Windows
Analysis Report
NB-1VS3WT8.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 3268 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\N B-1VS3WT8. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7160 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 4412 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 84 --field -trial-han dle=1664,i ,136882170 2508645670 5,37325080 128419518, 131072 --d isable-fea tures=Back ForwardCac he,Calcula teNativeWi nOcclusion ,WinUseBro wserSpellC hecker /pr efetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.41.168.139 | unknown | United States | 6461 | ZAYO-6461US | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1520593 |
Start date and time: | 2024-09-27 16:24:32 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | NB-1VS3WT8.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/48@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.227.187.23, 23.22.254.206, 52.5.13.197, 52.202.204.11, 172.64.41.3, 162.159.61.3, 2.19.126.143, 2.19.126.149, 2.23.197.184, 199.232.214.172
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- VT rate limit hit for: NB-1VS3WT8.pdf
Time | Type | Description |
---|---|---|
10:25:38 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brand":["PayPal"], "contains_trigger_text":true, "trigger_text":"Amount Paid:", "prominent_buttonname":"INVOICE", "text_input_field_labels":["Order ID", "Amount Paid"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.41.168.139 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | CobaltStrike, Metasploit, ReflectiveLoader | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ZAYO-6461US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.18374355554824 |
Encrypted: | false |
SSDEEP: | 6:PEoqs39+q2PN72nKuAl9OmbnIFUt82EoXZmw+2Eo3VkwON72nKuAl9OmbjLJ:PEe4vVaHAahFUt82E2/+2EK5OaHAaSJ |
MD5: | 13447B2712BB52B7C58321D2CD720829 |
SHA1: | F92BF283908991FBC336D94A3906D492AC4DB0A9 |
SHA-256: | A0F5D8BB2FEBF7D2AB96F270CB94AC8E393C5360D49DF580C3E7F7F8DFFCEE34 |
SHA-512: | 5B4C0EEA6543B6A4D8A463EEEB5EF99C526A30354D20E2477C5614DA2AED72023297BE6D84A772BD8EDDEFC84038B62C643E0AADAAA295B9F9FDB217B4662121 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.18374355554824 |
Encrypted: | false |
SSDEEP: | 6:PEoqs39+q2PN72nKuAl9OmbnIFUt82EoXZmw+2Eo3VkwON72nKuAl9OmbjLJ:PEe4vVaHAahFUt82E2/+2EK5OaHAaSJ |
MD5: | 13447B2712BB52B7C58321D2CD720829 |
SHA1: | F92BF283908991FBC336D94A3906D492AC4DB0A9 |
SHA-256: | A0F5D8BB2FEBF7D2AB96F270CB94AC8E393C5360D49DF580C3E7F7F8DFFCEE34 |
SHA-512: | 5B4C0EEA6543B6A4D8A463EEEB5EF99C526A30354D20E2477C5614DA2AED72023297BE6D84A772BD8EDDEFC84038B62C643E0AADAAA295B9F9FDB217B4662121 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 339 |
Entropy (8bit): | 5.21560171248669 |
Encrypted: | false |
SSDEEP: | 6:PEqMM+q2PN72nKuAl9Ombzo2jMGIFUt82ElXZmw+2ElqMVkwON72nKuAl9Ombzos:PEqMM+vVaHAa8uFUt82ElX/+2ElqMV5c |
MD5: | 135D8826ECFD559E302A812A43A09E4D |
SHA1: | D425411E085356E5A8B1F3EADC2FA2A04BCC60FB |
SHA-256: | 7BEAF9872A86A8919302979237CC2ACDC9A8AD5EECD0F918DA3289E11876B570 |
SHA-512: | 26BF5A9D1785C1F8574B1A4136B85A79DCD90986399F82472244D693F048C4B9CD5E2DE07A7C9D4B239B729E8C72D7C89AB72BC32B887D1CFFD16F1278590474 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 339 |
Entropy (8bit): | 5.21560171248669 |
Encrypted: | false |
SSDEEP: | 6:PEqMM+q2PN72nKuAl9Ombzo2jMGIFUt82ElXZmw+2ElqMVkwON72nKuAl9Ombzos:PEqMM+vVaHAa8uFUt82ElX/+2ElqMV5c |
MD5: | 135D8826ECFD559E302A812A43A09E4D |
SHA1: | D425411E085356E5A8B1F3EADC2FA2A04BCC60FB |
SHA-256: | 7BEAF9872A86A8919302979237CC2ACDC9A8AD5EECD0F918DA3289E11876B570 |
SHA-512: | 26BF5A9D1785C1F8574B1A4136B85A79DCD90986399F82472244D693F048C4B9CD5E2DE07A7C9D4B239B729E8C72D7C89AB72BC32B887D1CFFD16F1278590474 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.97063671378777 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqcksBdOg2Hfcaq3QYiubcP7E4T3y:Y2sRdspJdMHu3QYhbA7nby |
MD5: | B8F3A0F657950ADD745FCEB25E419668 |
SHA1: | 8FBC744179757A3859B67B41BB9591436ABC607A |
SHA-256: | A1A7F413029875B7AC6CE7DDE01144E7FD327DFBC91A340FBF3A1FABED656504 |
SHA-512: | 2284CBDEBBA46B04BABA709679FC5C175EF609DCE852637805ED69C249D1DCFDB33DB60067FDF673E39EA219CFC303A972E5482A817AA96532D803FB00F56BFF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b729d075-ab08-4fa9-a156-fe7aef5fb252.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.97063671378777 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqcksBdOg2Hfcaq3QYiubcP7E4T3y:Y2sRdspJdMHu3QYhbA7nby |
MD5: | B8F3A0F657950ADD745FCEB25E419668 |
SHA1: | 8FBC744179757A3859B67B41BB9591436ABC607A |
SHA-256: | A1A7F413029875B7AC6CE7DDE01144E7FD327DFBC91A340FBF3A1FABED656504 |
SHA-512: | 2284CBDEBBA46B04BABA709679FC5C175EF609DCE852637805ED69C249D1DCFDB33DB60067FDF673E39EA219CFC303A972E5482A817AA96532D803FB00F56BFF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5859 |
Entropy (8bit): | 5.251365220912748 |
Encrypted: | false |
SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7Ws0AV:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhR |
MD5: | AE697E0DBD567F514A1AB6AD079AB9EC |
SHA1: | 9521B8F5D9B5762C1D81B82CD88CD5B8042D4CCE |
SHA-256: | 448B9D5C5B4F521149D3B7258E19D036F4AD438DD1A450630C44ECDCD01CB7C6 |
SHA-512: | FC61CC9E269A9AF203E7DFBDAA404BA8B5CE2CA0EF3694A93EC550AD118A1F1D11AAD2AE2CDA2B8DEA25E346B71A9C89F6EA3755CA6D3578651FD39A15C4B620 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 327 |
Entropy (8bit): | 5.196010412853284 |
Encrypted: | false |
SSDEEP: | 6:PEJiqM+q2PN72nKuAl9OmbzNMxIFUt82EJjZmw+2EJDMVkwON72nKuAl9OmbzNMT:PEJ7M+vVaHAa8jFUt82EJj/+2EJDMV5z |
MD5: | 52E463D540C9810B6EDF620E13DC2AD0 |
SHA1: | 259257094364986D87BAD3698DB83E470865A22A |
SHA-256: | 83D62708FE289C42EE8B517B3122CB5F70A29013B6865875CB04EE93905E7ED6 |
SHA-512: | 318E18ADB562F39170554D587B82E68BE195B0CBF3BE12569F713258F3A16B5A100F4DF6ED6E823B177F5AE4F4A8710B18E87B7D218108E8A62836B604AD9B61 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 327 |
Entropy (8bit): | 5.196010412853284 |
Encrypted: | false |
SSDEEP: | 6:PEJiqM+q2PN72nKuAl9OmbzNMxIFUt82EJjZmw+2EJDMVkwON72nKuAl9OmbzNMT:PEJ7M+vVaHAa8jFUt82EJj/+2EJDMV5z |
MD5: | 52E463D540C9810B6EDF620E13DC2AD0 |
SHA1: | 259257094364986D87BAD3698DB83E470865A22A |
SHA-256: | 83D62708FE289C42EE8B517B3122CB5F70A29013B6865875CB04EE93905E7ED6 |
SHA-512: | 318E18ADB562F39170554D587B82E68BE195B0CBF3BE12569F713258F3A16B5A100F4DF6ED6E823B177F5AE4F4A8710B18E87B7D218108E8A62836B604AD9B61 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240927142530Z-159.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.5108316529283392 |
Encrypted: | false |
SSDEEP: | 96:QO8+EiDBNWhxyeiElrCk3GTGECG1oQtMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMh:3Ai+1XED1monGJ58kvxkN |
MD5: | B6929D9B71758D83497704B0361F588A |
SHA1: | B6F7C451284CF4E689E9C7B5F6115C67EC45476F |
SHA-256: | 0BA2142DB26F43E290E05EE2BD6CBED35BCC0CE96161E23DEC76BAC4379BE2F3 |
SHA-512: | DD258F9358EFAF67134901F7A0FE88E9704F6E1C442FE129C9FAB1BBDEAB1AFD0C2C2E7586F8CA36B805C668C5DBA756E62FB7B5F57DE27655CAD58F14C6780B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444772048474874 |
Encrypted: | false |
SSDEEP: | 384:ye6ci5tdiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:m2s3OazzU89UTTgUL |
MD5: | A19BCD4C0E2512E0107ABD97437BACDA |
SHA1: | C4DCEC0ED0EF8D3DB6A2C68D8E2ED633B3D1FFEE |
SHA-256: | 42B5D588C8D0B9B11FDB85632C6B2571A6D105FC0E4F1FC184C85E5F5ED37A5A |
SHA-512: | 60E2F55D38034BE62E35515C4E1380CD4429C92D5EFF686CE8DAC40D836D731AFA055A7678401002F103DA39A3BE10C70B5228D963AE4374BD13F7B804741CF1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.768359942333903 |
Encrypted: | false |
SSDEEP: | 48:7MzJioyVwioyOoy1C7oy16oy1WKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1Os:7MJuwm1XjBiCb9IVXEBodRBkI |
MD5: | 91E15C343628EAEE4EF4FE6A8425816C |
SHA1: | AD581914D5201406248A2C4D30FECB4B9425189C |
SHA-256: | 73263CF2C925FF61F42D21133CC036730D0194528BA5F1A91E86658E33015ECA |
SHA-512: | 040F35907105D4BA3C13DCA692C59D9206C74DDCB9EDE223E69BC49A3351589665907239365789A10FEFD1A79FF248B161C3D865C277A4D6EF30257A342E2540 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.745945613111056 |
Encrypted: | false |
SSDEEP: | 3:kkFklMs/ltfllXlE/HT8kiLKNNX8RolJuRdxLlGB9lQRYwpDdt:kKVMleT8SNMa8RdWBwRd |
MD5: | 237027D2CDB3E102FF90ECC16004DF3E |
SHA1: | 413D5E8AF1E2CC5E447EC4B4B168342A67200DB4 |
SHA-256: | 16B3A6453076B09EDE7E4E8D63AF0678CE976A9DBD8F17997683D4F97333CD5A |
SHA-512: | 7F66B692EDCD5BAFBDECACC7E44F1C232E0FF6F0FA266902F6BAB6CBC2AB4CB150507098BD51087B9779A21024FAD967DB3A10961DC12258102F103452553B93 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.2310997727285145 |
Encrypted: | false |
SSDEEP: | 6:kK3VkVlL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:PVkVkDImsLNkPlE99SNxAhUe/3 |
MD5: | CA816E5A9B58B8342F5345BF6189F195 |
SHA1: | 8E0B933277F8D95A1326C152A15A188D5019AF26 |
SHA-256: | 794498AA088014A81DCD6A7826241334908DB803A6EC6E2F04AAEA5C25E820AC |
SHA-512: | F51094A639DC7BDEB37CA5F46FC2539A674FCA699CBBADE816E406AB55A9B4945A81AAC2C7FC7BC973695B569EF00BA3C8DC4B0EEDE09EE2E339A2C65C9E013C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn |
MD5: | 265E3E1166312A864FB63291EA661C6A |
SHA1: | 80DFF3187FF929596EB22E1DB9021BAD6F97178C |
SHA-256: | C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728 |
SHA-512: | 48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3638662053356 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXdbm2nZiQ0Yt8oAvJM3g98kUwPeUkwRe9:YvXKX/cSGMbLUkee9 |
MD5: | 098054AF90D28B3DCB0DD652182000ED |
SHA1: | 12A2246B0139665E3DD7232AF7B95EAC2C901863 |
SHA-256: | 5F94AD63124F4ED7F441C4161DD5BDF0EB95ABF548663507343E047C22508F13 |
SHA-512: | 4F702A21814D31AC10A1B5687B05825D8BD63BBEE45DFF33B3982DE88D2CEB33B8C731679A4D887EA9F3888821C4122A5AEB99E6453AB3022D0DAF1A004748BD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.3200157110795105 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXdbm2nZiQ0Yt8oAvJfBoTfXpnrPeUkwRe9:YvXKX/cSGWTfXcUkee9 |
MD5: | 0B48368B09CA49C762DEB426222A7530 |
SHA1: | D84B0ACE4C86DDDAA22138FFB137D9F96BC4C5F0 |
SHA-256: | 6A5D2ABB743AABBC5AB15D0D289DBE556A6957422A876400F67E7021FB6F960B |
SHA-512: | 20E28E50BBD59F8BE78C79A6B0FA0D0425AE168770AEBBA3F85BD8A4619E7D066CF92618D5898FC572E35C4B6BAB79501F9067B19F8561188199549206FEAACF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.297558909298133 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXdbm2nZiQ0Yt8oAvJfBD2G6UpnrPeUkwRe9:YvXKX/cSGR22cUkee9 |
MD5: | 2FBB9FA39C5D76CA66E9E3A302E1F306 |
SHA1: | D2EE2E5BA205A3D9489D204194765DDC0E731BB4 |
SHA-256: | 0B89F2FF0BBDA14DE69B8EFC79442329FA93CD9364369340E8D693A643144F43 |
SHA-512: | EBF8EE16ADF80EA9FD3A5540FFA0378AC1CAA684ADB332125D979453E21FD813A1F9BB6AD5A42B62AE7C151C5E7F84272CB2431C1E2089800DEAC845670EBE69 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.343906423772113 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXdbm2nZiQ0Yt8oAvJfPmwrPeUkwRe9:YvXKX/cSGH56Ukee9 |
MD5: | 3E74C7D1B4874838A61D62CE91591E7C |
SHA1: | 7EAEE10063E7633C9EA69CF0071EDA8B4383EB86 |
SHA-256: | B882F1B6BBDF47009B94E53749920E4F91ABF2BD37B8EF59ADC89A253BC89339 |
SHA-512: | F936A43FEE98F9C5C7EDCE44A79AE6E7781AC45077CAD6E71239107BF879A077BDD7D60614366C6F7431B043FC5421CE83F8DC4E7B895E07ACAA91FF3FD628D4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.662547617690365 |
Encrypted: | false |
SSDEEP: | 24:Yv6XkvpLgEFqciGennl0RCmK8czOCY4w2M:YvPhgLtaAh8cvYvT |
MD5: | 1BCAF2E755D8A97AB56F313EE723170A |
SHA1: | D4A32D3D0746A8B22CCD9DC0369E0C83A3E97704 |
SHA-256: | 298FF1B290D65BA188F95ACD90FAEF6F96C49600451F285D69929FF29B1568AE |
SHA-512: | 9DF9AA8DA51D58C41D92F9A9FE72C25FB7CBF3DDA6C111526305FF82A6CEC4359D0B00EA64FDC9BE62205E8B8B923973CD2AFA56221501B1BED8DB63838EC0F7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.649391703680227 |
Encrypted: | false |
SSDEEP: | 24:Yv6XkzVLgEF0c7sbnl0RCmK8czOCYHflEpwiVM:YvTFg6sGAh8cvYHWpw9 |
MD5: | 3378C82CDDD3539BD3034E8C2C1C7C5C |
SHA1: | 96AE4ED1C9C37EC81A499B99215BCAD18A4EA4E3 |
SHA-256: | DFCFA307E5D18AA65D824B855A5CDADE22BF42EE1FABE089D06628DEA6FAC15F |
SHA-512: | E86CCFDF004328E61BD9356A3E7B50682B8E8E0E54F55C101297D38B898FEA7A675D77378BDCA8558C90BDA054D6C16EA041540E251567D4BCC9E02989B681D5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.296831922926373 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXdbm2nZiQ0Yt8oAvJfQ1rPeUkwRe9:YvXKX/cSGY16Ukee9 |
MD5: | FDFCA96689F50D056734582C83C7D921 |
SHA1: | 4AFA4574E9945A8A3B1C1EF50FF3B34CC20FE05B |
SHA-256: | CCF0861AF52D9C9A21E3F665470762DD78C679D1A4FEB74D3BC83E14A85E0B85 |
SHA-512: | 9341DFF6975BDFE9B5AFF175AEE2AD75C8ABBE5B00E6B7B748E478E77EFA82BFA9E7B4F2EDFC54D17C1E1D10F673A96CB7DC1EFD0EA7C2601F49A68CB2867E8D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.644629760241542 |
Encrypted: | false |
SSDEEP: | 24:Yv6XkC2LgEF7cciAXs0nl0RCmK8czOCAPtciBM:Yviogc8hAh8cvA2 |
MD5: | E14D6D721151BCDF1EA9ADD6B582D9F4 |
SHA1: | D36862A39E65064DAD84BF9EAB82368B21E49062 |
SHA-256: | BEDB29E7A1D493F112DBD23E29E1874040ECA2253465DB6529BD242575620AAE |
SHA-512: | FB323F00ED247410CA03106FEEF4BB791A1C297FD70F08FEB882479236A8A5770049EC66371B7FA6051681FB6A3B108CB3B6F21F788C49C2E4754A0173FC19AF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.69835982004991 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xk+KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5M:YveEgqprtrS5OZjSlwTmAfSKq |
MD5: | D3E884A15D7CFCC5308F5A2C9CBDFF23 |
SHA1: | 790D74453BC879C64C79B1DA572C39C35915F27F |
SHA-256: | 9FC93CDDB51AC97A87D4F07AC32C80C72745ECDCBA7862ABE5ED76FB1684FDDD |
SHA-512: | 0738C90D491E4A1F65D94E576F3AF112AFC72E6DD448C492A832C7CDC70C036D22255884A6847AF605A49814B1342482916C6C8B4DC44EBCC2E6E9F425BD114F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.302045835221958 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXdbm2nZiQ0Yt8oAvJfYdPeUkwRe9:YvXKX/cSGg8Ukee9 |
MD5: | 7E96D69EB37E17BD3C7BDDAD00565EBC |
SHA1: | 97B56E986956465C10E2358ECC3023BA902B0F63 |
SHA-256: | 61412DA6298ACA54B9C95D93197754FA7CEA85586DFEC7C748CF0567F03BB480 |
SHA-512: | 2CF262B6306367A2544A1B4F06A64407B610E4B91A30DFC3F9B88F7854E3141407EFA9B04CCAEB2F890B5F7C815A2CC7E3CF1218F3AF660836E4BF27378D3932 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.771209795140057 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xk1rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNU:YvVHgDv3W2aYQfgB5OUupHrQ9FJq |
MD5: | 551F05B60B41BE21B2B46E879C89A573 |
SHA1: | CAB70D7BC9FA33FE67656ECBA6FECA82189C1953 |
SHA-256: | 97E3C03453E35E8D18E59E6A661CC8AB1FD9C00B01AAA2E982F0F792C070DFF0 |
SHA-512: | FC05408CCA38910D99E011F2C1FE250C4D9BB15D6799D3D1A9061357367D3C83DD342134A2937AB2F11BBE34E3F3843514DF192CCAEF79070FB7723BF8088486 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.285578872172647 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXdbm2nZiQ0Yt8oAvJfbPtdPeUkwRe9:YvXKX/cSGDV8Ukee9 |
MD5: | 75F247B40CF5000BDD086975DDCB46E0 |
SHA1: | 68DFC81F9646B9F48CC549DD813A21C7A9803437 |
SHA-256: | BC37EF00DBD18E8C91068B19CC5E4236066AA97F1BC9D320F9E4CB9C83B56CA9 |
SHA-512: | 02B6E272F3AC37D429A860455B35B17D1C4B08634B38FA0EE50EB1C818C580F367CA2976698F8B4882A729A580CD3D822EECC6A0C492815EA785D6AB64C29831 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.288988509900841 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXdbm2nZiQ0Yt8oAvJf21rPeUkwRe9:YvXKX/cSG+16Ukee9 |
MD5: | A5C7DCFC2AF2957E088935DC51C45DB5 |
SHA1: | 48628AD0054B0B88060CA72A15BAC0D16C0822D3 |
SHA-256: | 8C72CA1C1272C1741C6626245C4309EDEE35F1F29A8CF2D14B9EAA5EC2A177A6 |
SHA-512: | 2428AA7C02CE8555C850DF73924DEC182268C9393C347A20C3C68BE098326B5695070A0C75A7A20C8E3B84289558928E808350BB3644A43C4C640324F576F856 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.651776398285072 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xk3amXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BM:YvvBguOAh8cv+NKL |
MD5: | 93FA9465CD2001997F2F608982B71F13 |
SHA1: | 17979EC192DF6E901253CD3E665487957E735945 |
SHA-256: | 451254082DA9E726F6FE00E0A3CCBDA6D90517BF34F71F7BF306AE6113482F9E |
SHA-512: | 2CF7BDA5A5D6F8E5F46FE371DA3E8A3EE8BFFBFDBDF7F25DB34E4F087A4985E17AB97EFF8FF7D1B14CC544F4AE29E45CFD64CB519C4666E599E3FB21337481B7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.264450143843503 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXdbm2nZiQ0Yt8oAvJfshHHrPeUkwRe9:YvXKX/cSGUUUkee9 |
MD5: | D2C0F5740508E9329E208AE1AA968E11 |
SHA1: | 7998EAACE4EDAC0D37FFC4F41F92FA03E8795E64 |
SHA-256: | 606F7DFCB75BAA2D0B971206C932DF7AAFBE8E074769F5828F6CA3C15AAADAB5 |
SHA-512: | 9346349222C4FA54346EDFC323B1B11A5934B65D91521620CB17678E1B838943582FC7DA9C78733D1DEF1295AA9F8EECB0B0E8CACDEAAF89CFB5EE52ABBC37A8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.3565256472334575 |
Encrypted: | false |
SSDEEP: | 12:YvXKX/cSGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWA:Yv6Xkc168CgEXX5kcIfANh9 |
MD5: | C5D9C1C642E0D67BA7A06920A2E21D2A |
SHA1: | 8B1B2E33FCEE6FB4F2C247162A504939FD6210A5 |
SHA-256: | F838DFC93DE57FC3FD9BD7C634AC5665CDEDA9910F0A76400E81390011B95DF6 |
SHA-512: | 5351E1D94AE74F884C5F7C5C1E73AB0C61BDBDDE08310C104FB78634AB49C909C076BE143950E9AF6648F8246A0663ACDB96340785385365A6ACA61F4136FC7B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.140839394534504 |
Encrypted: | false |
SSDEEP: | 24:YlEuHaHhiQayv4Qh+CJ5uxtadhho3Dj9BBdv0jRtj0S8E1w2l42LSmNrXMX5Ww77:YlmES2htrTjjPORBmI4YNzMXH9QC |
MD5: | 5EEB16D8601F90FFB76B28BC55739EB5 |
SHA1: | CBB4C6B5485C85E9E2524BEDB39652A746D09DC9 |
SHA-256: | D75BD0B8FD29F7EE5598A4BCD6ACA2B095AB6BA35D9FF6E72539833D07040C43 |
SHA-512: | 11566BBF0A228F3CBDFC658D6E320A8716BB182C3982BEA57E985B09A0F01B59FC131A86D4FFCD76E8785B2672DCBF0E62F182D368AD702332B8CB712CED6EC7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1465477401180586 |
Encrypted: | false |
SSDEEP: | 24:TLhx/XYKQvGJF7ursiRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHZ:TFl2GL7ms8Xc+XcGNFlRYIX2v3kZ |
MD5: | D1565FC95C369CF05086D9A755788A34 |
SHA1: | 97B7ECD73B8B7C1875CE6C3AE6AE898E9C0FCC20 |
SHA-256: | 8C5ACA842903085B915EED6B8144DB32002A2B3A4BE452AF1569CDF75B52845E |
SHA-512: | 4D296D52BFA458D8BEA56F68AE3363D3C9DC54F8ED2B92D57FDF32AF0BCD74EB222C940E7B7FE9C3817A5943F1FA4F9AE0A2CA7F64B627B5904555265A248852 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.5507353851035979 |
Encrypted: | false |
SSDEEP: | 48:7MRZmXc+XcGNFlRYIX2vGHxvqVl2GL7msq:78ZmXc+XckFPYIX2ORvaVmsq |
MD5: | CE2780A93F95EA80ABDAF3E0624E3EFE |
SHA1: | 9F1EA15A649BBCF2801CC88B07C1778D629B3AD0 |
SHA-256: | E959EAAE4735DD785D34989EE041C9F5D13F30548A59C97A8549902A10DEA69C |
SHA-512: | F7303EEF1669AB485E14CE5DC46EA6C67478E004E7AE59540E22183980D20633A8C721870402BFF8BEBEB5B9F4E9AD5EA765D7B8D50FA5892EEB2E0896C2E8E7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.529459928009153 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8UdNjRCH:Qw946cPbiOxDlbYnuRKZRw |
MD5: | ABB4A95DBB82E0A31B4E57FF140B3C16 |
SHA1: | 8072ACC7B16284ED3C4C68D83320A01426B1DB9B |
SHA-256: | 781C82E82B47FFF4BF7A72BF73A64E69D3DB7D58F2EC9BB4263DD05BBE166F07 |
SHA-512: | 93F4D08658F0180B8568D87589B2B661E5675D43C8DB50EE1A212486FB046F571AD8E03964E22F18A063F923911FD8947426C00945167DAF838082E4C41EB853 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.024043227684654 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOp/8WgRVA8WgRVJCSyAAO:IngVMre9T0HQIDmy9g06JXZ/UKHUHlX |
MD5: | 0F5661E1EB4618BAC38ED0C2CA22F068 |
SHA1: | 157DA794AC0993112D481CE3D1D6C24999C62E51 |
SHA-256: | 0BDF76CF84532E51D397B4B4E79C6E48F549F3A7EA2B151D89E10611F0F7138F |
SHA-512: | 7CB79356CEF0015888503358A1860536E2726AD8AE27B71255FD3764EE522ADDFF4926A8E1FA500EA6BDD939FF1C56ACFA3FFB27520444EA6E1B8B08EBEF1AAC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-27 10-25-28-082.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.338264912747007 |
Encrypted: | false |
SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
MD5: | 128A51060103D95314048C2F32A15C66 |
SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.339810127494476 |
Encrypted: | false |
SSDEEP: | 384:cZVcNhoaoULbPT/kt24jIO4d1O2KJGu/wPMQ2u+Ft5/m/PQTQZmZ8hZb3/d/7SSW:H/1K |
MD5: | A211C8CDC808546AE9DDE4AA67FEA94C |
SHA1: | 0E8DAA7072F2C2A13010B5F8530CCB7ACA88623F |
SHA-256: | 44FD9FBACE7EA9A410F93FAA002FF39A0D396A6578D2C008ED02F7A22C08C7E8 |
SHA-512: | 68970C889D9F169A1B288432F1B0D7DDD0D2C1B3AABE5F70A5FABDDA1A211F0F4BEB298D45BDF2176CD376128248321DAD986844C4A9BF7978C786BB60B1C9D1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.400718245387137 |
Encrypted: | false |
SSDEEP: | 192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbZncbeIQmcbN:V3fOCIdJDeMQR |
MD5: | AAE7EDB394D76E578472C3B0ABEE39CF |
SHA1: | 89984766EC2EC65E1F170224C5B909C6D983684B |
SHA-256: | 4CAF8AB70BD1EBF4D08BC09BE7335A4671C595AAB83E3EE15996EAF842E688F0 |
SHA-512: | CCD0379D9F214C31542DC8B4272E957D99932D5B4248EAE05CEDAF41D5C75ABE13771B5AF701E14765DA0EA26A1CD2B926236C893D189E8AB1D061684C16CB05 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7ouWLaGZ7wYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLaGZ7wZGk3mlind9i4ufFXpAXkru |
MD5: | 13F55292D0735B9ABD4259B225D210FC |
SHA1: | 810CC5D545BFA11D2825F6E1DFA69176794DA7EC |
SHA-256: | 8C3FFEA68963D108599E8C5AE20DE6E9C473BF33197A03A9A7DDCD0F25A6C7F6 |
SHA-512: | 4F54EDA9EB61172A5243DAA718CFF42A0BF079CC0FA7BE3553CC8B79772763B49F530DD6B54A9D595C4F46B8416ADF7D5C8DAD58FC43A5C651258E669DC375DA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.840972966560487 |
TrID: |
|
File name: | NB-1VS3WT8.pdf |
File size: | 27'594 bytes |
MD5: | 715eb14a11a55a5154d8b3835d61134d |
SHA1: | 89b1d4e41a8828a686e7fca80ec5771e6f4a7b55 |
SHA256: | ec1a2764853ed2f615d1274b1dd90adf7b94316d14b9385a7d284590dbee5a45 |
SHA512: | 7ac7ae5af94f58ab5b5358ea2a215b68b730a2c56f6bb9bf282c1fff0a1477c54c2203aee418fb47186bca06166c8989a1da6d4c67fb1d10d97f2e9d01f419a6 |
SSDEEP: | 384:g9J9OoNLClmoDw6RRmpGpUi/plEsvf7qSpzSuDqeWb2z6RuzmE6CUSCfbeqCUSy:gLjNLClmolCGF/plECqsh1Xz686BbdV |
TLSH: | 50C2AE71D9832D4CD9E787C5F3213D9D8938B21F87D2F692786046523D01AC5AE223AB |
File Content Preview: | %PDF-1.4.1 0 obj.<<./Title (...D.o.c.u.m.e.n.t)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6...1)./Producer (...Q.t. .4...8...7)./CreationDate (D:20240927124902Z).>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMas |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.840973 |
Total Bytes: | 27594 |
Stream Entropy: | 7.960986 |
Stream Bytes: | 24079 |
Entropy outside Streams: | 5.124378 |
Bytes outside Streams: | 3515 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 24 |
endobj | 24 |
stream | 6 |
endstream | 6 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
7 | 5240525ad7cdc49a | 68826931e14fe6aca803378c831b2587 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 16:25:39.519834042 CEST | 49725 | 443 | 192.168.2.6 | 23.41.168.139 |
Sep 27, 2024 16:25:39.519884109 CEST | 443 | 49725 | 23.41.168.139 | 192.168.2.6 |
Sep 27, 2024 16:25:39.520126104 CEST | 49725 | 443 | 192.168.2.6 | 23.41.168.139 |
Sep 27, 2024 16:25:39.520126104 CEST | 49725 | 443 | 192.168.2.6 | 23.41.168.139 |
Sep 27, 2024 16:25:39.520165920 CEST | 443 | 49725 | 23.41.168.139 | 192.168.2.6 |
Sep 27, 2024 16:25:40.083625078 CEST | 443 | 49725 | 23.41.168.139 | 192.168.2.6 |
Sep 27, 2024 16:25:40.083949089 CEST | 49725 | 443 | 192.168.2.6 | 23.41.168.139 |
Sep 27, 2024 16:25:40.083971024 CEST | 443 | 49725 | 23.41.168.139 | 192.168.2.6 |
Sep 27, 2024 16:25:40.087565899 CEST | 443 | 49725 | 23.41.168.139 | 192.168.2.6 |
Sep 27, 2024 16:25:40.087691069 CEST | 49725 | 443 | 192.168.2.6 | 23.41.168.139 |
Sep 27, 2024 16:25:40.089586020 CEST | 49725 | 443 | 192.168.2.6 | 23.41.168.139 |
Sep 27, 2024 16:25:40.089766026 CEST | 443 | 49725 | 23.41.168.139 | 192.168.2.6 |
Sep 27, 2024 16:25:40.089819908 CEST | 49725 | 443 | 192.168.2.6 | 23.41.168.139 |
Sep 27, 2024 16:25:40.133497953 CEST | 49725 | 443 | 192.168.2.6 | 23.41.168.139 |
Sep 27, 2024 16:25:40.133516073 CEST | 443 | 49725 | 23.41.168.139 | 192.168.2.6 |
Sep 27, 2024 16:25:40.180368900 CEST | 49725 | 443 | 192.168.2.6 | 23.41.168.139 |
Sep 27, 2024 16:25:40.197491884 CEST | 443 | 49725 | 23.41.168.139 | 192.168.2.6 |
Sep 27, 2024 16:25:40.197675943 CEST | 443 | 49725 | 23.41.168.139 | 192.168.2.6 |
Sep 27, 2024 16:25:40.197726011 CEST | 49725 | 443 | 192.168.2.6 | 23.41.168.139 |
Sep 27, 2024 16:25:40.198582888 CEST | 49725 | 443 | 192.168.2.6 | 23.41.168.139 |
Sep 27, 2024 16:25:40.198599100 CEST | 443 | 49725 | 23.41.168.139 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 16:25:39.084834099 CEST | 57611 | 53 | 192.168.2.6 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 27, 2024 16:25:39.084834099 CEST | 192.168.2.6 | 1.1.1.1 | 0x87b7 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 27, 2024 16:25:39.093945980 CEST | 1.1.1.1 | 192.168.2.6 | 0x87b7 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 16:25:39.807193995 CEST | 1.1.1.1 | 192.168.2.6 | 0x5948 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 16:25:39.807193995 CEST | 1.1.1.1 | 192.168.2.6 | 0x5948 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 16:25:53.514302969 CEST | 1.1.1.1 | 192.168.2.6 | 0x67d0 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 16:25:53.514302969 CEST | 1.1.1.1 | 192.168.2.6 | 0x67d0 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49725 | 23.41.168.139 | 443 | 4412 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 14:25:40 UTC | 475 | OUT | |
2024-09-27 14:25:40 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:25:24 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff651090000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 10:25:25 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 10:25:25 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |