74, 142.250.184.202, 14 2.250.181.234, 142.250.186.142 , 142.250.186.174, 172.217.16. 142, 2.16.100.168, 142.250.185 .110, 216.58.206.46, 199.232.2 14.172, 142.250.184.195, 142.2 50.185.195, 142.250.186.110, 1 42.250.185.78, 216.58.206.78, 88.221.110.91, 23.60.203.209, 172.202.163.200, 23.56.162.204 - Excluded domains from analysis
(whitelisted): e4578.dscg.aka maiedge.net, chrome.cloudflare -dns.com, slscr.update.microso ft.com, clientservices.googlea pis.com, a767.dspw65.akamai.ne t, acroipm2.adobe.com, clients 2.google.com, redirector.gvt1. com, ssl-delivery.adobe.com.ed gekey.net, a122.dscd.akamai.ne t, update.googleapis.com, wu-b -net.trafficmanager.net, optim izationguide-pa.googleapis.com , clients1.google.com, fs.micr osoft.com, accounts.google.com , acroipm2.adobe.com.edgesuite .net, ctldl.windowsupdate.com. delivery.microsoft.com, ctldl. windowsupdate.com, p13n.adobe. io, fe3cr.delivery.mp.microsof t.com, download.windowsupdate. com.edgesuite.net, edgedl.me.g vt1.com, armmf.adobe.com, clie nts.l.google.com, geo2.adobe.c om - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found .
Time | Type | Description |
---|---|---|
13:37:47 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
72.246.169.163 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher, Invisible JS | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
e8652.dscx.akamaiedge.net | Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
bg.microsoft.map.fastly.net | Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| |
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | DanaBot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
UNIFIEDLAYER-AS-1US | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Stealerium | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 298 |
Entropy (8bit): | 5.259723390614795 |
Encrypted: | false |
SSDEEP: | 6:iOGotBVq2PN72nKuAl9OmbnIFUtooKlgZmwCoKlIkwON72nKuAl9OmbjLJ:7GobVvVaHAahFUtooKlg/CoKlI5OaHAR |
MD5: | ED70EACEDDFB4B8B3E809692195DEF50 |
SHA1: | EB2204F78D94576E870C15F02A730A68B681BA2A |
SHA-256: | 332253A9E2CF64DF55D1DA2FDA2E1A9716C95AAE8ACD93D6E2C859410BDEB49F |
SHA-512: | 9D7B3D6AAE1ED42944B63096990DE2FA104740A102A0406B560C704CFE25EC838CB8B17DB62019A3D9564BC9E8B3A8BFEA6A40CB93E2C03E30EFA8445DED9AB2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 298 |
Entropy (8bit): | 5.259723390614795 |
Encrypted: | false |
SSDEEP: | 6:iOGotBVq2PN72nKuAl9OmbnIFUtooKlgZmwCoKlIkwON72nKuAl9OmbjLJ:7GobVvVaHAahFUtooKlg/CoKlI5OaHAR |
MD5: | ED70EACEDDFB4B8B3E809692195DEF50 |
SHA1: | EB2204F78D94576E870C15F02A730A68B681BA2A |
SHA-256: | 332253A9E2CF64DF55D1DA2FDA2E1A9716C95AAE8ACD93D6E2C859410BDEB49F |
SHA-512: | 9D7B3D6AAE1ED42944B63096990DE2FA104740A102A0406B560C704CFE25EC838CB8B17DB62019A3D9564BC9E8B3A8BFEA6A40CB93E2C03E30EFA8445DED9AB2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 342 |
Entropy (8bit): | 5.151671405304191 |
Encrypted: | false |
SSDEEP: | 6:iOG8BGkQ+q2PN72nKuAl9Ombzo2jMGIFUtoopdWZmwCopQVkwON72nKuAl9Ombzz:7G8Bc+vVaHAa8uFUto8W/CbV5OaHAa8z |
MD5: | BD80C7EA28A2B9F5D2DF3D5BDE2B210D |
SHA1: | 05678C0DB814C73F8AAF76424F51E71AAC96656F |
SHA-256: | 685A34255483F26D8A7786E23578288C9DF497858C1963BD0554681C145353F3 |
SHA-512: | F409B6C981F03C71D06D4B03A126EE7C94C0898F56AB9D4C03020166EE3C9C245051A5F0D6923463658BCBC01F48140F1F25BB7CB3C6412F17BDB75656B8BDD6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 342 |
Entropy (8bit): | 5.151671405304191 |
Encrypted: | false |
SSDEEP: | 6:iOG8BGkQ+q2PN72nKuAl9Ombzo2jMGIFUtoopdWZmwCopQVkwON72nKuAl9Ombzz:7G8Bc+vVaHAa8uFUto8W/CbV5OaHAa8z |
MD5: | BD80C7EA28A2B9F5D2DF3D5BDE2B210D |
SHA1: | 05678C0DB814C73F8AAF76424F51E71AAC96656F |
SHA-256: | 685A34255483F26D8A7786E23578288C9DF497858C1963BD0554681C145353F3 |
SHA-512: | F409B6C981F03C71D06D4B03A126EE7C94C0898F56AB9D4C03020166EE3C9C245051A5F0D6923463658BCBC01F48140F1F25BB7CB3C6412F17BDB75656B8BDD6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.972225950634431 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqmRasBdOg2HNcaq3QYiubcP7E4T3y:Y2sRds3VdMH83QYhbA7nby |
MD5: | DFC54A53E0A65A1802A10F2C246DBCD4 |
SHA1: | AA8129DD56E3D7406AC025EBE0275CFEFA20D270 |
SHA-256: | 089BAC3679E8614473C13A9AEF50BD20FF5069B857A563A281B5C9DDAE0B25D1 |
SHA-512: | 49BC893FA0AB06DAF38BE9B835AF59CFA2FA8FC2F62200FDAABACD8A35A5E720EA06B51B9231B92A5C4BC71006E8985245666B27D720CC9436A8BAE60451212D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.972225950634431 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqmRasBdOg2HNcaq3QYiubcP7E4T3y:Y2sRds3VdMH83QYhbA7nby |
MD5: | DFC54A53E0A65A1802A10F2C246DBCD4 |
SHA1: | AA8129DD56E3D7406AC025EBE0275CFEFA20D270 |
SHA-256: | 089BAC3679E8614473C13A9AEF50BD20FF5069B857A563A281B5C9DDAE0B25D1 |
SHA-512: | 49BC893FA0AB06DAF38BE9B835AF59CFA2FA8FC2F62200FDAABACD8A35A5E720EA06B51B9231B92A5C4BC71006E8985245666B27D720CC9436A8BAE60451212D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5859 |
Entropy (8bit): | 5.250205025075013 |
Encrypted: | false |
SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE73C5TZ:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhY |
MD5: | 9A2361B27925237230CACD52724473AD |
SHA1: | 28E9AD37F1842CC6C4E06D5E4D118B15D262C8BE |
SHA-256: | 279CC88733F9A2722D437A18A1F7E2AA9DD894E31CDBD0C706279EEE0DBC1B3F |
SHA-512: | AD78A2AE6E329E304308EDDC44DBD3A3BA91AAF80E28F3153C21F24F3F910C0E22DFD895980794E45C3E8D81595010559554C6D664B21CD075400D60F46BD78B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 5.159528211638248 |
Encrypted: | false |
SSDEEP: | 6:iOGKpQ+q2PN72nKuAl9OmbzNMxIFUtoKVMdWZmwCKNQVkwON72nKuAl9OmbzNMFd:7Gz+vVaHAa8jFUtofW/CnV5OaHAa84J |
MD5: | F77FAD8A1332535A33A8FB3CD4EBECB5 |
SHA1: | 6183D8C34054D852DC751DCB3E69D738AE554D18 |
SHA-256: | 5055CD21F1AB85ABFD974804A5EAD882379755F60A24D3A19A17AE211A237CF5 |
SHA-512: | E7EF0B11BC14011E1ED604AE9ED1EE623C98BBFAF032C4540C05D332A968B1124C9286DE56415A61778108D5A7CCE986BD469E0055BF94E23B0EF634DDA71D10 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 5.159528211638248 |
Encrypted: | false |
SSDEEP: | 6:iOGKpQ+q2PN72nKuAl9OmbzNMxIFUtoKVMdWZmwCKNQVkwON72nKuAl9OmbzNMFd:7Gz+vVaHAa8jFUtofW/CnV5OaHAa84J |
MD5: | F77FAD8A1332535A33A8FB3CD4EBECB5 |
SHA1: | 6183D8C34054D852DC751DCB3E69D738AE554D18 |
SHA-256: | 5055CD21F1AB85ABFD974804A5EAD882379755F60A24D3A19A17AE211A237CF5 |
SHA-512: | E7EF0B11BC14011E1ED604AE9ED1EE623C98BBFAF032C4540C05D332A968B1124C9286DE56415A61778108D5A7CCE986BD469E0055BF94E23B0EF634DDA71D10 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60406 |
Entropy (8bit): | 1.8641571686893625 |
Encrypted: | false |
SSDEEP: | 192:4BNnXaToOdPsc1jQA58dJQmRkwbYjcYxTygRPQ0xP8+b0buCwX3OiIaQuE:47nXalsoN8vkY2R4SLCs3t9Qt |
MD5: | DDB9DD33A3AA0256C96E83DF0A2032E8 |
SHA1: | 8BC8FD7B3C9CDAE90B20E90855DAF00F6E9CEFBF |
SHA-256: | 26FF0CF0661D7B863A92DDA0EEA901B7D66E20C865493D2269503751BCE60D40 |
SHA-512: | 24B1E614C750A2E57F4F6ECEB505788480B1FD37B980A1852A500612DDFBC12660CF00FC84FBB6D61E514AA399CAA6241A21DB638141111A25DDB6761FB06234 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445177150093161 |
Encrypted: | false |
SSDEEP: | 384:ye6ci5tpiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mKs3OazzU89UTTgUL |
MD5: | 336703201A40243D68CAFAE6A056F5E4 |
SHA1: | 0834DC09C3B8CD1DAE39C0302A74653E7A982DFD |
SHA-256: | 5E2DF8419A685A8FFEFE28CAEE2D84461D73665C0EF21A8B2E4689D2F8FE659F |
SHA-512: | B020680D6A1FCCAB2749E719BD925EFA1573547B0A174D731532661B95D9D680C995CF697897FB26141396EA47508E03D02D23F8DBACDF611E5174EF0C3998E6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.77092263201687 |
Encrypted: | false |
SSDEEP: | 48:7MDJioyVrioyXoy1C7oy16oy19KOioy1noy1AYoy1Wioy1oioykioyBoy1noy1Of:7IJurZQXjBi2b9IVXEBodRBkD |
MD5: | E9B00311198A72DF04641BA84CA7B135 |
SHA1: | D60D1F133D9664FA3DF957017B54410DD7075939 |
SHA-256: | AFB030919145294D03F32F02E81C6FEF2259CF91612BC8A1BA66EB3F0DDEE20C |
SHA-512: | C94C59597FDC9D67E337CAA33ABE9D192AC11ECCEF01A2558175E7C5F1225C064F49BF7A6E5E9E0735547B32BE2FEE67E0DA3D2B9F9005953A24FA2D286C931C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73305 |
Entropy (8bit): | 7.996028107841645 |
Encrypted: | true |
SSDEEP: | 1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/ |
MD5: | 83142242E97B8953C386F988AA694E4A |
SHA1: | 833ED12FC15B356136DCDD27C61A50F59C5C7D50 |
SHA-256: | D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755 |
SHA-512: | BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | 3:kkFkl5ZTd/XfllXlE/HT8kio/jNNX8RolJuRdxLlGB9lQRYwpDdt:kK4d/IT88pNMa8RdWBwRd |
MD5: | C2AB131EDCACEE5E0189536B8FB7D1B8 |
SHA1: | 3D0825BFA606B526AC5386F8CC498B2C4AE7B974 |
SHA-256: | BABD5DE2051F1B1BD309291B4C8C5787227DE613BB8EB2AE3F026FD8E54C4112 |
SHA-512: | 9F0C17F9728B5643C0060BC2DA090AA0464ACAD2E1D393938DACABF47B5C602437164EBC7DDC19DC37987960CC0D9F37BC2FCA586DE21248A948271E38A2DA9C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 330 |
Entropy (8bit): | 3.287136292755414 |
Encrypted: | false |
SSDEEP: | 6:kKPkLlemcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:nbmfZkPlE99SNxAhUeq8S |
MD5: | F0B9FDA3FEB70D5A7A33817BFED71BE0 |
SHA1: | F516BD643F7102B052A84650C953022551967A6C |
SHA-256: | 67D87BAF04BF80519E3178600EA62A31DB41DCA05892EA074F51BB4ED3504B0F |
SHA-512: | D38C35C6D8CE6AAF8F44322629930830EDA848E2C3E73E29777BE9D78069FDC0CC0F65ED6B8867AC2F39776C10A642E9B50BD381F791BB723D9670520B11E799 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 229689 |
Entropy (8bit): | 3.3860380622488884 |
Encrypted: | false |
SSDEEP: | 1536:qKPCWiyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:XPCwJ/3AYvYwgXFoL+sn |
MD5: | E9535180F83BA631DBD0AF1B32094DA4 |
SHA1: | B51C45130BCBBA85C39333B86AE2F9AEF1FB5430 |
SHA-256: | 2D5C6A18C2CADB9324162240AE8845318D2E8565C2E4B1A1CF3A22B72ACAD9BC |
SHA-512: | B4B57C412BD30E1322316EB4AA8693DEDB7AE5B5600EC8A0B134BCB12FA598EB50269A542454C227EA1E7462F06484652A219A5E11A05FF1902D16B10ECC6EC5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.345547487864174 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJM3g98kUwPeUkwRe9:YvXKXSLf0cDsGMbLUkee9 |
MD5: | BBCEB4E058558B88D8E56D1F832943D6 |
SHA1: | AAEB12558D8BE95361843C2742B0536051821B0E |
SHA-256: | 67E89F512CA1A26F73D874ABF4DE46C18EE31D4E983FC36F2D430129D21F790C |
SHA-512: | 6DAF2FCB14225BDB06461AC483E187AC69F5D1FB539C671F2A8F6892A57BC3E292CB3B6D4625E2F387F5B080FF0F838DA454AB620FA9054AF93EC9DE365488A1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.296765910238248 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfBoTfXpnrPeUkwRe9:YvXKXSLf0cDsGWTfXcUkee9 |
MD5: | 953C34329FDDB72B359EFDC8304F92B5 |
SHA1: | DD6B5D9FE32BF17E0413EBA2616BFE747BCE27A6 |
SHA-256: | C8DBAD5E52FFF62A671BC60E82E6841AEA185369B57CB3DD16F163DFC5513855 |
SHA-512: | 17E8417DB7B8ADB637C0F9A34D2D11443F020CA2F00CC9C1D8975DD9564721E8690D2AF19858E4B577D7AEF9922383558F0F38EA1EE7BBDA1B8099C1F75A3DD2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.274238159441876 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfBD2G6UpnrPeUkwRe9:YvXKXSLf0cDsGR22cUkee9 |
MD5: | FDDD164813D5529A8CDBADB2EC68164A |
SHA1: | 63E60119636F6E9E4BC35248553CB9763027EB01 |
SHA-256: | 907683CF3A9A782B2ACEDD75C2D968D65B2AC45988FF5357FF43659D794DD14D |
SHA-512: | 12BC4DFB79A796B0378723AEA72DDCB8A13D713354E3192AF7D2BD8E6613BB111D5F1955D3657ACB31F473687EDB3FA331B7C584380C48301215C79B03CFEE25 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.3249449442841446 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfPmwrPeUkwRe9:YvXKXSLf0cDsGH56Ukee9 |
MD5: | AF32B0F8B545E6195DAA30F74B104237 |
SHA1: | 891DD7DB79E9CF16B197D80BFAEB08907CDF37B3 |
SHA-256: | 46A2B9685E43E14EF3858A6D640F5BCCF09FF8CE6373B54723CB36DE81B6C88D |
SHA-512: | 4C17D3379E4E87FC0159799FC1FA9D11451EBA8CD59C649E1155DC46C3602E1098F0FDFAD1F6E0BA32F6F6EA375EC531B88726C36B63E8526DF6ACFF6F69DB90 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2113 |
Entropy (8bit): | 5.838067496150041 |
Encrypted: | false |
SSDEEP: | 24:Yv6XSLfZDJpLgEGycjycR84bNerISIedJGWQxiE5iODneLKnlYMfNcQbpEsrAr3a:YvvLdJhgly48Y/TWCjiOumNcvKOrkUm1 |
MD5: | 46C3751E50EA79456A46D88E8617FD96 |
SHA1: | 7BAE9CD16C74826F5E60F45BEFE4E852548A9B8B |
SHA-256: | 006FB7956F1CB25B861994268A705D1D8699912E5684FE2EA6C3522CD55311EE |
SHA-512: | 9B3B2ECB2B588169E77A3705F8CFC81A78072E7F953AAC640FA91957CFBB288AF905E5BFEAB93186B6FAA965B764A2E4BEC48341D4BA4649E21ACA1EEE28625A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2726109143406825 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJf8dPeUkwRe9:YvXKXSLf0cDsGU8Ukee9 |
MD5: | CFC9109C64E38BB88DBECEA4832CD84A |
SHA1: | 11C74B221939641ACAA87DC6E09EE04B71539067 |
SHA-256: | 5A96B0C8421585A06629600508907C8F001B4D4A05F753844137FBBA9E04C40F |
SHA-512: | C3B15022603007A076BA3F5D2D6DC029067EB88744927F3CE4ACFA1D1A09F3834262A0A557CCC364A838DB453593473F7AEAF8917BEEF146A36B684BA4ECE158 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2766609456667 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfQ1rPeUkwRe9:YvXKXSLf0cDsGY16Ukee9 |
MD5: | 7D21954CA837DCA2D5E46D0FE15A0E7F |
SHA1: | 81D363FC1605A09342909519C460481B4014FAFF |
SHA-256: | 842F5258BB5BD6F578DDDC7A5E54E6BBFF79E47BEB63B977488ECB64B89CC4E5 |
SHA-512: | 0CF30ADFE7BFA1898A08FEE0EA90F99817DB5BACA2AB8A20FD9710D8FBDBED8D4487C38F3A3451DC78C27482A7F533D18B2EC4C637A92B735246FE4D8CB1A328 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2064 |
Entropy (8bit): | 5.819479880844224 |
Encrypted: | false |
SSDEEP: | 48:YvvLdEogbN48l/GiyLVzyODRHKOkQDcSmjWAm1:Gjdjg54Y/IVO4QOkQoSmu1 |
MD5: | 3D888F758DFD190AE2C3C4DA0073A60D |
SHA1: | 62489A3E54C6B14BA7AAF87990EE5084BB97A21D |
SHA-256: | B2EA1B533BF8827090E38E503DA7FB4C2144B7E644AA8A5D008CBD15D3160A81 |
SHA-512: | 4EB5E496A15CEEE316890259FCE55769D231FD3E6DBA1DF2022FA989022DFD633F31D863790B764A6F7E61C2918EE75579C3D30F1AB8D3302A63A3ABDEB2D9E4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.300211634270544 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfzdPeUkwRe9:YvXKXSLf0cDsGb8Ukee9 |
MD5: | 37E195E46B9AFC59931CFD46946000A7 |
SHA1: | 3623D50B719C968BAACE037A75DEDF02FD1CF538 |
SHA-256: | 56C66DA2D598C3CE5A0ECB3B907FD649E8F8B2A565CC0AE8F323C029CE192A8B |
SHA-512: | 8C03DDF838FF6FBA376140ED0FA884D2E1761A720FE5417C64390E0F955184D021DCECA0475C6845841961DA45AC86D8DB77F8D1DB22ECB8B206F4DA22B5AD9D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.281247800352233 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfYdPeUkwRe9:YvXKXSLf0cDsGg8Ukee9 |
MD5: | AD8581A4E38D00EB3BCC8BD5EF72EB45 |
SHA1: | 73483AA25A8824EB7B6E4886917D99B5B8ADB1BB |
SHA-256: | 35949B44931B6C9545A126EDF37F507624B64A12F1B9A65B2AD460BAC420F07E |
SHA-512: | 52F82587D6FEB9EB3C89CF522D3DDF70E676BDBAD7279BB977CA8B0AC70E80561B6040E473ACE4B96E0A39872837F8669604A0A7D0B4741B947109A2E656703A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 284 |
Entropy (8bit): | 5.266968028815111 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJf+dPeUkwRe9:YvXKXSLf0cDsG28Ukee9 |
MD5: | 4177E00F235530D49D0C8475A91A5B31 |
SHA1: | 08C5750D06190884D06E406D03466F3AACC5D745 |
SHA-256: | 51EA2486DB1B397892AC10B0C0B632E31B5ED98C06546E09E84C81CBBF242D74 |
SHA-512: | 8DB66626FEFE69E732783FB09972018ACBD4C35860D264DA4CBE23D8CBCA3A930F4EF081F2A1838F4EDAA694AB3626ECCC0A8E7B8CD75CBD6AA584768B1F43D9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.264923779123332 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfbPtdPeUkwRe9:YvXKXSLf0cDsGDV8Ukee9 |
MD5: | 4AA75B1CAF5A00B15E3D00F6F2DED76F |
SHA1: | 4F07B3860A075D18B610CDA66EFF8D42C8DD904D |
SHA-256: | 2366AD668797DB657B2942D4369848F90C1CFBA68D2F209F4E44A3EE800D3C91 |
SHA-512: | 9BDA2A35CDAD391254186AF3468256335C2B124E9DD64DF067639F3F9906C6E441B42C71449C79498AF508A051DC10D460472DE08194F08C5173EA959A4C3F88 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.268885509077539 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJf21rPeUkwRe9:YvXKXSLf0cDsG+16Ukee9 |
MD5: | B723D068E6587D6EC4DEE5744014C725 |
SHA1: | B869B31BA4B2F5AC376FFF0F1B8D8CC0DE395B3F |
SHA-256: | 62E8D2956C35622D6FA1C0F196CC47B94E6B9060BB7431759EA7E137F6B44866 |
SHA-512: | 47009F378051951EC1C44A4BA2F29A2E812EDC05E9E578E61A59005E5AE79A2E8E20814208220BD41CC3346ACF484093D15984A5E187C8E7B20E82D9A9BCC771 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2012 |
Entropy (8bit): | 5.834356865553892 |
Encrypted: | false |
SSDEEP: | 24:Yv6XSLfZD5amXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOBIM:YvvLdFBgBG48j/SiyLVWOAI13kUm1 |
MD5: | 1230EA0A47492154D51C5F948BFE8C2E |
SHA1: | EFCE9150BBDB792C5FEBC5169E32CB085F7C0143 |
SHA-256: | 05BAD88171AD8764D49DFF4DBF2F8ECC5AFEAEDAA4E6A51E1F133A3B8DEE7FC8 |
SHA-512: | F76CD5A4004FB584A61A7A3009426748DDA2C8FBF029543FEE654B9AF6FDADDDEF816CFAB87F46D363E0EFA65ACE601DE25573A87A8278536AF1037DDFE86989 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.244594095165946 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfshHHrPeUkwRe9:YvXKXSLf0cDsGUUUkee9 |
MD5: | AB1D9856A680E381A69679B71A921CAB |
SHA1: | CDF3BE7BD4BC7B09AE1E91433F1B23E422A8AE64 |
SHA-256: | 834B5B53D163BBDEF4CA0FB8FD98E1693029583F759DC634B3B0A9A4A96041FC |
SHA-512: | 9E4CC0A5403F64BAFE820314599B102B01D7881A7D591525FF3145D774A2EEFB96488398E7DB7ABE0E8BB0C4A541CD8FF79F7F08E3879F6C0F6E7C7138B92228 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 282 |
Entropy (8bit): | 5.249790177636265 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJTqgFCrPeUkwRe9:YvXKXSLf0cDsGTq16Ukee9 |
MD5: | 48E81EF9CD262521447E9FDB616D0117 |
SHA1: | C998F4D48CB7CE24CEDAF53DA1E13202E45EF632 |
SHA-256: | ABB6E792DF8A55E0CB2188467169553F3D436677CADFAC43FF48B49FD9A79EBE |
SHA-512: | 7988DB248D23D4C37A3E86105FE5DF15B87A03BBCBA929EC3E899468395EA52F715090FD04078FE77F6A79E5E3DEE66F398266AD8A7EEE65B12B412193C67D7C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2815 |
Entropy (8bit): | 5.122073106561737 |
Encrypted: | false |
SSDEEP: | 48:Ylc8IUI0PA0N3q+dKQqOlnjp0bOTi8mK5j4/709hJRl:qo0N6KBthOKdgKf |
MD5: | 34D7083349824504B37EC6D69AC22FA2 |
SHA1: | 068D0E2E9D2247645EE8DB8ACC0CB73C1446E72F |
SHA-256: | F8DC3D1319F1891904300E7FAF860EB7684FF5CF0F7E4EC998722F3C97D8D7D4 |
SHA-512: | 5F12D0484E52D5598CE4FDE850E83CC2B26768CCC07065E15B0D789FBCEF98373F4123B9AF63B1E7114BFA12A7D379AF9CB3AA134505585A6ECF2F75DC4AC5C5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1448841687994387 |
Encrypted: | false |
SSDEEP: | 24:TLhx/XYKQvGJF7ursVfvxbRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUm:TFl2GL7msLXc+XcGNFlRYIX2v3ka |
MD5: | 00843D0EC9E1E70AE2FE4818F1B841BA |
SHA1: | ACB07217957A27C15E70F18791D2EB61A063591F |
SHA-256: | 44787C629CA0C42263E226EF45B87CE277DB087E64DEEAC145D1D882161B3B41 |
SHA-512: | A6FD15B6BAF151C1A19C2370BC1058277B92095ADEF2A9D8D5F1ABD051136042E546EADAF206A50A9B091B116BD41A0CA934FAE2C79F0F6F303427974F08DE53 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.5504602361687334 |
Encrypted: | false |
SSDEEP: | 24:7+tw1fvxbUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxBqLxxs:7Mw8Xc+XcGNFlRYIX2vEqVl2GL7msun |
MD5: | B20722EC68C343A308EC501BCAAE9A9E |
SHA1: | 93CA46CEB83BCC8B335B681D892566F53712AA9A |
SHA-256: | F7FE9FF5066F2BD92B2C42B392B1386FF027AFEF85FBEB018A1092DF6425B577 |
SHA-512: | C1B765287347D696501AF7D757A301A2A22428B8901F435EF98DD26FAEE8C7E15851BD7E36DE089A53ED74F877CFD2AD27FF27AF41D88029BBC4A8FDBCCD268D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5309417490522437 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKUVlEKeCH:Qw946cPbiOxDlbYnuRKSUcKzH |
MD5: | 70E8B6DC01398AF45A324F0B75E7F7F2 |
SHA1: | 407B4FF2B391B9035F42ECBC9549413A16CABA9B |
SHA-256: | 22E33B1ACA6376A8C13EEA1DFCCD3FFE3D743A444E44863E2F8B322C85671A8F |
SHA-512: | 2EA7944517A86EC2008EF6460932FA261FFB602244D4F09149444C4C3FEC440FBFFD143750C15A2B6522F308E128FA6EBFDE6A21E819403A19EB561981ED074A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.107170789398399 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOtjBMTCSyAAO:IngVMre9T0HQIDmy9g06JXwTlX |
MD5: | A1727E012D9B183ED21674BCF94A9C6D |
SHA1: | D7CF63D31BA8ACFB827787D4181279E4E54B1151 |
SHA-256: | 4E0D7FA4DC658186355E12F5D7643A26E40EDA6D877D0A8195262A52C61142C8 |
SHA-512: | B7D41F4E62753261A3EF881AB3017285854E61C4B4D7AA725DD17513D3EAF4D4732D572723DC27862719DB2598FB0AC3CBDB3B5B4EBF8979656AA93D01FB8FD8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.338264912747007 |
Encrypted: | false |
SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
MD5: | 128A51060103D95314048C2F32A15C66 |
SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15112 |
Entropy (8bit): | 5.351719444954036 |
Encrypted: | false |
SSDEEP: | 384:Ci8jxDEXvc5PtA6U5drrACea+tkj2YNfgTHR7D0hogXEW6uxOxOxDxJxxgxRxgxQ:HiH |
MD5: | AA24050EC4C44E3A5E5F608D11297B83 |
SHA1: | 6ED262070BE171FB743B2896153EDFFE255810BE |
SHA-256: | 0AFF230A5CCCD6EE4F229ED5D654F03025B11631D6A2ACE12FB7393643133912 |
SHA-512: | A65CC3F91F0DD1233B2F02E9D9E46F340A5F110CC0B6AE0A9CEF0081FF4F45494D0639FDD9BAFA61643023F840DDF2BB28CB91BCC9D25440F94C3CA1A8650797 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.403280230923564 |
Encrypted: | false |
SSDEEP: | 192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbrLDcbmIPrZcbd:V3fOCIdJDe6PO |
MD5: | AB5E76E4E844BB4CF1B726382783363E |
SHA1: | 3B4C196BA5B5BCB9496E68D732ADCB4A6139C52B |
SHA-256: | EF34E522A8A239D762C9937031F0B80D031DEFA2467A6D970DFC15AFB4C7835C |
SHA-512: | 436CEF45E8524EE5D26C468779AE4E05EBE613827A41A018B1B0E989AE43EF51C63DAB0483369C11F6AC0FA28F52094D3ABE2EF089AE8ED08DD361FBDB8D7DBC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m |
MD5: | 774036904FF86EB19FCE18B796528E1E |
SHA1: | 2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16 |
SHA-256: | D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD |
SHA-512: | 9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.952766882275829 |
TrID: |
|
File name: | DTG.pdf |
File size: | 284'371 bytes |
MD5: | 7291c170fd32bab98a9305052c5d1207 |
SHA1: | 6d9399ad467c9bde39eca88558c0b1b3226b7386 |
SHA256: | 61455e571bd64004e29906022ef58547429cd182fd95468c307714d091ff09d4 |
SHA512: | af92779ba737da49db7707f1a9b6fd94d8f0a8de8d7095bea440f7233bdaceac1301ca5c1cd452bc5349b0c0a75b94630f4f3681a446087e3c59634fbc613932 |
SSDEEP: | 6144:q92tFjwVXav0hyATNMPY+bVtDY5WD37O0akyzAxpfZ:qS92aKEf5tDW43naox/ |
TLSH: | 295412749052C057CD3E18719B53694B86AF5981250B3C6E7E2C67C34B01D8BBE3AEDE |
File Content Preview: | %PDF-1.6.%......186 0 obj.<</Filter/FlateDecode/First 5/Length 242/N 1/Type/ObjStm>>stream..h.DPMo.0..+.Y..o[......y0.@v..P.......7...-..s}.UJ.l......7..=... .`m*!..Ti..E.6Ib4.}...*../.m..c.zK...)......1.W..?.:.w...'uY..7........XW.0........D.:5.......9.R |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.952767 |
Total Bytes: | 284371 |
Stream Entropy: | 7.953243 |
Stream Bytes: | 281226 |
Entropy outside Streams: | 5.307766 |
Bytes outside Streams: | 3145 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 28 |
endobj | 28 |
stream | 26 |
endstream | 26 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 7 |
/URI | 2 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
ID | DHASH | MD5 | Preview |
---|---|---|---|
52 | 0000000000000000 | c80422cd288128bea9f0e36a979a1889 | |
53 | 0f1f33633363070f | 1b43e5d068dc28661442c5142138a6a9 | |
54 | 4cab4b5545290acd | 24d499ef8b3f1e6fdf53886146ab9ddb | |
55 | 706ccccc78b08e38 | aa07ad15419a33e8331c2b1c694392cd | |
56 | 78cccccc68b0abf9 | 0fcb5355b214d58de21ae7ee55ae0be9 |
Download Network PCAP: filtered – full
- Total Packets: 53
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 18, 2025 18:37:31.427479029 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
Mar 18, 2025 18:37:31.739224911 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
Mar 18, 2025 18:37:32.348486900 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
Mar 18, 2025 18:37:33.551640034 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
Mar 18, 2025 18:37:35.957899094 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
Mar 18, 2025 18:37:40.007447958 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
Mar 18, 2025 18:37:40.319545031 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
Mar 18, 2025 18:37:40.772643089 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
Mar 18, 2025 18:37:40.941937923 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
Mar 18, 2025 18:37:42.144303083 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
Mar 18, 2025 18:37:44.559060097 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
Mar 18, 2025 18:37:47.498661041 CET | 49702 | 80 | 192.168.2.6 | 72.246.169.163 |
Mar 18, 2025 18:37:47.503639936 CET | 80 | 49702 | 72.246.169.163 | 192.168.2.6 |
Mar 18, 2025 18:37:47.503736973 CET | 49702 | 80 | 192.168.2.6 | 72.246.169.163 |
Mar 18, 2025 18:37:47.503829002 CET | 49702 | 80 | 192.168.2.6 | 72.246.169.163 |
Mar 18, 2025 18:37:47.508721113 CET | 80 | 49702 | 72.246.169.163 | 192.168.2.6 |
Mar 18, 2025 18:37:48.140383959 CET | 80 | 49702 | 72.246.169.163 | 192.168.2.6 |
Mar 18, 2025 18:37:48.140429020 CET | 80 | 49702 | 72.246.169.163 | 192.168.2.6 |
Mar 18, 2025 18:37:48.140507936 CET | 49702 | 80 | 192.168.2.6 | 72.246.169.163 |
Mar 18, 2025 18:37:49.367980957 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
Mar 18, 2025 18:37:50.383513927 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
Mar 18, 2025 18:37:58.529719114 CET | 49702 | 80 | 192.168.2.6 | 72.246.169.163 |
Mar 18, 2025 18:37:58.974015951 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
Mar 18, 2025 18:38:01.023816109 CET | 49710 | 443 | 192.168.2.6 | 162.214.69.41 |
Mar 18, 2025 18:38:01.023850918 CET | 443 | 49710 | 162.214.69.41 | 192.168.2.6 |
Mar 18, 2025 18:38:01.024024963 CET | 49710 | 443 | 192.168.2.6 | 162.214.69.41 |
Mar 18, 2025 18:38:01.024719954 CET | 49710 | 443 | 192.168.2.6 | 162.214.69.41 |
Mar 18, 2025 18:38:01.024734974 CET | 443 | 49710 | 162.214.69.41 | 192.168.2.6 |
Mar 18, 2025 18:38:01.464107037 CET | 49710 | 443 | 192.168.2.6 | 162.214.69.41 |
Mar 18, 2025 18:38:01.504328012 CET | 443 | 49710 | 162.214.69.41 | 192.168.2.6 |
Mar 18, 2025 18:38:01.884916067 CET | 443 | 49710 | 162.214.69.41 | 192.168.2.6 |
Mar 18, 2025 18:38:01.885008097 CET | 49710 | 443 | 192.168.2.6 | 162.214.69.41 |
Mar 18, 2025 18:38:01.885029078 CET | 49710 | 443 | 192.168.2.6 | 162.214.69.41 |
Mar 18, 2025 18:38:05.146306992 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
Mar 18, 2025 18:38:05.146403074 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
Mar 18, 2025 18:38:05.146564007 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
Mar 18, 2025 18:38:05.146903992 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
Mar 18, 2025 18:38:05.146938086 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
Mar 18, 2025 18:38:05.791057110 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
Mar 18, 2025 18:38:05.791131973 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
Mar 18, 2025 18:38:05.792109013 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
Mar 18, 2025 18:38:05.792123079 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
Mar 18, 2025 18:38:05.792633057 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
Mar 18, 2025 18:38:05.833122015 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
Mar 18, 2025 18:38:15.672274113 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
Mar 18, 2025 18:38:15.672461987 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
Mar 18, 2025 18:38:15.672643900 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
Mar 18, 2025 18:38:16.212575912 CET | 49717 | 443 | 192.168.2.6 | 142.250.185.132 |
Mar 18, 2025 18:38:16.212635994 CET | 443 | 49717 | 142.250.185.132 | 192.168.2.6 |
Mar 18, 2025 18:38:21.583373070 CET | 49685 | 80 | 192.168.2.6 | 142.250.185.227 |
Mar 18, 2025 18:38:21.588480949 CET | 80 | 49685 | 142.250.185.227 | 192.168.2.6 |
Mar 18, 2025 18:38:21.588597059 CET | 49685 | 80 | 192.168.2.6 | 142.250.185.227 |
Mar 18, 2025 18:38:22.790303946 CET | 49686 | 443 | 192.168.2.6 | 2.19.122.32 |
Mar 18, 2025 18:38:22.790596008 CET | 49689 | 80 | 192.168.2.6 | 2.23.77.188 |
Mar 18, 2025 18:38:50.640295029 CET | 443 | 49681 | 2.23.227.215 | 192.168.2.6 |
Mar 18, 2025 18:38:50.640333891 CET | 443 | 49681 | 2.23.227.215 | 192.168.2.6 |
Mar 18, 2025 18:38:50.640459061 CET | 49681 | 443 | 192.168.2.6 | 2.23.227.215 |
Mar 18, 2025 18:39:05.131349087 CET | 49736 | 443 | 192.168.2.6 | 142.250.185.132 |
Mar 18, 2025 18:39:05.131391048 CET | 443 | 49736 | 142.250.185.132 | 192.168.2.6 |
Mar 18, 2025 18:39:05.135411024 CET | 49736 | 443 | 192.168.2.6 | 142.250.185.132 |
Mar 18, 2025 18:39:05.135641098 CET | 49736 | 443 | 192.168.2.6 | 142.250.185.132 |
Mar 18, 2025 18:39:05.135649920 CET | 443 | 49736 | 142.250.185.132 | 192.168.2.6 |
Mar 18, 2025 18:39:05.785361052 CET | 443 | 49736 | 142.250.185.132 | 192.168.2.6 |
Mar 18, 2025 18:39:05.785650015 CET | 49736 | 443 | 192.168.2.6 | 142.250.185.132 |
Mar 18, 2025 18:39:05.785712957 CET | 443 | 49736 | 142.250.185.132 | 192.168.2.6 |
Mar 18, 2025 18:39:07.161570072 CET | 49682 | 443 | 192.168.2.6 | 20.190.160.4 |
Mar 18, 2025 18:39:07.161683083 CET | 49684 | 80 | 192.168.2.6 | 2.23.77.188 |
Mar 18, 2025 18:39:07.168185949 CET | 443 | 49682 | 20.190.160.4 | 192.168.2.6 |
Mar 18, 2025 18:39:07.168224096 CET | 80 | 49684 | 2.23.77.188 | 192.168.2.6 |
Mar 18, 2025 18:39:07.168256044 CET | 49682 | 443 | 192.168.2.6 | 20.190.160.4 |
Mar 18, 2025 18:39:07.168318987 CET | 49684 | 80 | 192.168.2.6 | 2.23.77.188 |
Mar 18, 2025 18:39:15.665606976 CET | 443 | 49736 | 142.250.185.132 | 192.168.2.6 |
Mar 18, 2025 18:39:15.665657997 CET | 443 | 49736 | 142.250.185.132 | 192.168.2.6 |
Mar 18, 2025 18:39:15.665808916 CET | 49736 | 443 | 192.168.2.6 | 142.250.185.132 |
Mar 18, 2025 18:39:17.600610018 CET | 49736 | 443 | 192.168.2.6 | 142.250.185.132 |
Mar 18, 2025 18:39:17.600684881 CET | 443 | 49736 | 142.250.185.132 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 18, 2025 18:37:47.487986088 CET | 54534 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 18, 2025 18:37:47.495680094 CET | 53 | 54534 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:38:00.673254013 CET | 57022 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 18, 2025 18:38:00.673561096 CET | 61722 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 18, 2025 18:38:00.683669090 CET | 53 | 63027 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:38:00.951234102 CET | 53 | 55238 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:38:00.975740910 CET | 53 | 57022 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:38:00.978255987 CET | 53 | 61722 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:38:01.695046902 CET | 53 | 55376 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:38:01.833863974 CET | 53 | 51122 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:38:04.467853069 CET | 53 | 49658 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:38:05.068851948 CET | 50027 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 18, 2025 18:38:05.068980932 CET | 55681 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 18, 2025 18:38:05.144733906 CET | 53 | 50027 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:38:05.144866943 CET | 53 | 55681 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:38:18.842413902 CET | 53 | 63797 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:38:37.602087975 CET | 53 | 49424 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:38:38.088260889 CET | 138 | 138 | 192.168.2.6 | 192.168.2.255 |
Mar 18, 2025 18:39:00.391877890 CET | 53 | 65211 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:39:00.561589003 CET | 53 | 58803 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:39:03.903537035 CET | 53 | 59099 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:39:30.405385017 CET | 53 | 54050 | 1.1.1.1 | 192.168.2.6 |
Mar 18, 2025 18:40:15.732698917 CET | 53 | 62333 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 18, 2025 18:37:47.487986088 CET | 192.168.2.6 | 1.1.1.1 | 0xac85 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 18, 2025 18:38:00.673254013 CET | 192.168.2.6 | 1.1.1.1 | 0x49f4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 18, 2025 18:38:00.673561096 CET | 192.168.2.6 | 1.1.1.1 | 0x1709 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 18, 2025 18:38:05.068851948 CET | 192.168.2.6 | 1.1.1.1 | 0x5e85 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 18, 2025 18:38:05.068980932 CET | 192.168.2.6 | 1.1.1.1 | 0x2b32 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 18, 2025 18:37:47.495680094 CET | 1.1.1.1 | 192.168.2.6 | 0xac85 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 18, 2025 18:37:47.495680094 CET | 1.1.1.1 | 192.168.2.6 | 0xac85 | No error (0) | e8652.dscx.akamaiedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 18, 2025 18:37:47.495680094 CET | 1.1.1.1 | 192.168.2.6 | 0xac85 | No error (0) | 72.246.169.163 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:37:48.181345940 CET | 1.1.1.1 | 192.168.2.6 | 0xce21 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:37:48.181345940 CET | 1.1.1.1 | 192.168.2.6 | 0xce21 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:38:00.975740910 CET | 1.1.1.1 | 192.168.2.6 | 0x49f4 | No error (0) | 162.214.69.41 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:38:01.302184105 CET | 1.1.1.1 | 192.168.2.6 | 0x308a | No error (0) | 84.201.210.39 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:38:01.302184105 CET | 1.1.1.1 | 192.168.2.6 | 0x308a | No error (0) | 217.20.57.19 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:38:01.302184105 CET | 1.1.1.1 | 192.168.2.6 | 0x308a | No error (0) | 217.20.57.34 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:38:01.302184105 CET | 1.1.1.1 | 192.168.2.6 | 0x308a | No error (0) | 217.20.57.35 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:38:05.144733906 CET | 1.1.1.1 | 192.168.2.6 | 0x5e85 | No error (0) | 142.250.185.132 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:38:05.144866943 CET | 1.1.1.1 | 192.168.2.6 | 0x2b32 | No error (0) | 65 | IN (0x0001) | false | |||
Mar 18, 2025 18:38:16.936546087 CET | 1.1.1.1 | 192.168.2.6 | 0x5318 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:38:16.936546087 CET | 1.1.1.1 | 192.168.2.6 | 0x5318 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:38:48.679469109 CET | 1.1.1.1 | 192.168.2.6 | 0xad3d | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:38:48.679469109 CET | 1.1.1.1 | 192.168.2.6 | 0xad3d | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:39:13.451139927 CET | 1.1.1.1 | 192.168.2.6 | 0x20be | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:39:13.451139927 CET | 1.1.1.1 | 192.168.2.6 | 0x20be | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:39:45.499120951 CET | 1.1.1.1 | 192.168.2.6 | 0xa2f2 | No error (0) | 217.20.57.19 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:39:45.499120951 CET | 1.1.1.1 | 192.168.2.6 | 0xa2f2 | No error (0) | 217.20.57.18 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:39:45.499120951 CET | 1.1.1.1 | 192.168.2.6 | 0xa2f2 | No error (0) | 217.20.57.35 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:39:45.499120951 CET | 1.1.1.1 | 192.168.2.6 | 0xa2f2 | No error (0) | 84.201.210.39 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2025 18:39:45.499120951 CET | 1.1.1.1 | 192.168.2.6 | 0xa2f2 | No error (0) | 217.20.57.34 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49702 | 72.246.169.163 | 80 | 4996 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 18, 2025 18:37:47.503829002 CET | 115 | OUT | |
Mar 18, 2025 18:37:48.140383959 CET | 1236 | IN | |
Mar 18, 2025 18:37:48.140429020 CET | 509 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 13:37:32 |
Start date: | 18/03/2025 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff667860000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 13:37:34 |
Start date: | 18/03/2025 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff797640000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 13:37:35 |
Start date: | 18/03/2025 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff797640000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 13:37:58 |
Start date: | 18/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63b000000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 14 |
Start time: | 13:37:59 |
Start date: | 18/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63b000000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |