Windows
Analysis Report
Paychex Direct Deposit Form (02 2024)..pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- Acrobat.exe (PID: 5772 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\P aychex Dir ect Deposi t Form (02 2024)..pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6956 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7100 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 64 --field -trial-han dle=1548,i ,771568016 486475644, 2400619360 177338759, 131072 --d isable-fea tures=Back ForwardCac he,Calcula teNativeWi nOcclusion ,WinUseBro wserSpellC hecker /pr efetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.195.76.153 | unknown | United States | 2914 | NTT-COMMUNICATIONS-2914US | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1523645 |
Start date and time: | 2024-10-01 21:53:31 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Paychex Direct Deposit Form (02 2024)..pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@15/48@3/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 199.232.214.172, 184.28.88.176, 52.202.204.11, 54.227.187.23, 23.22.254.206, 52.5.13.197, 162.159.61.3, 172.64.41.3, 2.23.197.184, 2.19.126.149, 2.19.126.143
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Paychex Direct Deposit Form (02 2024)..pdf
Time | Type | Description |
---|---|---|
15:54:17 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.195.76.153 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AsyncRAT, Neshta | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Captcha Phish | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
NTT-COMMUNICATIONS-2914US | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.248494198680827 |
Encrypted: | false |
SSDEEP: | 6:buSQ+q2PRN2nKuAl9OmbnIFUt8aXcQgZmw+aXcQQVkwORN2nKuAl9OmbjLJ:tVvaHAahFUt8E/g/+E/I5JHAaSJ |
MD5: | 50E8BA2520DEC8F0223FC48CB7A90806 |
SHA1: | 1C883FA5BD270E7567E5EF1C0F424596F3F4B708 |
SHA-256: | F469A04C6C9D96B7BB0F3CD52E4615608CC4654CAEAEA9E404592CB79A15731E |
SHA-512: | 200D49D4CF2C57265248FA6D31AE4B56D73421D96A4F519C5C28AD04E91205BACCE2DA7B1A1DC8F011384C8157C982E45008003F063CD14B5B97A76DE59348E3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.248494198680827 |
Encrypted: | false |
SSDEEP: | 6:buSQ+q2PRN2nKuAl9OmbnIFUt8aXcQgZmw+aXcQQVkwORN2nKuAl9OmbjLJ:tVvaHAahFUt8E/g/+E/I5JHAaSJ |
MD5: | 50E8BA2520DEC8F0223FC48CB7A90806 |
SHA1: | 1C883FA5BD270E7567E5EF1C0F424596F3F4B708 |
SHA-256: | F469A04C6C9D96B7BB0F3CD52E4615608CC4654CAEAEA9E404592CB79A15731E |
SHA-512: | 200D49D4CF2C57265248FA6D31AE4B56D73421D96A4F519C5C28AD04E91205BACCE2DA7B1A1DC8F011384C8157C982E45008003F063CD14B5B97A76DE59348E3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.162567411765347 |
Encrypted: | false |
SSDEEP: | 6:bB4q2PRN2nKuAl9Ombzo2jMGIFUt8asUS3JZmw+ajpDkwORN2nKuAl9Ombzo2jM4:mvaHAa8uFUt8rUSZ/+MZ5JHAa8RJ |
MD5: | B6EEB2BBED329E12F13ECCFFF9B04D5E |
SHA1: | 02586123E0318E8B972AEFAA92FF13AF17E8E851 |
SHA-256: | 12754C1F9DDB45CF2E830494DE9F4626119D1536892BCB035B0AB77EBC0C8DB6 |
SHA-512: | 425C753456A9FA09E0E43FE8EF1B6DE5027C1BAD781DEE96FDEF1CD45159951CEC10C29C0D29735991B85EABAA019800C1BC101F78FF405FEC0539C4973CC585 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.162567411765347 |
Encrypted: | false |
SSDEEP: | 6:bB4q2PRN2nKuAl9Ombzo2jMGIFUt8asUS3JZmw+ajpDkwORN2nKuAl9Ombzo2jM4:mvaHAa8uFUt8rUSZ/+MZ5JHAa8RJ |
MD5: | B6EEB2BBED329E12F13ECCFFF9B04D5E |
SHA1: | 02586123E0318E8B972AEFAA92FF13AF17E8E851 |
SHA-256: | 12754C1F9DDB45CF2E830494DE9F4626119D1536892BCB035B0AB77EBC0C8DB6 |
SHA-512: | 425C753456A9FA09E0E43FE8EF1B6DE5027C1BAD781DEE96FDEF1CD45159951CEC10C29C0D29735991B85EABAA019800C1BC101F78FF405FEC0539C4973CC585 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\103f993c-462e-4330-9d03-98934c66b985.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF551196.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a94c4a4e-cc78-4f50-a0fa-53ed2510b9b5.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.982730477568236 |
Encrypted: | false |
SSDEEP: | 12:YHO8sq7sBdOg2Hctcaq3QYiubrP7E4T3y:YXsBdMHP3QYhbz7nby |
MD5: | FD135EE5000A9D160BFCA73E94FD533B |
SHA1: | 6CB192B81D8CCA13EBDDD42BCD8B6671219CEFCC |
SHA-256: | 630B76834F66A06D3ADB4DB3BFD5478EA503063A29BAD539B7EE987F0BFBD616 |
SHA-512: | 7E8A0BCF181E36B19B8C2E71CE43DB622BBEE3457841CB1C331B2510DF913ECFFD0E5C31E1750A5A82AC38D8E111710B6D8CF178A9010F2901EBE821A875D75A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.228721159610316 |
Encrypted: | false |
SSDEEP: | 96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xe0NvN:OLT0bTIeYa51Ogu/0OZARBT8kN880NvN |
MD5: | 2129732290B1AFA7EDDAF6811630BEB9 |
SHA1: | 0F7A66DC35F66F39B8665DE3D8FDAF8C28B1DB7D |
SHA-256: | 2BF787A81F9939FB013518507B112F0E7B6E435338F5D11DFB752E644F2E25A7 |
SHA-512: | 8B35F26741EE1FDDD96A8620A20851F919CBF3D31A7AC121EF624F740E30FEDA4E13DB1D5DF13B8B9BED206674222BCDE585C92DECB853117BC6E46915FCC2D1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.160234598013847 |
Encrypted: | false |
SSDEEP: | 6:b9534q2PRN2nKuAl9OmbzNMxIFUt8ahDJZmw+ajDDkwORN2nKuAl9OmbzNMFLJ:ZKvaHAa8jFUt8A/+WX5JHAa84J |
MD5: | 4FF77E6200D86700DAD1479DBAEEF34B |
SHA1: | 8A08AE8F10D1173D5070BA6AF1F4395465564E65 |
SHA-256: | B0F19562DEB25B9A388B0642EDCD01D4DAC4481A2FD3F2BEA17F2B284E9C8A0F |
SHA-512: | D902B18A12D6109190BC5A04706F04335BF9E8C585B95907269A7F14AA030A7892DFA188C2D380F56224E61065FD3832CC1CE1FD8982C854FEDFF66D137D976E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.160234598013847 |
Encrypted: | false |
SSDEEP: | 6:b9534q2PRN2nKuAl9OmbzNMxIFUt8ahDJZmw+ajDDkwORN2nKuAl9OmbzNMFLJ:ZKvaHAa8jFUt8A/+WX5JHAa84J |
MD5: | 4FF77E6200D86700DAD1479DBAEEF34B |
SHA1: | 8A08AE8F10D1173D5070BA6AF1F4395465564E65 |
SHA-256: | B0F19562DEB25B9A388B0642EDCD01D4DAC4481A2FD3F2BEA17F2B284E9C8A0F |
SHA-512: | D902B18A12D6109190BC5A04706F04335BF9E8C585B95907269A7F14AA030A7892DFA188C2D380F56224E61065FD3832CC1CE1FD8982C854FEDFF66D137D976E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241001195409Z-161.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 4.011493886219743 |
Encrypted: | false |
SSDEEP: | 1536:BxW9WVjbAJ3qTYqLfnAkCdibYUcVfq8VCFgv/z:JI/z |
MD5: | 25E433DF39140B90CE3568B83D27B082 |
SHA1: | 59FA52FD981E700EAC1043D9B8151F146DFD5351 |
SHA-256: | 561C71CEF9ED5F70158D76D7C53840CA2E0A682B2DED9216289CFA8B4BBAB698 |
SHA-512: | 51557A568F687E79640BB01CA5135BDE377AF547501E94423FEDD352846055386C4B7E8509177D23B206C765CCD85386ACCFF20440804AFAA6218E444E48DBC2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | 192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2151299752804894 |
Encrypted: | false |
SSDEEP: | 24:7+tzMqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+Zw:7MQqLmFTIF3XmHjBoGGR+jMz+Lh9 |
MD5: | BD7FF890485AA07CB4FBC63E6846E9F5 |
SHA1: | BC8B13176E7EA75D7988EE12347B0C32725EB597 |
SHA-256: | 12637FF55BB14942F01BAB466E3B0055D9FB6E47425E4AF17C582B7D3933449E |
SHA-512: | 01C513531A9F302FE37F3AF7F776BB0669E611FF29B39F89D7B0C34F8E1648487FA41DF7145865D7C72A0BE8DA851CC47B28D7355B29D0B487C04C3C20574845 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | 3:kkFklc7ej/XfllXlE/HT8k1lltNNX8RolJuRdxLlGB9lQRYwpDdt:kKFabIT8GNMa8RdWBwRd |
MD5: | 2506CFF79027CA4978975E251A058E9D |
SHA1: | FAB640DAB2F83DAE09C7095F60A40863C93887A2 |
SHA-256: | 476F9C067F3780EDF79D754A131837D703E76B34A671862A2A39E175AE6CD930 |
SHA-512: | F2529FB1458333E4BCE2F1D8D9CD5BB2380842F2225956AFEA0C9E250DF4BAC2B36B64E883A3EA13928531A5436402C88FF2EDCDDE3AD23E75EE5B9F39F6B18F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.2539954282295116 |
Encrypted: | false |
SSDEEP: | 6:kK3W99UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:fWkDImsLNkPlE99SNxAhUe/3 |
MD5: | 0A693CA99DAF036912FBB716248DA01B |
SHA1: | E438442E1E6458E573ACA3E650255C330C996A95 |
SHA-256: | 221330490CC23522A82CF4D5CEA5E63B95F1AA5C105EDDD62875D0046149150D |
SHA-512: | 35F5EA98EE3C1D23193F1F69AFF934BD11C02AE8A0D11D3709461A7CABD75235350763363073879D89EBDBDEE3E8107BD73A533788CB64365C499250A5C86CC7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3849460183572635 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH+Dmgune5IRR4UhUR0YxT2xoAvJM3g98kUwPeUkwRe9:YvXKXeNueWRuUhUUOGMbLUkee9 |
MD5: | A0332CE325B5FDC31AF94F8098186672 |
SHA1: | 4E4DD1DDFE3519B9376EC343E540064C2FCDAF0C |
SHA-256: | 81905CA0D61AB1EF1BCF6F2F47F48244B6FFF9A469C3C0410B95278DFED572A4 |
SHA-512: | 2C612240D89622D9E3BEDFF108165A717C3B3CAB72E556C79BD493A5B5A10C79106E7B26B1A1697474AAA9471DC95A3D4CDB5F7BB1B431B9A47F2AD633E3EB48 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.332082654476942 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH+Dmgune5IRR4UhUR0YxT2xoAvJfBoTfXpnrPeUkwRe9:YvXKXeNueWRuUhUUOGWTfXcUkee9 |
MD5: | 5D3E924D42894EAA9CFFB796A5F75FF3 |
SHA1: | C56D5AD63AEC3B9210D31C7A14A832BAA114FA42 |
SHA-256: | 303467434923E3F628DFE427168A2C08430AAF534D70700432D6AB5F1AA73DD9 |
SHA-512: | 6D65D5AE31BD1CDB26C338F9546F9BC95366626428698201D92B3DAF292D7562647C36EBB82452AF0FFA38BAC4E0EB4E37961B2589C1B8CDDA9E3D87CC8AE968 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.311350448391612 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH+Dmgune5IRR4UhUR0YxT2xoAvJfBD2G6UpnrPeUkwRe9:YvXKXeNueWRuUhUUOGR22cUkee9 |
MD5: | 5ECD346D168A92F9D44D7AE6C2746C38 |
SHA1: | A9A4D11FB376F0C5AFE4214FC4095A698ECE526B |
SHA-256: | 3ADD90BD4FAD459BBA7558EFB3BEE116C313C3F39A73B5957B4D222E70084993 |
SHA-512: | 73DF74D9FCAF96B86BC8351176E546958C2319D2B1F5AFBFC732AD4F9E3D09D3827EBDA73D65D642ED0AEDA5767E8ACE218F82B36E953667CFCDD1830E009398 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.374083492432998 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH+Dmgune5IRR4UhUR0YxT2xoAvJfPmwrPeUkwRe9:YvXKXeNueWRuUhUUOGH56Ukee9 |
MD5: | 36589E1938185CE36D0292AC351782B1 |
SHA1: | BD8392907ADC2F4BEDE729F46C9063ADDD8B0293 |
SHA-256: | E7FF45AC33E79FA419357FC2F41DD61776E19F55187B459C77BFA2EBD044AC2F |
SHA-512: | E92BDD72FCD4A87A556EDB02D0DFC2CEDAA57173A8CB0772F6D153D585D2FB7CF5B60D586CD1D0911F2B907E6731A649D5ABF6D5E88A660786322356C0FC777C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.66854896886274 |
Encrypted: | false |
SSDEEP: | 24:Yv6XeN0UU7pLgEFqciGennl0RCmK8czOCY4w2d:Yvp0UIhgLtaAh8cvYvW |
MD5: | 75AF59E3AF009C3A4AA138A1E281D8C0 |
SHA1: | C0090FB4D1657DE06AC8664469199514A745EDB3 |
SHA-256: | 95DC6185987378D1B3F16212A664CF622B7753B2E3876921E8B9EF9F31D50699 |
SHA-512: | 56508A7197C71C12C1FF44AFDEC920C0A04F7E93CA7B37C97EA99F59A09F21B0685760DA4911B79BFDF80302B7197EC88D1F11222589AEEAEB8EEB659C9DE624 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.654877471493323 |
Encrypted: | false |
SSDEEP: | 24:Yv6XeN0UU3VLgEF0c7sbnl0RCmK8czOCYHflEpwiVd:Yvp0UaFg6sGAh8cvYHWpw4 |
MD5: | 9ABE4D44B1BED86ECD4FC04596DDF93B |
SHA1: | 5B74520E79351773216237B50BA349A3E1CE6110 |
SHA-256: | F6D960CA2976FDF2EAF855FD0EBBE9BA246C035EAF662861FFD389199C313F31 |
SHA-512: | 4A855FC2904CF3AEC82BA7D584DC790B4F4FC022DD1BF97FBB008D17EF05485A31A022FB0E8F8B4CA852338A1E53E3E1326FE43813F8E501BE5194F830254C41 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.322823448059287 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH+Dmgune5IRR4UhUR0YxT2xoAvJfQ1rPeUkwRe9:YvXKXeNueWRuUhUUOGY16Ukee9 |
MD5: | 12F171F2B758A40888DBAF9CF3FDDF27 |
SHA1: | 122CE12D66375703043CF61F3435972E1ED171B6 |
SHA-256: | 87AB153600E93213C14C3F672D645B8AA12AFD350E2EC2C94ADDD8847B57DD20 |
SHA-512: | 723D40C7C431FB501BB105570635A76B683E22DCB7363BE77C3F7F129F1B95BBA950728545700E1FC58C6F7DB576D168C2592EB55756638677A0625C12E45FB1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.64938199132539 |
Encrypted: | false |
SSDEEP: | 24:Yv6XeN0UUm2LgEF7cciAXs0nl0RCmK8czOCAPtciBd:Yvp0UHogc8hAh8cvAv |
MD5: | 3B6F405C1E01ED806E0CB88DD8FCF0CE |
SHA1: | 0CC88672312C7E6DF4299673E3A24593ECFB27FC |
SHA-256: | 006E5CF179898EB4DE0DD67C8441FF5B3F795F9D84B5A06EF53CE6B4255474BA |
SHA-512: | 0A23A3C2262322E3953F7856AE985527646A040C706F10522957D57A5DADF32670490302F4B59CEDBC289F86B648A8A0D5D3D5DFA034CF60B6F0CB6086DB0F75 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.699675885010651 |
Encrypted: | false |
SSDEEP: | 24:Yv6XeN0UUKKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5d:Yvp0UrEgqprtrS5OZjSlwTmAfSKz |
MD5: | A20C55B1FC7DE7AE0009A037146746FA |
SHA1: | 6D5B475AA710F3A96436CBA2BDD5C7992CCDCBC3 |
SHA-256: | 77379C1DC93C7B95826BC88399A264C2BF1EBDF3AC4E9EF66B67014663FD4A80 |
SHA-512: | 237776C8031711433B573C79392ECAE90413E4D7E76AE306EC4A921EA2DB101E14EF87BDD4621A415DBA768E213D29A5A71829D62EFC3CD2689D6CB8A5DB091D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.326483433547731 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH+Dmgune5IRR4UhUR0YxT2xoAvJfYdPeUkwRe9:YvXKXeNueWRuUhUUOGg8Ukee9 |
MD5: | 4E5A1EC9CFE9F2037245074FCEA0A1DD |
SHA1: | 6FA998E577E8B3E7BDE7C856F213C3B75BA2289A |
SHA-256: | 372501A2E78B8DC5DCF7217C37F97021016D26B67CAE789D63A64406269385D9 |
SHA-512: | C614C5E0FC06A6A1322D78AB0CE2B93AA175F715358443C570A803848146E4533E6436879C7C2902D34E3BC1EE864BE3DA72CE98C3796D0C3E118F4428057624 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.776771254717294 |
Encrypted: | false |
SSDEEP: | 24:Yv6XeN0UU5rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN1:Yvp0UWHgDv3W2aYQfgB5OUupHrQ9FJz |
MD5: | 0FDD3313BFA57E03D24609D323B0F860 |
SHA1: | F87D5E7199316DA37C3A43B868AC1CD9C1347580 |
SHA-256: | FD8CB98FB9F9B77AF9281A328A860C3DCDE12711664533280685E88D4158605C |
SHA-512: | 7C6C74E103D44F8322042FDA1DC2BB0869C057630B802F887C5C9C7E8DC97D9EE67B47CFA016DE1127F5960D3A0EDA33228B8B4C814258FBDEA0D3A88C3A2154 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.309848514496179 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH+Dmgune5IRR4UhUR0YxT2xoAvJfbPtdPeUkwRe9:YvXKXeNueWRuUhUUOGDV8Ukee9 |
MD5: | 0FC32163CF409EC9ECDBD2B7A802556A |
SHA1: | C8BC28341A7D04C693EA70A84210BF008F9C417C |
SHA-256: | 5DFAAC8DA26682EF9CA3F5BC8DD8491191351129AB7FB230C26E4A5F89A50120 |
SHA-512: | ACE85D362C910EA86DDA1B5A2BA587CAD6D478986300471E129E99C1CF02FAD943EE3CD5471A7101747E20397180BA61DE1E98E97BC2BFF4FE01E32CDEE98D74 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.313282024467963 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH+Dmgune5IRR4UhUR0YxT2xoAvJf21rPeUkwRe9:YvXKXeNueWRuUhUUOG+16Ukee9 |
MD5: | 11C603D17D9D599C151E06BBA755519D |
SHA1: | 4AFB8A12791265B67A7671FB68C6AFBA6A0C89AC |
SHA-256: | 5869B9EA5C4560A4B0AA232C2ADA00CEA0F63F0ED7F268CBB43520BF69226DED |
SHA-512: | 128D794A7F73F5D20BD79B04A7B9C1A4E7B903D10A71AB9E5019A8D363A9CD538ED0FF3D214452B832A609B6AC83900C8D3AD8DC16EA89977655971C18246DB6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.659602973762547 |
Encrypted: | false |
SSDEEP: | 24:Yv6XeN0UU7amXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8Bd:Yvp0UaBguOAh8cv+NK+ |
MD5: | 0A9B9FBF0F4B7C81FECC353DD779F608 |
SHA1: | 09B5E47C280218375AE2D6CE65B41C52C330B70F |
SHA-256: | EF170092BF589CF4122256B055B7C18A729C63FCE852DA2142DB641C05C4ACC7 |
SHA-512: | D6385BCA7962F7C766C754C0377E2E6843B3536B91A874208B22B0665DC3F3A9B4A481FEF824D9922C0934B6303AD382DB4172AAAB37063DFE44DB82D295E0C9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.289606942876119 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXH+Dmgune5IRR4UhUR0YxT2xoAvJfshHHrPeUkwRe9:YvXKXeNueWRuUhUUOGUUUkee9 |
MD5: | C907EB43FFA1BF737D5231FD8DF95074 |
SHA1: | C32E16FFDE8130E627F57CC2F63CEF6A8C3257B1 |
SHA-256: | 7B469287179421D4EBB05C43CDE074F860EAB0D22398FCBE764F8AD0F64BEFED |
SHA-512: | CF6E4CF0C0254CC5D1CFF0BE4303B4FC542688C55ACCC37769D86AB45E960B9852896183BF08A781373421200F66C7388303EB7A8C20168B430CB0C64A13DCB4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.37319178629858 |
Encrypted: | false |
SSDEEP: | 12:YvXKXeNueWRuUhUUOGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWh:Yv6XeN0UUY168CgEXX5kcIfANh4 |
MD5: | 809F7028F684DD3362A11C5B214727A1 |
SHA1: | 8040202644411F67A6397746F146E93FD06A5502 |
SHA-256: | 015A6E33887C7A97FD5267A591635E2A10095E01C08ED3703F3C0257553666CA |
SHA-512: | E14EFEC8A68D8921CAE32D750C822FC09B99C4D28CE69B33F92E0719A08F0B5C6B66F2C1A67ED8A0F1C9337CBE5BF8BCB81AF870DD26810889315C6B9CDD19CA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.124759071876488 |
Encrypted: | false |
SSDEEP: | 24:Y5SQSa0GfayZrsLZ/wTGDC559KPqNTk8WKjjJN2j0SJjSN2yZ2LSLQEja5f9tzun:YUXG7Dsm5YPqNTkb+JCITZpQEjaB9to |
MD5: | 9EB1C32CBC5D51BC63E0DEB275352A71 |
SHA1: | 0A58CB618AC1A59B5E76B9F9647E25A007DB803B |
SHA-256: | A5EA28BBDB376B2D72E42030130407B3F632B4E351B2D42E23A3D1156EE9945A |
SHA-512: | 95BDC0E07273D46436674208E3A2FE59C72DF9766A36EBDA703D2E95C6C915886D0417C23F6358989FD663AFDA860732A77FB255503E4025AF8098E8D80A40E7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.987219109758488 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs67Y9QmQ6Qe1IcLESiAie9F:TVl2GL7ms67YXtrGcI87 |
MD5: | 6F53FFAE7A009D965BA9FDA7FC8C4205 |
SHA1: | 48D0C2AF73CDFE7AE1049796DC9064BB31646E20 |
SHA-256: | 7EF3605A6E92D218EE97453EFFEC5EE0900845CBF80130A900D55152F6083BB4 |
SHA-512: | 1F0BDB43750EBFDD07A8D937509B8AA2D7D7FA374BDE530B09343FB0992D5E13B4FC074FF676310F82D4BA3EABEE51E1F07CB362B642FFA607D6D8058A91EC14 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3440611694572315 |
Encrypted: | false |
SSDEEP: | 24:7+tvASY9QmQ6Qe17cLESiAi0mY9Q+qLBx/XYKQvGJF7ursi:7MvlYXtrhcI8KYrqll2GL7msi |
MD5: | 135C49851614F1EAE07D5D59136F2845 |
SHA1: | 6C06FBF4BAEBFD0A5F5ECB7422F152AC008100B2 |
SHA-256: | 5B400F409177C655E5C1CE798CFEACDCECF58A7AF96A2D8F867983650031D1CA |
SHA-512: | C96FB3679339D6C28DBF8B215EAB0B30160274CFE90A1F842FF9ADAFC6B5AD1776835602808B36F6B4B283BB4613941F4A8519FFD14234F0BD68C765B9737234 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5004142083842487 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K80QRqV7U9H:Qw946cPbiOxDlbYnuRK7Q9H |
MD5: | AB08AB719D3227A62B9C28F91E355C23 |
SHA1: | F38978398453CD3D6B1E815C38C8D725817E8B22 |
SHA-256: | 05419B2E7303CE1B17C831085C8F80533C7625D4CDDCFAD37BC00719C24AAC33 |
SHA-512: | 0800422481224CB7F08A806B694469D5A3C5B1E3CC4BFA370EFA450834C1BD13A3EF4CF4F6F99FE6E3BB1FCD5C73432D3F9C473C48A76B026FD5BFD274B48D1A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 15-54-07-077.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | 384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15111 |
Entropy (8bit): | 5.323591341541535 |
Encrypted: | false |
SSDEEP: | 384:ItZEssNULBeh6PQUuX4jcGn2eBeEm5BfHApl7zjCc+8wvQUpRGvKHwHyf2suhk0x:4BL |
MD5: | 64EA4F074305A2FB396424D3D47CA81B |
SHA1: | AB0A559BAF44768B916B8B5C940A3B8971BB387C |
SHA-256: | 720D1556D59F0E8D28A3D2DECDBE1B5EAF3C4843BA096E414C100905B344C562 |
SHA-512: | D168A430E682306643EEAEFD14731D49FF444D3B7EDDF8A98243534EF2EB73AE488194AF7CD0C5EB9AA064816E3F91BC37E703EF2E218A0996B27846722DD61A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.416813577035107 |
Encrypted: | false |
SSDEEP: | 192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbvBCcbxqIN3cbFqs:fhWlA/TVSB5TNwqs |
MD5: | B57C5AA6C4CCEE458874A0724209F7C6 |
SHA1: | 571E2F2B9E87B4D9CDD252E4B61324DD3DED3391 |
SHA-256: | 3B151B49281E10EBB1881635E0FBC5A2D9DD73B151B35A27433695F567F0A668 |
SHA-512: | 3C6E4E0072F7E6FAA2A97B67A07071FF20F60D3338ECE19864FAC86A81731E379881C9EB60B61C6A088B44641387E4E621942E6A7B3B5E129D33E24B7BB2A857 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m |
MD5: | 774036904FF86EB19FCE18B796528E1E |
SHA1: | 2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16 |
SHA-256: | D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD |
SHA-512: | 9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9Uq:O3Pjegf121YS8lkipdjMMNB1DofjgJJ2 |
MD5: | 10CA6FDFFE6BC68FFF791D3E7104C4CA |
SHA1: | 53C1BAD96D37D31D37A3302EFB838059E2BC8063 |
SHA-256: | F317D901F863D154C87299A0DF6F0BE7699F00CC66CD76F14B7CE1387B7B71DE |
SHA-512: | 653166A4D56BCDFA1CBE1097A4CC0FEA277593B2E554D9FDF5F10A954E8E1260E0CF3185DEAA68E930A5EB74C2FFDDB7066B54CAE4F7F98A79C250115686C8CE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xaWL07oXGZGwYIGNPJwdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JaWLxXGZGwZGM3mlind9i4ufFXpAXkru |
MD5: | 0A347312E361322436D1AF1D5145D2AB |
SHA1: | 1D6C06A274705F8A295F62AD90CF8CA27555C226 |
SHA-256: | 094501B3CA4E93F626ABFCAE800645C533B61409DC3D1D233F4D053CE6A124D7 |
SHA-512: | 9856C231513B47DD996488DF19EEE44DBB320E55432984C0C041EF568B6EC5C05F5340831132890D1D162E0505CA243D579582EDB9157CF722A86EC8CE2FEAFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.95901389237863 |
TrID: |
|
File name: | Paychex Direct Deposit Form (02 2024)..pdf |
File size: | 223'383 bytes |
MD5: | 08eadc77f3722a16ef5fd1b74f1836ba |
SHA1: | aa5b360b614821872f0aecc3dda6d3f40ccf1ffb |
SHA256: | 3e8b33ffbd977c14bca8e21f80cc46ab0820da8209a529fd95ab7eeaf2d5235e |
SHA512: | bb0daf43adc85eec92d026244007e3a37db12c917a2225a380c9b8716b712243e00a61b0260cba77e12d20457fe1b10fa542f8aaf69cf221d2559765708ad78f |
SSDEEP: | 3072:q6OEkcPcELj3QDv6CRTBBBBBBBZrEA2f+d31o2FXhfXFL90P2NUi0nJwT3r0:HTjtZCRTBBBBBBBZF2mzNxfFWP2qp270 |
TLSH: | B124023DB91B0D7CCB6B417911360BCAD8A23414EF29A97F26D52BD2274C6533A3B817 |
File Content Preview: | %PDF-1.7.%......4 0 obj.<</E 222737/H [ 783 147 ]/L 223383/Linearized 1/N 1/O 6/T 222955>>.endobj. .26 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[( |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.959014 |
Total Bytes: | 223383 |
Stream Entropy: | 7.959739 |
Stream Bytes: | 220913 |
Entropy outside Streams: | 5.204942 |
Bytes outside Streams: | 2470 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 17 |
endobj | 17 |
stream | 14 |
endstream | 14 |
xref | 0 |
trailer | 1 |
startxref | 2 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 2 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
12 | 0c5f7d4f6f697177 | fd0fb10e8771b862138903271ba4514d | |
14 | 0000000000000000 | b86e81b9dc937f998b0e51e928a4bcf3 | |
15 | 0000000000000000 | f7b4157772c43fe223075c5f0d3d8dfc |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 1, 2024 21:54:17.981360912 CEST | 49712 | 443 | 192.168.2.16 | 23.195.76.153 |
Oct 1, 2024 21:54:17.981405973 CEST | 443 | 49712 | 23.195.76.153 | 192.168.2.16 |
Oct 1, 2024 21:54:17.981551886 CEST | 49712 | 443 | 192.168.2.16 | 23.195.76.153 |
Oct 1, 2024 21:54:17.981791019 CEST | 49712 | 443 | 192.168.2.16 | 23.195.76.153 |
Oct 1, 2024 21:54:17.981806993 CEST | 443 | 49712 | 23.195.76.153 | 192.168.2.16 |
Oct 1, 2024 21:54:18.534353018 CEST | 443 | 49712 | 23.195.76.153 | 192.168.2.16 |
Oct 1, 2024 21:54:18.534694910 CEST | 49712 | 443 | 192.168.2.16 | 23.195.76.153 |
Oct 1, 2024 21:54:18.534713984 CEST | 443 | 49712 | 23.195.76.153 | 192.168.2.16 |
Oct 1, 2024 21:54:18.535810947 CEST | 443 | 49712 | 23.195.76.153 | 192.168.2.16 |
Oct 1, 2024 21:54:18.535890102 CEST | 49712 | 443 | 192.168.2.16 | 23.195.76.153 |
Oct 1, 2024 21:54:18.537950039 CEST | 49712 | 443 | 192.168.2.16 | 23.195.76.153 |
Oct 1, 2024 21:54:18.538024902 CEST | 443 | 49712 | 23.195.76.153 | 192.168.2.16 |
Oct 1, 2024 21:54:18.538113117 CEST | 49712 | 443 | 192.168.2.16 | 23.195.76.153 |
Oct 1, 2024 21:54:18.578800917 CEST | 49712 | 443 | 192.168.2.16 | 23.195.76.153 |
Oct 1, 2024 21:54:18.578820944 CEST | 443 | 49712 | 23.195.76.153 | 192.168.2.16 |
Oct 1, 2024 21:54:18.626555920 CEST | 49712 | 443 | 192.168.2.16 | 23.195.76.153 |
Oct 1, 2024 21:54:18.633812904 CEST | 443 | 49712 | 23.195.76.153 | 192.168.2.16 |
Oct 1, 2024 21:54:18.634121895 CEST | 443 | 49712 | 23.195.76.153 | 192.168.2.16 |
Oct 1, 2024 21:54:18.634182930 CEST | 49712 | 443 | 192.168.2.16 | 23.195.76.153 |
Oct 1, 2024 21:54:18.635121107 CEST | 49712 | 443 | 192.168.2.16 | 23.195.76.153 |
Oct 1, 2024 21:54:18.635149956 CEST | 443 | 49712 | 23.195.76.153 | 192.168.2.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 1, 2024 21:54:17.526437044 CEST | 55556 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 1, 2024 21:54:31.486303091 CEST | 53154 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 1, 2024 21:54:43.941246033 CEST | 63404 | 53 | 192.168.2.16 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 1, 2024 21:54:17.526437044 CEST | 192.168.2.16 | 1.1.1.1 | 0x3230 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 1, 2024 21:54:31.486303091 CEST | 192.168.2.16 | 1.1.1.1 | 0xb589 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 1, 2024 21:54:43.941246033 CEST | 192.168.2.16 | 1.1.1.1 | 0x54d9 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 1, 2024 21:54:05.931972980 CEST | 1.1.1.1 | 192.168.2.16 | 0xc668 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Oct 1, 2024 21:54:05.931972980 CEST | 1.1.1.1 | 192.168.2.16 | 0xc668 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Oct 1, 2024 21:54:17.534065008 CEST | 1.1.1.1 | 192.168.2.16 | 0x3230 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 1, 2024 21:54:31.494169950 CEST | 1.1.1.1 | 192.168.2.16 | 0xb589 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 1, 2024 21:54:44.051389933 CEST | 1.1.1.1 | 192.168.2.16 | 0x54d9 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49712 | 23.195.76.153 | 443 | 7100 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-01 19:54:18 UTC | 390 | OUT | |
2024-10-01 19:54:18 UTC | 247 | IN | |
2024-10-01 19:54:18 UTC | 120 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:54:03 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76a5c0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 3 |
Start time: | 15:54:04 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff784740000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 15:54:05 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff784740000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |