Windows
Analysis Report
Usc credit Union Bank Letter- copy.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7772 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\U sc credit Union Bank Letter- c opy.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 8012 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7304 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 56 --field -trial-han dle=1508,i ,636869232 8044894760 ,131487000 4064148488 4,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.22.254.206 | unknown | United States | 14618 | AMAZON-AESUS | false | |
23.217.172.185 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528486 |
Start date and time: | 2024-10-08 00:12:12 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 26s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Usc credit Union Bank Letter- copy.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@15/44@1/2 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 162.159.61.3, 172.64.41.3, 2.23.197.184, 199.232.210.172, 2.19.126.149, 2.19.126.143
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Usc credit Union Bank Letter- copy.pdf
Time | Type | Description |
---|---|---|
18:13:30 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.22.254.206 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | LummaC Stealer | Browse | |||
Get hash | malicious | LummaC Stealer | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
23.217.172.185 | Get hash | malicious | PDFPhish | Browse | ||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Korplug | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
AMAZON-AESUS | Get hash | malicious | Outlook Phishing, HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.22637258359057 |
Encrypted: | false |
SSDEEP: | 6:Hdc+q2PFi2nKuAl9OmbnIFUt8MkcZmw+MkcVkwOFi2nKuAl9OmbjLJ:jvdZHAahFUt8I/+Q5wZHAaSJ |
MD5: | 15E678DD85D579D8142FBB739D665070 |
SHA1: | 22549706F7CC55FB148C4770FA15660211F50CC6 |
SHA-256: | 02A8E5C639727AFE0D41526D14ED37512697DDD5BE425E00E5B2B6DE51676B9F |
SHA-512: | 10C09552A4D4C767FF743D1B6E93DD17E5ED2ECB5B6BB87A45D0C770534276C143AD90204DE56D9463183600346A4742F0FC2DC79ED8913116A8A513B15CC4E2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.22637258359057 |
Encrypted: | false |
SSDEEP: | 6:Hdc+q2PFi2nKuAl9OmbnIFUt8MkcZmw+MkcVkwOFi2nKuAl9OmbjLJ:jvdZHAahFUt8I/+Q5wZHAaSJ |
MD5: | 15E678DD85D579D8142FBB739D665070 |
SHA1: | 22549706F7CC55FB148C4770FA15660211F50CC6 |
SHA-256: | 02A8E5C639727AFE0D41526D14ED37512697DDD5BE425E00E5B2B6DE51676B9F |
SHA-512: | 10C09552A4D4C767FF743D1B6E93DD17E5ED2ECB5B6BB87A45D0C770534276C143AD90204DE56D9463183600346A4742F0FC2DC79ED8913116A8A513B15CC4E2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.206595755553757 |
Encrypted: | false |
SSDEEP: | 6:H4L4q2PFi2nKuAl9Ombzo2jMGIFUt8M8JZmw+MYDkwOFi2nKuAl9Ombzo2jMmLJ:NvdZHAa8uFUt8V/+T5wZHAa8RJ |
MD5: | EE275B14AE2384411A983D853080DE21 |
SHA1: | 2F2F5A1211EF0CF18B546465B6746D6C81E01DF1 |
SHA-256: | F0029089DEC10FB118A2BF74137CBB043CAFD2BF9D2FFDFD792D0C83CC1087AB |
SHA-512: | 698348AE3E85F71F03E901034669B2E936C12910B9331777ABF766DB6DBBD577F03858EE5FC9ACB7DCEF6986B1E0FDF7D5CA0B85162BD14E6C57751C62A4E3F0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.206595755553757 |
Encrypted: | false |
SSDEEP: | 6:H4L4q2PFi2nKuAl9Ombzo2jMGIFUt8M8JZmw+MYDkwOFi2nKuAl9Ombzo2jMmLJ:NvdZHAa8uFUt8V/+T5wZHAa8RJ |
MD5: | EE275B14AE2384411A983D853080DE21 |
SHA1: | 2F2F5A1211EF0CF18B546465B6746D6C81E01DF1 |
SHA-256: | F0029089DEC10FB118A2BF74137CBB043CAFD2BF9D2FFDFD792D0C83CC1087AB |
SHA-512: | 698348AE3E85F71F03E901034669B2E936C12910B9331777ABF766DB6DBBD577F03858EE5FC9ACB7DCEF6986B1E0FDF7D5CA0B85162BD14E6C57751C62A4E3F0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\03c8394f-7ae2-41e8-9590-95004dde780c.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 476 |
Entropy (8bit): | 4.96365226768736 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqlosBdOg2H9Zcaq3QYiubpP7E4T3y:Y2sRdsmdMH9g3QYhbd7nby |
MD5: | 70C54A3F82ACFAA2FB74DCA2C3692C87 |
SHA1: | 4364CD3A84F04E1A3B0DB6DE90BB085DA18D818E |
SHA-256: | 7B27FBFFB7DF42491B5237E2616345D6153BED3429415FF635B3F1A9A80696F2 |
SHA-512: | 7E4F78983681670E2CB9E9EC8B6529073AF5E9FF96532721C19A3FEFE960C6A12699A5635F2B33F6221EC1DA4AA597DC1DEA1793FB45AD4B01F54EF9BA07171F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 476 |
Entropy (8bit): | 4.96365226768736 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqlosBdOg2H9Zcaq3QYiubpP7E4T3y:Y2sRdsmdMH9g3QYhbd7nby |
MD5: | 70C54A3F82ACFAA2FB74DCA2C3692C87 |
SHA1: | 4364CD3A84F04E1A3B0DB6DE90BB085DA18D818E |
SHA-256: | 7B27FBFFB7DF42491B5237E2616345D6153BED3429415FF635B3F1A9A80696F2 |
SHA-512: | 7E4F78983681670E2CB9E9EC8B6529073AF5E9FF96532721C19A3FEFE960C6A12699A5635F2B33F6221EC1DA4AA597DC1DEA1793FB45AD4B01F54EF9BA07171F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4288 |
Entropy (8bit): | 5.230319021948648 |
Encrypted: | false |
SSDEEP: | 96:wshFT0h7cA4YC2EVPCqY35NEmNOYcGPtqKYSEVIA3CbEO5LbEZ:wshFT0h7cZb2EVKZPEANcGIK5EVIASbs |
MD5: | 11510D4C457EFDA4D1B26569A7D6DDEB |
SHA1: | F3E05545B7CA7438924C9491DC93F6878D136A83 |
SHA-256: | E67311A4DED4A5007389BEC0CEF3078CE6CAE3E7ABB07D1654C7DC2F3F450161 |
SHA-512: | 456EEB276FEEA1A55DDA6459B12ED2878C34CE2F432B9D3B7312048F107825D0DD2247505EEF6BAA1CB5F49F9ED3FC3B098F544066D23AAAFD99CC5C9CCF074E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.200731505749558 |
Encrypted: | false |
SSDEEP: | 6:HW7H4q2PFi2nKuAl9OmbzNMxIFUt8MW0HJZmw+MWgDkwOFi2nKuAl9OmbzNMFLJ:2kvdZHAa8jFUt8z0p/+zO5wZHAa84J |
MD5: | B9B500569888D3501A143A91FFD97BF4 |
SHA1: | CD0319E9DD049C74B0544AE890C2E9538D92387B |
SHA-256: | CB8854BE4AA51EB1AF5D55077FEDA03C1C67459EE7C76C6774F48B8476FE7ED6 |
SHA-512: | 975AC532ED4859D10DACAC3357BC8691F37E5876236BA73FC9144EDCAD3C1106945AE9562650256A462627F57DAF0A810F0BE0BB068BFB886D299EDF2E8F6809 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.200731505749558 |
Encrypted: | false |
SSDEEP: | 6:HW7H4q2PFi2nKuAl9OmbzNMxIFUt8MW0HJZmw+MWgDkwOFi2nKuAl9OmbzNMFLJ:2kvdZHAa8jFUt8z0p/+zO5wZHAa84J |
MD5: | B9B500569888D3501A143A91FFD97BF4 |
SHA1: | CD0319E9DD049C74B0544AE890C2E9538D92387B |
SHA-256: | CB8854BE4AA51EB1AF5D55077FEDA03C1C67459EE7C76C6774F48B8476FE7ED6 |
SHA-512: | 975AC532ED4859D10DACAC3357BC8691F37E5876236BA73FC9144EDCAD3C1106945AE9562650256A462627F57DAF0A810F0BE0BB068BFB886D299EDF2E8F6809 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007221328Z-223.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.8248418584756152 |
Encrypted: | false |
SSDEEP: | 192:6wZYG272cbdrpnqYYU28Y8AVb1GarWhRn93dhOkAiRr5bolZKwE:JWKcprpvp2nVYar2bQ1sTT |
MD5: | 855B1B69058F487CCCFC29757ECF53C1 |
SHA1: | F212E8690D811C93492EB9F2EC2F979BA8AACA41 |
SHA-256: | 751DD61E955D7F5EBB0500D3C7381AC645B6A10E80D138B4E8E04D7B7E9AEA23 |
SHA-512: | 973454C8287FD5F9AE86B7DC16E4084D928AA7E48C4F4CBFEBC61FBADCA8FD8296AAC0BC8DF1FB7D1265B320D723D00DEA19C07F0BE111EF2477403841CEC2F0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.438900913439243 |
Encrypted: | false |
SSDEEP: | 384:yejci5GAiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:0surVgazUpUTTGt |
MD5: | C6A936A445A2987130555CCB03E52E96 |
SHA1: | D8E5D11BA78BD735EAFAA858F5DFDA92B31327D6 |
SHA-256: | EDF3EE38F9A0FFAA38E7636E1728D7F5F71C526689CC715CB8BC4B81FAD49EB2 |
SHA-512: | 2BF5A8665AAE85B6EA3EAC0DBE77A865AFE647D2F42368392AD04FF9856B69D15E65B76F73F6CE3BDA05125DE49A1F1162FCC1436519E511FC37E7A8891B9245 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.775632650147992 |
Encrypted: | false |
SSDEEP: | 48:7MBp/E2ioyVO7Rioy5oWoy1CUoy1d7aKOioy1noy1AYoy1Wioy1hioybioyn7OoG:7upjuQJfXKQ7lb9IVXEBodRBkr |
MD5: | 4BF3F4D290D304C5C42D9A16A1D7CD6B |
SHA1: | AB8DF5FB0400050C7BEC453B6BB80B58BC172317 |
SHA-256: | ACEF77D0AC35EDF1F1DD2A254A0F922F06EC063AF0B33B8577F8C1189CF8687A |
SHA-512: | 131FB9BE524E3E473849E6E35A2D8DEF75769764F1E6F3506B26A27487A7E1C828E136B37D36C41BD6CA4A17624E91EC5D376543850011E55E2EA680ED1186D7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | 3:kkFklfu3VvE/XfllXlE/HT8kzJXNNX8RolJuRdxLlGB9lQRYwpDdt:kK53Vv9T8INMa8RdWBwRd |
MD5: | 35892A06274941F443286CB950D26B24 |
SHA1: | 96747A568BA4ED56B564F27CEC1A94C5E886DCA3 |
SHA-256: | 86B7BB4DF6A3D1D4A6E3F2AA283D3162E72BC8176706F00FDEF4C1C1C101AA88 |
SHA-512: | 025680BF34AF8EBD2303C9BAE029014F793FD9C4AB0A8BD5A2A5CEEC79AC6F1AA669012534A6CD6C351EDD6818BC7A7C58502B8C6915DF34DD778215DD95D236 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.245596380966818 |
Encrypted: | false |
SSDEEP: | 6:kKTFvi9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:LpdDImsLNkPlE99SNxAhUe/3 |
MD5: | 2CD123F3D5EA1B8B8C13E366E5EE50E2 |
SHA1: | 4FD857CDC87D62686B8790F635229EFD95389FE9 |
SHA-256: | F13165490B21B77E56D0F07C25D70C94E5E5687D460A015E4987D70854D5FEEE |
SHA-512: | 8209210C1A998DA250527F6AADD882307F7512F9405F5FB14539D3D1F4A6FEB83411657E7E655202CD203B169893385155804D8D744417A6BA52B7328E707227 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.317949032369587 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJM3g98kUwPeUkwRe9:YvXKXuSIEIepUTbdj9YOGMbLUkee9 |
MD5: | 156756597EE819A908D04EC0EEDABF1E |
SHA1: | EA31A5ADB81FD7D4165B69B016C5403AF899F16A |
SHA-256: | FE0959DA193CBCFC0D9BB144FB448BACBB8B7C64CF284A2B5649C63EA3D250F2 |
SHA-512: | 534C72E6F7CA268099B30C846B298D019E16B0689CFA9324E44C63ED1CF085175598878DC1971B11F35D955FF2B0B47148E2E3DFFD145F7C1C05308A2553C501 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.252767556203166 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJfBoTfXpnrPeUkwRe9:YvXKXuSIEIepUTbdj9YOGWTfXcUkee9 |
MD5: | EC17936CB0E243AE7EC1F0995E0D936E |
SHA1: | BE56C23035B1D8485E1386460725EA32590B6BD5 |
SHA-256: | A790E45CEF21EFF9B24A1547CF95C2E0A7A7A50D1A81D0282FF7F1D71B71A949 |
SHA-512: | 2CD3F11441B26D41FAF9898DC3A375658F51E6AA86763BB4466C2864F2349BD7E48E2857C2551F3E6397BA47A2F9B70B663457FBEBADBFD13B7D78542A339D47 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.231762591598242 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJfBD2G6UpnrPeUkwRe9:YvXKXuSIEIepUTbdj9YOGR22cUkee9 |
MD5: | 94A9E4E3460576F457254D2CC5147324 |
SHA1: | 6963E7208F7DF2DB70DB72B083248291E450C306 |
SHA-256: | E0A63B2DFE9D6EFD16A3BAFDF64F1483690EB0117B745EF2E71C9A59F8C4D0FB |
SHA-512: | 97DDDF568D4550FF8B70F6C04EBFB1907BA2D0FA82C16057E9220EF9C90EDCF4D59475B684BCCEA33B6D114E6038A0C3A9D381DE83A3E5E868ADF61B3853DDFD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.290634256155101 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJfPmwrPeUkwRe9:YvXKXuSIEIepUTbdj9YOGH56Ukee9 |
MD5: | FF8FD18F82EA32BF9C1B40C6678BD4A8 |
SHA1: | 5956A8BBE5EE0B99522CB6162D0A099AF8FBB38F |
SHA-256: | 9CAB61D8F4873430A7493C61C67E0716EC5E3756A0B86EA94EA70A6E617F5898 |
SHA-512: | 400513BFE9FE9C46A0733A28ADB4847C3941795FA30FA836D4AE46D2F5C2ECC8EACB442F111BC7910F0D32243F5772126778EEAFA6F24E0B52CF29010D013C5A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1091 |
Entropy (8bit): | 5.674998432696746 |
Encrypted: | false |
SSDEEP: | 24:Yv6XsCpUXIpLgE7cgD6SOGtnnl0RCmK8czOCYvSFL:YvVCwIhgs6SraAh8cvYKFL |
MD5: | CAF01D3FE4E950AC8697ED68B0C00F99 |
SHA1: | 51AAD3C16DCEA60154D7A7B3C16E4B6C80D63E57 |
SHA-256: | 8FB8302F44A4D3EBEABDC36924A8990FEA4B54AC925FF336F53D3AA8585E5A2A |
SHA-512: | FD62F50DE6979D8DA38A34EC1BF7AB7D56C572B36CED5FA1037CD574161283A2ED2467464AFC6476FF6B7A4C29D846E783442DCF6E97B979F546544A476F5CB4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.643576315509735 |
Encrypted: | false |
SSDEEP: | 24:Yv6XsCpUXaVLgEF0c7sbnl0RCmK8czOCYHflEpwiVoL:YvVCwaFg6sGAh8cvYHWpwFL |
MD5: | FD97DFA7C6DF4F6A00F801BF5C3B5C96 |
SHA1: | 7705DF989B630D42E8FBCB743BB23A251C737BA9 |
SHA-256: | 8CCDE265FFE967126B351D6E1AB764F2A39D1499F78404DDE373C035A2F2ADC6 |
SHA-512: | 1513DB3218056DD39C74628561A65FFE37F4F6A668112A63794B4751481D9BA64FF7F23B0E890F488BCC1F6B77126A42C561010DA9410C4EFB6F84259782F17E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.234987033794727 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJfQ1rPeUkwRe9:YvXKXuSIEIepUTbdj9YOGY16Ukee9 |
MD5: | 59A53DA2A8D16CF8C134521318E356AB |
SHA1: | 291C2DA0EA3BDAF873175BC33478DB5113CBDD19 |
SHA-256: | C957DE0A5F02F2382C4F99E19DA22D2EF995C58EC24E73886AE5AFC11F1F95C6 |
SHA-512: | 344D53E54561798CF4D00187CEA203C69A9F59BB6AF3AEC9D06B7F40E5E32270090957A5E885CE42CEC6FAAD9D07738B1FBD0CF41CD6BF7F4B435963E5D67074 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1098 |
Entropy (8bit): | 5.677353132947125 |
Encrypted: | false |
SSDEEP: | 24:Yv6XsCpUXH2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSFL:YvVCwHogq2SrhAh8cvUgEmFL |
MD5: | 4D2855122F2DDBE8897898AB348C61D6 |
SHA1: | 5CF093BE8122299A7145F9E90FE72FA890B4A4A2 |
SHA-256: | 7D42758AC0B1FFA4AE1B36E90DD83D976C075AF583C21643AC6BB81C132091F9 |
SHA-512: | 7D5E2E3E038D6FA9CA4A9A88262D1CA808EA63CDF7AFD4CD59D631647DBEF584C98C717679F84429AE75BB1277D9409ECEB764AFBA06AFA1346C86F290658A5F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.689466715913107 |
Encrypted: | false |
SSDEEP: | 24:Yv6XsCpUXrKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5oL:YvVCwrEgqprtrS5OZjSlwTmAfSKWL |
MD5: | 171DDEC955620A8F8BF3A8BCF0D8D92B |
SHA1: | 1FCC0B471DDF34FF61662DA8A7E2DDFB0BA6B9D5 |
SHA-256: | DA5C91A751232AB0B3C874DFA5EE9045E19DEDB4CC36582D16A2BC6803AF62DD |
SHA-512: | 629C7FD37130F16F6560209C9730F49B064E2070375D1B024A771A79DB24981682421F2CD22789456F324798921B77E314E2725B79DED741BADFD390F3B8BB5F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.237214500764636 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJfYdPeUkwRe9:YvXKXuSIEIepUTbdj9YOGg8Ukee9 |
MD5: | 2A994D7229D0F13D5776B446CF206D4B |
SHA1: | CD20023C92461E1045075252746F38547C7D33A8 |
SHA-256: | 9DFC7A689B5E17BAC0DCF03304469399CCF020EA5ADE678838C7FEA750550421 |
SHA-512: | 0DDA6755F656E1D055A92B860D4043792E375B3FA1604653837A61DEBAA5829CA3D2834018719ADF2A41DA03B7F9EFD9DA38FF15A823639F1CAB6D5E4B2433B7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.771725491813282 |
Encrypted: | false |
SSDEEP: | 24:Yv6XsCpUXWrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNwL:YvVCwWHgDv3W2aYQfgB5OUupHrQ9FJWL |
MD5: | 2D98D3E335E1085BD4697969886E6E8E |
SHA1: | D1C80B2D1E75A205BC3E70D810AFB33339CD68D0 |
SHA-256: | 392611AE8303B8E052340BDD635BD7A9DEF6F793C1E26D760D5ADE50CCCD2503 |
SHA-512: | 43D31A3D2706DE8AD55ADDA46FD42E3059B28841772B7D6D2C88F823E8C8054C15CD4ABA6A378EA7BEF19D295E538F2A06324E0D56C89319BD885EEA333C6280 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.221193113897162 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJfbPtdPeUkwRe9:YvXKXuSIEIepUTbdj9YOGDV8Ukee9 |
MD5: | 53536CD94078586F676423BC2FE9F6EB |
SHA1: | 43C5C215CF3E0D3B369F779CB13487C09AA552B9 |
SHA-256: | 2F686A740799A70A40AF6D3AF3BEA3337D76DD158DED8959F6F1A0A260043212 |
SHA-512: | 26342A923037495943BC3F6E6BDA62DE05BB5B0C03E5B9E695D3E5F57CB6B7675D9EED0A8C3633168CD251E685656A315FC11889168BA976BEA68C4B88AFF836 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.224545357228008 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJf21rPeUkwRe9:YvXKXuSIEIepUTbdj9YOG+16Ukee9 |
MD5: | 9C1A99EF9CD767E9755020E05707B99E |
SHA1: | D108DCA59DE65DD1B0C3311A1304719A38EF7CCC |
SHA-256: | F5FF9B487305D6D7A4892BBF1FA2B86F269619D6E0611E9A42A5EBBB25D9D5D4 |
SHA-512: | B803EF03A232267A50F49D0CFE4D4CDEB34593B462C65556F68C8A39FC2DC64CDC0B63AF8A91C288A13D84A67A2B8C48CA14890D3AD81572119CF25E7D41748C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1054 |
Entropy (8bit): | 5.658106577867569 |
Encrypted: | false |
SSDEEP: | 24:Yv6XsCpUX8amXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSFL:YvVCwaBgSXQSrOAh8cv6mFL |
MD5: | A6DF71FE9FE1791BEA87074025440CA9 |
SHA1: | F3030E7BEA79D2B25BA8D986F298BC873E17E4A4 |
SHA-256: | 398C028A08F17CCEEA8B19EDC73B4EEB5720B218833C92359B9733386435223E |
SHA-512: | 1F0DEA3062DCCEE895AB73C4DC39FDF86CF299C827B67BF64ED18BBC3FAF3498BF307D9358D34E0273D046DB1A6FCD8C034683F3A2C1D7EC316F8C959408CA4F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.200136948038281 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJfshHHrPeUkwRe9:YvXKXuSIEIepUTbdj9YOGUUUkee9 |
MD5: | 8E76CE042801F3267DF238E0738A3AD9 |
SHA1: | F70D6F5C0F69D367326E22C2A52590A760019AAA |
SHA-256: | 9563D31F9CA2DEE1E87E864A57F01FF0ECC44592820F0F210C29A75C17E02741 |
SHA-512: | 2C279194D531BF76A8AA05E48EBEC5C11C922785C041BFC27642D024E91E9A4B519BD5D96797A5F2EB170E7EC55736EAF6ABE0A89F088BCA1AC4CC75ABD450B7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.354287238470352 |
Encrypted: | false |
SSDEEP: | 12:YvXKXuSIEIepUTbdj9YOGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWo:Yv6XsCpUXj168CgEXX5kcIfANhFL |
MD5: | 2C3818484D85A366BF49281A6DEDB213 |
SHA1: | 8431C1F1F4AD694F9DC339A5362F35914EE9187A |
SHA-256: | AC0C02A89F67EC5D6FD4A146BD6CA08E13943CE0AA2A03A9C71C59A47F1A0B05 |
SHA-512: | 403868F9FB398DAEC6663B9176306F6C1959D60E9AC13486BE2F31F06E44F5D7AE01FB1FCDD4E8A465A65EF88BB03C07D33C60A672F8EF8C8A1904CD94373789 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.124011933876252 |
Encrypted: | false |
SSDEEP: | 48:Yc8LroqywrNpHY2B4zyllRT460s9A+qrc+RvcAcdr9Yb8rvhb:p8L0qywR+2ByyllRT502A+ENRvcAUY4d |
MD5: | D43932329D6148121412CE08EB7503B6 |
SHA1: | B38D9199CB97DC8D2B81D43A262F4BB88B11DE3D |
SHA-256: | 7CC5CA7D0ED25B2C3AFFE94CD7E6303A2BCF595460C65E61C6B4C1C70F1A2F19 |
SHA-512: | E2D27CC65FE708526CF6EE93B44510C94A7D404DEEC8F4D5537E40CD8C190164D3B9C0907E3A4FE47A7E9E490941D2C1505B31C26FA1C7959CE9A8513418B7A4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.319942879490517 |
Encrypted: | false |
SSDEEP: | 24:TLKufx/XYKQvGJF7urs9O3KaiZ3FL63FLesb+sZobF16R6FdpqpQ6YmOVw+EXSqF:TGufl2GL7msUKB0M0+Tb608YxVFr5VM |
MD5: | 504AF27AD6A00A968347263517FF4078 |
SHA1: | 80368CFF1F861712B7A23F03489ECF2C214552C6 |
SHA-256: | A356BA88FAC78CFA8167A7EBF39A04636E96999311DD0BC4798921C1CBC9C3A1 |
SHA-512: | 33900205633DD1DFD64E878EB38B121406D7E24FF8377A42A3EB1BCC4E51BEE54225F65FECCFD351409162DB6C20F1F3DA7BDE0AE9727BF88056534EEB78F663 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.7810568365070925 |
Encrypted: | false |
SSDEEP: | 24:7+tPl3KaiZ3FL63FLesb+sZobF16R6FdpqpQ6YmOVw/EXSqXlyGKaiKqLhx/XYKl:7MhKB0M0+Tb608YxVIrGKWqFl2GL7mst |
MD5: | 7C0DCD686082D40F96AD791C459C3180 |
SHA1: | DAF02ADF4671940036EC055C577424A8CF117750 |
SHA-256: | 21958440408B99F7BEBF27514013599CE564592815B1C5B5E7192B5A353D5EC9 |
SHA-512: | F9D48A890770A576A428E5BAD30D76F4DF660F449291E11D03E585C4722D2F08D3EA4068BD96AA9E51153F4B1CEE43D73CFC88C74735AED73864D54F33580AA2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5162684137903053 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8yQRqFGlVwlYH:Qw946cPbiOxDlbYnuRKTAAlYH |
MD5: | 317E55C0C297CBE85DF1BB18435FF635 |
SHA1: | 11E2AF2E2B319AE8726343C862E5E3B3D42AE0F6 |
SHA-256: | 695D15086D462EEAED0ADB1419FE6810F1ABB084AA62F0DB8D214BEFF72B0A50 |
SHA-512: | 8DD8DC6607A0A5F1A963A05F3BD48E0005F009ADC61DEFDFE37DF454C5F7C7F1EA7DF05968F9D47C4F0199747874D6E6217145E9006A4B0F191A211830B0F1D6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 18-13-25-021.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.361022727805069 |
Encrypted: | false |
SSDEEP: | 384:cBD67lQV4j1MOuD/btX+wknz+fzTqyorqz3tVFr84AbAYpfFWbWt+Fjwn0z5O+Wf:4M5 |
MD5: | 70A2D078BEFD5E910EE035832171B399 |
SHA1: | 1AB91914ECD7852E512C73437D30013594A16FB0 |
SHA-256: | 2B55DE84E5446FD295128DAD5827122E98AC784F96A1F422B711B14E8F7DB1ED |
SHA-512: | 9FF36D4E320A8791AB0B87F24CAB4CBE777D9E8A3A64D26AF419132CDFDFCCD9A253EE9854032C4C87C546187951077F869CBCBDC9513278C557FC4895C7DBBC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.345334089544964 |
Encrypted: | false |
SSDEEP: | 384:v3FuNjgb749PoNBViE6/LhQBVe/fjPL1Ebi8+fpqP0XMOOdp5yraH8HOvi8kjowW:bfp |
MD5: | 9E12C7F77CCFD791905AC6E9E8E7C837 |
SHA1: | CBBE29D7D45AE632D181CB9D22697D3B9AC209B2 |
SHA-256: | 32ED598EB32319BAE2DDE6BBCDF0C360D39536456C58A2F5D0D2F284FB0C3ABE |
SHA-512: | C674C93EADC9A0B2E3D238C380A78AB84F37EF1C6CCB994CA724598C535F87D967034787B32573D5D51FCD9191B9C5DEAD129B961D8781648581BAFB2AE93531 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.405339044911054 |
Encrypted: | false |
SSDEEP: | 192:zcbaIGkcbIcbiIICcbBOQQ0fQNCHPaPOhWPOA3mbSAcbsGC9GZPOdIzZMJzV3Zmk:EGvIcNYd8Cz |
MD5: | 223CB09DC09B3FD5F25E4A6E7CBD3903 |
SHA1: | CBC57DDFE6679B73D7BF7ED0E65779B3BA605414 |
SHA-256: | 2577E004F9822918797ECDE62AD1234746858569823DAD3519499B523DF3B184 |
SHA-512: | 84BEF5AF6EA1C3023BA3F9B279B50EFC5997792F471E8AB16FA6112DD293971D2DD710D417608C3170FAD0C0F568410E8C81003A06E677353287FF299898B4B7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/pwYIGNPQ9WL07oXGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:xwZG29WLxXGZn3mlind9i4ufFXpAXkru |
MD5: | 17A4D09E4373155D739D65D37FDD108E |
SHA1: | 88ABEDA0447CCB031DD1D459657336A3FC50E486 |
SHA-256: | 36FC00DA4B14D66BF783B992AC62C7590237C315B55D28A07A1B2E8678F918E3 |
SHA-512: | B95D3AB00F85EE3C41F813755485CF6B5C7A57F3DE9ACEF2DD2B0BDB3644580D36B43E5F44F5D9120FAD2AE128E7D69EFF2A9C58690B7162C20C497A24C88498 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.987974165761141 |
TrID: |
|
File name: | Usc credit Union Bank Letter- copy.pdf |
File size: | 416'762 bytes |
MD5: | b0c27a59f6b7246a6ccd99bd675d66f6 |
SHA1: | 478c5f6502d7e529e13a5a6c902eb00765dd594a |
SHA256: | 93235fca9fbe77a4dc06e55dbc89b657a852a19045d1c04b7d7df7f09c6adb36 |
SHA512: | 640a28944b65183f9018ff703f2d5f9f615af4b96846b5c5210afd1a184f1305710eba2f52a1797c711e9fe455e373ec655303cef2b5d8a3a5efd422ed04a44f |
SSDEEP: | 12288:iOZjFngPuDIdCHsRWBVoaG+EBS6bo1BSXBSeYpOFyDkiH:bnMuDIdCHsRWBV3G+uIN/DhH |
TLSH: | 83941243DA5689DFD84197B0BE091B9BCBCCDB650A4031FB143D1BAB3698E204E5A4FD |
File Content Preview: | %PDF-1.7.%.....2 0 obj.<<./Pages 4 0 R./Type /Catalog./AcroForm 5 0 R.>>.endobj.8 0 obj.<<./Filter /FlateDecode./Length 10.>>.stream..x.+......|..endstream.endobj.9 0 obj.<<./Filter /FlateDecode./Length 10.>>.stream..x.+......|..endstream.endobj.10 0 obj. |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.987974 |
Total Bytes: | 416762 |
Stream Entropy: | 7.991167 |
Stream Bytes: | 407325 |
Entropy outside Streams: | 4.886480 |
Bytes outside Streams: | 9437 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 107 |
endobj | 107 |
stream | 104 |
endstream | 104 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 2 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
87 | 1240732b6b560040 | a69d0532bc2c05c78b5a907d596f2413 | |
88 | da1a783c8591b455 | 067b5c17fe3011308ed150711a0eb128 | |
89 | 0034f8ccca9a9000 | c961636c7d02846f250bc2b4cbdc0c3e | |
153 | 0000000000000000 | dc27b7d5aa6ff1e9defa5414c01c8366 | |
155 | 0000000000000000 | 4747d3ac4b98c57c7d68249f67758a9c |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 00:13:31.002424955 CEST | 49715 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.002468109 CEST | 443 | 49715 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:31.002580881 CEST | 49715 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.002872944 CEST | 49715 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.002887011 CEST | 443 | 49715 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:31.544830084 CEST | 443 | 49715 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:31.545401096 CEST | 49715 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.545417070 CEST | 443 | 49715 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:31.546727896 CEST | 443 | 49715 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:31.546830893 CEST | 49715 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.546842098 CEST | 443 | 49715 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:31.546941996 CEST | 49715 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.549340963 CEST | 49715 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.549459934 CEST | 443 | 49715 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:31.549602032 CEST | 49715 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.595403910 CEST | 443 | 49715 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:31.600425005 CEST | 49715 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.600438118 CEST | 443 | 49715 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:31.647408962 CEST | 49715 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.699064970 CEST | 443 | 49715 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:31.699142933 CEST | 443 | 49715 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:31.699328899 CEST | 49715 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.701833963 CEST | 49715 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.701854944 CEST | 443 | 49715 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:31.704221964 CEST | 49718 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.704278946 CEST | 443 | 49718 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:31.704355955 CEST | 49718 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.704644918 CEST | 49718 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:31.704660892 CEST | 443 | 49718 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:32.237495899 CEST | 443 | 49718 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:32.245929956 CEST | 49718 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:32.245944977 CEST | 443 | 49718 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:32.247200012 CEST | 443 | 49718 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:32.247276068 CEST | 49718 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:32.247287989 CEST | 443 | 49718 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:32.247328043 CEST | 49718 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:32.248188972 CEST | 49718 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:32.248421907 CEST | 443 | 49718 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:32.248464108 CEST | 49718 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:32.248470068 CEST | 443 | 49718 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:32.293263912 CEST | 49718 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:32.293294907 CEST | 443 | 49718 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:32.340142965 CEST | 49718 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:32.593569040 CEST | 443 | 49718 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:32.593599081 CEST | 443 | 49718 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:32.593605995 CEST | 443 | 49718 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:32.593688011 CEST | 443 | 49718 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:32.593729019 CEST | 49718 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:32.593770027 CEST | 49718 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:32.603733063 CEST | 49718 | 443 | 192.168.2.10 | 23.22.254.206 |
Oct 8, 2024 00:13:32.603768110 CEST | 443 | 49718 | 23.22.254.206 | 192.168.2.10 |
Oct 8, 2024 00:13:35.143085003 CEST | 49722 | 443 | 192.168.2.10 | 23.217.172.185 |
Oct 8, 2024 00:13:35.143126965 CEST | 443 | 49722 | 23.217.172.185 | 192.168.2.10 |
Oct 8, 2024 00:13:35.143234015 CEST | 49722 | 443 | 192.168.2.10 | 23.217.172.185 |
Oct 8, 2024 00:13:35.143776894 CEST | 49722 | 443 | 192.168.2.10 | 23.217.172.185 |
Oct 8, 2024 00:13:35.143790960 CEST | 443 | 49722 | 23.217.172.185 | 192.168.2.10 |
Oct 8, 2024 00:13:35.708126068 CEST | 443 | 49722 | 23.217.172.185 | 192.168.2.10 |
Oct 8, 2024 00:13:35.711494923 CEST | 49722 | 443 | 192.168.2.10 | 23.217.172.185 |
Oct 8, 2024 00:13:35.711509943 CEST | 443 | 49722 | 23.217.172.185 | 192.168.2.10 |
Oct 8, 2024 00:13:35.712634087 CEST | 443 | 49722 | 23.217.172.185 | 192.168.2.10 |
Oct 8, 2024 00:13:35.712707043 CEST | 49722 | 443 | 192.168.2.10 | 23.217.172.185 |
Oct 8, 2024 00:13:35.765198946 CEST | 49722 | 443 | 192.168.2.10 | 23.217.172.185 |
Oct 8, 2024 00:13:35.765397072 CEST | 443 | 49722 | 23.217.172.185 | 192.168.2.10 |
Oct 8, 2024 00:13:35.765466928 CEST | 49722 | 443 | 192.168.2.10 | 23.217.172.185 |
Oct 8, 2024 00:13:35.807401896 CEST | 443 | 49722 | 23.217.172.185 | 192.168.2.10 |
Oct 8, 2024 00:13:35.809092999 CEST | 49722 | 443 | 192.168.2.10 | 23.217.172.185 |
Oct 8, 2024 00:13:35.809108019 CEST | 443 | 49722 | 23.217.172.185 | 192.168.2.10 |
Oct 8, 2024 00:13:35.855951071 CEST | 49722 | 443 | 192.168.2.10 | 23.217.172.185 |
Oct 8, 2024 00:13:35.865446091 CEST | 443 | 49722 | 23.217.172.185 | 192.168.2.10 |
Oct 8, 2024 00:13:35.865566015 CEST | 443 | 49722 | 23.217.172.185 | 192.168.2.10 |
Oct 8, 2024 00:13:35.865658998 CEST | 49722 | 443 | 192.168.2.10 | 23.217.172.185 |
Oct 8, 2024 00:13:35.866332054 CEST | 49722 | 443 | 192.168.2.10 | 23.217.172.185 |
Oct 8, 2024 00:13:35.866349936 CEST | 443 | 49722 | 23.217.172.185 | 192.168.2.10 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 00:13:30.598617077 CEST | 50218 | 53 | 192.168.2.10 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 8, 2024 00:13:30.598617077 CEST | 192.168.2.10 | 1.1.1.1 | 0xc695 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 8, 2024 00:13:30.607825994 CEST | 1.1.1.1 | 192.168.2.10 | 0xc695 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 8, 2024 00:13:31.379192114 CEST | 1.1.1.1 | 192.168.2.10 | 0xd1f7 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 00:13:31.379192114 CEST | 1.1.1.1 | 192.168.2.10 | 0xd1f7 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.10 | 49715 | 23.22.254.206 | 443 | 7304 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 22:13:31 UTC | 1353 | OUT | |
2024-10-07 22:13:31 UTC | 572 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.10 | 49718 | 23.22.254.206 | 443 | 7304 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 22:13:32 UTC | 1473 | OUT | |
2024-10-07 22:13:32 UTC | 608 | IN | |
2024-10-07 22:13:32 UTC | 6385 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.10 | 49722 | 23.217.172.185 | 443 | 7304 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 22:13:35 UTC | 475 | OUT | |
2024-10-07 22:13:35 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 18:13:20 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64eb90000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 18:13:22 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63ec50000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 18:13:22 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63ec50000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |