Windows
Analysis Report
maliciouspdf.pdf
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6532 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\m aliciouspd f.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 5404 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7360 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 60 --field -trial-han dle=1744,i ,118002545 7213062788 2,10832229 2511465078 29,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
73% | ReversingLabs | Document-PDF.Exploit.Pdfka | ||
100% | Avira | HTML/Malicious.PDF.Gen3 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
windowsupdatebg.s.llnwi.net | 87.248.204.0 | true | false | unknown | |
18.31.95.13.in-addr.arpa | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.56.162.185 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1501488 |
Start date and time: | 2024-08-30 00:36:37 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 0s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | maliciouspdf.pdf |
Detection: | MAL |
Classification: | mal60.winPDF@14/48@1/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe, UsoClient.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.144.73.197, 107.22.247.231, 34.193.227.236, 18.207.85.246, 162.159.61.3, 172.64.41.3, 199.232.210.172, 2.19.126.149, 2.19.126.143, 95.101.54.195, 2.16.202.123
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, settings-win.data.microsoft.com, ctldl.windowsupdate.com, time.windows.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, login.live.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, apps.identrust.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: maliciouspdf.pdf
Time | Type | Description |
---|---|---|
18:37:42 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.56.162.185 | Get hash | malicious | EICAR | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Phisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
windowsupdatebg.s.llnwi.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | EvilProxy, HTMLPhisher | Browse |
| ||
Get hash | malicious | Tinba | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 300 |
Entropy (8bit): | 5.266524329181214 |
Encrypted: | false |
SSDEEP: | 6:N52WRRyq2PcNwi2nKuAl9OmbnIFUt8852WRyz1Zmw+852WRylRkwOcNwi2nKuAlz:N90vLZHAahFUt889I1/+89654ZHAaSJ |
MD5: | FCAD97396FFCE26A7A61C15D687A3009 |
SHA1: | AF4715DA4F104240F1688FA7099A5D663E820363 |
SHA-256: | DBA884AA58C129AF838DB456EE2D5DCAF17D75CD65E9583CB51CF608AEF7AE46 |
SHA-512: | DC34B643483D8680C8796918FD06A9900EE7E7A9E802C31BAEF23816694309877AE967D66084014FB681060FB5EC8CA4AAEFEFBBFE9FC74BC7A9024CDBF2DE21 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 300 |
Entropy (8bit): | 5.266524329181214 |
Encrypted: | false |
SSDEEP: | 6:N52WRRyq2PcNwi2nKuAl9OmbnIFUt8852WRyz1Zmw+852WRylRkwOcNwi2nKuAlz:N90vLZHAahFUt889I1/+89654ZHAaSJ |
MD5: | FCAD97396FFCE26A7A61C15D687A3009 |
SHA1: | AF4715DA4F104240F1688FA7099A5D663E820363 |
SHA-256: | DBA884AA58C129AF838DB456EE2D5DCAF17D75CD65E9583CB51CF608AEF7AE46 |
SHA-512: | DC34B643483D8680C8796918FD06A9900EE7E7A9E802C31BAEF23816694309877AE967D66084014FB681060FB5EC8CA4AAEFEFBBFE9FC74BC7A9024CDBF2DE21 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 344 |
Entropy (8bit): | 5.22082045689789 |
Encrypted: | false |
SSDEEP: | 6:N52WR8mq2PcNwi2nKuAl9Ombzo2jMGIFUt8852WRepXZmw+852WRepFkwOcNwi2g:N98mvLZHAa8uFUt889el/+89e354ZHAv |
MD5: | 6036BFF992B83E89F1883B5E6EB68146 |
SHA1: | DF84EFBCC41D3DD35B410D78013E68960ECC3ECE |
SHA-256: | 91569BBB6856EDA8D7056614A1F09B97BB3F9EFAAAF860E51C776E673BF7047F |
SHA-512: | 42DD879AB7F0966CF560C52E53C8B88301A6D56D020EF5EDE1B9E54A0BF8417E209E51B46946CE9E1FBC9F68754696A7A28416A0DD2F86D3ECC60417BA5827B7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 344 |
Entropy (8bit): | 5.22082045689789 |
Encrypted: | false |
SSDEEP: | 6:N52WR8mq2PcNwi2nKuAl9Ombzo2jMGIFUt8852WRepXZmw+852WRepFkwOcNwi2g:N98mvLZHAa8uFUt889el/+89e354ZHAv |
MD5: | 6036BFF992B83E89F1883B5E6EB68146 |
SHA1: | DF84EFBCC41D3DD35B410D78013E68960ECC3ECE |
SHA-256: | 91569BBB6856EDA8D7056614A1F09B97BB3F9EFAAAF860E51C776E673BF7047F |
SHA-512: | 42DD879AB7F0966CF560C52E53C8B88301A6D56D020EF5EDE1B9E54A0BF8417E209E51B46946CE9E1FBC9F68754696A7A28416A0DD2F86D3ECC60417BA5827B7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\02085a0d-4f93-4115-85e4-12447d1f482f.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.969550278956958 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqosBdOg2H8Acaq3QYiubSpDyP7E4T3y:Y2sRdsgdMHW3QYhbSpDa7nby |
MD5: | 01C4BF8608F7FB2FAFBB2FD55655615C |
SHA1: | 25FD4234C76486211D0605EDE6E9BC2E0CE4FF67 |
SHA-256: | F807146DD73480A4FA497217BD139A8C1321C643720C2F317A44C1134259208B |
SHA-512: | D921A9581467C53EF4E06E0B1B2162D4BF6030CC23F9DDCC09B88C15A294F48B72FC6053EA187FB3848EA7B6B0A75F74730665172C7014B52FFEA4339EFEC568 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.969814904260269 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby |
MD5: | 7BE9C8316EB1B7252CB363207744A145 |
SHA1: | 57861355BE6541501AED40F896891579DCF473BF |
SHA-256: | B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D |
SHA-512: | 2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF693b74.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.969814904260269 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby |
MD5: | 7BE9C8316EB1B7252CB363207744A145 |
SHA1: | 57861355BE6541501AED40F896891579DCF473BF |
SHA-256: | B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D |
SHA-512: | 2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c973a4cf-774b-48c2-820a-b8b3e86e5100.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.969814904260269 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby |
MD5: | 7BE9C8316EB1B7252CB363207744A145 |
SHA1: | 57861355BE6541501AED40F896891579DCF473BF |
SHA-256: | B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D |
SHA-512: | 2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.237659553944381 |
Encrypted: | false |
SSDEEP: | 96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPAf6s0w3ofSZ:CwNw1GHqPySfkcigoO3h28ytPi6s0w35 |
MD5: | 353D85BB7F30A17B77B29014D80179A5 |
SHA1: | C414E40CF522944115124DA9D1157D380065FB8D |
SHA-256: | A3A414A01B6E21382C3D3E01BBA00367015530C2357006100F8E75D9E8F384C5 |
SHA-512: | 0C78BD37751152456380B0FBDA9B8864D839FB1050733C3C308E4A4E7C63375420636B42144A4257E8253102F0FE4F5AA682B9022092EEEDE0E3E39629DA98BA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 332 |
Entropy (8bit): | 5.222677279405834 |
Encrypted: | false |
SSDEEP: | 6:N52WVAmq2PcNwi2nKuAl9OmbzNMxIFUt8852WV7+XZmw+852WVZCkwOcNwi2nKuP:NmmvLZHAa8jFUt888/+8nC54ZHAa84J |
MD5: | 5E95266515A478DEDCC6BC93CED424A0 |
SHA1: | 03B7F56565572D82566599C2144BE60B55237DF6 |
SHA-256: | 84F53B52626BE51A3001254A0869CFCD903E5559E57E3EF329D1B83360A9683B |
SHA-512: | 0F6E6D23EAFB138ACC2F8FAA2E1F7D30D08EDFD3C6894A1A9EF3D1CF5E7DC7BB24D6F680E89F5CFFEB1FD18A387883221C925AC4C3B5BE3BA7168B3370207A56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 332 |
Entropy (8bit): | 5.222677279405834 |
Encrypted: | false |
SSDEEP: | 6:N52WVAmq2PcNwi2nKuAl9OmbzNMxIFUt8852WV7+XZmw+852WVZCkwOcNwi2nKuP:NmmvLZHAa8jFUt888/+8nC54ZHAa84J |
MD5: | 5E95266515A478DEDCC6BC93CED424A0 |
SHA1: | 03B7F56565572D82566599C2144BE60B55237DF6 |
SHA-256: | 84F53B52626BE51A3001254A0869CFCD903E5559E57E3EF329D1B83360A9683B |
SHA-512: | 0F6E6D23EAFB138ACC2F8FAA2E1F7D30D08EDFD3C6894A1A9EF3D1CF5E7DC7BB24D6F680E89F5CFFEB1FD18A387883221C925AC4C3B5BE3BA7168B3370207A56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240829223734Z-166.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 0.009534523076837647 |
Encrypted: | false |
SSDEEP: | 3:uIX0llBasxRj:ujlhj |
MD5: | F9CA182432AC0D508B998F53FD4D6FE2 |
SHA1: | 8137FA76C0B7B396461FC49FC0EB59B365D8872A |
SHA-256: | 922B024D0B9175F6D8747AC5B4C8C5C6E50BE4BE106A08A1D20D788C528B4EC6 |
SHA-512: | B345B30911E52E863BB66C25B303D670FC64A75C802E4682C8BFE73F9360595B8ACC3A138DED96414ADB9C19E7C9B3B062D08AC9A2566ACF6AAB5C7FB64CB559 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.439255743836526 |
Encrypted: | false |
SSDEEP: | 384:yeaci5GoiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:1EurVgazUpUTTGt |
MD5: | 99A976CEE56925EDB04BFE699FD2331B |
SHA1: | 933BEF9D8F9CB56DC4516D9411034BC5AB836972 |
SHA-256: | 47BFF7D67C1D3818844F4AB0A80C849D859B9689AF15F647A12A82EFE15D74B6 |
SHA-512: | 40E7123316CA6E8D6AFD011D0A590E5327543CEEC92226EA5377E1DE0D830B9168F2A390C6E9B41D71B83E963979F2558116A5DCF0813C1F18BE74513617FE99 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7803001129188476 |
Encrypted: | false |
SSDEEP: | 48:7MkAp/E2ioyVhioy3DoWoy1CABoy1pKOioy1noy1AYoy1Wioy1hioybioypoy1nG:7DApjuh0iAHXKQglb9IVXEBodRBke |
MD5: | BF5ABCCB9165C954217DFCB53AF86A93 |
SHA1: | 9D5B2B3F50BD608548FDEFA4728F713BDAA36BEE |
SHA-256: | 4D1BF35FD939F01078D8C74FBC103024BE32CC0854D281CD12A7FE295FF27883 |
SHA-512: | 13549FDE7D1D7F015A57BEF86992CEE6A76E099FF8A8799C0E718B6422B6D2DE8A58947403A1C253702FED545493C868BE893521663740EA957F4C9FBF802919 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.227991388555789 |
Encrypted: | false |
SSDEEP: | 6:kKVT9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:kDImsLNkPlE99SNxAhUe/3 |
MD5: | 0ED7AAB6815C8BAE87351E9888805EE2 |
SHA1: | C9212EE0508D8F0FE6C92D549088E1B3517407E1 |
SHA-256: | C645EC4A7E96B9F62A8E2C13722D2F65F16E9D10CC9768A7D536D0FA2644AA80 |
SHA-512: | 8D940F567CC67A2C0A0A132E590465033A2E3A1932BACCC9FC3AA067F6B91580C4F6F7009740115FAF654E4679A95F1A449B3C4052E2EB0E47C365CD37652FA4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.0050916095715485 |
Encrypted: | false |
SSDEEP: | 3:kkFklIqp/kNvfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7F:kKdqClxliBAIdQZV7I7kc3 |
MD5: | 4C014D5EB800B821CF395A9DDA119F75 |
SHA1: | 052FCF22CE494798949C26BD29B41235C7572701 |
SHA-256: | 520AFF8AA384C204C396E5389C357F32A0EBEFB6A406C246EB3415E80AC3CF7A |
SHA-512: | B9444231A492750C2C3C8899C76A739D8382FFDDEEE7A37ADE671491604291DC3CA23D481208C6F5D94008B9073F5408DFCEB0798E9B97D776FF294F14C44633 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.391564001931194 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJM3g98kUwPeUkwRe9:YvXKXueGTpn7sdTeOhGMbLUkee9 |
MD5: | A193E6DA213AB3A1689B8BE70A6A5267 |
SHA1: | 3B2D2E8ECB30B836077C207FA60AF76FCDDF26EE |
SHA-256: | 07816B0A03A707AA3ABBD2B130EE4F9E4BD6CF766BCA126137E7EC11858274A4 |
SHA-512: | 97E5E578EB2386C422A5CE07123E3AA2BBEE5ED96256230DDFB95D5C41451549B0836B41D7F175D81F628AFB1806A7237C32C2473C9AB0835AF9D32C4CE6B511 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.326438825991143 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJfBoTfXpnrPeUkwRe9:YvXKXueGTpn7sdTeOhGWTfXcUkee9 |
MD5: | 125523B8EFDA1C2F030985DD87A5C855 |
SHA1: | 5CA4DF4055FBBBD8A0FD48D1B7E9562C0B51E5A2 |
SHA-256: | 18D2DCB23E21DC1F471BA5699E64D9E5818A7FEA831D695BE71A4EC1B25EA95A |
SHA-512: | 4EA75F072F1D4D80BAB0752589498FB0609C15FB6A3B4546E2B64B7EA572B800FAFCE3C31B5A1B8F82987FD962A9C046EF15BDF8451BBE1A151BD2E840BD7D6D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.304987142517147 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJfBD2G6UpnrPeUkwRe9:YvXKXueGTpn7sdTeOhGR22cUkee9 |
MD5: | EDBC37EB627CBE9A7F62FE228BB65893 |
SHA1: | AADA9C6A1B3B86E87E9188456799722F764B74FD |
SHA-256: | 5FBCFDECCC324ADCCA88F576513A0BD5432A8AEB7E5C6EEEA56F16E2E3B09CFB |
SHA-512: | F14CD4AD8C7EBD0F5E542B081D2CB75190CCABBFF58FE3084054125C52B591C196104963A9F05FB40A7D793E4C47548F7E819AE7FB2B14F949CF87D60007332A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.3794318003707104 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJfPmwrPeUkwRe9:YvXKXueGTpn7sdTeOhGH56Ukee9 |
MD5: | 12A86194545674A2BBB0DB6B2264F524 |
SHA1: | 16481D8C8DD7EC35D57DE4AC257064D51FF40C25 |
SHA-256: | A37A5E382C5D3F0513914308349B01E60258C2786C308C761819DF5AEFCD1D80 |
SHA-512: | 3F5CCBCEB39430FBE5576FADF27A49BF899EF3C112CE9372384822E20D62D773E1574369B22547084B352C74C7E414CA96ECF9293A0A712C4F6B2B18C27910FE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.674679639598838 |
Encrypted: | false |
SSDEEP: | 24:Yv6XMn7meOGpLgEFqciGennl0RCmK8czOCY4w2SY:YvpqeJhgLtaAh8cvYvzY |
MD5: | 594B379255B8851D700EDA6C7178C2C2 |
SHA1: | E0CC77392DDE5AB74687FD04BBD6F33A6B83C345 |
SHA-256: | CA7EB7C02F64BBF7E4BBD6ECD99598914EAF73ABBAEB450265675A69997E7105 |
SHA-512: | 9A87C38C501085B08E0E9F78F4620F49161BE424C33E89D1515D5FAAD1312A534520B60FEA4222FC6AE31EE8D33E354C247090C075FDADD186BA560A23E493A0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.658345276555933 |
Encrypted: | false |
SSDEEP: | 24:Yv6XMn7meOwVLgEF0c7sbnl0RCmK8czOCYHflEpwiVr:YvpqelFg6sGAh8cvYHWpwu |
MD5: | 90DE606197311B74BB3BC0C22DA4912E |
SHA1: | C40D84F77AE2D70C168DF3D3295039AD5D8C4CFA |
SHA-256: | E9E0C70E392206AC6A3C97BF3BC8B19A48985778AF9713FAA6A7512B3B3D7468 |
SHA-512: | 60227A23C9629C39B35FFDC0A8BF0BBBC3363C7796600778A45739E52664EFD5DA4EFC266AB10B2244CD1088E9E70BCDC959ABD17A92856CCC0472D814593DFF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.320276300286173 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJfQ1rPeUkwRe9:YvXKXueGTpn7sdTeOhGY16Ukee9 |
MD5: | FFE66C6F1A0A6DF194D02611387E517B |
SHA1: | C6610223291FE219C7C0D2B0C6AABC5D485060A7 |
SHA-256: | 89402FCF0A9B830BD157F927D1682955C0D56DDEA5D7304DEC5682E9F7AEB387 |
SHA-512: | 62ACF3266E4C971C4725B6A1F1262B190E1CAB4F7ECD05CC859AF5B755F120C2665673AD7730360E14B5B2E69A383EBDFB1BD4BB871E1AA51B83DF47DC592D08 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.65700135945953 |
Encrypted: | false |
SSDEEP: | 24:Yv6XMn7meOV2LgEF7cciAXs0nl0RCmK8czOCAPtciBSY:YvpqeEogc8hAh8cvAIY |
MD5: | 144466265EDE4ED242B9755ADAFB422C |
SHA1: | 57F1025DF4A5F9B85594700371584F6D33571E17 |
SHA-256: | CB7BC64E7EE027B4CDA230870E1404ABA2A0F0AE80AAE5004AF777610D2A1042 |
SHA-512: | 2D74462F8DA5A8E48DADA1C6CDF940C024AF93AB0EC3DBFE662013CAA485840A0955904ACB9C329E0ADF9752C9C5DB339A484C2159ACA0DC2FE36A013100E0DF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.7036514221973595 |
Encrypted: | false |
SSDEEP: | 24:Yv6XMn7meO9KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5SY:YvpqeUEgqprtrS5OZjSlwTmAfSKcY |
MD5: | 0820E9927FC21366151ACD61B15DBDCA |
SHA1: | D1A19FA3F005839D8CE3FF78FFAD02B4633DC072 |
SHA-256: | A86DD2C7DC6D963473BAA1C46EACD0887901B0125F28E69A63D855F9A9ED12B2 |
SHA-512: | 0535749394CB1F96A265BA1F3D29F82D860299F15146955DEE0EFADCDCA407FB356A4F10109B3F3A6E20854B0B9B67FFE4058322EA38192D762672AFCBF0FCF6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.324107226979665 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJfYdPeUkwRe9:YvXKXueGTpn7sdTeOhGg8Ukee9 |
MD5: | 240A056E990D539B683516C049D42ABD |
SHA1: | 002F19B13C868F6485F9F199A276D1CF68510A03 |
SHA-256: | 2598708748EBEEE11734B36E6CC83E11FC33B7E4169E6003BF0DFAFC8EE75CBB |
SHA-512: | EC10C762E7F9257A27239C9CBBB31FA68FE7ABF584EC9222C8F273873635B01514B140A37AA7E78E5C7309F87652E54D861E94ABFD0036FE9FFE913798318ECF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.777029970892026 |
Encrypted: | false |
SSDEEP: | 24:Yv6XMn7meOArLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNT:Yvpqe7HgDv3W2aYQfgB5OUupHrQ9FJt |
MD5: | 64C4616A15D9EB6EAB504C3CE6FE6A43 |
SHA1: | 164AFB6E40A699C7DA0FE9FAA331188E39CA3444 |
SHA-256: | D689AEBDE4EC29247DAAB55735AA48CEFC7FB1864D65DB50BCB55D12BFDF7E9C |
SHA-512: | 7D83B19694B7A1A6D764412AC9630DDFE2B22B18806658186A656F0BF75A10FBC79396C7C6123AFB9F9055C83EC044F2CD4449EE39F32806905B088BE98B05F9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.307488639244733 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJfbPtdPeUkwRe9:YvXKXueGTpn7sdTeOhGDV8Ukee9 |
MD5: | 3F575844CEFE0301F1B33004F8C60EA4 |
SHA1: | BC17C56F2D0423BE7B91B24804D26EC61E4F575F |
SHA-256: | A83AABAAA83A3F1B17ECD38D8CF1ECBDF71DFE22BA3EDAA6DA2D9251696FA61B |
SHA-512: | 5C6D3661FD8D8EED0A5A7E8BF9DE6EB6500E9620E27E021E6ECB32DBEA42D2628FC16AFFCCFDE26EB6354631ACA8E57ABC342A2791776297CB2B85EB65873CCF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.3118240218124875 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJf21rPeUkwRe9:YvXKXueGTpn7sdTeOhG+16Ukee9 |
MD5: | 38476253E6FAE072094FBCB747B8D19F |
SHA1: | F6CBD4FB0930218A905059E62D8255A6125D0AC3 |
SHA-256: | 2B9FFA389693CE9CA0B6053A54DD4E943379A6FC2831AF7BD5D3F68E54277079 |
SHA-512: | BA8BA64B681AAB838AE2B1E5881DEB1985DCD2AB5855998FB91271E48738B5EEF1683EF7DB6083F96A0FE278474221D4A93A03C38E613A764144BFB9806CBFF6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.660273076618353 |
Encrypted: | false |
SSDEEP: | 24:Yv6XMn7meOaamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BSY:YvpqeFBguOAh8cv+NKbY |
MD5: | 85C0D7DF9B37F211135AACDC93D6B605 |
SHA1: | 3DAF5C677C20B8DA7DCDC403C79E12B82854B591 |
SHA-256: | 97184C7FFC324F8399360774EB0F5B47C47D6B1221774DD8B074C3E4EE0FAB28 |
SHA-512: | BD91D0BD291E29BB31A8AFBE26F09C701E3883A382B0E677C6892E4B1E3210BE41C0B811007D3100DD44F4462EEC2C7DEFAA0B4C6EBAE599DAE7C0F800B890AA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.289215709761161 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJfshHHrPeUkwRe9:YvXKXueGTpn7sdTeOhGUUUkee9 |
MD5: | C36D1912489037158DCC8ECC17B3D627 |
SHA1: | BB835EA603A39C308E155A3C64CB581583411B79 |
SHA-256: | AE3C8F6865D1332B8D17A210E1CA43A5EEE05D5022656C63BAED32E3AA919B3A |
SHA-512: | 7FCE6FA8426725D8C2711F45B4A6079EE5EDA499929BEF79697436DEEC0B83CDA5435A2B0703F829A5C08B38580F98FB4CDB24AFCD2BE7B22B9A28DA720EED47 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.3814562719561305 |
Encrypted: | false |
SSDEEP: | 12:YvXKXueGTpn7sdTeOhGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW/f:Yv6XMn7meOt168CgEXX5kcIfANhu |
MD5: | 5DB3B84AD1114AD7934FEB12C2802B43 |
SHA1: | C8F804401CCCA3C1E83F68C9D698FAF49EE2C290 |
SHA-256: | 2D7A797362273D437C0DE96E1526E549E0E9EEAB924CBC2F1CAE1996910C4B2F |
SHA-512: | 111E274167FD767D7CEC946E165D65C43040E50D1514E5540FB09AB6AEEC91FF90768EB57E20EDEFFE8FA8944072DAB83FD58FC4A5DB5FB4C5A7439F31A41EE8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.140576199083875 |
Encrypted: | false |
SSDEEP: | 24:YRrlyxPWaDayHjPcPWXCvUoLiY124munjsM2j0StXF228v2LS/et3Lem5E9Xccue:YR8v0PgLgN1OisMIfr8v1c36mi9X7 |
MD5: | BE32B0ACBF4D98CC1C80251188E841AB |
SHA1: | ADB174364061F67E17E5713A27DB3DB21079013B |
SHA-256: | 735E817B2D8969BF37689FC18104FC0CAB8FE0CECB9FA7E26869A3482D6372F8 |
SHA-512: | 75284FCAC8C76779D554C11DC7BB9932648AE5B0951947DEA7BAD08414CDDD798F66D67E2BED2D312CA70905F2EF2DD3195B610C483DEB6834AC447E409A6052 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.4533140010945313 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dskntlCnx:lNVmsw3SHtbDbPe0K3+fDZdQ |
MD5: | C1DF130FFADBBF2EA372A71524596C02 |
SHA1: | 6B26E8ACDE513D021132926D7FA3EC1C01AB7ADC |
SHA-256: | 209C649117925FECBF3E6FC19A4E5BCE8717A42FB196276A0615460CC788185E |
SHA-512: | 2965087AC128129B308DD5B2067523397BCF42E7F3BE7B271C8FB12F97E8CBAE6C79245A4E65FB9FE179D7B97C16FDB300DB336905D0B83D95479FA541764663 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.9558632736779407 |
Encrypted: | false |
SSDEEP: | 48:7MorvrBd6dHtbGIbPe0K3+fDy2dskn47qFl2GL7msY:7h3SHtbDbPe0K3+fDZdAKVmsY |
MD5: | 5D092E20C35441BDB42AEAAE31FD559E |
SHA1: | 12D30F4B6B8C5F701A8BCEA1ABB72ACF1CFA20EA |
SHA-256: | 443CF4A235CC1717698A6ED3CB523BC5750B95F120B31E6AB7BDC8C23EFB11A8 |
SHA-512: | 36A695B86C0F6954E22802F466170624376FBC3C642AFE3ABC76EFDCC5844740B74FEFA69DAE4AD331F1511740FBE565C2571F456028F8E13793AF565B7B6E91 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.536003181970279 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8xIAFElBf9:Qw946cPbiOxDlbYnuRKJz |
MD5: | 9E008C5514735B5CAD3CF3692AB55120 |
SHA1: | F01FB11E0FFF25A85FA4EDC2ABF6A88A49EBB1A9 |
SHA-256: | 3B8781168E996D8A0964512EF362302ED1D6FA06B2C34663690F4CC125E4749D |
SHA-512: | F0FBF346017D8825AEB91C2D008D65EBE6DBD308850E0A6BA845C818D254D9B91C8ED65C92174E4DCF489600D4967821615C5A5CE8D1831B2C70859903D43B22 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-29 18-37-32-677.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.386483451061953 |
Encrypted: | false |
SSDEEP: | 384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID |
MD5: | F49CA270724D610D1589E217EA78D6D1 |
SHA1: | 22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3 |
SHA-256: | D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D |
SHA-512: | 181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.348556989700785 |
Encrypted: | false |
SSDEEP: | 384:pRPsnlGHBO/x2OB6DjC2wb+qpcTSMDnxSFwKJNXEFXL0uxz+Q1GkYJYpg0m8Z2eM:lal |
MD5: | 54D495BA457DE218081E2B55A207E58A |
SHA1: | F71761F86EE40366B53E957D6541D8EEE195A938 |
SHA-256: | 1E8079BB7119838D893A3D4F1710E8C3F7C1081FDB796FAE37D3C9C67D6A035E |
SHA-512: | AB54ED4E48CBF93B6D1041191CF3303875F2C96724798259A00252F4086368363213821BE836AB458B85228D17428E17C912D1052EB6E55ADE0F7C6E47783FF7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35721 |
Entropy (8bit): | 5.419876977125563 |
Encrypted: | false |
SSDEEP: | 768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRm0:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gR1 |
MD5: | FE4F82FE2D86F3636DC9041293701667 |
SHA1: | 92C34C293DB12EEEF2A834E911E349EA014EC7DC |
SHA-256: | BC006CC2630CEF921C663AADDF9ED6578F6C17A46786B8B1D41E59A02FAC1C95 |
SHA-512: | F6C1C61E04DAFFE87F9EBC627C9FC72588AF984561C694B6F9A2153FDF4AA53C71D956119CCA9D3D9DED0CD47D6467FB5309986CABD7685545A0239808C12C98 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru |
MD5: | CA6B0D9F8DDC295DACE8157B69CA7CF6 |
SHA1: | 6299B4A49AB28786E7BF75E1481D8011E6022AF4 |
SHA-256: | A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7 |
SHA-512: | 9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.909297610640294 |
TrID: |
|
File name: | maliciouspdf.pdf |
File size: | 7'342 bytes |
MD5: | fea26c05a0e34c85dcace36d02ecac9f |
SHA1: | 8160f922fdb287274a5962ed49d9e62b7d1b24d8 |
SHA256: | f161a489dd4aa6e48c77717deae162f52b917da5550fde450d1bfb3e154a3dfc |
SHA512: | 077bdd40c4b6b2e554520b8fa303107cb88ad14203ffe30aa04161bf1e07e389c6fc1f1b953d1dbb86e55bb2bf50b98ac63159631d5c457341ea9a482285da81 |
SSDEEP: | 192:u+PDhOWcKuQu7ZgRXbvJ51FxJln4R7qJ6Jm1aHH+eX:HPdOWHA1qXbvD1rqj2y+eX |
TLSH: | E2E19E24048AB98CFB71526D82B7BCDD60C8369168C875C643F0EE2F7781FB85972350 |
File Content Preview: | %PDF-1.5..%......1 0 obj<</T#79pe/Ca#74a#6co#67/Ou#74lin#65#73 2 0 R/Pa#67es 3 0 R/#4fp#65n#41cti#6fn 5 0 R>>endobj..2 0 obj<</#54yp#65/#4f#75tl#69#6ees/#43o#75#6e#74 0>>endobj..3 0 obj<</T#79#70e/#50age#73/Kid#73[4 0 R]/Co#75nt 1>>endobj..4 0 obj<</#54y# |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.5 |
Total Entropy: | 7.909298 |
Total Bytes: | 7342 |
Stream Entropy: | 7.967120 |
Stream Bytes: | 6609 |
Entropy outside Streams: | 4.862696 |
Bytes outside Streams: | 733 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 6 |
endobj | 6 |
stream | 1 |
endstream | 1 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 1 |
/JavaScript | 1 |
/AA | 0 |
/OpenAction | 1 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 30, 2024 00:37:43.419969082 CEST | 49717 | 443 | 192.168.2.7 | 23.56.162.185 |
Aug 30, 2024 00:37:43.420001030 CEST | 443 | 49717 | 23.56.162.185 | 192.168.2.7 |
Aug 30, 2024 00:37:43.420150042 CEST | 49717 | 443 | 192.168.2.7 | 23.56.162.185 |
Aug 30, 2024 00:37:43.420356035 CEST | 49717 | 443 | 192.168.2.7 | 23.56.162.185 |
Aug 30, 2024 00:37:43.420372963 CEST | 443 | 49717 | 23.56.162.185 | 192.168.2.7 |
Aug 30, 2024 00:37:43.995405912 CEST | 443 | 49717 | 23.56.162.185 | 192.168.2.7 |
Aug 30, 2024 00:37:43.995662928 CEST | 49717 | 443 | 192.168.2.7 | 23.56.162.185 |
Aug 30, 2024 00:37:43.995675087 CEST | 443 | 49717 | 23.56.162.185 | 192.168.2.7 |
Aug 30, 2024 00:37:43.996956110 CEST | 443 | 49717 | 23.56.162.185 | 192.168.2.7 |
Aug 30, 2024 00:37:43.997020006 CEST | 49717 | 443 | 192.168.2.7 | 23.56.162.185 |
Aug 30, 2024 00:37:44.016997099 CEST | 49717 | 443 | 192.168.2.7 | 23.56.162.185 |
Aug 30, 2024 00:37:44.017139912 CEST | 443 | 49717 | 23.56.162.185 | 192.168.2.7 |
Aug 30, 2024 00:37:44.017167091 CEST | 49717 | 443 | 192.168.2.7 | 23.56.162.185 |
Aug 30, 2024 00:37:44.064502954 CEST | 443 | 49717 | 23.56.162.185 | 192.168.2.7 |
Aug 30, 2024 00:37:44.072434902 CEST | 49717 | 443 | 192.168.2.7 | 23.56.162.185 |
Aug 30, 2024 00:37:44.072443962 CEST | 443 | 49717 | 23.56.162.185 | 192.168.2.7 |
Aug 30, 2024 00:37:44.119323015 CEST | 49717 | 443 | 192.168.2.7 | 23.56.162.185 |
Aug 30, 2024 00:37:44.174114943 CEST | 443 | 49717 | 23.56.162.185 | 192.168.2.7 |
Aug 30, 2024 00:37:44.174190998 CEST | 443 | 49717 | 23.56.162.185 | 192.168.2.7 |
Aug 30, 2024 00:37:44.174299955 CEST | 49717 | 443 | 192.168.2.7 | 23.56.162.185 |
Aug 30, 2024 00:37:44.175087929 CEST | 49717 | 443 | 192.168.2.7 | 23.56.162.185 |
Aug 30, 2024 00:37:44.175106049 CEST | 443 | 49717 | 23.56.162.185 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 30, 2024 00:38:01.551116943 CEST | 53 | 50862 | 162.159.36.2 | 192.168.2.7 |
Aug 30, 2024 00:38:02.053623915 CEST | 50323 | 53 | 192.168.2.7 | 1.1.1.1 |
Aug 30, 2024 00:38:02.061785936 CEST | 53 | 50323 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Aug 30, 2024 00:38:02.053623915 CEST | 192.168.2.7 | 1.1.1.1 | 0xd866 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Aug 30, 2024 00:37:38.616189957 CEST | 1.1.1.1 | 192.168.2.7 | 0x9f2e | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Aug 30, 2024 00:37:38.616189957 CEST | 1.1.1.1 | 192.168.2.7 | 0x9f2e | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Aug 30, 2024 00:38:02.061785936 CEST | 1.1.1.1 | 192.168.2.7 | 0xd866 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false | |
Aug 30, 2024 00:38:08.672575951 CEST | 1.1.1.1 | 192.168.2.7 | 0x573f | No error (0) | 87.248.204.0 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49717 | 23.56.162.185 | 443 | 7360 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 22:37:44 UTC | 475 | OUT | |
2024-08-29 22:37:44 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 18:37:28 |
Start date: | 29/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff702560000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 18:37:29 |
Start date: | 29/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c3ff0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 18:37:30 |
Start date: | 29/08/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c3ff0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |