Windows
Analysis Report
Due Inv 959753 Larry Cooper.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 5656 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\D ue Inv 959 753 Larry Cooper.pdf " MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 5976 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6088 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 96 --field -trial-han dle=1704,i ,174965375 3992878898 9,11339793 5914843582 94,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.195.92.153 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528476 |
Start date and time: | 2024-10-08 00:00:38 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Due Inv 959753 Larry Cooper.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/49@2/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 18.207.85.246, 54.144.73.197, 107.22.247.231, 34.193.227.236, 172.64.41.3, 162.159.61.3, 2.23.197.184, 2.19.126.143, 2.19.126.149, 23.219.161.132
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, p13n.adobe.io, geo2.adobe.com, acroipm2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateFile calls found.
- VT rate limit hit for: Due Inv 959753 Larry Cooper.pdf
Time | Type | Description |
---|---|---|
18:02:07 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brand":["Ethics advisory inc"], "contains_trigger_text":true, "trigger_text":"Legal Counsel: Professional Practice and Ethics in Leadership and Legal Advisory Services", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Invoice Ethics advisory inc 950 3rd Ave Floor 18, New York, NY 10022 Ein- 99-4465459 Bill to : Embassy Suites by Hilton Huntsville Hotel and Spa (Larry Cooper) 800 Monroe Street, Huntsville, AL 35801 Invoice No: 959753 Invoice Date: 08/02/2024 Due Date: 08/02/2024 ID Description Quantity Price 4052 Legal Counsel: Professional Practice and Ethics in Leadership and Legal Advisory Services 1 $49, 540.00 Subtotal: $49, 540.00 Total: $49, 540.00 Terms & Conditions: Payment by Check not allowed: Wire and ACH payments ONLY Bank Name: Use Credit Union 690 kenmore ave buffalo ny 14216 Business Name : Ethics advisory inc Account number: 214 84 704 ACH Routing number: 322 079 557 Wire Routing number: 322 079 557", "has_visible_qrcode":false} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.195.92.153 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Phisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.242543928137051 |
Encrypted: | false |
SSDEEP: | 6:DyOq2P92nKuAl9OmbnIFUt8COZmw+CFkwO92nKuAl9OmbjLJ:DyOv4HAahFUt8CO/+CF5LHAaSJ |
MD5: | 933FB6EB39C5D1DF93B19FA25A9CA570 |
SHA1: | 8ED61F87F67211109AC2B48924439688D408BD6F |
SHA-256: | 8D2A593C13E94B909EE730ECC7126D323048DCDC56B77C35E712E541C236A2F2 |
SHA-512: | 14116F41DA73DCDC700BB12E54E8CB84E90D8F48F80A2E49345760A8C2700A45C7D249CA99FAB0723D737B1921CE7084B386A267A678E9FDE65D4FFCF7D94381 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.242543928137051 |
Encrypted: | false |
SSDEEP: | 6:DyOq2P92nKuAl9OmbnIFUt8COZmw+CFkwO92nKuAl9OmbjLJ:DyOv4HAahFUt8CO/+CF5LHAaSJ |
MD5: | 933FB6EB39C5D1DF93B19FA25A9CA570 |
SHA1: | 8ED61F87F67211109AC2B48924439688D408BD6F |
SHA-256: | 8D2A593C13E94B909EE730ECC7126D323048DCDC56B77C35E712E541C236A2F2 |
SHA-512: | 14116F41DA73DCDC700BB12E54E8CB84E90D8F48F80A2E49345760A8C2700A45C7D249CA99FAB0723D737B1921CE7084B386A267A678E9FDE65D4FFCF7D94381 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.175368161333178 |
Encrypted: | false |
SSDEEP: | 6:WRjL+q2P92nKuAl9Ombzo2jMGIFUt8FR11Zmw+FXFmlLVkwO92nKuAl9Ombzo2jz:WMv4HAa8uFUt8F/1/+FVmz5LHAa8RJ |
MD5: | 1CE0C6029038C19C5F940850C80443C9 |
SHA1: | 7F601E6345EBF1A09A2F5EB12D8E8B81FCB852AB |
SHA-256: | 57C9BD9117400021E90C306DE9FE9281D6856C2D1BAB51747A5FEBDF5384FCA2 |
SHA-512: | F168A93A4819602B6D23E603C1B53FF881C37A85D00A6740910D180D09BCCF5FCD3A93FA1A13737EA01A359D2D1E6833E0477C2F4AF708D82420738295A46169 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.175368161333178 |
Encrypted: | false |
SSDEEP: | 6:WRjL+q2P92nKuAl9Ombzo2jMGIFUt8FR11Zmw+FXFmlLVkwO92nKuAl9Ombzo2jz:WMv4HAa8uFUt8F/1/+FVmz5LHAa8RJ |
MD5: | 1CE0C6029038C19C5F940850C80443C9 |
SHA1: | 7F601E6345EBF1A09A2F5EB12D8E8B81FCB852AB |
SHA-256: | 57C9BD9117400021E90C306DE9FE9281D6856C2D1BAB51747A5FEBDF5384FCA2 |
SHA-512: | F168A93A4819602B6D23E603C1B53FF881C37A85D00A6740910D180D09BCCF5FCD3A93FA1A13737EA01A359D2D1E6833E0477C2F4AF708D82420738295A46169 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3607cd47-4767-497a-bb56-bb3bc055fbfe.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.062206218541722 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqG8sBdOg2HwSfcaq3QYiubxnP7E4T3OF+:Y2sRdsPBdMHwSu3QYhbxP7nbI+ |
MD5: | 64E74E500E3BF7819F3DF5D7C08240F6 |
SHA1: | 6994726B8D06FDD4639829ABA4CB1BE5353DD998 |
SHA-256: | 8B52C5C1EC9424CA85A5D0FEF5F485DD591831CA898FE8F487376B5C0F5BFAB4 |
SHA-512: | 6773CD4A847A00E3C2D176780FD889990D67C9D7CED6C0D32639DBBC1ABE60A2431500296418BB02B84698C0572397EB04ACB47E158CDFF01E570A5AEA251D96 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.062206218541722 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqG8sBdOg2HwSfcaq3QYiubxnP7E4T3OF+:Y2sRdsPBdMHwSu3QYhbxP7nbI+ |
MD5: | 64E74E500E3BF7819F3DF5D7C08240F6 |
SHA1: | 6994726B8D06FDD4639829ABA4CB1BE5353DD998 |
SHA-256: | 8B52C5C1EC9424CA85A5D0FEF5F485DD591831CA898FE8F487376B5C0F5BFAB4 |
SHA-512: | 6773CD4A847A00E3C2D176780FD889990D67C9D7CED6C0D32639DBBC1ABE60A2431500296418BB02B84698C0572397EB04ACB47E158CDFF01E570A5AEA251D96 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.233719227341628 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLU/adBaZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLY |
MD5: | 51A47701A49697B2C2063F1BF83C1778 |
SHA1: | 91A0D4C3F8F1C764F84662BBF9A43BFEB7561965 |
SHA-256: | 2C2A5DE3E086FE11849320285BB87BE44F7E8DE85AC98BC7777F8E497475A88A |
SHA-512: | 9B439C3FC65C24EC634D77B62C1947562CDCE40BA924CB7F69A941B27422C0B5D076A2B3016FC9588818F574C05FE558A82341AA1A574CF5ED927F9DA5F10A81 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.147156721353876 |
Encrypted: | false |
SSDEEP: | 6:tfPHlL+q2P92nKuAl9OmbzNMxIFUt8ifl1Zmw+ifFmlLVkwO92nKuAl9OmbzNMFd:tfPHIv4HAa8jFUt8ifl1/+ifFu5LHAab |
MD5: | 1CFBC60B9A3CC486417952BF9E90C2DE |
SHA1: | 4F0FC7F478988AFA2F37949D2970297A97E5CF25 |
SHA-256: | 77D63F6202A1949607963989A7C0F63671B6316F63C0965B011E7829DCC19F53 |
SHA-512: | 01713CFF724FC9F8F17E435CE3FFB92B1B646E0651398B1298EEB18DD3173DAEA12108986E84EA6C1BAC5C0C01DD03DA5D10D57363AEFED38E39BBE60C2136CA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.147156721353876 |
Encrypted: | false |
SSDEEP: | 6:tfPHlL+q2P92nKuAl9OmbzNMxIFUt8ifl1Zmw+ifFmlLVkwO92nKuAl9OmbzNMFd:tfPHIv4HAa8jFUt8ifl1/+ifFu5LHAab |
MD5: | 1CFBC60B9A3CC486417952BF9E90C2DE |
SHA1: | 4F0FC7F478988AFA2F37949D2970297A97E5CF25 |
SHA-256: | 77D63F6202A1949607963989A7C0F63671B6316F63C0965B011E7829DCC19F53 |
SHA-512: | 01713CFF724FC9F8F17E435CE3FFB92B1B646E0651398B1298EEB18DD3173DAEA12108986E84EA6C1BAC5C0C01DD03DA5D10D57363AEFED38E39BBE60C2136CA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007220203Z-170.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.341979297496485 |
Encrypted: | false |
SSDEEP: | 192:6m1Bv9KT7txNY9bvrXj+VlRSqqeA+VlEYbyEnQvO1p5:BZNqbyEQvO1p5 |
MD5: | 28F1EC3648C2082CA3DCAD6B3EA0D0DC |
SHA1: | C0E0EFDD4E6BBC183648586D64CE70678D9DD648 |
SHA-256: | 954BACC705FACE0250321094A2BBF3E168F7A426EA6A800B28F66F4317E2AF95 |
SHA-512: | 17044D5687E5A9D6A81696EF7CA5033607A0058591C27AB8622F613798A6A6C015D0350F58F4C8089B8F29B122D1E2C285BB1F751A0F767B4EC499617673E6B5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.2933651301174947 |
Encrypted: | false |
SSDEEP: | 192:/edRBWVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:/eAci5H5FY+EUUUTTcHqFzqFP |
MD5: | 735DE675606BC1903C6332B32DF0D943 |
SHA1: | 2E6A4CEEB079BB2A39C5C9A2FB5116EDF15C97EF |
SHA-256: | BBFF3EFF4AD22DC39B225F94961A62C05A319661BAB4DE6F05DD85BAEB080C7A |
SHA-512: | CDFE3FD6E108C74318E97C30349F853AC9B94D8F7CBE6EB88188AC397004E3D08891BA5C109345C8D181F6650FD9FFC45BD236967CC9F0C3C0A3D627CBF23CC6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 2.203689627941648 |
Encrypted: | false |
SSDEEP: | 24:7+tjiMEWewKuqLazkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmfV:7MjrUuqemFTIF3XmHjBoGGR+jMz+Lht |
MD5: | D040BE8D5DF9A249F2B355E7CEC5A923 |
SHA1: | CB84F0A590C9D42134DD105D17A4D6842E947C1B |
SHA-256: | 2601E62FF3E0D8FD592AC4FD631447492D3CE78B65113B88ED27C51D0B21424F |
SHA-512: | 5628FABCF6071D694D6A6AA5D93402313612F8F9A1CFF673DF3FEF39D3B8EBF28163BEAEF07DE648ADD7C0DF1E15EBDD29F2DA3C282DE8F4A605842E2E2F12D1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7457468364538267 |
Encrypted: | false |
SSDEEP: | 3:kkFklc/k88XfllXlE/HT8kyLlzltNNX8RolJuRdxLlGB9lQRYwpDdt:kKF/k8lT8nNMa8RdWBwRd |
MD5: | 6CC10D812C720573295FFA729C641A88 |
SHA1: | 934F5965BCF1F70D93DB2AE643502A4553863137 |
SHA-256: | 9B520A8D6EF028C4924D61E5D3C2BEBE61B1C0768345265DE3FBFB2E5C268AF4 |
SHA-512: | 4204831EB56E4AC39871871E6317E64217072EF57D43FA98C2630DDFD69639A15D79541D1B50BE6EA71D90CD72C12D923BC844E850BA0205D07F188FBADF8B4E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.322643114467311 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJM3g98kUwPeUkwRe9:YvXKXtrWgYpW7HGMbLUkee9 |
MD5: | 03C29190822A26ACBC0A933E64A16BEA |
SHA1: | 53CA875D5A25CB742BE0A4693B5059C913DE27F3 |
SHA-256: | 1C0426DCDBEB350D429BD7A5BE2EF95029716DF297C24654A7F5C9B6E1614434 |
SHA-512: | E15AFA3D1C61E6977F32568ED34037B4900A7DD587EED63505B4E757305BBB23D2343C72D0B5B6138F0B127FAAC3E80474B7D09D2EBE53A5506AAD2FDF707057 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.258920154462224 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJfBoTfXpnrPeUkwRe9:YvXKXtrWgYpW7HGWTfXcUkee9 |
MD5: | DE602EA85658769DDD0528B52124AD7D |
SHA1: | 4F7C35A314300A920CFE8973AFBE7C190754D08A |
SHA-256: | 8B4969543D6693C3593C7BA63D6C3C14DDFCF718A496FDEAFEA7E6982BAC90B8 |
SHA-512: | 94052DA94ABDB2EBFBBB5DEB22750C8164F49CC26515AD1C214CFB35C84B5D66BEA6C5CCAE9CCC2C9BF1B1454B23EADE82AB46A42A1803744281C219D11E1CF0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.238187948376893 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJfBD2G6UpnrPeUkwRe9:YvXKXtrWgYpW7HGR22cUkee9 |
MD5: | 5FBB9BA844B0A7D71B971D5F5C40B8EE |
SHA1: | F108629180E8C9EA271D59BFC75B940016BC2A0A |
SHA-256: | 31E2AACA050B55E8D3DC219AA686FCA5A9BFB05390F728C71AFCA977256960AC |
SHA-512: | 89562B16EA8731B5C590AE769E1E328809B3C0D78FEECFC0BA0BB833501D3B28B13B7058AC3EB827A235AA256D1FCD09EEBA7252908F65F99C514E0784108D84 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.300107210652831 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJfPmwrPeUkwRe9:YvXKXtrWgYpW7HGH56Ukee9 |
MD5: | 787A35E6B732A072558BB5BC1BA49944 |
SHA1: | D580D42C0EBAAB8ED2913A82177F2EA2F0675E64 |
SHA-256: | FD540A9179789C6BFCF2BF109109E4A3397D9F702362F8153C03637F1EB5E7B8 |
SHA-512: | CAAFA99EE3CF300E8362D40EDB19F36E799D9E51195C284FA2E3044F71A673BF9197F8AB1BC7CB2605BF870EF014C495D117322199A8043B8520FB1F8C57A724 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1083 |
Entropy (8bit): | 5.6742542662750415 |
Encrypted: | false |
SSDEEP: | 24:Yv6XF2iMpLgE6c3UDx7nnl0RCmK8czOCY4wgSm:YvQMhg1JaAh8cvYvFm |
MD5: | AD7117279D8D9C7352EFBB00E1419383 |
SHA1: | B78216C3DBE6D2426B426D0B41BB6AB8573F9430 |
SHA-256: | 18363A4519A384D0D4E72FC12C8D8D5F3D8A805A15EFBEF78000A2530C3DA058 |
SHA-512: | 1717CB37ADBC2076BF09AB5CF96DDCE8CF807F52AE0EF71ABC081F514D0A22C8345967FEDCF488935E393E068225F97D387B192613EFAEB23BFE53DC51328EC1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.646813133850485 |
Encrypted: | false |
SSDEEP: | 24:Yv6XF2imVLgEF0c7sbnl0RCmK8czOCYHflEpwiVn:YvQmFg6sGAh8cvYHWpwm |
MD5: | 9B72C66F1470C9A60AADC87DD8EB142E |
SHA1: | E2346686181193E50B90886025EC2679D20AE7C1 |
SHA-256: | EC6CBB217658123057EE8D44ED70EE104821F1D2A8C3E6F4652630DE0A80C9C6 |
SHA-512: | BE769525FE3D6EB5E615BD97D76525B3CE657EF9088E2D670DD7AAB729201B6BB9166CBCF4BC0EE97838FB92927288075B91FC0BA233388B266698603A35265C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.246158770523566 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJfQ1rPeUkwRe9:YvXKXtrWgYpW7HGY16Ukee9 |
MD5: | C96A0C795AAFFD17757C71271121F700 |
SHA1: | 5B67B571FB261124FFA4088F120B1A2E7F023FF4 |
SHA-256: | C81C94991E23D4FA7134964C577767D4BA1484D1893A550E733433D4EC24973D |
SHA-512: | BCA6A36099388071A2491A3DF6CC5AB660C5F63DC46052DA96867A17D8941466F18D26D5DCF764045964B6FFA2BA5671EB41BC5071977D4B90C9F27024797ABA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1062 |
Entropy (8bit): | 5.682517460844702 |
Encrypted: | false |
SSDEEP: | 24:Yv6XF2iT2LgE4cq/S70nl0RCmK8czOCAPtciGSm:YvQTog9ohAh8cvA3m |
MD5: | ADAB2C22031CB80641B6A55DE8370B6A |
SHA1: | 99F79C3F03CA1E3DDE6EE4BD7EE18EFE138151A7 |
SHA-256: | C238FE30547A032F6093A68ACD41DF13DDE75847F14A8166E35CB5011E33D2EB |
SHA-512: | 0FA9D2C234DC36EBF4C0E6E3BF9DAD10D85A55AFEC4EAD175E7E7227A280ACCCEAEC40AA707F5764CDEB4CEFED3BBB634F0FB4E5F5DADFCB71D2687FC6973C53 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.695168362821482 |
Encrypted: | false |
SSDEEP: | 24:Yv6XF2ifKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5n:YvQfEgqprtrS5OZjSlwTmAfSK9 |
MD5: | 4149F4A24B80C75C2B77FF09E8BEA32B |
SHA1: | C163825155A1F9525A5CE32B60500DED868F4BEE |
SHA-256: | 20D78A46FDDFA8DD099DF2697B69DEFF9423275BC762993FF7F06A052F4EDA1C |
SHA-512: | F830E500F7E602BDD964F215C8C921019409FE4257613E19798154FEE76E1E3A219F7FB09F8B5D9030BCD3BD3E339C62D46BA912593303AADDA271D0C3A80865 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.251517201029352 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJfYdPeUkwRe9:YvXKXtrWgYpW7HGg8Ukee9 |
MD5: | AF414CC978AEBAE646E9209B9E2E0A10 |
SHA1: | CE8EFBF5F1331CAF25EA0D9F21014226199A92C2 |
SHA-256: | 09E6A7022AF39BC810E52A104A3D1732E9CACA5E00E1AF5F6DF964687C9BCB20 |
SHA-512: | F1B9646AF4930596348299581ED1EB5AE589C073A4585FF0A6BAF81C3A4BC15DB9F92AE81EA2F80CE9D3CB50C5EC524D332AAECE45208D62496BEF561280666E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.77472740058459 |
Encrypted: | false |
SSDEEP: | 24:Yv6XF2iirLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNg:YvQiHgDv3W2aYQfgB5OUupHrQ9FJy |
MD5: | F9D6100E088ED09391EC8849FE2810F5 |
SHA1: | 7996B9CCADD63659A19B585C50ABD52523C94776 |
SHA-256: | 4E9B8E2E7236ADDC202938C5C59737898FE8B1EB613C4B56D2FF2891A2F39300 |
SHA-512: | 4B270972E6026C3C9926D49DCA0A9318C839171471183F7FCDC3B6DB70378FDAFD045A35C1B22D5C75AA1319C3542CDD4D335E85463BBE7280BA90736410ECAE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.235397513816415 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJfbPtdPeUkwRe9:YvXKXtrWgYpW7HGDV8Ukee9 |
MD5: | DC07F2D70B8D62874DE4D96DD67B691A |
SHA1: | 22561B613823F3A02B935472B4F6D3150214127F |
SHA-256: | A3BDF923F141EC5294E73906C741C3B3DC56681E6AC5A34FBE7AA564B781D216 |
SHA-512: | 892F811F9500EF7A73DD439F247E26B5F641E5776ED00F60CF303D5E6A92EBDD60DD66E8A406068D246288EA03F7CFADE31A85A14496A58B0FC9BFED71B62FCD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.236974935513643 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJf21rPeUkwRe9:YvXKXtrWgYpW7HG+16Ukee9 |
MD5: | 933A37684C9EB2A7DD237BD8B48F9C98 |
SHA1: | 3B61E2E6D9D97CB5247D794F2B8712402CB64F4B |
SHA-256: | 3D195EA8C3625FD1376DAD55755F5E8CA5B4952B657508E30E0CDA3466638EA8 |
SHA-512: | 6CCFE10D515903458D523B75DC6BB0B93A811E1FA81E766EA2F743E9F6A3D517FB3F1C274AED33BF995024BDD82BD8F7504FF7E5F230DF9D392C52C24A2F0AF8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1082 |
Entropy (8bit): | 5.679848999790393 |
Encrypted: | false |
SSDEEP: | 24:Yv6XF2i4amXayLgE7c9O47Naqnl0RCmK8czOC+w2E+tg8GSm:YvQ+BgZNOAh8cv+NKMm |
MD5: | 1B71B4A69C4365304F5BECAFA41C3DC8 |
SHA1: | 7ABCB998894DEB9ABAD011E195C875C5EA626DF3 |
SHA-256: | 40E84C6B02650C5B8C9D40F6B898505F0C2D6D52B1B9A245EEA89C2435FA54BF |
SHA-512: | 5E4B0AB0EC6780503957E6388AF547832DCAC2CB5EB86DF0C7BF0F815CDCCB06275582F8E3E3D9A33930AA5F9C84E40426932920AE590C93845ACEC9A0D44467 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.212140277863935 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJfshHHrPeUkwRe9:YvXKXtrWgYpW7HGUUUkee9 |
MD5: | A7EBA4EF37A73B2D7EA2069A34196C77 |
SHA1: | 7DE5569010EFE0616A452126DF561834D888E03F |
SHA-256: | 9C05B8152C8EACCB9544918A97C5288F22F77FD74846E4181E5362D077356C58 |
SHA-512: | F7E8264B44809DB3017A50C787DBEC5FC3ED0D9417E92E9795D8048628B6F1FFBF662ABA56E5767E96EDEEE99DDC003D5CFAFE564C19225171B783F36B3844E3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.361400505177485 |
Encrypted: | false |
SSDEEP: | 12:YvXKXtrWgYpW7HGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWU:Yv6XF2iH168CgEXX5kcIfANh5 |
MD5: | 97518E93EB2CC052EA47882ED5C709E6 |
SHA1: | D63F65CC08695686EA1C3099DFB9AA2427105441 |
SHA-256: | 233082892A312AA70F93A290002E8374A75DD519A089C51F03A4D411A53A32A3 |
SHA-512: | 59C4008D29A0BA52C632257AC4B0A9E2940EE9294A0C7886FECBA17AEF50EBE08CD096A9A8C293D70812334ADF00C1102B9103AF106015C0CDA9C41B1358ADC8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.128377468419999 |
Encrypted: | false |
SSDEEP: | 24:YRj1GwNapK1ay/XuWeNClt+qrWLHqkq78WimjTcj0S2lm2pQ2LSAfKKM15nri96P:YVoNKkqiLHqJtaV/KfpM11ri96h6Y |
MD5: | 882228BA3A997BFA0A0F23C303D4AFB5 |
SHA1: | 51EFDA01291FDB757270C0BA156894AF34CC7E72 |
SHA-256: | 1D0D41B996D22ECE4F44129C421E9B8FC0B08CFB60FCB2CECEFB17C4B93D81C1 |
SHA-512: | 21942A86A164FC398AFFD33A5AF1CB3F542436C69F6FFEE7F7BE1ED6E811024B9EB50BC55F90258A64E93467114419836A02CDAF5B3509D9E71CFDDB8B7F7CD2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.99982792390062 |
Encrypted: | false |
SSDEEP: | 24:TLKufx/XYKQvGJF7ursB1RZKHs/D31jopI1uVfv1Akdk2UxoF:TGufl2GL7msvgO31jSI1udv1Aq9UxU |
MD5: | 97AE3812CFF29320951DD7334F78F367 |
SHA1: | 4B011FE9F7AEACE305832D276B722BA28C7D4ED8 |
SHA-256: | 51828837212FD2F455AEEDEC9F15E99628F30EDF7F94E993881658F30A2E7C41 |
SHA-512: | D4BCFB882C6D88B82A37CA1A8ADBAFFEB78385A50BF802A2ABA291915AD93251AE336C1A7C6D16E6CFC8830BAB3AC0B1BF418614504C4DE5F476256CFC7C86EB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3611247706131921 |
Encrypted: | false |
SSDEEP: | 24:7+tg1RZKHs/Ds/SpXopI1uVfv1Akdk2UxoWqLhx/XYKQvGJF7ursB:7MYgOVpXSI1udv1Aq9UxxqFl2GL7msB |
MD5: | 06B70D6BA59C020F930B7EBC8F20AAC5 |
SHA1: | DF76C3CAD3F1F1F1BF2778CFC7524CE504C798E7 |
SHA-256: | 2FD86FFE8D771D91D43C98FF527DCC924203F8F77352B33B0B1690623CABCB6D |
SHA-512: | 1BB94371A13231FF276E0B1B8EEA4A8F7A65B585DB7C28FC106DB1EFF6D9969EEA4089FCED5E5EBC8D19D2DF7FBF1997D75A9C3967C1A20CD55ABBF13756F577 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.511206980872271 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8yQRqF0le:Qw946cPbiOxDlbYnuRKTf |
MD5: | 844EF19944180706D1288933F1F5AAB0 |
SHA1: | 7E18FEC4FEB6341E35FD2902C0334F5B90B15F7D |
SHA-256: | 4D08930E3DD93E1237D3297782A35DFDC5B691CDD8A79A0AAF85433FAB827D29 |
SHA-512: | 923B2E5D1B9C65E4B31AE5D4B417E484C3C4BF061B1C17E0F48E50450F25ABEB4F1CFC25E71C73C1855B3F1FC56487DB2B2007068C3ABBA1F5F6E39E72CBEA5E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.012823548429183 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOCnU2mTEHU2mTE+CCSyAAO:IngVMre9T0HQIDmy9g06JXSnU1gHU1gV |
MD5: | 3D76DD28791CBAA2D3669CA62A575F0A |
SHA1: | C8621448234A785B671FE998AA4D3FDD5C55BFE0 |
SHA-256: | 9C704543452DDE8E1AE04AAF2A087CB498E17711CD8BA6E98B5DBC11E4DE0DE5 |
SHA-512: | FA71DC15AE5622100A4FD3CEB1C9D74D63723840C590D62083E4250D945307541BD40FCBAE8639E1617CC8F393368E1DD6C4B1E102A16FC279DBC05D884396F5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 18-02-01-449.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.364203987020862 |
Encrypted: | false |
SSDEEP: | 384:nlzY71Kp3yj9NURsxPR8Ll5NJijFo3XoRC8oe2GWIMOZbH7brQzwx6xE58Op6Xfu:RqZ |
MD5: | CF046773495CD7D1173F6EC93AE28975 |
SHA1: | C932F79A14C457841BF77E04C70AB88EC4D4ADBE |
SHA-256: | 436ED1CAF62B51A93192B0BD0A0DA18481C07F40785A59E90D477B99DEE02062 |
SHA-512: | 0B70FF38BE9403CC791CD10E3BB2E76BD0D04D3B6CAFCEAB0B36C71AB456FBCEC02063CF4A82DA521F8A4CC249F2024B2FF577296765F24E9CC09E2F3E648996 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.393631783082117 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGb8:w |
MD5: | C59FDC509AC9E6D8FB2C49CD9365C881 |
SHA1: | 90BEC3F85ED54869A2DE7F972BE1ABD8EBD252B9 |
SHA-256: | 657FAF9478041D11ECAA8106C492F90D122726A97912E0BD109D2749B369564A |
SHA-512: | 662D0A1D6B46607ABAD5D4C0E79303615C8ED745978C8A4873BBB8A74D64F1E945796A056BE1A2394524E9EC2D86A06B64998B0161F37DAC5E8BB6765941D41D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98682 |
Entropy (8bit): | 6.445287254681573 |
Encrypted: | false |
SSDEEP: | 1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L |
MD5: | 7113425405A05E110DC458BBF93F608A |
SHA1: | 88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF |
SHA-256: | 7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46 |
SHA-512: | 6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 737 |
Entropy (8bit): | 7.501268097735403 |
Encrypted: | false |
SSDEEP: | 12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa |
MD5: | 5274D23C3AB7C3D5A4F3F86D4249A545 |
SHA1: | 8A3778F5083169B281B610F2036E79AEA3020192 |
SHA-256: | 8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97 |
SHA-512: | FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14456 |
Entropy (8bit): | 4.2098179599164975 |
Encrypted: | false |
SSDEEP: | 192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ |
MD5: | 32FCA302C8B872738373D7CCB1E75FD4 |
SHA1: | DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1 |
SHA-256: | CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6 |
SHA-512: | 57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.949119254619006 |
TrID: |
|
File name: | Due Inv 959753 Larry Cooper.pdf |
File size: | 3'805'226 bytes |
MD5: | e7e7c24f3af6310a8a89b32a1897c27b |
SHA1: | 2581545c663d468a600c76189aad5e5028ba2b1d |
SHA256: | ac46b15718abaa83c8c846cc57db0ed22cdda5c3690ad6571713a061d38133b4 |
SHA512: | d5540077d3201036abdef21dcb78da473468f2ef0aea2fd2f7f4664afa02dfaec454a78e8c7a2f48321b174ffaa1bc0385e043811fcb4fc56dd263652922d7c7 |
SSDEEP: | 49152:hIhsmD5e7xdTGzdzTtx74wGho9m3/QMORRmmoi4YhMLKtxwnQjYeUJ4L5YbsvN:sdwxdTZio3/QjR34Yh6K9YXetYbg |
TLSH: | F406D07CBC50AC4DA88640D2CB39A5D60FCDC176B295B4A07E2C4E5B19A5DC0F3A736E |
File Content Preview: | %PDF-1.7.%......1 0 obj.<</Pages 2 0 R /Type /Catalog >>.endobj..3 0 obj.<</Contents 4 0 R /CropBox [0 0 595.32 841.92] /Group <</CS /DeviceRGB /S /Transparency /Type /Group >> /MediaBox [0 0 595.32 841.92] /Parent 2 0 R /Resources 5 0 R /Rotate 0 /Tabs / |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.949119 |
Total Bytes: | 3805226 |
Stream Entropy: | 7.994740 |
Stream Bytes: | 3467442 |
Entropy outside Streams: | 5.040908 |
Bytes outside Streams: | 337784 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 1856 |
endobj | 1856 |
stream | 699 |
endstream | 699 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
703 | 000c162c0c180800 | cbdef953c051941948b86608fa4b72cc | |
704 | 0030485070603000 | 18d3358b0b965d1b9fa93dfe26253a8b | |
702 | 008e173317964d22 | 883c50746c1b8d323485b8ec267d72c0 | |
705 | 0000000000000000 | 8e444bf26f70eb843661e2eb18a0b38d |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 00:02:12.005913973 CEST | 49728 | 443 | 192.168.2.5 | 23.195.92.153 |
Oct 8, 2024 00:02:12.005996943 CEST | 443 | 49728 | 23.195.92.153 | 192.168.2.5 |
Oct 8, 2024 00:02:12.008213043 CEST | 49728 | 443 | 192.168.2.5 | 23.195.92.153 |
Oct 8, 2024 00:02:12.008474112 CEST | 49728 | 443 | 192.168.2.5 | 23.195.92.153 |
Oct 8, 2024 00:02:12.008500099 CEST | 443 | 49728 | 23.195.92.153 | 192.168.2.5 |
Oct 8, 2024 00:02:12.541438103 CEST | 443 | 49728 | 23.195.92.153 | 192.168.2.5 |
Oct 8, 2024 00:02:12.541872978 CEST | 49728 | 443 | 192.168.2.5 | 23.195.92.153 |
Oct 8, 2024 00:02:12.541935921 CEST | 443 | 49728 | 23.195.92.153 | 192.168.2.5 |
Oct 8, 2024 00:02:12.543752909 CEST | 443 | 49728 | 23.195.92.153 | 192.168.2.5 |
Oct 8, 2024 00:02:12.543831110 CEST | 49728 | 443 | 192.168.2.5 | 23.195.92.153 |
Oct 8, 2024 00:02:12.550324917 CEST | 49728 | 443 | 192.168.2.5 | 23.195.92.153 |
Oct 8, 2024 00:02:12.550426006 CEST | 443 | 49728 | 23.195.92.153 | 192.168.2.5 |
Oct 8, 2024 00:02:12.550570011 CEST | 49728 | 443 | 192.168.2.5 | 23.195.92.153 |
Oct 8, 2024 00:02:12.550581932 CEST | 443 | 49728 | 23.195.92.153 | 192.168.2.5 |
Oct 8, 2024 00:02:12.593657017 CEST | 49728 | 443 | 192.168.2.5 | 23.195.92.153 |
Oct 8, 2024 00:02:12.643340111 CEST | 443 | 49728 | 23.195.92.153 | 192.168.2.5 |
Oct 8, 2024 00:02:12.643635035 CEST | 443 | 49728 | 23.195.92.153 | 192.168.2.5 |
Oct 8, 2024 00:02:12.643699884 CEST | 49728 | 443 | 192.168.2.5 | 23.195.92.153 |
Oct 8, 2024 00:02:12.643893003 CEST | 49728 | 443 | 192.168.2.5 | 23.195.92.153 |
Oct 8, 2024 00:02:12.643934011 CEST | 443 | 49728 | 23.195.92.153 | 192.168.2.5 |
Oct 8, 2024 00:02:12.643959045 CEST | 49728 | 443 | 192.168.2.5 | 23.195.92.153 |
Oct 8, 2024 00:02:12.644218922 CEST | 49728 | 443 | 192.168.2.5 | 23.195.92.153 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 00:02:07.688960075 CEST | 62422 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 8, 2024 00:02:25.985578060 CEST | 50509 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 8, 2024 00:02:27.397998095 CEST | 53 | 58183 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 8, 2024 00:02:07.688960075 CEST | 192.168.2.5 | 1.1.1.1 | 0x8af2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 00:02:25.985578060 CEST | 192.168.2.5 | 1.1.1.1 | 0xc362 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 8, 2024 00:02:07.695882082 CEST | 1.1.1.1 | 192.168.2.5 | 0x8af2 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 8, 2024 00:02:25.994502068 CEST | 1.1.1.1 | 192.168.2.5 | 0xc362 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49728 | 23.195.92.153 | 443 | 6088 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 22:02:12 UTC | 475 | OUT | |
2024-10-07 22:02:12 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 18:01:57 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 18:01:58 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 18:01:59 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |