Edit tour
Windows
Analysis Report
SOPO-PDF-83324.pdf
Overview
General Information
| Sample name: | SOPO-PDF-83324.pdf |
| Analysis ID: | 1500779 |
| MD5: | 39aaad18c7d6fbc487e8bb3c71bbeb12 |
| SHA1: | 97b2dddb385f644dccfb2d5ae059e1a18c70be66 |
| SHA256: | 1d39d123dcc22348e7abd5cb61c463ed4d449636d9f4c0083c060898094434d8 |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
Acrobat.exe (PID: 7724 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\S OPO-PDF-83 324.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 7892 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 8084 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 24 --field -trial-han dle=1736,i ,681859866 5815656412 ,166291845 0595858639 1,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.203.104.175 | unknown | United States | 16625 | AKAMAI-ASUS | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1500779 |
| Start date and time: | 2024-08-28 22:34:54 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 54s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 10 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | SOPO-PDF-83324.pdf |
| Detection: | CLEAN |
| Classification: | clean2.winPDF@14/47@0/1 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 107.22.247.231, 18.207.85.246, 34.193.227.236, 54.144.73.197, 2.16.164.105, 2.16.164.64, 2.16.164.65, 2.16.164.107, 2.16.164.96, 2.16.164.75, 2.16.164.115, 2.16.164.114, 2.16.164.121, 172.64.41.3, 162.159.61.3, 2.16.241.15, 2.16.241.13, 199.232.210.172, 2.19.126.205, 2.19.126.209, 2.19.126.203
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com, wu-b-net.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: SOPO-PDF-83324.pdf
| Time | Type | Description |
|---|---|---|
| 16:35:59 | API Interceptor |
| Input | Output |
|---|---|
| URL: PDF document Model: jbxai | {
"brand":["brand1",
"brand2"],
"contains_trigger_text":true,
"prominent_button_name":"view_shared_file",
"text_input_field_labels":["username",
"password"],
"pdf_icon_visible":true,
"has_visible_captcha":true,
"has_urgent_text":true,
"has_visible_qrcode":true} |
 |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 23.203.104.175 | Get hash | malicious | HTMLPhisher | Browse | ||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Metasploit | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | Get hash | malicious | HTMLPhisher, Tycoon2FA | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC, Vidar | Browse |
| ||
| Get hash | malicious | LummaC, Vidar | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, Vidar | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.327658081397646 |
| Encrypted: | false |
| SSDEEP: | 6:NLp5MGL+q2Pwkn2nKuAl9OmbnIFUt88LpY1Zmw+8LpOLVkwOwkn2nKuAl9OmbjLJ:NLpevYfHAahFUt88LpY1/+8Lpq5JfHAR |
| MD5: | C4D76972C13807619BF17E7020A71E78 |
| SHA1: | CF6E70F9C30A6563978FD2E718E731DDE983C158 |
| SHA-256: | 30A1C22E5AE01379FE21D2A22EBDF484F41F7868D237D787AB2019199ED35DF2 |
| SHA-512: | C57B63E3FA1C7243C6D16BC2B1B3C98D1BC582B76837A3C855AA9424D173EF9B425787FE7AF575E5CD3957A3D1B51289AD2808BE98CB0622F58F7D7FB90BBBF1 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.327658081397646 |
| Encrypted: | false |
| SSDEEP: | 6:NLp5MGL+q2Pwkn2nKuAl9OmbnIFUt88LpY1Zmw+8LpOLVkwOwkn2nKuAl9OmbjLJ:NLpevYfHAahFUt88LpY1/+8Lpq5JfHAR |
| MD5: | C4D76972C13807619BF17E7020A71E78 |
| SHA1: | CF6E70F9C30A6563978FD2E718E731DDE983C158 |
| SHA-256: | 30A1C22E5AE01379FE21D2A22EBDF484F41F7868D237D787AB2019199ED35DF2 |
| SHA-512: | C57B63E3FA1C7243C6D16BC2B1B3C98D1BC582B76837A3C855AA9424D173EF9B425787FE7AF575E5CD3957A3D1B51289AD2808BE98CB0622F58F7D7FB90BBBF1 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.236562057729282 |
| Encrypted: | false |
| SSDEEP: | 6:NLpEN9+q2Pwkn2nKuAl9Ombzo2jMGIFUt88LpH3JZmw+8Lpfk9VkwOwkn2nKuAlx:NLpw+vYfHAa8uFUt88LpHZ/+8LpfCV56 |
| MD5: | 976A394466B4E76D58126DA00853D40C |
| SHA1: | 40AF98558BB5254D1B7E2FAB54D5BA98CACD1718 |
| SHA-256: | C7DB0C5F54B2FCD0EF508A3C6820436523CEE8942C00CC4956CBB69CAE7DA45A |
| SHA-512: | 529DA584864A8EB453FA94DE7BA93DA13D862ACB79470CEFA25F8A564D2B925BF8A95D28EEA19FB7925E0BBA16E0DC8F8A664F9C8FCF218F82F18244F09E65AB |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.236562057729282 |
| Encrypted: | false |
| SSDEEP: | 6:NLpEN9+q2Pwkn2nKuAl9Ombzo2jMGIFUt88LpH3JZmw+8Lpfk9VkwOwkn2nKuAlx:NLpw+vYfHAa8uFUt88LpHZ/+8LpfCV56 |
| MD5: | 976A394466B4E76D58126DA00853D40C |
| SHA1: | 40AF98558BB5254D1B7E2FAB54D5BA98CACD1718 |
| SHA-256: | C7DB0C5F54B2FCD0EF508A3C6820436523CEE8942C00CC4956CBB69CAE7DA45A |
| SHA-512: | 529DA584864A8EB453FA94DE7BA93DA13D862ACB79470CEFA25F8A564D2B925BF8A95D28EEA19FB7925E0BBA16E0DC8F8A664F9C8FCF218F82F18244F09E65AB |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.970548621198367 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sq8TQ2sBdOg2Hacaq3QYiubInP7E4T3y:Y2sRdsvOdMHV3QYhbG7nby |
| MD5: | 29E8E1B8267B835DAAE0050CBE9880CC |
| SHA1: | DFF5A5051F735234849109503EA3ED7E55A41BD9 |
| SHA-256: | 05119EA31776142A23CFBD596D86B090E2FA45EA658679534AA8858AACDB2E5E |
| SHA-512: | B522470FCD9CBC25839523D707EA9B3356F4719C240DB1D692C54FE9EDE7BD1086BD2DBCFF7D19216E743F3B826E2996A66397F721822EB465F38FD430BFE0C7 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a03e1eda-6f88-43c4-b0bf-09cb02ca908a.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.970548621198367 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sq8TQ2sBdOg2Hacaq3QYiubInP7E4T3y:Y2sRdsvOdMHV3QYhbG7nby |
| MD5: | 29E8E1B8267B835DAAE0050CBE9880CC |
| SHA1: | DFF5A5051F735234849109503EA3ED7E55A41BD9 |
| SHA-256: | 05119EA31776142A23CFBD596D86B090E2FA45EA658679534AA8858AACDB2E5E |
| SHA-512: | B522470FCD9CBC25839523D707EA9B3356F4719C240DB1D692C54FE9EDE7BD1086BD2DBCFF7D19216E743F3B826E2996A66397F721822EB465F38FD430BFE0C7 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4730 |
| Entropy (8bit): | 5.2506215810368255 |
| Encrypted: | false |
| SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7LI3p+Lz2vzEZp+Z:etJCV4FiN/jTN/2r8Mta02fEhgO73goO |
| MD5: | ED6FBCB3394D51EC17AC8A4050050D85 |
| SHA1: | 94353BBD7A918C31E29FC8FCF922EBE8A1B92C85 |
| SHA-256: | 8658FBE5F8E76C0280F04B717E851D18B0990B625C78085EF190B8E1676724AE |
| SHA-512: | D6C210467878F42F0C7DC14115A714F69DE70EB9D4215CABF08E3E0D0FDAD748969F8F6D982BFE870A6B7CEDFDA2D3C1AA6CAD36B8A8345033785DE19710CAAA |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.275926499497365 |
| Encrypted: | false |
| SSDEEP: | 6:NLpwUiN9+q2Pwkn2nKuAl9OmbzNMxIFUt88LpUS3JZmw+8LpMF39VkwOwkn2nKuP:NLpwH3+vYfHAa8jFUt88Lp//+8LpoV51 |
| MD5: | B7D7EFFD7FC79D2233ACAAD5DF149FAD |
| SHA1: | BC97849FDDDF6007AD6810CDAED83DD783D4A851 |
| SHA-256: | 2A07F11F835B7F744000CDD8D756EA54CE484A1FBDABC0C7704BB0E964D43A04 |
| SHA-512: | 86BDF583E8996944A760D498349E677DEC9BEE6DC4B79736E81DE81BB20A60FB30FADC8A0849EF2C0F491071C6D6618F37F9977569DFAEE96A4BC20C01134B0D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.275926499497365 |
| Encrypted: | false |
| SSDEEP: | 6:NLpwUiN9+q2Pwkn2nKuAl9OmbzNMxIFUt88LpUS3JZmw+8LpMF39VkwOwkn2nKuP:NLpwH3+vYfHAa8jFUt88Lp//+8LpoV51 |
| MD5: | B7D7EFFD7FC79D2233ACAAD5DF149FAD |
| SHA1: | BC97849FDDDF6007AD6810CDAED83DD783D4A851 |
| SHA-256: | 2A07F11F835B7F744000CDD8D756EA54CE484A1FBDABC0C7704BB0E964D43A04 |
| SHA-512: | 86BDF583E8996944A760D498349E677DEC9BEE6DC4B79736E81DE81BB20A60FB30FADC8A0849EF2C0F491071C6D6618F37F9977569DFAEE96A4BC20C01134B0D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240828203551Z-154.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 0.9694501657457111 |
| Encrypted: | false |
| SSDEEP: | 96:Ovjzzx+YsAhqRerahAe3bKmtJt+VOenynX6a90ynG4PaYHKJZA:aJ+Y2jft2gec6QaEKY |
| MD5: | 1E65E32DFDDDEBF790CC021A1A803F4A |
| SHA1: | 88EA1DA8A801399450DE1CC9E2A2DEB0B3F08CF1 |
| SHA-256: | 0BD8A4F504E5DE54AD8647EBEBBCFFC0D65F07843A5C6D52A641A67902FFEB5C |
| SHA-512: | 0A8A7EFDE59B157DC4247DDF579B6762487E3BC143B47D5D3C0A4576F3E7D30547998DD093420E01F979D81F945573BA76F779141EFB2DB3DD48CCF8F40EFF8E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.445632036683976 |
| Encrypted: | false |
| SSDEEP: | 384:yezci5t8iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rbs3OazzU89UTTgUL |
| MD5: | BB525B1AFABE0EF9B038A0D066DDB23B |
| SHA1: | A403778B4FC2D36696D03A0624DDCDC64A09CB93 |
| SHA-256: | 843FA5340D3A4F546C2B8EB7BE426FD6FE76193781FB61B9A88065322DA78B7B |
| SHA-512: | A962CD2B679AD1148BE66E2509BBEC99D54E22A2CD147099DFB20C2EEDE84367D1FACBFC320839C9E57988C4E2A3819C0BE194A6E3201A3895CDAE0EB1867B76 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.7752315912953565 |
| Encrypted: | false |
| SSDEEP: | 48:7Mpp/E2ioyVMioy9oWoy1Cwoy1AKOioy1noy1AYoy1Wioy1hioybioyKoy1noy1s:7KpjuMF/XKQHHb9IVXEBodRBk0 |
| MD5: | FE21F57F83D0AE2763E1ADFF8A905B3E |
| SHA1: | FF73BF7B7963CF3F0991C70D153D162ABB96709D |
| SHA-256: | 426EE549D0687F5C73773788B4313516A72625092E3B7A3FB2CCC445F63B436A |
| SHA-512: | 84BC270C6797EE3BE4BD5185785D6820A34CE8AE1929A253C9BFDD3755E5301E7B7E50F0283432B26AB9AF890688442C491F21ACA274DC3175AA68A5A96B593D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 893 |
| Entropy (8bit): | 7.366016576663508 |
| Encrypted: | false |
| SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
| MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
| SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
| SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
| SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.2418003062782916 |
| Encrypted: | false |
| SSDEEP: | 6:kKSa9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:kDImsLNkPlE99SNxAhUe/3 |
| MD5: | 342CA23C27AAF34D8B29E51684F65039 |
| SHA1: | D9D36E3750E4126EB5B8E204EDFBF9D11CE4EDC7 |
| SHA-256: | 8EA6BB1285725FA17B9BE61A684B7A3509B5B2E8BD6DBB6D8F0B354E1CCDFFF0 |
| SHA-512: | 87294153438A1F94926667C695A8FD9AF40DF2387E5F93997CE2F21030104FF882E39FEFC96C32C9B6134FBC93C8DF19E581C2280D74D39E26D05CD65EACFD69 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 252 |
| Entropy (8bit): | 3.0215269645321685 |
| Encrypted: | false |
| SSDEEP: | 3:kkFklWB0tfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnka:kKBBIxliBAIdQZV7I7kc3 |
| MD5: | E0855B8711AA54B6367A3B37185AEA1F |
| SHA1: | F33FE08742D1E566E6A308FC35D0B793880DF403 |
| SHA-256: | A2588C53BFC5923B586302FCFC72EF22BC1A60B8FB63CCD9E109C0A2E5C08478 |
| SHA-512: | 2F9475EAA81601B401F088114510E1D0EB8737D3322B9E4B0F7B1BD03F965A754AB99E1B7887AAC5E649F74BBDBC831A17F4191A787C9A78904A52619BC2CBCB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 243196 |
| Entropy (8bit): | 3.3450692389394283 |
| Encrypted: | false |
| SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
| MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
| SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
| SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
| SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.353049955310222 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXdWhe+RTnVoZcg1vRcR0YIEeoAvJM3g98kUwPeUkwRe9:YvXKXdAiZc0vgGMbLUkee9 |
| MD5: | 7ED439D64E7249E957B0F0F07AFBB019 |
| SHA1: | 43F71774B164149C33FAD365E1212E4A73864CEA |
| SHA-256: | 9322CDE3C7ECB9F28E81299261AC3BA933852D9771CD26769F7282B2DEF4433C |
| SHA-512: | EA833A39C11F7BB4590F20BA0EA820D233D495FD6AC574B755F8AA0697E8AF727921415062AA50B45CF9593D064A5A68D083C0919965B5E0256B69F5E9A7A64D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.302830053292633 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXdWhe+RTnVoZcg1vRcR0YIEeoAvJfBoTfXpnrPeUkwRe9:YvXKXdAiZc0vgGWTfXcUkee9 |
| MD5: | 9BF912FCB83F4CCD6696B04B1E68D196 |
| SHA1: | DA0E880BC704A059E4FAB53AA2FBE4568A4D9AB7 |
| SHA-256: | 2D4B8DD9267D49581C0FB7A346C1B200A32C527A8E46626B576D33D543C511A7 |
| SHA-512: | E008B52C892B45E66E71A7AFC9F396A0202EAECBCC4C0639A2240AA23F2E097B8AF36665A5C1C53DCF50A0C3750C4E197E0D95DD1FCE9087D7E46ECA50D2DF4E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.2810895486504394 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXdWhe+RTnVoZcg1vRcR0YIEeoAvJfBD2G6UpnrPeUkwRe9:YvXKXdAiZc0vgGR22cUkee9 |
| MD5: | 6BD2C0A0447549812ED6B4672FADCCF6 |
| SHA1: | 5803775CAE28B36EBF9230EE55FAF647AAACBF79 |
| SHA-256: | E717970EB819D60219A0C21AAB34ADB1F5E6EE1F44F87979D72E8E0A366A1A35 |
| SHA-512: | 30DCF21C776A9B6FEAF6C2E1B4A75D4EFE98763E9C500FEC204C2A407656691202C999502E684876670D8F287C5D68D0733174F92DB135A8386DCDD9F77C67DB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.339698586733206 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXdWhe+RTnVoZcg1vRcR0YIEeoAvJfPmwrPeUkwRe9:YvXKXdAiZc0vgGH56Ukee9 |
| MD5: | FACE588A2E6AA4CE57EC3A6315D6B6BA |
| SHA1: | 8D4B9BC7228D75ACD270A0D379FC2B0E0D66E73B |
| SHA-256: | 10E4B0FD27E01D3AB2AF217979CA0EA42300966A3A0DF4FD55C5954164ED4CCD |
| SHA-512: | DB361B771AD5FF21B0537FB8E217061B9C0A980D8F377EAF5F34625CBD5BD63A22ABFE2C78E5BFE658B936465ED219C3B144067A15EA2221169CDFB72CE1422E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1063 |
| Entropy (8bit): | 5.657312479510959 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XWizv9pLgEFqciGennl0RCmK8czOCY4w2/:YvvalhgLtaAh8cvYvw |
| MD5: | 0CE56827A4BD188FFF78CD0AFACA1F6E |
| SHA1: | 5A7EFF5679833D4A4D9B06FFDEAFDD0296D67778 |
| SHA-256: | A1F024B7DC176BE63BE2B8E261AA22C65C91B4054F819212F1E5CF63571A29A3 |
| SHA-512: | 1CEC5C02C01F1F2CED55F3B51FADC7E13D38DE4F68C734A953607DCA8F2CD2867921E403E9E5759AAFCBA82B4DC0DCDCD19975E392049DF1DE2CB4A489681DA9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1050 |
| Entropy (8bit): | 5.645153325855375 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XWizvhVLgEF0c7sbnl0RCmK8czOCYHflEpwiV/:YvvapFg6sGAh8cvYHWpwW |
| MD5: | 6CF150C256EADDC5EA7C7F88E04CDFCE |
| SHA1: | E923ED3151DD1A912B46CF63CC63EECF544D03A4 |
| SHA-256: | B97B4287C53A6C732D1BB420481E7BF6451A1078A6A0FC601055932A004F39F9 |
| SHA-512: | EB0D8FAAAC4759B3BC7A56DE04937B95E0595256B6B9926C6876C533FB9F8A1B2AECADD870D8CFB108EFFD32C0890809033399E6ECFCB64FB0A91FB6723E4A0E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.289790412765438 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXdWhe+RTnVoZcg1vRcR0YIEeoAvJfQ1rPeUkwRe9:YvXKXdAiZc0vgGY16Ukee9 |
| MD5: | 649260C1F901933195DC05B929FD2BEB |
| SHA1: | 1D2E16C30A6D38937B500C11DB85F357017DA48F |
| SHA-256: | 6636959B2C75691CD0DFB5367F8A90CF9FA4FF3780201DCA986D4DB20E94F57D |
| SHA-512: | B9135AA3862BE9C3410023A24442618F1FC333CD59F76BF71B0EE7E1C5E281F4E7222CF639B52DA3F20C89E2431530CD13E59BC50B792F748440355FF4EDD9D2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1038 |
| Entropy (8bit): | 5.63786249511126 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XWizvQ2LgEF7cciAXs0nl0RCmK8czOCAPtciB/:YvvaYogc8hAh8cvAt |
| MD5: | 978C25C4DC6E4F01F05B4877627769C8 |
| SHA1: | 21291FBB6F7685F2799AB5AA1CC689DCDB054E6C |
| SHA-256: | 0219CFBFF900BE66425921051F27AAC5FDBDFF214B2DBCC84FC00F37678C6B86 |
| SHA-512: | DEDB97075571C3388059107FC807BCA3D54CCFA8730B948CCB4306E3100345DAE3C6E446D89564099D5A4C4561EEF4897A231ADEB889C4C6FA50850CD90C2A75 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1164 |
| Entropy (8bit): | 5.692551807619 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XWizvYKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5/:YvvaQEgqprtrS5OZjSlwTmAfSKR |
| MD5: | E232432031441B0D10F59D09D35B2726 |
| SHA1: | CA2FAD15A871660A5368E18844E460E94F7E8CCD |
| SHA-256: | 3771580A49B0EC12F3291DA6A6012A61B4B8E99D84B17A33B28BF1584CD0B329 |
| SHA-512: | D712EB8571BF5F4AE04E03734002C4111C4FC025D20D913E35803C0629820CD5B8B492C3862DDA0A761F679264788FB6519E33B147F06AB8B459B1A9E41FA96D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.29095012463114 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXdWhe+RTnVoZcg1vRcR0YIEeoAvJfYdPeUkwRe9:YvXKXdAiZc0vgGg8Ukee9 |
| MD5: | 73254EC98B6FB6B875E694AEC247668B |
| SHA1: | 44A628AC63CDCCE74AC2FCD6FA0C1E010B44C3A5 |
| SHA-256: | 6CE819B3EA35A21FD80E9DCE77637EA61BB1A6F355689E735968439C45AA8DF4 |
| SHA-512: | 594AEB276D48601EC80B694469D3ABBACEC2DBAE427E544C9A532FDBDDE5DB904FA1AB23D855C30BA3CF5F3515E989F6F74ACDC5EF0BB247B262D5C201B9FA41 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.77159274586781 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XWizv3rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN3:YvvafHgDv3W2aYQfgB5OUupHrQ9FJR |
| MD5: | B78ABFE1C5B8EE385BE00E791D222952 |
| SHA1: | 1E993A9A75507C76641A18CF64993ACAD5138D99 |
| SHA-256: | C3C463197D35454B1FA91ACE2CDAC26FE90E9B59EFF0C1091233F6438CFB7191 |
| SHA-512: | 1B52583843ACC6A685E0FCE19B8D01D4F94B15F6522931741A0603D0B1ED455E941A2F358BC2A2139BB94405EAB206EDD2BD3D0B72716C1F8B764D1A7E72035A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.274559420761148 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXdWhe+RTnVoZcg1vRcR0YIEeoAvJfbPtdPeUkwRe9:YvXKXdAiZc0vgGDV8Ukee9 |
| MD5: | F15BD7653FD335F3521A9C7EDBECE3D0 |
| SHA1: | 409F06530DFC943ADA4C536E4B79D4DED05B44B6 |
| SHA-256: | 73D22647560FF9267EC05D5779F5EFA93DDCF958270B27244563C5541CCA146A |
| SHA-512: | 37A930539D6759B8D87704BFFED7080A5B69E5471A7CDE5B8CA5C14DF8289705581C0ED37F147158690F977488A09BFB130D5170D862167567AB007B803B860F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.2801770231245495 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXdWhe+RTnVoZcg1vRcR0YIEeoAvJf21rPeUkwRe9:YvXKXdAiZc0vgG+16Ukee9 |
| MD5: | 1D0379978757145AEC9298D78C4FE36A |
| SHA1: | C06E5B3904FE3B04A44B93AB66E30A8E77E1A681 |
| SHA-256: | B75F560416A6168DA1823F32B1F0229BC304AD4690A9A1A3085A496B619E9131 |
| SHA-512: | 76EF1B5AFC7DB4F3717325BE2F420C1177BB0FFB530AD414CB84EB0C32144E6BB4EF0FFE6D07A66D6B7C7D668EE3D347FAB9C7DC2CE09692B950FB8C1C2E2E8E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1058 |
| Entropy (8bit): | 5.645433908469637 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XWizvFamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8B/:YvvaRBguOAh8cv+NKY |
| MD5: | 6D4612FE3CCC101DC0403B953AD0DB0E |
| SHA1: | C5B5B70386D9CB9EE0A632652D47E58610806420 |
| SHA-256: | B8255AB262D977836249456651C224E19A3FBD7C8747984E15EA59A6EE8F9880 |
| SHA-512: | 51E8EDB2D2F438EAD99747EA045B70980DA1C410204A5A628FF074C3A255E70CF0BE01BEA3DDF194F7036EEEC731B16749374387ACA5EECE4A37978737D24366 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.25439819207715 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXdWhe+RTnVoZcg1vRcR0YIEeoAvJfshHHrPeUkwRe9:YvXKXdAiZc0vgGUUUkee9 |
| MD5: | 8B0A17431A566329E3BB57ACD8BF6936 |
| SHA1: | 21B4C9F1E9BFF8BFDF67718818AC9AFABC365943 |
| SHA-256: | 11B39646C66BB6B70A668448A4AA8F320DA01162C1442C6E09D5B6BE81B51586 |
| SHA-512: | CD50E00E4FB37561E9F2992AA314852F36786C3DB381B48E3BE7A038041ADC82C379EC21738A30B589F8358E0FD4F15FC350426EE81FF21D28B75F0AE34FFFB5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.366220979493159 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXdAiZc0vgGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW1R:Yv6XWizvW168CgEXX5kcIfANhW |
| MD5: | 7B4F835A35E967A9962E0AE12C6A554D |
| SHA1: | 88F549D39ACC6B0ABE4BD4149D5EEF078E477D51 |
| SHA-256: | B10561E9190EAC28310F50C0AF02E969F304DAB9FBD14E40E06A87B5726C6D5F |
| SHA-512: | 5971529063A18F6E32B62B8CAC39A3BC8D464908D469141D1BC5D5AE5F0EF9CA7E07552140A15E1DA816468FE4F45153A14E7EF4B230FACA46B04FF0A1658A11 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2818 |
| Entropy (8bit): | 5.133354964739527 |
| Encrypted: | false |
| SSDEEP: | 24:Y3HKEaOB3maybFVZCQKHP5VD7TK45jG/C8J8j0S3ITFC32V6Qv2LSRjk5G9D7ugj:YrB3MN/KHxVrKKG/vO8wSnjkQ9Db |
| MD5: | 6747E1AEC7B2756E2560BE032BFCB5D4 |
| SHA1: | 0B46C45A24C7277B02FE2C9365F61A4E9DAB3F90 |
| SHA-256: | E3B2CEB2FF411C368D9837B7E0F973F456566493B7C43F25AF869FD0AC2CE6D5 |
| SHA-512: | 5524BB82AD835CB4D4DA6F971B0EE7DBF695C5CAD94A7E93059291C17C98E310C3BC54A20BC296BDF1143EB83E17BBC2E6831D320C870592A4A1FDC580F0213A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.1887054520664866 |
| Encrypted: | false |
| SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUPaTSvR9H9vxFGiDIAEkGVvp7aL:lNVmswUUUUUUUUPaT+FGSItPaL |
| MD5: | 39FED878D2A66E94DA4A05A7FB61CB32 |
| SHA1: | 70CE0B21B67DBC93D5C683FD71FD308E953E0936 |
| SHA-256: | C3494803F54249CE3C9DC564F802BB056C4F6442723A87DDEA064F2D22E80FC6 |
| SHA-512: | 0951B7E852E0B4570ED151500D0C652D246D409A5E3CD64DDB274755A7EF23244AF53F49682588DE1EF0BC815EDC0302C743826A7528F4314462E0394C6F5AD2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.6081288961426274 |
| Encrypted: | false |
| SSDEEP: | 48:7MVKUUUUUUUUUUPaXvR9H9vxFGiDIAEkGVv8qFl2GL7mst:7fUUUUUUUUUUPavFGSIt2KVmst |
| MD5: | C328B2DDD05AF379A046A67E62755BFA |
| SHA1: | C64B238DE40330A3CE96A036A7DD55956E0A0050 |
| SHA-256: | 5F10CADE7FB2CC9F5BE52DF6056E267006DFDC693DA437E7B773457BFCBE0C73 |
| SHA-512: | 1384C89C307B0244F95F7F75F4B7B7824364B4C10F0DAC74E6ACF7838C7F3591E8661DABDB0AE580C13666EE01EBB5A7BEA1AEF79B4C2B0F183B11BF0E2B418F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.54720191165387 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8dArNMZ9:Qw946cPbiOxDlbYnuRKfNMZ9 |
| MD5: | 4AC75547E40ADB250B6BDA46626D947A |
| SHA1: | 655979D1A8C99B9A8D66AFE1073ECC2A6535F3B9 |
| SHA-256: | DCEF088974A758FDF112259A2CE7F272345A2DA8C1E00AB689D93CDA27A27267 |
| SHA-512: | 988C55CC55AF968DDA8B2DE5C055B43EA433E1FC32D5F857ECB3AC42D305631D794519E8E4F5459574E61FFC3FA2FA20CA2320B88A4A72A1B2B48D2760AF30F4 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-28 16-35-49-185.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.345946398610936 |
| Encrypted: | false |
| SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
| MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
| SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
| SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
| SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16602 |
| Entropy (8bit): | 5.365150357766922 |
| Encrypted: | false |
| SSDEEP: | 384:gUglgwkAKww1orLTTRMHQyvbbkTYg9Z2tYthtfbRNxklrEDuJyr2dtrcPcNIJLoW:mSDSTTn |
| MD5: | 077DD74665E6CEEF433DE33C83D2CC1A |
| SHA1: | 6B1C465124347B1DE7ADF9727AE3994CA5EAE9B6 |
| SHA-256: | F4D993A8DB14BF4CC2DE6EA17262D275A55A4AAAF804C0FC1AE07D994CB8C2D2 |
| SHA-512: | AC589C51243B0DBC8C2C647D2A2D97D0ECC04CF0B1CC2075F1B7D6CEB5794055ABC32DE8A5ECC8040AE7CA19476DB090B66954ECFBA9B91DD85C5DCE60439D61 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.394127496297977 |
| Encrypted: | false |
| SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rU:4 |
| MD5: | EA25D2E7D159D9AAC62DA94F6C3E1348 |
| SHA1: | FF836A89E67777ED0DE4CE738AB84DE54683E339 |
| SHA-256: | 6B292688DEBDD9DAAFEC3676B3DA4131B1EE0D267B8221A1FADF453EE3F1DB67 |
| SHA-512: | 472C26D2546ABB1CBA4171EEB7BFFFF30D66DDDDA55315A78EF54224E85EE1F4DB1C25A36D802156BC5DB0D4E18FAA53C599EAF833951CBE0C3EFE75166D949A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
| MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
| SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
| SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
| SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.950873001143668 |
| TrID: |
|
| File name: | SOPO-PDF-83324.pdf |
| File size: | 58'002 bytes |
| MD5: | 39aaad18c7d6fbc487e8bb3c71bbeb12 |
| SHA1: | 97b2dddb385f644dccfb2d5ae059e1a18c70be66 |
| SHA256: | 1d39d123dcc22348e7abd5cb61c463ed4d449636d9f4c0083c060898094434d8 |
| SHA512: | a8de734bb627cba81954a0069267dcb06e7888da395c5af49c33e0401b74bccc06f212757abf402e06a429c2efb24ab834bceccfba9b52c604c7f313c21636e2 |
| SSDEEP: | 1536:+RA3CfgEUadgwuk+Gu3KizK3g7e1QJUCbM0DZR8r:8A47UlT12EedCjDZR8r |
| TLSH: | 2C43F1B5F99930ECC94E8FD1872B3ED8CE0DF25351C4209268AC415B1C9CFC967A99E1 |
| File Content Preview: | %PDF-1.4.%.....1 0 obj.<<./Type /Catalog./Version /1.4./Pages 2 0 R.>>.endobj.2 0 obj.<<./Type /Pages./Kids [3 0 R 4 0 R 5 0 R]./Count 3.>>.endobj.3 0 obj.<<./Type /Page./MediaBox [0.0 0.0 612.0 792.0]./Parent 2 0 R./Contents [6 0 R 7 0 R]./Resources 8 0 |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.4 |
| Total Entropy: | 7.950873 |
| Total Bytes: | 58002 |
| Stream Entropy: | 7.993811 |
| Stream Bytes: | 52956 |
| Entropy outside Streams: | 5.118722 |
| Bytes outside Streams: | 5046 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 35 |
| endobj | 35 |
| stream | 16 |
| endstream | 16 |
| xref | 1 |
| trailer | 1 |
| startxref | 1 |
| /Page | 3 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 16 | d06470d4051afd60 | 5bcfab78f270eff33b07b5679f419230 |  |
| 21 | 2092802bdae50a80 | bd9308b8159a6dcc8a870ea3406aeadd |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Aug 28, 2024 22:36:00.303122044 CEST | 49742 | 443 | 192.168.2.4 | 23.203.104.175 |
| Aug 28, 2024 22:36:00.303173065 CEST | 443 | 49742 | 23.203.104.175 | 192.168.2.4 |
| Aug 28, 2024 22:36:00.303235054 CEST | 49742 | 443 | 192.168.2.4 | 23.203.104.175 |
| Aug 28, 2024 22:36:00.303436995 CEST | 49742 | 443 | 192.168.2.4 | 23.203.104.175 |
| Aug 28, 2024 22:36:00.303451061 CEST | 443 | 49742 | 23.203.104.175 | 192.168.2.4 |
| Aug 28, 2024 22:36:00.862268925 CEST | 443 | 49742 | 23.203.104.175 | 192.168.2.4 |
| Aug 28, 2024 22:36:00.862561941 CEST | 49742 | 443 | 192.168.2.4 | 23.203.104.175 |
| Aug 28, 2024 22:36:00.862612009 CEST | 443 | 49742 | 23.203.104.175 | 192.168.2.4 |
| Aug 28, 2024 22:36:00.863646984 CEST | 443 | 49742 | 23.203.104.175 | 192.168.2.4 |
| Aug 28, 2024 22:36:00.863703966 CEST | 49742 | 443 | 192.168.2.4 | 23.203.104.175 |
| Aug 28, 2024 22:36:00.865998983 CEST | 49742 | 443 | 192.168.2.4 | 23.203.104.175 |
| Aug 28, 2024 22:36:00.866071939 CEST | 443 | 49742 | 23.203.104.175 | 192.168.2.4 |
| Aug 28, 2024 22:36:00.866209984 CEST | 49742 | 443 | 192.168.2.4 | 23.203.104.175 |
| Aug 28, 2024 22:36:00.866216898 CEST | 443 | 49742 | 23.203.104.175 | 192.168.2.4 |
| Aug 28, 2024 22:36:00.908468008 CEST | 49742 | 443 | 192.168.2.4 | 23.203.104.175 |
| Aug 28, 2024 22:36:00.963463068 CEST | 443 | 49742 | 23.203.104.175 | 192.168.2.4 |
| Aug 28, 2024 22:36:00.963705063 CEST | 443 | 49742 | 23.203.104.175 | 192.168.2.4 |
| Aug 28, 2024 22:36:00.963753939 CEST | 49742 | 443 | 192.168.2.4 | 23.203.104.175 |
| Aug 28, 2024 22:36:00.963973045 CEST | 49742 | 443 | 192.168.2.4 | 23.203.104.175 |
| Aug 28, 2024 22:36:00.964000940 CEST | 443 | 49742 | 23.203.104.175 | 192.168.2.4 |
| Aug 28, 2024 22:36:00.964011908 CEST | 49742 | 443 | 192.168.2.4 | 23.203.104.175 |
| Aug 28, 2024 22:36:00.964046955 CEST | 49742 | 443 | 192.168.2.4 | 23.203.104.175 |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Aug 28, 2024 22:36:00.589550018 CEST | 1.1.1.1 | 192.168.2.4 | 0xe93b | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Aug 28, 2024 22:36:00.589550018 CEST | 1.1.1.1 | 192.168.2.4 | 0xe93b | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49742 | 23.203.104.175 | 443 | 8084 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-08-28 20:36:00 UTC | 475 | OUT | |
| 2024-08-28 20:36:00 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 16:35:46 |
| Start date: | 28/08/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6bc1b0000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 16:35:46 |
| Start date: | 28/08/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 16:35:46 |
| Start date: | 28/08/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74bb60000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly