Windows
Analysis Report
Document 101-116.pdf
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
Acrobat.exe (PID: 7616 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\D ocument 10 1-116.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) AcroCEF.exe (PID: 7804 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) AcroCEF.exe (PID: 8116 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=15 96 --field -trial-han dle=1592,i ,569406596 23526008,9 4260627069 14596360,1 31072 --di sable-feat ures=BackF orwardCach e,Calculat eNativeWin Occlusion, WinUseBrow serSpellCh ecker /pre fetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
chrome.exe (PID: 2072 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "http s://storag e.googleap is.com/dlb rautigan/i ndex.html" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 3032 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2024,i ,127790791 4238251244 4,18033674 2285297836 55,262144 --variatio ns-seed-ve rsion=2025 0306-18300 4.429000 - -mojo-plat form-chann el-handle= 2280 /pref etch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
- • Phishing
- • Compliance
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
Click to jump to signature section
Phishing |
---|
Source: | Joe Sandbox AI: | ||
Source: | Joe Sandbox AI: |
Source: | OCR Text: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Static PDF information: |
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | 1 Browser Extensions | 1 Process Injection | 11 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
e8652.dscx.akamaiedge.net | 23.39.37.95 | true | false | high | |
www.google.com | 142.251.40.164 | true | false | high | |
x1.i.lencr.org | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.251.40.164 | www.google.com | United States | 15169 | GOOGLEUS | false | |
23.39.37.95 | e8652.dscx.akamaiedge.net | United States | 16625 | AKAMAI-ASUS | false |
IP |
---|
192.168.2.4 |
192.168.2.13 |
192.168.2.23 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1643500 |
Start date and time: | 2025-03-19 21:40:00 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 27s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Document 101-116.pdf |
Detection: | MAL |
Classification: | mal56.phis.winPDF@40/48@3/5 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, a udiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIA DAP.exe, SIHClient.exe, SgrmBr oker.exe, backgroundTaskHost.e xe, conhost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 23.51.56.185, 23.2 06.121.41, 23.206.121.57, 52.2 2.41.97, 3.219.243.226, 3.233. 129.217, 52.6.155.20, 172.64.4 1.3, 162.159.61.3, 23.203.176. 221, 199.232.210.172, 142.250. 65.163, 142.250.80.91, 142.250 .81.251, 142.251.32.123, 142.2 50.65.187, 142.251.40.251, 142 .250.64.123, 142.251.41.27, 14 2.250.80.59, 142.250.80.27, 14 2.251.40.219, 142.250.65.219, 142.250.65.251, 172.217.165.15 5, 142.250.80.123, 142.250.176 .219, 142.250.72.123, 142.250. 80.14, 142.250.65.174, 172.253 .63.84, 23.206.121.36, 23.206. 121.49, 142.251.40.110, 142.25 0.65.206, 142.250.80.46, 142.2 51.35.170, 142.251.41.10, 142. 250.80.74, 142.250.64.74, 142. 251.40.106, 142.251.40.138, 14 2.250.72.106, 142.250.80.106, 142.251.40.202, 142.250.80.42, 142.250.81.234, 142.251.40.17 0, 142.250.176.202, 142.251.40 .234, 142.251.32.106, 142.250. 64.106, 142.250.65.238, 142.25 1.35.174, 142.251.40.206, 199. 232.214.172, 142.250.80.78, 14 2.251.40.131, 142.251.32.110, 142.250.81.227, 142.250.64.110 , 142.251.40.238, 142.251.40.1 42, - Excluded domains from analysis
(whitelisted): e4578.dscg.aka maiedge.net, chrome.cloudflare -dns.com, storage.googleapis.c om, slscr.update.microsoft.com , clientservices.googleapis.co m, acroipm2.adobe.com, clients 2.google.com, ocsp.digicert.co m, redirector.gvt1.com, ssl-de livery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.g oogleapis.com, wu-b-net.traffi cmanager.net, optimizationguid e-pa.googleapis.com, clients1. google.com, fs.microsoft.com, accounts.google.com, acroipm2. adobe.com.edgesuite.net, ctldl .windowsupdate.com.delivery.mi crosoft.com, ctldl.windowsupda te.com, p13n.adobe.io, fe3cr.d elivery.mp.microsoft.com, edge dl.me.gvt1.com, armmf.adobe.co m, clients.l.google.com, geo2. adobe.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found .
Time | Type | Description |
---|---|---|
16:41:12 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | RHADAMANTHYS | Browse |
| |
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
e8652.dscx.akamaiedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.181963598381839 |
Encrypted: | false |
SSDEEP: | 6:iOG5eIq2Pwkn2nKuAl9OmbnIFUto5CBZmwC5CbkwOwkn2nKuAl9OmbjLJ:7G5eIvYfHAahFUto5CB/C5Cb5JfHAaSJ |
MD5: | C7F70E1D881C70C897AD4E3915187241 |
SHA1: | 283A94A22C029C8442638F7F0DB886A66CCF23C2 |
SHA-256: | C2237BE6AB6D2E0EAA2694B5DB25BEA9254C4083FC443699A0507FFEC0AA5EEB |
SHA-512: | 441B34BFE59734A6E76BD0AD88DD1968435610C8826912C08E9E87D966BC3CCB83A56581054E70584739AA7DEC2F895036189D2A1D3961B2EBA6F37A4F5E38FF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.181963598381839 |
Encrypted: | false |
SSDEEP: | 6:iOG5eIq2Pwkn2nKuAl9OmbnIFUto5CBZmwC5CbkwOwkn2nKuAl9OmbjLJ:7G5eIvYfHAahFUto5CB/C5Cb5JfHAaSJ |
MD5: | C7F70E1D881C70C897AD4E3915187241 |
SHA1: | 283A94A22C029C8442638F7F0DB886A66CCF23C2 |
SHA-256: | C2237BE6AB6D2E0EAA2694B5DB25BEA9254C4083FC443699A0507FFEC0AA5EEB |
SHA-512: | 441B34BFE59734A6E76BD0AD88DD1968435610C8826912C08E9E87D966BC3CCB83A56581054E70584739AA7DEC2F895036189D2A1D3961B2EBA6F37A4F5E38FF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.195118458039982 |
Encrypted: | false |
SSDEEP: | 6:iOG57gq2Pwkn2nKuAl9Ombzo2jMGIFUto5UUOZmwC59bkwOwkn2nKuAl9Ombzo23:7G57gvYfHAa8uFUto58/C5l5JfHAa8RJ |
MD5: | DC4F09B9591CEF6008B5CBFC45EE522C |
SHA1: | 29CCA0FA7377AB5B607B9AE9D69B1786A3B07431 |
SHA-256: | D6D7EF5C29F209EB650C89F2F987C4B63E0384B4CF9873C8B3C36819393BD0DD |
SHA-512: | 8776D2040C448B782408390854CCFE753576A2411144A07BD2B28E15B4D5AD62641856DCDCB2F459A06F0EDB8C1F8C44C7ED677FA3E3F611087D5D7387A84BBA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.195118458039982 |
Encrypted: | false |
SSDEEP: | 6:iOG57gq2Pwkn2nKuAl9Ombzo2jMGIFUto5UUOZmwC59bkwOwkn2nKuAl9Ombzo23:7G57gvYfHAa8uFUto58/C5l5JfHAa8RJ |
MD5: | DC4F09B9591CEF6008B5CBFC45EE522C |
SHA1: | 29CCA0FA7377AB5B607B9AE9D69B1786A3B07431 |
SHA-256: | D6D7EF5C29F209EB650C89F2F987C4B63E0384B4CF9873C8B3C36819393BD0DD |
SHA-512: | 8776D2040C448B782408390854CCFE753576A2411144A07BD2B28E15B4D5AD62641856DCDCB2F459A06F0EDB8C1F8C44C7ED677FA3E3F611087D5D7387A84BBA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 474 |
Entropy (8bit): | 4.972275201446597 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqF+sBdOg2HTcaq3QYiubInP7E4T3y:Y2sRdsYdMHq3QYhbG7nby |
MD5: | 9DFBB49B44FBB261C1B6A1A19DD829A6 |
SHA1: | 2D3102E041A87218689F4000853E10E33DF4236A |
SHA-256: | FFB5F23583F533D066800C32F4A37B48DD127659AB8A2327AB3F76B7ED794EE7 |
SHA-512: | 0C2C1DD563FFA117D378A9CF0F4FF291B71BCF1CC1E2926A3264718E166E461B1F45F2E719B2C11CD8EC6900C86705C5663120CDAEE3E4F4716B60259B85BE14 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 474 |
Entropy (8bit): | 4.972275201446597 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqF+sBdOg2HTcaq3QYiubInP7E4T3y:Y2sRdsYdMHq3QYhbG7nby |
MD5: | 9DFBB49B44FBB261C1B6A1A19DD829A6 |
SHA1: | 2D3102E041A87218689F4000853E10E33DF4236A |
SHA-256: | FFB5F23583F533D066800C32F4A37B48DD127659AB8A2327AB3F76B7ED794EE7 |
SHA-512: | 0C2C1DD563FFA117D378A9CF0F4FF291B71BCF1CC1E2926A3264718E166E461B1F45F2E719B2C11CD8EC6900C86705C5663120CDAEE3E4F4716B60259B85BE14 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.2515693832659744 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7TB84n8HZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go6 |
MD5: | 751EE1D70E65C40E08C8237BB162B5EE |
SHA1: | 6D91AD827B1264D2B652A21B12B92DBB7C17495D |
SHA-256: | 29E4D9260F57811596BCB339271174016CFB150E904161418AE7F6082C182EFB |
SHA-512: | BD0EC014AA80D7F5A9DF08E367E8676E04D23BA906583AC06E26E5562C4885F6BBC6A264BB3CF162D73C331D2D2317DFF3586F318A334B66281A744A2F3A80EA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.174524085387498 |
Encrypted: | false |
SSDEEP: | 6:iOG5xGVOq2Pwkn2nKuAl9OmbzNMxIFUto57ZmwC5mbkwOwkn2nKuAl9OmbzNMFLJ:7G5xvvYfHAa8jFUto57/C5mb5JfHAa8E |
MD5: | FE3A58291DB8EBCC43EFD5CF1817EFFD |
SHA1: | B39CA2A20B5054BB8C97690133B78A716175809D |
SHA-256: | 77D1D7D254034D8BC6760B5AD227D391939E61FC1BA78BE601E2BD5BD7C361BE |
SHA-512: | 85BC3B301A22E07553C97E48DBDABA2EB663DD1FC5E832F7217EB5B049038AF3533DFD4EAF0D014B015FE9B2F77AC4B5E8DA27CE22A5DD5A1F731EEDABB6299C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.174524085387498 |
Encrypted: | false |
SSDEEP: | 6:iOG5xGVOq2Pwkn2nKuAl9OmbzNMxIFUto57ZmwC5mbkwOwkn2nKuAl9OmbzNMFLJ:7G5xvvYfHAa8jFUto57/C5mb5JfHAa8E |
MD5: | FE3A58291DB8EBCC43EFD5CF1817EFFD |
SHA1: | B39CA2A20B5054BB8C97690133B78A716175809D |
SHA-256: | 77D1D7D254034D8BC6760B5AD227D391939E61FC1BA78BE601E2BD5BD7C361BE |
SHA-512: | 85BC3B301A22E07553C97E48DBDABA2EB663DD1FC5E832F7217EB5B049038AF3533DFD4EAF0D014B015FE9B2F77AC4B5E8DA27CE22A5DD5A1F731EEDABB6299C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 0.7446812502934657 |
Encrypted: | false |
SSDEEP: | 96:69oa666666666666sRIX2ihL9fENSMMMMMZMW9MBMHqdOaMv7R/:k666666666666CI3Q/ |
MD5: | C5E1F1F5EE2542E952657017F1B1C8CD |
SHA1: | 3AA1749BD5400D8040A8CCED0276F118DF418E22 |
SHA-256: | EEF1E60A8A0DBB479F228B1F30E03FCBD14FEA8CE25BD033CE875154AB9940F9 |
SHA-512: | D02B0A1EFEA62946F25340679F30F7A4E98E3271BA160260795C9047A788FDC43C8225DC067467EB3C3EB9DE1AC301CDD1631EFEB1DA751860D40BA868BD4F46 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.4451004460532255 |
Encrypted: | false |
SSDEEP: | 384:yezci5t+iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rRs3OazzU89UTTgUL |
MD5: | 501712A7C4B5F7B332710B04815D95C9 |
SHA1: | BB6DA5639CAEFDE1403F9E566C2AA2F73DDFABB4 |
SHA-256: | 3CD053E70FD1000980F2D3BD8694DDFA08988629617F3CD32516CF4FE8830887 |
SHA-512: | 60E6E9226A0B953A150DA695F99870A74392B4EFFB6065E46C292EF81EB8540DE8DF9E2CF5D1C5628290FF69D572FA8507BDB79C1454653426D51216A5162EE1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.773560837029423 |
Encrypted: | false |
SSDEEP: | 48:7MRYcp/E2ioyVVioy9oWoy1Cwoy1JKOioy1noy1AYoy1Wioy1hioybioyxoy1noS:789pjuVF4XKQs/b9IVXEBodRBkt |
MD5: | 2EB637452D40F6A032D113A40F0CEEE1 |
SHA1: | 632C0681A9FE3E14BE122965C0544C430F618529 |
SHA-256: | E570118A6C37C98409B8846DA0FC6F5A8D51D56334E2CB17EBAD156544B1DA73 |
SHA-512: | AA9870EA6D9E9D2A1CABC995BF245DFE07BEE6BF6295519D0038BEFD6838AFB14DD2D9AE29BCFB5278BB2AFFC6F5A19C2A21C65FDBA546B076FBFAE5506F02AD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73305 |
Entropy (8bit): | 7.996028107841645 |
Encrypted: | true |
SSDEEP: | 1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/ |
MD5: | 83142242E97B8953C386F988AA694E4A |
SHA1: | 833ED12FC15B356136DCDD27C61A50F59C5C7D50 |
SHA-256: | D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755 |
SHA-512: | BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7457468364538267 |
Encrypted: | false |
SSDEEP: | 3:kkFklOkklfllXlE/HT8kkHlhlXNNX8RolJuRdxLlGB9lQRYwpDdt:kKXtmT8h7NMa8RdWBwRd |
MD5: | 21C40953166521A49271D20389F0F85C |
SHA1: | 1B2F2D1F7F749BC74A07AD7989832D9A17CB0976 |
SHA-256: | 0DB33D6E68E5635AAFD7C0A18B079EBDFD2786A7866EAA1477854D3DB85835FC |
SHA-512: | 2BF8FE1EC56B3C1B25554977469EA948DDC95A5F6617B91351FCD85C170E1261D9AB301CEDB5417B193ABB8C9ADE5466002DFC942CB587DEC15A15F3E5655D7F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 330 |
Entropy (8bit): | 3.267350459382745 |
Encrypted: | false |
SSDEEP: | 6:kKvpsrmcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:3UmfZkPlE99SNxAhUeq8S |
MD5: | 445CD66C0BD9A6E4FE8B1D484A37B96B |
SHA1: | 0BA2BD3BE12C44D9FB3A35276769408F03FAF3BB |
SHA-256: | 6D3A74F2BDFEBF2D18C21E7FFD9B82FBFE7166B33EC7E68B5A099D1ABD9F826F |
SHA-512: | CFFAB18B7690D7E7D9A71571DD342B29EC906CB57BF76BC0E34755114CF33D5C69FAF64494BADE984524A55CF0D64C86AFC9957C247A0B8969C0D1D971F0C75E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.382353792526338 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJM3g98kUwPeUkwRe9:YvXKX4EoHEZc0v35GMbLUkee9 |
MD5: | 74A546F617F9AE20BF2CC97340664CA1 |
SHA1: | B8070325CE36117DC4568DDAE145D918BE687FB3 |
SHA-256: | D534EC4B0BDBD3A17321875D503660539B7EB6A3EB77D0197DD7FD287B2D6241 |
SHA-512: | DE8F67DC627BAD8C2E9690AF7E6D4223372937021F3A42025E69A03972E107FE5D87433885C1C805E6FB7684DD91F042777BF9F54FE9B4DFCC18BC64AA417FA9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.333098239478 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfBoTfXpnrPeUkwRe9:YvXKX4EoHEZc0v35GWTfXcUkee9 |
MD5: | B80CE0F7BB1D75937F80803EF7E5EB11 |
SHA1: | D5FC866D8AC49FB9E47E2FC8023A8E3034F21C29 |
SHA-256: | 003AA07F2A3BF32EBBDEF1854EEDD3BFE2A97758823CB7C76FBECFDA77AC5732 |
SHA-512: | EDA3C9C149DF86A9057CC348693215BFFA037EC31AC5E3CD44DD37356A6B79E871E9D5341546F1AF0FAF890633CF38218CBE5C58461EDFBB28F48D78D2B6057D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.311497558346431 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfBD2G6UpnrPeUkwRe9:YvXKX4EoHEZc0v35GR22cUkee9 |
MD5: | 2840675BF5264F1DC78CE9B676C4E4A0 |
SHA1: | EC4576D3CF622F87E4103FDBF061C60792F42EBC |
SHA-256: | 593B544FE44EF326D5F5E4AE5A99CE2F706981BC98FB1DFF06C5D0AA50573019 |
SHA-512: | C02748BD529E79C4190B7CE5E78AE0D11FA7E4607637EF5D22A9131E4BED9798A3B8A1A8EF70E40EC8E75DD18C9D1EA25E613ED360ECCD7E8FCB7F40F4711FCA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.3700306287639235 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfPmwrPeUkwRe9:YvXKX4EoHEZc0v35GH56Ukee9 |
MD5: | 215FC6255E4EA4AE9BA2B070A4B7EC92 |
SHA1: | A0BCFA8C99C913D5ED9A661F10C589ECB87EBBAC |
SHA-256: | 1C5CABFA41202AACB2D1A0C6E6B86B722D3FE626FBEDE8170B422F3E10E1986C |
SHA-512: | 3F132764CA7F823BA7EEA57C32F1B3B5C93F9D2775AC25CAD9AE7A5D5713B7956B87DCA9B754D9E7901350782D9FB59928569BC9EA9625CDD4EC9C6352C488C3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2113 |
Entropy (8bit): | 5.845607307705662 |
Encrypted: | false |
SSDEEP: | 24:Yv6XTqEzv3epLgEGycjycR84bNerISIedJGWQxiE5iODneLKnlYMfNcQbpEsrArx:YvK/ehgly48Y/TWCjiOumNcvKOrkUj |
MD5: | 0F58FD7C597F5BD0287873C065F07DF5 |
SHA1: | 573E8BFF648B038206F4DCB1396EF5B30A17D1F4 |
SHA-256: | A710F0A3C90EE5A0EF65C591DF9908B0B0D654ACA7AAFC83D0353E1E468EBE0D |
SHA-512: | 6F6EB7B277BFD2CC1F29F580BB6952E0063486F5D533F669995E13E302A68389C777818BD43806A45EB7F1B1EA44D0D91AD235F663A340213E9F7EB2A23CB692 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3164712197287285 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJf8dPeUkwRe9:YvXKX4EoHEZc0v35GU8Ukee9 |
MD5: | 2798C6F476D68C7C11A1FF7F115F6666 |
SHA1: | 37A8B3A2EA30ABB6759FAD0F35049AF9110F6235 |
SHA-256: | 3F3B7EC5598BE811B5F2BE23194898969DBBD5C01EFEA8C2D3B40449A7924F87 |
SHA-512: | 9EA8977C8D8F85F9D1B2AACED883036236FDD5B102B5F03C238524C24609D1DD738BEED736DAFC9797375B7F303C5F63B02E367EACB17E8593F21404B2BB05BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.321093226665042 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfQ1rPeUkwRe9:YvXKX4EoHEZc0v35GY16Ukee9 |
MD5: | C972360E060935692C718D513B763870 |
SHA1: | 78C957180E19F3D628C3DD2A5DA028CC80D7EAF1 |
SHA-256: | EADBEF5E6F9C96079D0A67656537E7E3B8B6B970109802A5776C087986F235C7 |
SHA-512: | BD2856F00EFFFAECE96A2B532E898C7812813AC3E23A500971E0119400E8B37A86D85B09182F9C056689E65664009841F2AC9DC70509212EC928AAD2D2FD0471 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2064 |
Entropy (8bit): | 5.827820203748072 |
Encrypted: | false |
SSDEEP: | 48:YvK/NogbN48l/GiyLVzyODRHKOkQDcSmjWAj:GyOg54Y/IVO4QOkQoSmb |
MD5: | E86644727B1186F12B1772A9B9DCB69C |
SHA1: | 8909473984E35CCB571C3A1F65617EABB79AE426 |
SHA-256: | 32EE4905E77C2E3FA4C325118DBC571F81C10E9505CECFFA994099FD1E1E5E17 |
SHA-512: | 2339888F46A1B6C8504891A0EAD13B023EE75436297C8B8C8F25F80525FF97F88C492CABAEAC2AA27B812FF09256F54E0BB9EA0B029BEC2CF0E05480170788CB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.341487349396256 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfzdPeUkwRe9:YvXKX4EoHEZc0v35Gb8Ukee9 |
MD5: | 2F96F18703AC721B6D1A7F0D0070FCE6 |
SHA1: | 77D2DD42FC874D984ADCA452BCBB819E24BF41C6 |
SHA-256: | 4A8058315665516A164D5E9C98D334FFC240D2229BDE7D298BA1CBBEE1D5C1C1 |
SHA-512: | 3350FE9EFB1969A263E17095FCE63D0DEDAECF674A9F4C9608B29A5D06213B0567D367E1EEE31EC666DD5862A83C22C258D1C192FCEDB543FD0AF1884414AFE3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.322867885857234 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfYdPeUkwRe9:YvXKX4EoHEZc0v35Gg8Ukee9 |
MD5: | 69E68DFF4C78C7828E370BEDC2E95B68 |
SHA1: | 3C6C3EB3C254EDDF49F81502AC13AC3400C01D4E |
SHA-256: | 73CFD277E6FD2477C946C4DE4155259064146BEE96BCD7BE8E1E71E45ADC64E0 |
SHA-512: | C7ACBA92F80283767942BA3472FB1F9BFE306095152A0877600F55B0B056B3D2385F47D4D1869A7F92A3E1C014E15D166159241ADE60C59534D68929AD8ED7B2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 284 |
Entropy (8bit): | 5.309003160771313 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJf+dPeUkwRe9:YvXKX4EoHEZc0v35G28Ukee9 |
MD5: | 273591D11B2B4660D93BA84DCE1AF46B |
SHA1: | EB463939C19FD7B5E1FC1B300E0E61892E8F6E89 |
SHA-256: | 5D54F0D05D9A702D669AED452B3F9B5324230E0E8B2A63A1427740461FFD4B76 |
SHA-512: | FEE38A6A3CB98B8CF70FBC87207E2653E309AEA118DAFD5726FB00AA85A4AEC2CF77E5F6B0EFEA819D0F39432C84432DC87DB148BBE1088CAA6A6890E270AE3C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.306257815930704 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfbPtdPeUkwRe9:YvXKX4EoHEZc0v35GDV8Ukee9 |
MD5: | 3406E7B2736C7D08585E892B97AEC2B1 |
SHA1: | 5BA7483E88B4A4F5BDAD9A59D0E217258038CE96 |
SHA-256: | 0D13D4760A93B39BBD2E2CA3F5F6CC395048E90852E7E210E9BC889B3FC4DDEA |
SHA-512: | B3EF3B91F71BA09A5D066204DC6A8C379E3CC376E36999E8AF7E6749548886F798B33B10D7B54EECC9E6C3A79E043BB04AAFB3AC5741244555A9881ED09E5737 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.311521659843853 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJf21rPeUkwRe9:YvXKX4EoHEZc0v35G+16Ukee9 |
MD5: | DFB8AE82544C069B2A54F00AAEEEB63E |
SHA1: | EA20E08BFF434E5309D7C86127EC9435ACDAC9E7 |
SHA-256: | 25B6E642477EA5F201B96F053B3BB064599292B49F7E6548F10C45F0AE858432 |
SHA-512: | 0BB9551327DDADDA5F68AB0396371C555073FF7BF93E40656002C525985931691A53277E100DCD2E043F466E0F9E4318BCAB7130C5894FC883594EEBD2AAFBD8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2012 |
Entropy (8bit): | 5.840793426627291 |
Encrypted: | false |
SSDEEP: | 24:Yv6XTqEzv3CamXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOBI:YvK/cBgBG48j/SiyLVWOAI13kUj |
MD5: | CB812A3B51AF0514AE794CB9CEC88BE7 |
SHA1: | B61BCA7886A87F891FAFEE6C02E62DCF54391E92 |
SHA-256: | D5DB92CFA60E53154756DE1FA9E983D1E1370F1C207386D7B39DAFB85F5033C6 |
SHA-512: | 1BF54E27D597BF721C28B73DE971A7566B60906402F8EAF1257BCCA86A6AA83F2561A499E08F281187684F83BF7DA5E3300465A378E172474AC61718774871C6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.285490607597329 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfshHHrPeUkwRe9:YvXKX4EoHEZc0v35GUUUkee9 |
MD5: | 27B772ECC836F0FFDF44F7A255FD2876 |
SHA1: | 3B0B72F88527289E5E37CB681D111C678B1A62DF |
SHA-256: | 1ACA1AB024312AE29FBDB5B711C417B87C94B49FEEF2CB912D57E3843C15C9BC |
SHA-512: | 17BB2099E76ECE689F321FBF4C78A2850723EBF2D1920BC8FEDE39DF9E10A414E61472EEB990336D548B47E6EE38CD5CD061ED2B9B535D42C0FFA020C54016D9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 282 |
Entropy (8bit): | 5.290195151168575 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJTqgFCrPeUkwRe9:YvXKX4EoHEZc0v35GTq16Ukee9 |
MD5: | ACDD12844A2E8AF127D9004374C4B94A |
SHA1: | 20390A8CB6E6DACDED3417EABBC20CD6B631A78D |
SHA-256: | 81AC22A6B407401F56C6C8944208408C3A20A622F7784DB086189689B2437428 |
SHA-512: | 0F4E46764437DAE999CF9C2BE6C50DF24949A17198AC8F4AD6934CCDE4C4F848CADA12A0CDFBD4DCEBAAC86E14146D77D4325659C8A66294BB80FCB75FDC3441 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2815 |
Entropy (8bit): | 5.145983630232527 |
Encrypted: | false |
SSDEEP: | 24:YGM311arHnaylC3cJPfFLZNaR5Avg35NgjLj0SoZNo2l1q2LSyChFsLdDb66JZP0:YGM3aO3y1tNS5ERnwy/susLdDGcKl9sK |
MD5: | BDCA09D9511A891C549038476F192F12 |
SHA1: | A9CAEFAAD0156DBA773686214BAFA156DC2B0540 |
SHA-256: | EFA212ED7C7F9318635365C082A3CD1DAF463C200BF6F291BB5D821B83114624 |
SHA-512: | 0713E85CCB80B6301E90ACE2807D0DDDEB458F43FD14719AC8402B71BFC2C1E1616CE761AA6C79172BA26589B8B0FC781B467D5F5FB5C17DEB61FF4BFA9E4BB5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1880672036486548 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUmQXSvR9H9vxFGiDIAEkGVvprQX:lNVmswUUUUUUUUX+FGSItK |
MD5: | EAC42C93464ED5ADBBA2F84870C569C0 |
SHA1: | 45BD81FD052A6F0BA708BB4004FC7769A6CED0BC |
SHA-256: | 409D27E06497A7ADC82AA845619969A4CD82460539B61434B4045780636D05C7 |
SHA-512: | 68727DAE66C74260449C2AB58BD8B80AEBEB56AADF3958143DDFD16E7D2DF371B8E8E3BEB1C379B6D360BBDF3176928D7AD0BE98794B51CC2262D398B523A294 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6079210452950716 |
Encrypted: | false |
SSDEEP: | 48:7MzKUUUUUUUUUUmQLvR9H9vxFGiDIAEkGVvnqFl2GL7ms/:7ZUUUUUUUUUU7FGSIthKVms/ |
MD5: | 857F335B77DB055ABE5F67790522F813 |
SHA1: | 451C880A14319D8C91094964FE8A46AB7319BCF3 |
SHA-256: | 8F8FBDB68896BB269F4F8293ED0E0EB6985992019919C74D36D30C04DE42B5EF |
SHA-512: | 56DD76C29B454A9B1533C33BA3809D473D1D99ABB3D99BE323764B57DC9E5710CC992745B7C31666A94A92A222DC7669D5DF6F8A935583654308B9075F63A1C8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5457200906107795 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8muVlErNIF:Qw946cPbiOxDlbYnuRKDrNQ |
MD5: | 940069146AC7655C8E1DC5E8731A6078 |
SHA1: | D4087AB7D783A4F7ACBB0B0C17BC0EC75A34F95F |
SHA-256: | 157CA43F8F2487E67B6F1DDE0CCD6376A6496B206D8725E8EE416E14688CC5ED |
SHA-512: | EFE69A6894822F1213F712298210E3635BABEDB6D316194862F29DA543904E547D88FD672E406987A9943E0569C1F5A5CAD6A0AD62D25A8988A0FAC24E6CBF3F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.084729033202952 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROONCVE2pkdEuVE2pkdEuvLCSyAAO:IngVMre9T0HQIDmy9g06JXakFkdLlX |
MD5: | 0CA894C253C28BC7244E7BBA58C901C9 |
SHA1: | 32E79F92DF3FAAAAC0753B30DEC49FC19DA33C2D |
SHA-256: | C21246C1B2BDFB3CF339347A399A9FF8CDF9660339049DB6AE1DFEBE187EECD8 |
SHA-512: | E0D708CEDF33DC510BF654FC63736D2CA872101E6666ED01AD7FA74612A22ED21C2294D7B42C77AF04BDE0190E94AD7D76886CECD22D95F9733B90C094FBE08C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.351536248940721 |
Encrypted: | false |
SSDEEP: | 384:S0I5IIa0w2BRgzKg2oeNRbEVKpKkPJBix1WmsSq8QGWw8yYgddSJb8789AyMtPUX:u+dY |
MD5: | E6214A8E01B094FF0C4C5B3004D75A42 |
SHA1: | 33F5882E17D656B1305F9953D35F6998D7A6902C |
SHA-256: | 64315E7C06E04020C96085545AA323E7B30E81D06FAA44B14801E7334A9B1E58 |
SHA-512: | 2CEFD7D400AEAB69528C2263F932FFCF1E8E5C05D6B7846A3FF0E79D4461D39E461F22DF9775F1BC4F42CE9D0D818FF05B6F4B177DAF2A96F3125A6EDEF67F71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.388466054961682 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rK:W |
MD5: | 4D00D791902466671A24CE125597EB2D |
SHA1: | 56C5882B1BDD70C2C4EF5889AD0C9A5C45D6113B |
SHA-256: | 4F73C14CFBECFFF675940CE405211CD1AA7CEBCC9425DA086DCED218CBF41D57 |
SHA-512: | B13BA8BFA4F134470B06197D7743640CAB8165CE4798B4D91338F30BF1578A10E995436661F5157D865C53F6470D3AC49AD41C1759EFE45E85ECB553B095F3DC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xTwYIGNPgeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JTwZG/WLxYGZN3mlind9i4ufFXpAXkru |
MD5: | 62F2E9F22B4021BA764763F066157442 |
SHA1: | 0BBCDDCCA2B7342980503F1522E9249B077DED4C |
SHA-256: | 747B773557070E01063EDCDF20C3DA8DD01599EF5EE5E5320BA7328DFDB2E721 |
SHA-512: | 0D58BA35B2BBE548612357D9252FD87DDDC939B346DC666778CCE2C44E60F4A58434A42FDA5BDC7DF9552999D29ACD35E2F77FC5BD3D423B336F224D157F00A6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07EGZftwYIGNPzWL07oW:Jb3mlind9i4ufFXpAXkrfUs0wGZVwZGf |
MD5: | 0E1B199E77ACA01686FEB4EAEF72E148 |
SHA1: | 7C22D506ABC4B734E9491A833F78CBB2549356D7 |
SHA-256: | 46896E7C24B491E55815328A77A1F3FF6E9CBD6DAEFCD172F026B53320F934DE |
SHA-512: | EFEEDED8F81C340876293C5A63B3F1BEED952659B2DACCCC3ADD9868F6D6782484B29BE6720FD7F8E32B0A5CFF5C08CC31C2252A9AE20F0692A935AF0C263664 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 6418 |
Entropy (8bit): | 5.7894975388106005 |
Encrypted: | false |
SSDEEP: | 192:Yo6rMvuOa8AU9mUSW+/H6666rpoR+BcorwQ1v1Gr:Y/MrA/USW0H6666rp7ccwWMr |
MD5: | FF569B29BFC6BC121D223F8BEDB644E1 |
SHA1: | 68EF38B2563B23E9C063245032B280583AF33691 |
SHA-256: | 92CA01C41A8001CEBCD18E107E8D0C55E4CAC8A48F85EC172E930B3AA6641198 |
SHA-512: | 441A5BFBD0A95670DDA4CF3E466A9211CB3433A3214103C66355B4D87EFBF5253F0D0A47659F3AAF37330E4317C9B7B89AC4E5F6CEAF69C761C50A4CD1F731DD |
Malicious: | false |
URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE |
Preview: |
File type: | |
Entropy (8bit): | 7.668858050253984 |
TrID: |
|
File name: | Document 101-116.pdf |
File size: | 37'593 bytes |
MD5: | 09fcd457a331137b2891ac2913680ddb |
SHA1: | 12a0d6a2f1bce37eb214f83c6697d2de54c28bfd |
SHA256: | a057ba83208be579940254b56ce402625d88c669fee1e4ca93085565dee1f37a |
SHA512: | cfe78788c12514bdc157390432e341c39a9fa59714afa8e4d281bcce523ba7d8f7eeae137e672d1c27fb4cb9c366cedfe144aa1a4d9f36e7a8e4188a47f8fd00 |
SSDEEP: | 768:yl3INRprP0HZW8YdUzSFOCwS4NDyiZbxvA+FzwsZVnG5ttG/Fs1Dn5HkCa0pNW+H:Bh8CwjNDLZtIQzwq0tMFs1L5HkCa0XH |
TLSH: | 2AF2AF51980D2ACCD7A452D13F9A742EAAAEB22234C448917C3DC3C363D1F6EE91719A |
File Content Preview: | %PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 19 0 R/MarkInfo<</Marked true>>/Metadata 44 0 R/ViewerPreferences 45 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/R |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.668858 |
Total Bytes: | 37593 |
Stream Entropy: | 7.787253 |
Stream Bytes: | 32074 |
Entropy outside Streams: | 5.175550 |
Bytes outside Streams: | 5519 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 28 |
endobj | 28 |
stream | 8 |
endstream | 8 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 2 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
ID | DHASH | MD5 | Preview |
---|---|---|---|
17 | b1888a8ab2968eaa | 4320e76634685e597192795708693919 |
Download Network PCAP: filtered – full
- Total Packets: 56
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 19, 2025 21:40:59.075407028 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 19, 2025 21:40:59.387696028 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 19, 2025 21:40:59.997009039 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 19, 2025 21:41:01.200146914 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 19, 2025 21:41:02.761861086 CET | 49680 | 443 | 192.168.2.4 | 204.79.197.222 |
Mar 19, 2025 21:41:03.277548075 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Mar 19, 2025 21:41:03.614752054 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 19, 2025 21:41:07.849641085 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 19, 2025 21:41:08.196371078 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 19, 2025 21:41:08.431050062 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 19, 2025 21:41:08.890921116 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 19, 2025 21:41:10.098443031 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 19, 2025 21:41:12.504734039 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 19, 2025 21:41:12.537801027 CET | 49710 | 443 | 192.168.2.4 | 204.79.197.222 |
Mar 19, 2025 21:41:12.537801027 CET | 49710 | 443 | 192.168.2.4 | 204.79.197.222 |
Mar 19, 2025 21:41:12.537898064 CET | 49710 | 443 | 192.168.2.4 | 204.79.197.222 |
Mar 19, 2025 21:41:12.629251003 CET | 443 | 49710 | 204.79.197.222 | 192.168.2.4 |
Mar 19, 2025 21:41:12.629270077 CET | 443 | 49710 | 204.79.197.222 | 192.168.2.4 |
Mar 19, 2025 21:41:12.629281044 CET | 443 | 49710 | 204.79.197.222 | 192.168.2.4 |
Mar 19, 2025 21:41:12.630141020 CET | 443 | 49710 | 204.79.197.222 | 192.168.2.4 |
Mar 19, 2025 21:41:12.630151987 CET | 443 | 49710 | 204.79.197.222 | 192.168.2.4 |
Mar 19, 2025 21:41:12.630326033 CET | 49710 | 443 | 192.168.2.4 | 204.79.197.222 |
Mar 19, 2025 21:41:12.631623030 CET | 443 | 49710 | 204.79.197.222 | 192.168.2.4 |
Mar 19, 2025 21:41:12.631679058 CET | 49710 | 443 | 192.168.2.4 | 204.79.197.222 |
Mar 19, 2025 21:41:12.631710052 CET | 443 | 49710 | 204.79.197.222 | 192.168.2.4 |
Mar 19, 2025 21:41:12.631776094 CET | 49710 | 443 | 192.168.2.4 | 204.79.197.222 |
Mar 19, 2025 21:41:12.632529974 CET | 49710 | 443 | 192.168.2.4 | 204.79.197.222 |
Mar 19, 2025 21:41:12.723635912 CET | 443 | 49710 | 204.79.197.222 | 192.168.2.4 |
Mar 19, 2025 21:41:13.055002928 CET | 49731 | 80 | 192.168.2.4 | 23.39.37.95 |
Mar 19, 2025 21:41:13.148750067 CET | 80 | 49731 | 23.39.37.95 | 192.168.2.4 |
Mar 19, 2025 21:41:13.148900986 CET | 49731 | 80 | 192.168.2.4 | 23.39.37.95 |
Mar 19, 2025 21:41:13.148992062 CET | 49731 | 80 | 192.168.2.4 | 23.39.37.95 |
Mar 19, 2025 21:41:13.245624065 CET | 80 | 49731 | 23.39.37.95 | 192.168.2.4 |
Mar 19, 2025 21:41:13.246731997 CET | 80 | 49731 | 23.39.37.95 | 192.168.2.4 |
Mar 19, 2025 21:41:13.246773005 CET | 80 | 49731 | 23.39.37.95 | 192.168.2.4 |
Mar 19, 2025 21:41:13.246817112 CET | 49731 | 80 | 192.168.2.4 | 23.39.37.95 |
Mar 19, 2025 21:41:17.307833910 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 19, 2025 21:41:18.038047075 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 19, 2025 21:41:24.587553978 CET | 49731 | 80 | 192.168.2.4 | 23.39.37.95 |
Mar 19, 2025 21:41:26.918581009 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 19, 2025 21:41:30.744764090 CET | 49746 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:41:30.744844913 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:30.744930983 CET | 49746 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:41:30.745131969 CET | 49746 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:41:30.745156050 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:30.951015949 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:30.951100111 CET | 49746 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:41:30.952503920 CET | 49746 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:41:30.952522039 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:30.952847958 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:30.993006945 CET | 49746 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:41:34.637595892 CET | 49746 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:41:34.680356026 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:34.763194084 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:34.763238907 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:34.763292074 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:34.763295889 CET | 49746 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:41:34.763334036 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:34.763387918 CET | 49746 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:41:34.769510031 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:34.772964001 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:34.773052931 CET | 49746 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:41:34.773060083 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:34.776928902 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:34.777004957 CET | 49746 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:41:34.777126074 CET | 49746 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:41:34.777137995 CET | 443 | 49746 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:41:45.527916908 CET | 49715 | 80 | 192.168.2.4 | 142.251.40.195 |
Mar 19, 2025 21:41:45.618599892 CET | 80 | 49715 | 142.251.40.195 | 192.168.2.4 |
Mar 19, 2025 21:41:45.618664026 CET | 49715 | 80 | 192.168.2.4 | 142.251.40.195 |
Mar 19, 2025 21:41:45.687686920 CET | 49716 | 443 | 192.168.2.4 | 23.44.201.8 |
Mar 19, 2025 21:42:30.717183113 CET | 49757 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:42:30.717274904 CET | 443 | 49757 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:42:30.717371941 CET | 49757 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:42:30.717680931 CET | 49757 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:42:30.717719078 CET | 443 | 49757 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:42:30.953443050 CET | 443 | 49757 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:42:30.953953028 CET | 49757 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:42:30.954020023 CET | 443 | 49757 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:42:34.028043032 CET | 49711 | 443 | 192.168.2.4 | 40.126.24.148 |
Mar 19, 2025 21:42:34.137054920 CET | 443 | 49711 | 40.126.24.148 | 192.168.2.4 |
Mar 19, 2025 21:42:34.137264013 CET | 49711 | 443 | 192.168.2.4 | 40.126.24.148 |
Mar 19, 2025 21:42:40.932137012 CET | 443 | 49757 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:42:40.932251930 CET | 443 | 49757 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:42:40.932434082 CET | 49757 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:42:42.391014099 CET | 49757 | 443 | 192.168.2.4 | 142.251.40.164 |
Mar 19, 2025 21:42:42.391088009 CET | 443 | 49757 | 142.251.40.164 | 192.168.2.4 |
Mar 19, 2025 21:42:43.574912071 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
Mar 19, 2025 21:42:43.919378042 CET | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Mar 19, 2025 21:43:21.183115005 CET | 443 | 49710 | 204.79.197.222 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 19, 2025 21:41:12.954715967 CET | 52693 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 19, 2025 21:41:13.050573111 CET | 53 | 52693 | 1.1.1.1 | 192.168.2.4 |
Mar 19, 2025 21:41:26.423909903 CET | 53 | 49737 | 1.1.1.1 | 192.168.2.4 |
Mar 19, 2025 21:41:26.423959017 CET | 53 | 62251 | 1.1.1.1 | 192.168.2.4 |
Mar 19, 2025 21:41:26.463268995 CET | 53 | 63310 | 1.1.1.1 | 192.168.2.4 |
Mar 19, 2025 21:41:27.157135010 CET | 53 | 64767 | 1.1.1.1 | 192.168.2.4 |
Mar 19, 2025 21:41:30.650383949 CET | 57217 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 19, 2025 21:41:30.650592089 CET | 57140 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 19, 2025 21:41:30.743504047 CET | 53 | 57140 | 1.1.1.1 | 192.168.2.4 |
Mar 19, 2025 21:41:30.743844032 CET | 53 | 57217 | 1.1.1.1 | 192.168.2.4 |
Mar 19, 2025 21:41:35.739667892 CET | 53 | 63576 | 1.1.1.1 | 192.168.2.4 |
Mar 19, 2025 21:41:44.096683025 CET | 53 | 60913 | 1.1.1.1 | 192.168.2.4 |
Mar 19, 2025 21:42:02.896543980 CET | 53 | 56600 | 1.1.1.1 | 192.168.2.4 |
Mar 19, 2025 21:42:07.284194946 CET | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Mar 19, 2025 21:42:25.526196957 CET | 53 | 56670 | 1.1.1.1 | 192.168.2.4 |
Mar 19, 2025 21:42:25.911737919 CET | 53 | 63760 | 1.1.1.1 | 192.168.2.4 |
Mar 19, 2025 21:42:29.438354015 CET | 53 | 62697 | 1.1.1.1 | 192.168.2.4 |
Mar 19, 2025 21:42:56.513233900 CET | 53 | 63740 | 1.1.1.1 | 192.168.2.4 |
Mar 19, 2025 21:43:41.701715946 CET | 53 | 63456 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 19, 2025 21:41:12.954715967 CET | 192.168.2.4 | 1.1.1.1 | 0x169f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 19, 2025 21:41:30.650383949 CET | 192.168.2.4 | 1.1.1.1 | 0x6b35 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 19, 2025 21:41:30.650592089 CET | 192.168.2.4 | 1.1.1.1 | 0x9488 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 19, 2025 21:41:13.050573111 CET | 1.1.1.1 | 192.168.2.4 | 0x169f | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 19, 2025 21:41:13.050573111 CET | 1.1.1.1 | 192.168.2.4 | 0x169f | No error (0) | e8652.dscx.akamaiedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 19, 2025 21:41:13.050573111 CET | 1.1.1.1 | 192.168.2.4 | 0x169f | No error (0) | 23.39.37.95 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 21:41:13.391324043 CET | 1.1.1.1 | 192.168.2.4 | 0xfce8 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 21:41:13.391324043 CET | 1.1.1.1 | 192.168.2.4 | 0xfce8 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 21:41:30.743504047 CET | 1.1.1.1 | 192.168.2.4 | 0x9488 | No error (0) | 65 | IN (0x0001) | false | |||
Mar 19, 2025 21:41:30.743844032 CET | 1.1.1.1 | 192.168.2.4 | 0x6b35 | No error (0) | 142.251.40.164 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 21:42:15.039072037 CET | 1.1.1.1 | 192.168.2.4 | 0x88f4 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 21:42:15.039072037 CET | 1.1.1.1 | 192.168.2.4 | 0x88f4 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 21:42:38.637002945 CET | 1.1.1.1 | 192.168.2.4 | 0xbc52 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 21:42:38.637002945 CET | 1.1.1.1 | 192.168.2.4 | 0xbc52 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 21:43:11.576749086 CET | 1.1.1.1 | 192.168.2.4 | 0x6f35 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 21:43:11.576749086 CET | 1.1.1.1 | 192.168.2.4 | 0x6f35 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 21:43:56.761338949 CET | 1.1.1.1 | 192.168.2.4 | 0x2823 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 21:43:56.761338949 CET | 1.1.1.1 | 192.168.2.4 | 0x2823 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49731 | 23.39.37.95 | 80 | 7804 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 19, 2025 21:41:13.148992062 CET | 115 | OUT | |
Mar 19, 2025 21:41:13.246731997 CET | 1257 | IN | |
Mar 19, 2025 21:41:13.246773005 CET | 488 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49746 | 142.251.40.164 | 443 | 3032 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-19 20:41:34 UTC | 579 | OUT | |
2025-03-19 20:41:34 UTC | 1303 | IN | |
2025-03-19 20:41:34 UTC | 1303 | IN | |
2025-03-19 20:41:34 UTC | 1303 | IN | |
2025-03-19 20:41:34 UTC | 1190 | IN | |
2025-03-19 20:41:34 UTC | 92 | IN | |
2025-03-19 20:41:34 UTC | 1223 | IN | |
2025-03-19 20:41:34 UTC | 1223 | IN | |
2025-03-19 20:41:34 UTC | 104 | IN | |
2025-03-19 20:41:34 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 16:40:58 |
Start date: | 19/03/2025 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7dc980000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 16:40:59 |
Start date: | 19/03/2025 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7278c0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 16:41:01 |
Start date: | 19/03/2025 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7278c0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 19 |
Start time: | 16:41:24 |
Start date: | 19/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 20 |
Start time: | 16:41:24 |
Start date: | 19/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |