Windows
Analysis Report
Snc2ZNvAZP.pdf
Overview
General Information
Sample name: | Snc2ZNvAZP.pdfrenamed because original name is a hash value |
Original sample name: | 6a638569f831990df48669ca81fec37c6da380dbaaa6432d4407985e809810da.pdf |
Analysis ID: | 1522685 |
MD5: | 0618acfa112b625533434c552da4789f |
SHA1: | 936549949236c17330009a1a2490274fcb836a98 |
SHA256: | 6a638569f831990df48669ca81fec37c6da380dbaaa6432d4407985e809810da |
Tags: | pdfUAC-0099user-JAMESWT_MHT |
Infos: | |
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 1548 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\S nc2ZNvAZP. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 940 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5168 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 56 --field -trial-han dle=1508,i ,139648822 3061379322 4,81974440 7081509534 8,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
26% | ReversingLabs | Document-PDF.Exploit.CVE-2023-38831 | ||
18% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
windowsupdatebg.s.llnwi.net | 87.248.205.0 | true | false |
| unknown |
x1.i.lencr.org | unknown | unknown | false | unknown | |
18.31.95.13.in-addr.arpa | unknown | unknown | false | unknown | |
50.23.12.20.in-addr.arpa | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.56.162.185 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1522685 |
Start date and time: | 2024-09-30 15:30:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 23s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Snc2ZNvAZP.pdfrenamed because original name is a hash value |
Original Sample Name: | 6a638569f831990df48669ca81fec37c6da380dbaaa6432d4407985e809810da.pdf |
Detection: | MAL |
Classification: | mal48.winPDF@15/27@4/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.144.73.197, 107.22.247.231, 34.193.227.236, 18.207.85.246, 162.159.61.3, 172.64.41.3, 87.248.205.0, 2.23.197.184, 2.19.126.143, 2.19.126.149
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Time | Type | Description |
---|---|---|
09:31:26 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.56.162.185 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
windowsupdatebg.s.llnwi.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.201227800768069 |
Encrypted: | false |
SSDEEP: | 6:PIuYQDB+q2P92nKuAl9OmbnIFUt82IuYQ5Zmw+2IuYQtVkwO92nKuAl9OmbjLJ:Pi4Mv4HAahFUt82iK/+2i25LHAaSJ |
MD5: | EB6124A28368DF7B3C141F1B93ECD40C |
SHA1: | 0162D8842ED8F31BF3EB1D9F93D330895C5B26BE |
SHA-256: | 4B8DD6CF3045C1D05EDD9A5CBA3966E6796ADB9BE02A0BA9C9178D3B7D90E7F9 |
SHA-512: | F873EBDBEFFE15D8D7EE82980CEF1098DA9BEF29EB4CA49A5EFF7B744ECDB3EA1EDAC36E83266483B94E9C8C81258C7444D8567E1D98EB0CBC5F54D263563FBC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.201227800768069 |
Encrypted: | false |
SSDEEP: | 6:PIuYQDB+q2P92nKuAl9OmbnIFUt82IuYQ5Zmw+2IuYQtVkwO92nKuAl9OmbjLJ:Pi4Mv4HAahFUt82iK/+2i25LHAaSJ |
MD5: | EB6124A28368DF7B3C141F1B93ECD40C |
SHA1: | 0162D8842ED8F31BF3EB1D9F93D330895C5B26BE |
SHA-256: | 4B8DD6CF3045C1D05EDD9A5CBA3966E6796ADB9BE02A0BA9C9178D3B7D90E7F9 |
SHA-512: | F873EBDBEFFE15D8D7EE82980CEF1098DA9BEF29EB4CA49A5EFF7B744ECDB3EA1EDAC36E83266483B94E9C8C81258C7444D8567E1D98EB0CBC5F54D263563FBC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.168531686287561 |
Encrypted: | false |
SSDEEP: | 6:PIuYQLRFUSFIq2P92nKuAl9Ombzo2jMGIFUt82IuYQLTFpZZmw+2IuYQLTFpzkwc:PiSFIv4HAa8uFUt82iEFpZ/+2iEFpz5c |
MD5: | 1649FEE822B27573FFDD30BB77DC125F |
SHA1: | DAB1710DC6043D87BCB43E59166484FC0BC595BE |
SHA-256: | 612B02832B03D4A9841CB000A4F86BD41B200F76A59BAD4FDA2BE744BB5C98D8 |
SHA-512: | 5E80F2BC164CE715C8D09885F35D1AF12CCD37111440B519E822772079FD1BD18F74062824020389C62C729D0678CDC3DE080F10BAB26CB3B457D518CEFE175E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.168531686287561 |
Encrypted: | false |
SSDEEP: | 6:PIuYQLRFUSFIq2P92nKuAl9Ombzo2jMGIFUt82IuYQLTFpZZmw+2IuYQLTFpzkwc:PiSFIv4HAa8uFUt82iEFpZ/+2iEFpz5c |
MD5: | 1649FEE822B27573FFDD30BB77DC125F |
SHA1: | DAB1710DC6043D87BCB43E59166484FC0BC595BE |
SHA-256: | 612B02832B03D4A9841CB000A4F86BD41B200F76A59BAD4FDA2BE744BB5C98D8 |
SHA-512: | 5E80F2BC164CE715C8D09885F35D1AF12CCD37111440B519E822772079FD1BD18F74062824020389C62C729D0678CDC3DE080F10BAB26CB3B457D518CEFE175E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8eab5d25-df59-4b22-87c2-2763ecafac4b.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.049709465655062 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sq2sBdOg2HFgcaq3QYiubxnP7E4T3OF+:Y2sRdsydMHFL3QYhbxP7nbI+ |
MD5: | 22A70DD1593FEE263DC175ABC61D2706 |
SHA1: | F6C9ED97E5721D5DF98D083905FE300209D51737 |
SHA-256: | 832C21D9DBCD77BA3B7E52ED7742A7EAF45AF1A5252B23DF006924DCBB2F23AA |
SHA-512: | EEDA2D95F9E77C316F4EE2C312D073DF0794F375D5B5FE8FE90A8C07AAE0A42F4C1494E70C86BFFCB9017F719D6FDDE4EB8F170F80D125B663D2FFD470E15B2B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.049709465655062 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sq2sBdOg2HFgcaq3QYiubxnP7E4T3OF+:Y2sRdsydMHFL3QYhbxP7nbI+ |
MD5: | 22A70DD1593FEE263DC175ABC61D2706 |
SHA1: | F6C9ED97E5721D5DF98D083905FE300209D51737 |
SHA-256: | 832C21D9DBCD77BA3B7E52ED7742A7EAF45AF1A5252B23DF006924DCBB2F23AA |
SHA-512: | EEDA2D95F9E77C316F4EE2C312D073DF0794F375D5B5FE8FE90A8C07AAE0A42F4C1494E70C86BFFCB9017F719D6FDDE4EB8F170F80D125B663D2FFD470E15B2B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.2358717977233775 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLULqV+E8KIeqVI8Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLO |
MD5: | 427771239E05B9EC7FF5594E11956A4E |
SHA1: | B52A32A969CCECCB47D6FA28891AC8B621EE58CA |
SHA-256: | 505FE0B468C07A2BBCBA51AED9DE303FDC2D6FDFAE3A31584FB4877D2A762793 |
SHA-512: | 8B9C22332A3E3DF4292CF6DE9594435AD44430FE07D99CD9D99BAA9B860B2376275A90167AD580F6FB9DF4E8C470715A4CD1B9FDE4077AC075936027A1596820 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.203600592439998 |
Encrypted: | false |
SSDEEP: | 6:PIuYQ72Iq2P92nKuAl9OmbzNMxIFUt82IuYQ3BZZmw+2IuYQ7HUCPkwO92nKuAlG:Pi82Iv4HAa8jFUt82iOBZ/+2iWP5LHAo |
MD5: | A87C4ABB76BEA10886E5F8B2752C91C4 |
SHA1: | FAE56B3F7BA608389A5391A789DD42B7EB2F916C |
SHA-256: | 69BC13E06294DC88F215D7DBD336F41AE4B15F0EB159E43AEC7C3FDC8A6E9695 |
SHA-512: | 03E9DD15960CC034FEADF3D59ACAB9D3C1225EA0D72FF3AF3A44B3AB6C6526065EF07811B6269F054DE68A36BCAE8C6FE4DF65A7009DFE7EF13975962E641F0B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.203600592439998 |
Encrypted: | false |
SSDEEP: | 6:PIuYQ72Iq2P92nKuAl9OmbzNMxIFUt82IuYQ3BZZmw+2IuYQ7HUCPkwO92nKuAlG:Pi82Iv4HAa8jFUt82iOBZ/+2iWP5LHAo |
MD5: | A87C4ABB76BEA10886E5F8B2752C91C4 |
SHA1: | FAE56B3F7BA608389A5391A789DD42B7EB2F916C |
SHA-256: | 69BC13E06294DC88F215D7DBD336F41AE4B15F0EB159E43AEC7C3FDC8A6E9695 |
SHA-512: | 03E9DD15960CC034FEADF3D59ACAB9D3C1225EA0D72FF3AF3A44B3AB6C6526065EF07811B6269F054DE68A36BCAE8C6FE4DF65A7009DFE7EF13975962E641F0B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240930133117Z-162.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.0789035995639276 |
Encrypted: | false |
SSDEEP: | 96:PWBMM1MMWMWMMEMM9WMI0CuMaMMMQ4MM4iMOMMMMLMsMMMMMMMMM8MMMMM9M9Mny:Upmy1oeQN |
MD5: | E317AB21DF717AA81B96FAF5DC1B7B17 |
SHA1: | 951088DF72E8217EA0DFA82C62623153F86D7267 |
SHA-256: | C029EED18F5827062A659CD0CB2EF65BDB97918638DE86E8B4496C1C8CE626E5 |
SHA-512: | 86AE91395D3DEDA6160DF16E73E2EE44018C877305408603436024980C8C1AE656771F54A081D25011A3D0351B355A73F0431613B9BF12A2342DF02D6CF241AD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7386214950254373 |
Encrypted: | false |
SSDEEP: | 3:kkFklHcsY2+M1fllXlE/HT8k7vJtNNX8RolJuRdxLlGB9lQRYwpDdt:kKDsb+9T8yvRNMa8RdWBwRd |
MD5: | 4C70BD37AE8467597F8ABA4D7B8B50F9 |
SHA1: | 7E49697C710C07D85C7F06049B96A04E5A165425 |
SHA-256: | D168CE96C1773A9740370B947768A8B3FB8030CC7A4B48DC7C031E913C8AE8A5 |
SHA-512: | 11B257DF45D8ADBC9A16603C7B6987A83903F47C6C065FCF10C41FCB1EC577A840B3A0095B78718732AA2B429804BF7C79420D4A39F1BC24BB279B0F85F621BC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 290 |
Entropy (8bit): | 2.9844219596585932 |
Encrypted: | false |
SSDEEP: | 6:kKcN9Usw9L+N+SkQlPlEGYRMY9z+4KlDA3RUe/:E0D9LNkPlE99SNxAhUe/ |
MD5: | 7EE0A696A2196781FEA88DB74D7A4C75 |
SHA1: | 19B5CB23BCABEFD9630E3DAD798A18D76F6BED37 |
SHA-256: | F2709A9A07E5DE6F8FBA023BC56F8AF50A728108B74B7F2A47BA5314C0F3EC23 |
SHA-512: | CE38B60E22AD19239D2B980E36DF541F8A9713212D3EB49DAD3B6B4655196E212AD821BFD99D55D032B54FE50F92F98F67B11069F2C020E9164EA80E6E6FA39A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2145 |
Entropy (8bit): | 5.069944314470619 |
Encrypted: | false |
SSDEEP: | 24:YFudlY3QJGm27XHZ2LSCt7aZna0TNpnayGZmmuBJvbZW4xCZqu20Z+nZO8ZMCCD/:YvAwmWXZYEtoitbRCwu20wD+JliWxao |
MD5: | 5C430AFE953D7A85E7F0EA9E1E820238 |
SHA1: | E3B17FBE108694B1A17FC005F16D1D69DA8B79DD |
SHA-256: | 9F234B8D3C9FD47E01F5F22F5F013F656E0E1F62BBF17A5173CE2A9E57E79AA5 |
SHA-512: | 4C94521482522B56FCA8A8D3B0120EC6CAD637B30D7C9DBD2CC2F5D37748F0207C66D11C87F391A71CD0BAA208F128DDE0471150A50FB3E1E90D415A5AA6135D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9845526902019429 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spm04zJwtNBwtNbRZ6bRZ4Z0F:TVl2GL7ms6ggOVpUzutYtp6P/ |
MD5: | 4DF389B122A052A825F279EF63DDC8DF |
SHA1: | 66907CD7EB7DD45E778600E9EB4AC911FC8F5D29 |
SHA-256: | 8752D670BC7C5E04AD56E94F04BE50C25255905F3F433E50506C7928F484A94C |
SHA-512: | DB5178426AFBF4AD7401FC43ACF69A7355FCCE629FA3CABA6764EB7D4651E44DD163D600F876E465A66A128DD520FF0C641591C9EA189110DC4D9DCA5844C818 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3386742118875912 |
Encrypted: | false |
SSDEEP: | 24:7+t+AD1RZKHs/Ds/Spm0PzJwtNBwtNbRZ6bRZWf1RZKgqLBx/XYKQvGJF7ursp:7M+GgOVprzutYtp6PMBqll2GL7msp |
MD5: | 5A52F665304F291E7C63363B47235AB7 |
SHA1: | 0B7F67FF861DC32BECBCE7C9461A34612EEF60D8 |
SHA-256: | 7A0318F0BC1E91D6613DD26BAA1BFD3AFF97F6095399D871FC14998391918C2C |
SHA-512: | 21B1E022CACE5A28C70947B5A28FB3F044A3D7A10E4772D1EA064DFFB33490D3F0B2380518DABF0B0166CD8A0689A2F31B019235CFD928533544130F5181AC33 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5309417490522437 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K87eEle:Qw946cPbiOxDlbYnuRKIO |
MD5: | 81F3067F72FA97A080A9DA4DCC2BE235 |
SHA1: | 474AF4F8C75D4C44618B481EF72022C64DE76D19 |
SHA-256: | DF6947CEAF54B53A0137A93BF6F13655BFF58DECFB3B8D7C8BA0C2EB8D19D9F0 |
SHA-512: | 156AD9A03B6D463146BB94660EE04BD7119EF55A093A523F1BF65CE7ED53E073F585467D37F7F5BE43FABCFF9589265E6878F83C95E2580FABDEFEE4FCE667E4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-30 09-31-15-663.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16575 |
Entropy (8bit): | 5.326428343566159 |
Encrypted: | false |
SSDEEP: | 384:lUgVIERmNFGmtjLCO2FyciRAwc3+NqSJGZYUyqaG2I1Pl0m1NC9Uq1q/mkmPS77f:aZkj |
MD5: | 38E3CDAD7029B838EA0DE6E255E7CD0B |
SHA1: | D669AE00A83C15FB4745AD33B7ED1023BAE7D3FD |
SHA-256: | F5F8319CED0C0AE0793D8C7360A1A15BA369159C53F4CF8F712683797A455105 |
SHA-512: | CFDF48C0C987AD6A89CB353FE5C12141E0932C037DEE83C4D193F14FD91A201B106A019485A98AD4D2C097B05B77D8B7659B084B761465D10F9E58530224768B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.4025884601004 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbU:Q |
MD5: | D197165179B0F4BC8CB8774E56D9F47A |
SHA1: | CA5DE3BDCD5C86F2B030CCBCD1B4658C080D0C08 |
SHA-256: | D5B44E3C6BB5C300FF089A85577AB7E2AC6FC63B8EECC741DBDCF62E4796A6BE |
SHA-512: | 07D8C2E56A137031CD4659B093D8996191A536E02CABF84FA20F64436247206F6BF4E3128BA4B74D88548BA6E7972C934C51E1B17B8985D66292B2708930E677 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xTKdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07VYIGNPpeWL07oYGZd:JTa3mlind9i4ufFXpAXkrfUs05ZGeWLH |
MD5: | 9118F75A14E6F0569B9E0A0575A1F536 |
SHA1: | 39B4826A013612F9DB0F09C64FD3A392E74DA113 |
SHA-256: | 92D79BD93488EBA7061D7839078DCBE5BF331287B696703DAF1A4D7586D486B0 |
SHA-512: | 7C81536196CE424F9B99AD108CFA5C28552ED56E449DF90C2A8AE754AE746BFAF1EDF98BE41641725A3F8F677CD910786BDA6FE8A39CB574CDA9BEACDB5D5D0F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121D1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9UZ2BYCERDSWB4:O3Pjegf121DMNB1DofjgJJJJm942uS84 |
MD5: | 07C722EDEB2A1639D380711F2FB4E022 |
SHA1: | 5F1C4C0EF8B9C061212335F860020218A8E4C2E4 |
SHA-256: | BD873E5A50392F405BDD0C7B8C74BD0E75D90A16378C40CF356AD2C672C1C1A1 |
SHA-512: | BD1C1F7AFCF82535F6E48595665C629E9C313B54BF7ACB31D1E80D4F5B50DEBDD922409DD38D954A0173E65CC6FCBDF4364E29B2DDCB29476050576EBBB0091C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/VRaWL07oXGZ4YIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:tRaWLxXGZ4ZGh3mlind9i4ufFXpAXkru |
MD5: | 41034A6B023B6BB9C723DA146E190954 |
SHA1: | 22C95166FF8A1C4D2AAC25B75D804CEBAAA6ACF2 |
SHA-256: | 52BB8B0CA62248721986D650004C11ACCB0C988B6FBA645D9B4E3557CA87A15D |
SHA-512: | 6F8CD54BBB750E32FEBD78895F433CCF0C553C56E6B7DDEA03E3EA36ED283084CF6EA6FA8999162999D184B0F04B6E6DAB7F6FC27648EE517F744D7E8DBC8AAD |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.993181922357384 |
TrID: |
|
File name: | Snc2ZNvAZP.pdf |
File size: | 478'602 bytes |
MD5: | 0618acfa112b625533434c552da4789f |
SHA1: | 936549949236c17330009a1a2490274fcb836a98 |
SHA256: | 6a638569f831990df48669ca81fec37c6da380dbaaa6432d4407985e809810da |
SHA512: | 84d7f7dea8d5024b0d3a3122929a214714c6f39d385e02dba6f1b1cb809ae7758057d58573db943fda5f4d5cb59da923a96e3ac9bfd9d190a7faba5fd1916fd8 |
SSDEEP: | 12288:Ni6pVq/1b87VQSRyECTR0dmvUStTx5agyHxMuyLctd8t:U6ytSROTGVuTx+LPe |
TLSH: | A2A4222402C95DFDFA654B62CB2B7D3E652CFAD82DC9E99103B9C71B4040A1FC1B9993 |
File Content Preview: | %PDF-1.5..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 38 0 R/MarkInfo<</Marked true>>>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 35 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 1 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.5 |
Total Entropy: | 7.993182 |
Total Bytes: | 478602 |
Stream Entropy: | 7.995290 |
Stream Bytes: | 467751 |
Entropy outside Streams: | 5.133733 |
Bytes outside Streams: | 10851 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 56 |
endobj | 56 |
stream | 13 |
endstream | 13 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 2 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 30, 2024 15:31:26.338023901 CEST | 49720 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 30, 2024 15:31:26.338068962 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.5 |
Sep 30, 2024 15:31:26.338128090 CEST | 49720 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 30, 2024 15:31:26.338591099 CEST | 49720 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 30, 2024 15:31:26.338604927 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.5 |
Sep 30, 2024 15:31:26.887036085 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.5 |
Sep 30, 2024 15:31:26.887527943 CEST | 49720 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 30, 2024 15:31:26.887557030 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.5 |
Sep 30, 2024 15:31:26.889075994 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.5 |
Sep 30, 2024 15:31:26.889141083 CEST | 49720 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 30, 2024 15:31:26.920437098 CEST | 49720 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 30, 2024 15:31:26.920589924 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.5 |
Sep 30, 2024 15:31:26.921030045 CEST | 49720 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 30, 2024 15:31:26.921047926 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.5 |
Sep 30, 2024 15:31:26.971039057 CEST | 49720 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 30, 2024 15:31:27.050411940 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.5 |
Sep 30, 2024 15:31:27.050492048 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.5 |
Sep 30, 2024 15:31:27.050554991 CEST | 49720 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 30, 2024 15:31:27.050996065 CEST | 49720 | 443 | 192.168.2.5 | 23.56.162.185 |
Sep 30, 2024 15:31:27.051018953 CEST | 443 | 49720 | 23.56.162.185 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 30, 2024 15:31:25.927217960 CEST | 55552 | 53 | 192.168.2.5 | 1.1.1.1 |
Sep 30, 2024 15:31:40.940746069 CEST | 60711 | 53 | 192.168.2.5 | 1.1.1.1 |
Sep 30, 2024 15:31:41.959541082 CEST | 53 | 52323 | 162.159.36.2 | 192.168.2.5 |
Sep 30, 2024 15:31:42.548789024 CEST | 56587 | 53 | 192.168.2.5 | 1.1.1.1 |
Sep 30, 2024 15:31:42.556227922 CEST | 53 | 56587 | 1.1.1.1 | 192.168.2.5 |
Sep 30, 2024 15:31:44.223201036 CEST | 58838 | 53 | 192.168.2.5 | 1.1.1.1 |
Sep 30, 2024 15:31:44.231276989 CEST | 53 | 58838 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 30, 2024 15:31:25.927217960 CEST | 192.168.2.5 | 1.1.1.1 | 0x95d7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 30, 2024 15:31:40.940746069 CEST | 192.168.2.5 | 1.1.1.1 | 0x2e23 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 30, 2024 15:31:42.548789024 CEST | 192.168.2.5 | 1.1.1.1 | 0xc60d | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false | |
Sep 30, 2024 15:31:44.223201036 CEST | 192.168.2.5 | 1.1.1.1 | 0xa272 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 30, 2024 15:31:25.032047987 CEST | 1.1.1.1 | 192.168.2.5 | 0xc50e | No error (0) | 87.248.205.0 | A (IP address) | IN (0x0001) | false | ||
Sep 30, 2024 15:31:25.934405088 CEST | 1.1.1.1 | 192.168.2.5 | 0x95d7 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 30, 2024 15:31:40.949193954 CEST | 1.1.1.1 | 192.168.2.5 | 0x2e23 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 30, 2024 15:31:42.556227922 CEST | 1.1.1.1 | 192.168.2.5 | 0xc60d | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false | |
Sep 30, 2024 15:31:44.231276989 CEST | 1.1.1.1 | 192.168.2.5 | 0xa272 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49720 | 23.56.162.185 | 443 | 5168 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-30 13:31:26 UTC | 475 | OUT | |
2024-09-30 13:31:27 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:31:12 |
Start date: | 30/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 09:31:13 |
Start date: | 30/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 09:31:15 |
Start date: | 30/09/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |