Windows
Analysis Report
LEONARDMARIE.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 4144 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\L EONARDMARI E.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2616 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7268 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 84 --field -trial-han dle=1728,i ,137548060 6951445262 0,14320685 7877434593 04,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
windowsupdatebg.s.llnwi.net | 46.228.146.128 | true | false | unknown | |
15.164.165.52.in-addr.arpa | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.22.254.206 | unknown | United States | 14618 | AMAZON-AESUS | false | |
23.41.168.139 | unknown | United States | 6461 | ZAYO-6461US | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1502492 |
Start date and time: | 2024-09-01 22:34:59 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | LEONARDMARIE.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/45@1/2 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 172.64.41.3, 162.159.61.3, 2.16.202.123, 95.101.54.195, 46.228.146.128, 2.19.126.149, 2.19.126.143
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com, wu-b-net.trafficmanager.net
- VT rate limit hit for: LEONARDMARIE.pdf
Time | Type | Description |
---|---|---|
16:35:57 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brand":["unknown"], "contains_trigger_text":false, "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.22.254.206 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
23.41.168.139 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Sliver | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
windowsupdatebg.s.llnwi.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AMAZON-AESUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
ZAYO-6461US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Sliver | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.210888040349239 |
Encrypted: | false |
SSDEEP: | 6:PVT++0wq2P92nKuAl9OmbnIFUt82VT+5Zmw+2VT+TkwO92nKuAl9OmbjLJ:P5ZRv4HAahFUt825M/+25s5LHAaSJ |
MD5: | 4597EF39908B5343388A5BB63AF4A4B6 |
SHA1: | 53D01E005A3AA650DBEA7F6165BD0A809DEB60F9 |
SHA-256: | 635BF6E2C190DCA1168452AFAEE8057A78B31429F86FA0EA33541DD8AE23F3A7 |
SHA-512: | BCB6E6938BD88442DACEEC480D52036936217FE90F76A566D68C7F076F9396B4080877A0556C004F2E8C67F6A70B06BC94858D189072DC7F95063F54A24127BE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.210888040349239 |
Encrypted: | false |
SSDEEP: | 6:PVT++0wq2P92nKuAl9OmbnIFUt82VT+5Zmw+2VT+TkwO92nKuAl9OmbjLJ:P5ZRv4HAahFUt825M/+25s5LHAaSJ |
MD5: | 4597EF39908B5343388A5BB63AF4A4B6 |
SHA1: | 53D01E005A3AA650DBEA7F6165BD0A809DEB60F9 |
SHA-256: | 635BF6E2C190DCA1168452AFAEE8057A78B31429F86FA0EA33541DD8AE23F3A7 |
SHA-512: | BCB6E6938BD88442DACEEC480D52036936217FE90F76A566D68C7F076F9396B4080877A0556C004F2E8C67F6A70B06BC94858D189072DC7F95063F54A24127BE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.218382874795987 |
Encrypted: | false |
SSDEEP: | 6:PVT+zE+q2P92nKuAl9Ombzo2jMGIFUt82VT+y5Zmw+2VT+unNVkwO92nKuAl9OmT:P5yv4HAa8uFUt825R/+25Nz5LHAa8RJ |
MD5: | 16F76F7E92609403916B74307DB24C9F |
SHA1: | C87DD42A97E15BA382FB1C230E2D6B474EAEEE59 |
SHA-256: | 1A26A92D084295D432F2030ACCA8A8646217A33EA099A83AEA3FAD2B5DC9999B |
SHA-512: | BA423F6727C9AD48F68DCB7D231437672F754B3D96C4C58718A62990890AFB99CE67C7E625E9F48CBAD2CF5B056A77FB56FC72720DCBCEF5850B180FBB1D53F9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.218382874795987 |
Encrypted: | false |
SSDEEP: | 6:PVT+zE+q2P92nKuAl9Ombzo2jMGIFUt82VT+y5Zmw+2VT+unNVkwO92nKuAl9OmT:P5yv4HAa8uFUt825R/+25Nz5LHAa8RJ |
MD5: | 16F76F7E92609403916B74307DB24C9F |
SHA1: | C87DD42A97E15BA382FB1C230E2D6B474EAEEE59 |
SHA-256: | 1A26A92D084295D432F2030ACCA8A8646217A33EA099A83AEA3FAD2B5DC9999B |
SHA-512: | BA423F6727C9AD48F68DCB7D231437672F754B3D96C4C58718A62990890AFB99CE67C7E625E9F48CBAD2CF5B056A77FB56FC72720DCBCEF5850B180FBB1D53F9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1eb0c00d-649b-4536-b739-fb3d19b7c375.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.056134404417856 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqvIsBdOg2Hrfcaq3QYiubxnP7E4T3OF+:Y2sRds4ddMHy3QYhbxP7nbI+ |
MD5: | 6107D823E1ACDA7C00DCAEE013C3C384 |
SHA1: | 41EB99D4D6D7F0AA5D26C5028CFEFC36D51FFFE1 |
SHA-256: | 0F2C04DDD565CB50B46110A0B5C5E56CC2C895317C8C34BD4F22D3EB2D7E7E3D |
SHA-512: | 515DBAB7C8BC28708909447B6917C075C603194EF0E6AF178DAC972EFF7E0E114756CA5944EFAB6B0B03041C05EA9F8B69C4CF8AA14A16011359D4232BFC6526 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.056134404417856 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqvIsBdOg2Hrfcaq3QYiubxnP7E4T3OF+:Y2sRds4ddMHy3QYhbxP7nbI+ |
MD5: | 6107D823E1ACDA7C00DCAEE013C3C384 |
SHA1: | 41EB99D4D6D7F0AA5D26C5028CFEFC36D51FFFE1 |
SHA-256: | 0F2C04DDD565CB50B46110A0B5C5E56CC2C895317C8C34BD4F22D3EB2D7E7E3D |
SHA-512: | 515DBAB7C8BC28708909447B6917C075C603194EF0E6AF178DAC972EFF7E0E114756CA5944EFAB6B0B03041C05EA9F8B69C4CF8AA14A16011359D4232BFC6526 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.230545554328731 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLULm6RRzZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLg |
MD5: | 0D8E94AC85AC81CAE41F7FB605BE6BF3 |
SHA1: | 9F82BB0B3C55584D3CD66A41FB63990D7A9E032B |
SHA-256: | BBC7AA3A5DBA47D4FC94CB8EF4BA62B2BB58D27141C10323029EFC0B7492203C |
SHA-512: | CFE59BED907C26ED4913A0071B8B3D28E5364834213364FD131D967FF67A6B8B9BCF90510C5DE5E4C559F21FEABDA0166716F64CA320629782C08115741936A5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.214903818272348 |
Encrypted: | false |
SSDEEP: | 6:PVT+kHN+q2P92nKuAl9OmbzNMxIFUt82VT+Q5Zmw+2VT+QtVkwO92nKuAl9OmbzE:P5Sv4HAa8jFUt8251/+25n5LHAa84J |
MD5: | B6DEAC5E1D4F6F88A7458C24F992541C |
SHA1: | 9AA7880E0CF00F4175CCCABF19E09A4C6814FC18 |
SHA-256: | 9C4267348663B65D2017511AB9494A65DD6053B2FBD8B6F79F92A796C4DED3EE |
SHA-512: | 393349F50C105FF188A38B046F6335D0245D5B4BEE5A2FC97A66B14A593D0BEF0AB1FE30D29AD1B67442A6CA55FDB92E881ACD584D276DC5AA06F256853683E5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.214903818272348 |
Encrypted: | false |
SSDEEP: | 6:PVT+kHN+q2P92nKuAl9OmbzNMxIFUt82VT+Q5Zmw+2VT+QtVkwO92nKuAl9OmbzE:P5Sv4HAa8jFUt8251/+25n5LHAa84J |
MD5: | B6DEAC5E1D4F6F88A7458C24F992541C |
SHA1: | 9AA7880E0CF00F4175CCCABF19E09A4C6814FC18 |
SHA-256: | 9C4267348663B65D2017511AB9494A65DD6053B2FBD8B6F79F92A796C4DED3EE |
SHA-512: | 393349F50C105FF188A38B046F6335D0245D5B4BEE5A2FC97A66B14A593D0BEF0AB1FE30D29AD1B67442A6CA55FDB92E881ACD584D276DC5AA06F256853683E5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240901203554Z-151.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 2.016097812283715 |
Encrypted: | false |
SSDEEP: | 192:cUDX9exCAvYeqOVvixs8m5LgaCq+dMdxqoMRVsVySciPHVj9ukaz9Nz4KX5USxFv:cUDUYoys8osaCq+Srci991gNOGh |
MD5: | 78A2A053596E05F69D5978A32110C271 |
SHA1: | 6738296927A296D76A6B316A21972F02EFA01005 |
SHA-256: | 6D180081D8EFD5E7F637E3A2F7714500A3F592293D2DA29A4A8071239AADA441 |
SHA-512: | 19A09302E59CAA93BB68AE495BF5635B74C962147A477C2C8D0CDD6A4B2476CA30FCC679584FEB22C1AE1E25E9AE395CF1C16429BBBA8ED45B0C865F10472569 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 290 |
Entropy (8bit): | 2.9542326924097546 |
Encrypted: | false |
SSDEEP: | 6:kKg9Usw9L+N+SkQlPlEGYRMY9z+4KlDA3RUe/:jD9LNkPlE99SNxAhUe/ |
MD5: | 187C37C03D72DC7AC4C4C214DCDA9A38 |
SHA1: | E752C68108D553A1DA928DC2461CA90847A3E8B9 |
SHA-256: | 39CF95CF8F5B362350730DBA92FD8C0992DFBF7769D4AA1DA59598C04A4E87C3 |
SHA-512: | 40C115235B5B868569B4462ECDD5129D82DA8C549588B0DDC9D61C904810B8F5C05EC403305F9BA99E67EA81DA0239A249B033A8A7B0C79B64F76C42BD9FAD1B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.0264678871426307 |
Encrypted: | false |
SSDEEP: | 3:kkFkleLBM1fllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7ln3:kKJBAxliBAIdQZV7I7kc3 |
MD5: | B37A1FBA95229E654D86D2CD35C8A1F2 |
SHA1: | 18F60F819E26A9B9278A6C6598EBB92112FD5060 |
SHA-256: | 87505602EFCC54A4020E1F1BF5C4839D31D6ACB9BD6C5B141E68F0AFFAC7B23F |
SHA-512: | DD3A7B6D86C3E59C965F5BB5104724A0EBB6BA6284427ED760D0A43A2F204002CF6223DE80E9F25B6536B696BD9CA29F692B8957B92A78D05EC891DCEE3A272B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.32668743751319 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJM3g98kUwPeUkwRe9:YvXKXu7/0yYpW7oGMbLUkee9 |
MD5: | 38E0E9A9FF048E42E885056F22E82CD5 |
SHA1: | B09639DB2525A122AE5D7A5B4029B8962AC38DEF |
SHA-256: | 96DA3C751EFA8EA12671FC8BB6A67B2D41E3E7C84867F15173F5B273987E831A |
SHA-512: | 732CE0D7672B549CE4F911E33237568694CC113CE50E6E168B0E2519981B72CA7E7CA37BCDC15B0ED6FEDBDB8D6AA4729A9DD0EB036A0FA11C72F369BC2875FB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.265147016672313 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJfBoTfXpnrPeUkwRe9:YvXKXu7/0yYpW7oGWTfXcUkee9 |
MD5: | 3BD0D1689CEB1BD2D2FC6F9B7EECAB10 |
SHA1: | D040A18AB96332F3935128C84F1398A936A14F51 |
SHA-256: | 0E1D9B768616E7BEFDD103DC414EE51BB6D65C37C2F7A39A6C814C4BC14954D3 |
SHA-512: | 19038E55A457BD3691EFAAD4965C1648D7339F7CAF4583601C54C19F9BF3AB14429A1D889A1265638F12EA372FF7AA3421AF05474B4843C7C313F8885492730F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.243285931417581 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJfBD2G6UpnrPeUkwRe9:YvXKXu7/0yYpW7oGR22cUkee9 |
MD5: | 3E4E61AE631CE1FC73CF4B61A1354A55 |
SHA1: | CF4527CB492045E2A37F35CF165C93284170BFB8 |
SHA-256: | 46CFEB78A992F84E0A5129624FA763F357FCBC215B6287F8F0984D9D63C89D07 |
SHA-512: | EFA7A862CAFCDC5C538906D832DEDFEF375B54C29059A26814D2020606C84674410E191347167305A649F4C0A0A2944E5451BB0354C2A04B2B74A342183302F6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.304293439770494 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJfPmwrPeUkwRe9:YvXKXu7/0yYpW7oGH56Ukee9 |
MD5: | 91805CF1872AEBB6E7274E1CD8FC295A |
SHA1: | 3D9E634312226CCCD0D365535E10E4F49E1C6D58 |
SHA-256: | DAC2746F2BEA42E3202E66AC523AA6A9DAE73BF0C29F15D1EB5229CE7C1F5D28 |
SHA-512: | DF8588F4E0B0F1B0AE6DEC35ED998A4E4D9C826CCF1F6BA8EE43D135043056BA02BAC44B483D43B4B274D1BB27D7059A398DB96697795EF1C48D01F5436E80D3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.657614346619108 |
Encrypted: | false |
SSDEEP: | 24:Yv6X2sXilpLgEFqciGennl0RCmK8czOCY4w22:YvBlhgLtaAh8cvYvB |
MD5: | C3FFB585FF6AE2C0A1D76C2A1717249A |
SHA1: | 361DF5C2B979B748AE238DE249AA959C1579115F |
SHA-256: | 3FB52B896A1130B175E772C9BF833773506A90D2BE91D101308EF629EAA94F24 |
SHA-512: | C79806D6E0B37753CC4F8407CF3DDD54E87552CB0A5CD9715E2329A86AEA4B05D086C4F4CC07AAC039D6FD1CDA4EB470B14A2B6B842CA2F41D387CA4B07E31FE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.643797386576882 |
Encrypted: | false |
SSDEEP: | 24:Yv6X2sXipVLgEF0c7sbnl0RCmK8czOCYHflEpwiV2:YvBpFg6sGAh8cvYHWpwr |
MD5: | E247830FDB62F64C0D7DD3DDF8770A34 |
SHA1: | 93BBC073B6485D15400EE722E7A826E5CC7D261C |
SHA-256: | 7513422CB0541B0083C8D6670F1DC87E33638653849AF7D8B2146D3EBB471210 |
SHA-512: | C5F878D9819165ADB03FC7A22796E2D26176F02B43FB5908E1B100689F1138FE92971952981C11958CFD51199747BF1C5AFF80AB440E23688BD2C819145BA242 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.249190213681988 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJfQ1rPeUkwRe9:YvXKXu7/0yYpW7oGY16Ukee9 |
MD5: | 16C96761778CDFBE4EF49935F2A77B32 |
SHA1: | 109C61C533FF2DB91676113AD40E0A197998F202 |
SHA-256: | 1A1D0BACD44FDB1B3BF53A63F8AE2F96B3C76BD0DFE479E5F85F7F06E8138615 |
SHA-512: | 134457B8F624FDE359800143FF8B530721ED9DDA3BEB7B2E4463305D00A8326404D4347622D8E2071EE9EF8CF43884DF631D0FBED12F8EF5C0D31A2DBB844513 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.638428673539438 |
Encrypted: | false |
SSDEEP: | 24:Yv6X2sXiY2LgEF7cciAXs0nl0RCmK8czOCAPtciB2:YvBYogc8hAh8cvAw |
MD5: | 33BE38AF8F1DFDD235F1C49BED841757 |
SHA1: | FCFEBAE3203A5F00F05E974F8BCFD7B1392DB058 |
SHA-256: | 5D9989E6F725180FFC878E17C685AD3469BB1D26AE9DB99917F4D9516E176FC5 |
SHA-512: | 83CB59D06EAA0BB992E034073D6D39F8711C527E13BB512A2C100575ACFFB090CF4A8861F347030820DA85AF039104DFF368AD39306C384B0AD05D841FC4869C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.69276770899753 |
Encrypted: | false |
SSDEEP: | 24:Yv6X2sXiQKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK52:YvBQEgqprtrS5OZjSlwTmAfSKc |
MD5: | B97F92A61EB3546DC6DEA8C8E5944ECD |
SHA1: | D1147EE76D578C80D9D03C7339E468CF6C22698D |
SHA-256: | 7D6E21947CE89297FF69DF4949E9497E906747896B5F763B4B27729B7C4CFBC2 |
SHA-512: | 78B97E676C88C8467CAB3B1F5C24BF5AA65DE34515982E7C4FC618CCA91B9BD014962ECB5C1D2CC65191C7DA6D27CA7535D9AF7517338DA213BA44D3F3A68D7E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.256418098377463 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJfYdPeUkwRe9:YvXKXu7/0yYpW7oGg8Ukee9 |
MD5: | E89180650420ED60DBED8AC12BCB9EF3 |
SHA1: | F4759762A9CEB13C6DD537839DD6403135F0ADE7 |
SHA-256: | 9F6D69C32215E7FD002E083B27CE85BC9693FC89703E21259394DF9619959253 |
SHA-512: | 9AA64B24A25E71F883BD59726773BD1189A87D61AF7066A66E028983CA67C19D2E799B03786D8843FCFF54CDF9FCED060BCD4C2A1E25B09A80E75D7FB70557EF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.7664409660813885 |
Encrypted: | false |
SSDEEP: | 24:Yv6X2sXifrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNu:YvBfHgDv3W2aYQfgB5OUupHrQ9FJc |
MD5: | 6F3BF9D61064C97156875F7DB53C529C |
SHA1: | F3A0B67A925D668A4D2D6D9FF0D256BEE9109FAA |
SHA-256: | AB82158CD0EDC6D6402419FAE5E01605DCDA606FBFF8C4C051D130ED4CA4B330 |
SHA-512: | 29AE17B69E357A61090EFF7A4F09A1DD71989D8EE41F3F97FAD93323BFD9F0F8D819BF4ECC1AC99CE00C6B657D7F61D9E1D5E2B463E2642C353349ECA5059589 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.240264728021241 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJfbPtdPeUkwRe9:YvXKXu7/0yYpW7oGDV8Ukee9 |
MD5: | 7A1EFB1E6051AF4CBBAE5943A059383A |
SHA1: | A328BF6A19B68A45315CBECE2A38A881A46D6253 |
SHA-256: | FE06C775B8E7954D2C8831DF464B3E732A150B363039BA65D1B2E7080A7E0C21 |
SHA-512: | FAAD830DFCE3880AF79CDF0EF1AE055D72DA22B75348F0ED509B914EA112CAC00327660EED2F0B31EA75B6333C6D9BD76F70F74B05D1A427DFBBD229C84A4B8B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.241020328092074 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJf21rPeUkwRe9:YvXKXu7/0yYpW7oG+16Ukee9 |
MD5: | 88492F637C3C64A3B75B92FE50EF4994 |
SHA1: | 132E3C9532F5FC939C9410B21B1BA08688A1E80F |
SHA-256: | 48AD22AE33CA2667E87882D418D60CA1BCC5BBEC09436ECDE95E0FFD3129A17A |
SHA-512: | 1809635E545C3BED46C8F887C18A76AAA1C5916EEBDB2B3A2170E0CD5705983DD6CE83F0A7E601FACC3E67E3795C2F3C74DAD4DD2D0B11A3376ED3CD23D9D5D3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.646184213713829 |
Encrypted: | false |
SSDEEP: | 24:Yv6X2sXi9amXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8B2:YvBRBguOAh8cv+NKJ |
MD5: | 12DD978D58E209F4E87605F69E7A7390 |
SHA1: | B9C92AD3996362DC854497D53F287273748E8C2D |
SHA-256: | 1F832815566A4C3ECE04050867A41ABCFB22C88FC5BC46ABD11B716A647027E8 |
SHA-512: | 8F086F7047977A5A93B37F97E72CFBC64F8B5FD7AF6304C866C563B834CDA8D215C92603F8EAABAE353DF874413DADD9C0A1D33ABF759E2C899921A7B6781F43 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.214951814063949 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJfshHHrPeUkwRe9:YvXKXu7/0yYpW7oGUUUkee9 |
MD5: | BBE53898DB71D0B864B2D378E29C0C9F |
SHA1: | BD42271F4F99AE5EF45B4D9062AFD5501B4480DF |
SHA-256: | 3B88C2293325C6B6DA70FD6BF017533C36FCE9F023566E9F9FECDAD19C585FB4 |
SHA-512: | F4C3CB2E6690BA48010C473DB86BA9B563E5A46AC451078F3D631580D1BC8C5AEA1574942C3CB06D4182B89A0F007AEA7E258F39748ED48F0FEBAC3F885C3C5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.351522535148446 |
Encrypted: | false |
SSDEEP: | 12:YvXKXu7/0yYpW7oGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWC:Yv6X2sXiO168CgEXX5kcIfANhr |
MD5: | 50B01E3087399180EC325391170051AE |
SHA1: | 05E5519D6007966784B7A8152C2A95D686B05A6A |
SHA-256: | 36312751D5517AFB3D79624626A04649325558CEFA16E5A8BDA58329E43AA927 |
SHA-512: | A6CAE111B7EC29423496393045D0DBA7D60A702E68AA6844FCE64763EAF2293FCC50991C5DE8A725D83170A0817D46C3473DB7C35391360B582A42D030DDEB12 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.126277177037373 |
Encrypted: | false |
SSDEEP: | 24:YW41Z4FELbWaJT1aydvKThCAYGDwJm7ZBUG11sMoqCJdfjZBpAsj0SjPIBwS2Viv:YWQnT5K3YGMSBD4nbi+S+iaD0WwC94 |
MD5: | 008DD004809604BB5FD59A934BB80068 |
SHA1: | 03D33B8F52F9A2E0920F8ACBFBCA5E7F64AB94C2 |
SHA-256: | A9EA36B325A921C26FA9B484FA15768140ABA58567625E58D615E166F3A5919D |
SHA-512: | F5661DEEB10DA7A81D03EC2F1664998F6401E9C03116CA312535514472BF0CAF6DF92499FE2870E21E8669C1A59A14BE87744F01DF76B634011BC6B81F1D0389 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9839395564375616 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpvZ4zJwtNBwtNbRZ6bRZ4SZF:TVl2GL7ms6ggOVpSzutYtp6PN |
MD5: | C500DC0362BB833E5D8F061D0542577A |
SHA1: | EE17E459AC62FA9F51DD64258BBFD6CBBD35CB6C |
SHA-256: | B72442061AA7C97AA58CD510E9882CEBE8D5303A6EF0A779BFCF1D5790FDA28C |
SHA-512: | ACF28DB03BBEB7CE9386430FDD48ADE973A443A56E50737F95C92155485C1BADC0EEFCE46EA932E2324AE50447017CC5051E74AB931DD7FB5A87D64A3A1FDB5E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.337801143262528 |
Encrypted: | false |
SSDEEP: | 24:7+tOvAD1RZKHs/Ds/SpvZPzJwtNBwtNbRZ6bRZWf1RZKeqLBx/XYKQvGJF7ursb:7MCGgOVpJzutYtp6PMzqll2GL7msb |
MD5: | 3AC0CD1417B2BE09FC31AB8BFB46BF3D |
SHA1: | CD8AF06684ED630CF198CA2A403AC26201B8F41D |
SHA-256: | E69923EBDC7C43A1461AD0B1AB054EE07DD35270CEE2511E9FA3E31983C48891 |
SHA-512: | E45DC0510AD5486C0D656A98BF490CCA52C98959CBF69019A3CC96810CEF76382C9E7889D082E58C824B82C65846DF0AFBF71A7335B122F27CDA673B00FE6982 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5441332632710916 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K80QsrNMG:Qw946cPbiOxDlbYnuRKlNMG |
MD5: | 6171B224E2FE36C6AA35BA9EA0BE271F |
SHA1: | 44E37C16DEF4E10600C54FD95BB6926569C877D0 |
SHA-256: | B02B3807826ABC15EA410C947B7F10E35FEF87DE10D706A6569293586EFA049B |
SHA-512: | A1DE41901CC45C476AB7841F2CEE7974CFAB9283100787424F4290C4288AED434C52D1F93999E916F5EB12FFDF0850F87216CBDBC68221B743CA1DCDC837E1AF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 4.998432875439998 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROO3NNeMzVPNeMzVVuLCSyAAO:IngVMre9T0HQIDmy9g06JXn6M5cM5VuN |
MD5: | 428AAC7C8CE61D45F1D4AFDA2A44109F |
SHA1: | 3300D7ACB4FD1A916F70A6C267D8AEA393B15020 |
SHA-256: | 6BF9B7D1A4E706B3445CDCB5D734AB01F3C124E5798AA0D31415C02EC5A6B955 |
SHA-512: | CE2EDB104336A289A5E18A2DDEE4AEFF82C78882160B8597C95ED13D91ACBF993B0056F80A09C522F5447FB844409D21FA6441A51F05ED378F19A708DFE3C003 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-01 16-35-52-428.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.333875870507338 |
Encrypted: | false |
SSDEEP: | 384:o/R2ZDU3M/q0rSsMnhefk+1MQDaDV15y+9iEmy0p4zGawJ4zl42xt0t0VLdE5ySQ:Ak2N |
MD5: | E429B256BE71F76D33EF756F15C149BD |
SHA1: | 66204C7E820AE07C29FA8933F55760E4500D7DFE |
SHA-256: | CCBE89B5A115CD2B3799927EDC23A69A7B7B16318B6847380BBCC573F05D8C55 |
SHA-512: | 57E0C7F798DE80F7593A01FE60B13B34C36252634762D8C4071E9F8881B0B243E170E96A2721AD788FD952C7108E7B784193E18479BB0E0C68785A393842EC0A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.395756783203034 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbE:w |
MD5: | FCBAFB6A6782442C664CDF8BF502B852 |
SHA1: | 19343EB930B250D85078BBE70B507AD9FA77C496 |
SHA-256: | 7A18DF54DBFBB346AF5214959F281116059885880637169601041746B82771E9 |
SHA-512: | 1D12D104355D53BDFFA62FA52ACFDEC454DA7C2D89DBF960035C83AE37B896B0BA32E5FE33012D109747C743F7134B0D989EDD73FA6769AE9D585035A9D7E060 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru |
MD5: | AE1E8A5D3E7B2198980A0CA16DE5F3D3 |
SHA1: | A1DB2C58AFC81E6A114A8EB47BE0243956F79460 |
SHA-256: | 8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F |
SHA-512: | 5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.8504815768225145 |
TrID: |
|
File name: | LEONARDMARIE.pdf |
File size: | 71'207 bytes |
MD5: | 1657fb0234ffff097b028ab01b843e75 |
SHA1: | f260ac67282568752c12ff3e3f05c21f95804a80 |
SHA256: | d859b6f24abaa69be6bac60cf956c849bb8a1a8ee82ddaebbc8c022cabbb74c1 |
SHA512: | aaf7531b51e77aeed9851aa188892242df6a373e409c35faaaaa1dd22b479a190e42cc171f9713627cda9fb6ff69f9d16a3790619b178b9bed0cd466bb9ee320 |
SSDEEP: | 1536:EeEKYhLruZuZGi+NqiF+AUqDMb6s+z+AVQ8UO524bvllun6bztTeN:TEKYh5ZGjNZrDMb6vVQ8M4bvXun6bz50 |
TLSH: | F863E12ADA485C19FCFF87C2C4E4F6A11029B70605DE20C638B15D88FDE5AC4FB15BA6 |
File Content Preview: | %PDF-1.4.1 0 obj.<<./Title (..)./Creator (..)./Producer (...Q.t. .5...5...1)./CreationDate (D:20240901180325).>>.endobj.2 0 obj.<<./Type /Catalog./Pages 3 0 R.>>.endobj.4 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None> |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.850482 |
Total Bytes: | 71207 |
Stream Entropy: | 7.865226 |
Stream Bytes: | 66873 |
Entropy outside Streams: | 5.107955 |
Bytes outside Streams: | 4334 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 31 |
endobj | 31 |
stream | 8 |
endstream | 8 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 2 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
9 | 3d6fde3eb3431f76 | 4e0813d6c9dbc32e99d030a0946f1ebb | |
16 | 49695b2b3b13696b | f256e0e4195c2dc67abcc053f17acc73 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 1, 2024 22:35:58.154870033 CEST | 49714 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:58.154896021 CEST | 443 | 49714 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:35:58.154989958 CEST | 49714 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:58.155191898 CEST | 49714 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:58.155210972 CEST | 443 | 49714 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:35:59.410371065 CEST | 443 | 49714 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:35:59.410764933 CEST | 49714 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:59.410773993 CEST | 443 | 49714 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:35:59.411783934 CEST | 443 | 49714 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:35:59.411927938 CEST | 49714 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:59.411936045 CEST | 443 | 49714 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:35:59.412003040 CEST | 49714 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:59.418335915 CEST | 49714 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:59.418397903 CEST | 443 | 49714 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:35:59.418678999 CEST | 49714 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:59.418692112 CEST | 443 | 49714 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:35:59.462192059 CEST | 49714 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:59.581463099 CEST | 443 | 49714 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:35:59.581532955 CEST | 443 | 49714 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:35:59.581851006 CEST | 49714 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:59.584661961 CEST | 49714 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:59.584661961 CEST | 49714 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:59.584676981 CEST | 443 | 49714 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:35:59.585251093 CEST | 49714 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:59.587016106 CEST | 49716 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:59.587030888 CEST | 443 | 49716 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:35:59.587135077 CEST | 49716 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:59.587831020 CEST | 49716 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:35:59.587843895 CEST | 443 | 49716 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:36:00.149552107 CEST | 443 | 49716 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:36:00.149805069 CEST | 49716 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:36:00.149816036 CEST | 443 | 49716 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:36:00.150862932 CEST | 443 | 49716 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:36:00.150924921 CEST | 49716 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:36:00.150930882 CEST | 443 | 49716 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:36:00.150983095 CEST | 49716 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:36:00.151360035 CEST | 49716 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:36:00.151424885 CEST | 443 | 49716 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:36:00.151609898 CEST | 49716 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:36:00.151622057 CEST | 443 | 49716 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:36:00.198605061 CEST | 49716 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:36:00.334343910 CEST | 443 | 49716 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:36:00.334359884 CEST | 443 | 49716 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:36:00.334386110 CEST | 443 | 49716 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:36:00.334464073 CEST | 49716 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:36:00.334471941 CEST | 443 | 49716 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:36:00.334485054 CEST | 443 | 49716 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:36:00.334537029 CEST | 49716 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:36:00.338450909 CEST | 49716 | 443 | 192.168.2.5 | 23.22.254.206 |
Sep 1, 2024 22:36:00.338463068 CEST | 443 | 49716 | 23.22.254.206 | 192.168.2.5 |
Sep 1, 2024 22:36:02.663503885 CEST | 49717 | 443 | 192.168.2.5 | 23.41.168.139 |
Sep 1, 2024 22:36:02.663551092 CEST | 443 | 49717 | 23.41.168.139 | 192.168.2.5 |
Sep 1, 2024 22:36:02.663634062 CEST | 49717 | 443 | 192.168.2.5 | 23.41.168.139 |
Sep 1, 2024 22:36:02.663831949 CEST | 49717 | 443 | 192.168.2.5 | 23.41.168.139 |
Sep 1, 2024 22:36:02.663844109 CEST | 443 | 49717 | 23.41.168.139 | 192.168.2.5 |
Sep 1, 2024 22:36:03.247456074 CEST | 443 | 49717 | 23.41.168.139 | 192.168.2.5 |
Sep 1, 2024 22:36:03.247864962 CEST | 49717 | 443 | 192.168.2.5 | 23.41.168.139 |
Sep 1, 2024 22:36:03.247883081 CEST | 443 | 49717 | 23.41.168.139 | 192.168.2.5 |
Sep 1, 2024 22:36:03.248924017 CEST | 443 | 49717 | 23.41.168.139 | 192.168.2.5 |
Sep 1, 2024 22:36:03.248990059 CEST | 49717 | 443 | 192.168.2.5 | 23.41.168.139 |
Sep 1, 2024 22:36:03.295473099 CEST | 49717 | 443 | 192.168.2.5 | 23.41.168.139 |
Sep 1, 2024 22:36:03.295564890 CEST | 443 | 49717 | 23.41.168.139 | 192.168.2.5 |
Sep 1, 2024 22:36:03.295727015 CEST | 49717 | 443 | 192.168.2.5 | 23.41.168.139 |
Sep 1, 2024 22:36:03.295741081 CEST | 443 | 49717 | 23.41.168.139 | 192.168.2.5 |
Sep 1, 2024 22:36:03.346014977 CEST | 49717 | 443 | 192.168.2.5 | 23.41.168.139 |
Sep 1, 2024 22:36:03.403424978 CEST | 443 | 49717 | 23.41.168.139 | 192.168.2.5 |
Sep 1, 2024 22:36:03.403496027 CEST | 443 | 49717 | 23.41.168.139 | 192.168.2.5 |
Sep 1, 2024 22:36:03.403569937 CEST | 49717 | 443 | 192.168.2.5 | 23.41.168.139 |
Sep 1, 2024 22:36:03.405143976 CEST | 49717 | 443 | 192.168.2.5 | 23.41.168.139 |
Sep 1, 2024 22:36:03.405158043 CEST | 443 | 49717 | 23.41.168.139 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 1, 2024 22:36:19.355012894 CEST | 53 | 61303 | 162.159.36.2 | 192.168.2.5 |
Sep 1, 2024 22:36:19.818871975 CEST | 59617 | 53 | 192.168.2.5 | 1.1.1.1 |
Sep 1, 2024 22:36:19.829174042 CEST | 53 | 59617 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 1, 2024 22:36:19.818871975 CEST | 192.168.2.5 | 1.1.1.1 | 0x69e9 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 1, 2024 22:35:58.339899063 CEST | 1.1.1.1 | 192.168.2.5 | 0x2d0d | No error (0) | 46.228.146.128 | A (IP address) | IN (0x0001) | false | ||
Sep 1, 2024 22:36:19.829174042 CEST | 1.1.1.1 | 192.168.2.5 | 0x69e9 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49714 | 23.22.254.206 | 443 | 7268 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-01 20:35:59 UTC | 1353 | OUT | |
2024-09-01 20:35:59 UTC | 572 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49716 | 23.22.254.206 | 443 | 7268 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-01 20:36:00 UTC | 1473 | OUT | |
2024-09-01 20:36:00 UTC | 608 | IN | |
2024-09-01 20:36:00 UTC | 6301 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49717 | 23.41.168.139 | 443 | 7268 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-01 20:36:03 UTC | 475 | OUT | |
2024-09-01 20:36:03 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 16:35:49 |
Start date: | 01/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 16:35:49 |
Start date: | 01/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 16:35:50 |
Start date: | 01/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |