Windows
Analysis Report
Fac_F00717187991.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7036 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\F ac_F007171 87991.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 5460 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5800 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 88 --field -trial-han dle=1680,i ,144651216 6926294637 3,16136710 3723736229 39,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false |
| unknown |
x1.i.lencr.org | unknown | unknown | false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.47.168.24 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528653 |
Start date and time: | 2024-10-08 07:39:55 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Fac_F00717187991.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/29@1/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 2.19.126.149, 2.19.126.143, 184.28.88.176, 18.207.85.246, 54.144.73.197, 107.22.247.231, 34.193.227.236, 162.159.61.3, 172.64.41.3, 2.23.197.184, 199.232.210.172, 2.22.242.11, 2.22.242.123
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
Time | Type | Description |
---|---|---|
01:41:01 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.47.168.24 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | PureLog Stealer, XWorm | Browse | |||
Get hash | malicious | Metasploit | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | MicroClip, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.180394344693242 |
Encrypted: | false |
SSDEEP: | 6:cOH3AQL+q2Pwkn2nKuAl9OmbnIFUt8LiGwG1Zmw+LiGwQLVkwOwkn2nKuAl9Omb5:c1QyvYfHAahFUt8LiGwg/+LiGwQR5JfC |
MD5: | 0727034F010AC7F100FC0918CA993AD2 |
SHA1: | 4D2053930E04443A07773A8201406689FB712394 |
SHA-256: | 29615743537266746599DC64F8F2AD7EAA044F61ACB3EED32E2E21EDC67735A4 |
SHA-512: | FAC88ED28FBE9B62623C9B8A14D00F1D0D65DCAA72287B2B2D9CE7200C3BA9D474721C59E6D03F983DF9B857DD4C5AFBE2375E7F568CC4BBBA7EECF023DBD52E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.180394344693242 |
Encrypted: | false |
SSDEEP: | 6:cOH3AQL+q2Pwkn2nKuAl9OmbnIFUt8LiGwG1Zmw+LiGwQLVkwOwkn2nKuAl9Omb5:c1QyvYfHAahFUt8LiGwg/+LiGwQR5JfC |
MD5: | 0727034F010AC7F100FC0918CA993AD2 |
SHA1: | 4D2053930E04443A07773A8201406689FB712394 |
SHA-256: | 29615743537266746599DC64F8F2AD7EAA044F61ACB3EED32E2E21EDC67735A4 |
SHA-512: | FAC88ED28FBE9B62623C9B8A14D00F1D0D65DCAA72287B2B2D9CE7200C3BA9D474721C59E6D03F983DF9B857DD4C5AFBE2375E7F568CC4BBBA7EECF023DBD52E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.116344558932278 |
Encrypted: | false |
SSDEEP: | 6:czvN4q2Pwkn2nKuAl9Ombzo2jMGIFUt8Lz0AvJZmw+LkdF3DkwOwkn2nKuAl9OmT:czvN4vYfHAa8uFUt8Lz0AvJ/+LqF3D56 |
MD5: | DE9A6E3E59949BD73D1D1C69B41A24A6 |
SHA1: | D2A8480420C7C1887FB57A776D8264CEECCABB01 |
SHA-256: | 246FC5796CDFAD396B7642E8502A0351478D364BAC3CE972BA318474257114DD |
SHA-512: | AB588FE5217402E98C1325150CEDF6451923DF8EA423B8A30B2E906A99FDCF9229989DF6CB0D661AF40A438B6755FA00953130B4E4A561ADDB4DDB02812385A2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.116344558932278 |
Encrypted: | false |
SSDEEP: | 6:czvN4q2Pwkn2nKuAl9Ombzo2jMGIFUt8Lz0AvJZmw+LkdF3DkwOwkn2nKuAl9OmT:czvN4vYfHAa8uFUt8Lz0AvJ/+LqF3D56 |
MD5: | DE9A6E3E59949BD73D1D1C69B41A24A6 |
SHA1: | D2A8480420C7C1887FB57A776D8264CEECCABB01 |
SHA-256: | 246FC5796CDFAD396B7642E8502A0351478D364BAC3CE972BA318474257114DD |
SHA-512: | AB588FE5217402E98C1325150CEDF6451923DF8EA423B8A30B2E906A99FDCF9229989DF6CB0D661AF40A438B6755FA00953130B4E4A561ADDB4DDB02812385A2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4b7490e6-b65a-4c89-b169-695cc523283d.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.96775079901533 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqi2WsBdOg2HIwfcaq3QYiubInP7E4T3y:Y2sRdsJSdMHIwu3QYhbG7nby |
MD5: | 924CC7B579CC9B974427813902D49B85 |
SHA1: | 422CEF5282C3E3B9D6936E7215D30BBD254628FB |
SHA-256: | 7ED55E3EAEFB7A41F666298B95C53A86CC0AFBEF62F7A61660E19D198CD13C9C |
SHA-512: | D7569F499262F7BE5901321AFD58516E576AC8D03CED8856A02F95A2DC1D946F8F106551900371883179EB945EF6D67EA2BCD5CE7912B07E6E5BBAC3A1707975 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.96775079901533 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqi2WsBdOg2HIwfcaq3QYiubInP7E4T3y:Y2sRdsJSdMHIwu3QYhbG7nby |
MD5: | 924CC7B579CC9B974427813902D49B85 |
SHA1: | 422CEF5282C3E3B9D6936E7215D30BBD254628FB |
SHA-256: | 7ED55E3EAEFB7A41F666298B95C53A86CC0AFBEF62F7A61660E19D198CD13C9C |
SHA-512: | D7569F499262F7BE5901321AFD58516E576AC8D03CED8856A02F95A2DC1D946F8F106551900371883179EB945EF6D67EA2BCD5CE7912B07E6E5BBAC3A1707975 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4320 |
Entropy (8bit): | 5.257989437584272 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7o76TTl:etJCV4FiN/jTN/2r8Mta02fEhgO73goX |
MD5: | D1049E6AF8DB72E8644E34B644DE955E |
SHA1: | 4877590D53D9BA2015EE288A263DF822BB2ACB0E |
SHA-256: | 35D2CBCFE1AA21BAA4D59915C9622F4DB85373C642967B28524DDBC0D1B825C4 |
SHA-512: | 4EC26C6759691520577B8CFD3C15983FF886543C033749D924DCBEEC013E3CD476B5448812F67F5365A093583DE881E7D7A4992F03CECF315FB6223EA04A5126 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.145551777765844 |
Encrypted: | false |
SSDEEP: | 6:cA4q2Pwkn2nKuAl9OmbzNMxIFUt8L83JZmw+L+Av3DkwOwkn2nKuAl9OmbzNMFLJ:cA4vYfHAa8jFUt8LmJ/+L+AvD5JfHAab |
MD5: | 21CE082AA595CD03D5D062C853412383 |
SHA1: | D600A58468EDA654C05DA41695D47BA7EC025751 |
SHA-256: | F00F7560AD4EE80018D671FF6E3AFF375B3490D4325A01BB874FDC19B1083AF9 |
SHA-512: | BFE01D78C40A1E0A075A1C2CDFA26246B765D7C31209253C35BB0C56D66E74A947265317A6063581C08CD97CAA8234DF0B69B1E804F0892DBC57D86C228AAED7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.145551777765844 |
Encrypted: | false |
SSDEEP: | 6:cA4q2Pwkn2nKuAl9OmbzNMxIFUt8L83JZmw+L+Av3DkwOwkn2nKuAl9OmbzNMFLJ:cA4vYfHAa8jFUt8LmJ/+L+AvD5JfHAab |
MD5: | 21CE082AA595CD03D5D062C853412383 |
SHA1: | D600A58468EDA654C05DA41695D47BA7EC025751 |
SHA-256: | F00F7560AD4EE80018D671FF6E3AFF375B3490D4325A01BB874FDC19B1083AF9 |
SHA-512: | BFE01D78C40A1E0A075A1C2CDFA26246B765D7C31209253C35BB0C56D66E74A947265317A6063581C08CD97CAA8234DF0B69B1E804F0892DBC57D86C228AAED7 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444355862196458 |
Encrypted: | false |
SSDEEP: | 384:yezci5tDiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rQs3OazzU89UTTgUL |
MD5: | D626978EC00AAE6B454A5AB20C2AB979 |
SHA1: | B93915762A99598B9B20E517EB28DD8D9608AD4A |
SHA-256: | D15358B05765FF050A15A0876B53C962E331F3DBFE75547FA5C995EB8AC71D9E |
SHA-512: | 1FF9D349E3B213A6BBD0077A9359A30091A25CD7EDA0697910E80894D3B4EB793C30A97B687C9D51FCA10C7FA0FD2C1289ABCF56249B6A7BAC1D2D81330F4408 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.770735873145962 |
Encrypted: | false |
SSDEEP: | 48:7MpqXpA2ioyV6sioyOAoWoy1Cwoy1FfKOioy1noy1AYoy1Wioy11ioyeioyBoy1e:7qupfudD0X2jiIb9IVXEBodRBkvx |
MD5: | 84491174894F443A042D6433D006B6C0 |
SHA1: | 9EFCFC39239B85E7DB700A962740B605D4D8E8C2 |
SHA-256: | 3017283F8527F046A9784FA57E835620991343A7BCA9FD4E343587E1342A2D82 |
SHA-512: | 7092DF1CD991D50FD6C4BA702E289C6BE2C52225A79AF3BC95655F23305BB6F0B5CF943BC8F047F12DAC6EEDC9E8F4CF607322113C922D5848DAF559E88E6292 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | 3:kkFklwmvh8+k31fllXlE/HT8kzwNNX8RolJuRdxLlGB9lQRYwpDdt:kKpWhvM2T86INMa8RdWBwRd |
MD5: | E85FD208CF354F62051B996BA71BC9A7 |
SHA1: | 91678038FCDC0D6A2ABE39BE656D7549A980D946 |
SHA-256: | 2CA17F4D05462E2C46292A881150D67F982B862D14B1254D7E2479D1AD7AA22F |
SHA-512: | 56D1982AD56873AB84421A2C0861A312F7819E03A2C24FD667E44772459CE046FFCA4A708140B2C1CE34C9C3C539AD632D723CBAD3F2686C6AFA9DDEDA2BF7E3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.245596380966818 |
Encrypted: | false |
SSDEEP: | 6:kKzbplD9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:bbLaDImsLNkPlE99SNxAhUe/3 |
MD5: | B8E6A419774B82B22CD740A106BC3BDC |
SHA1: | ACA3FABD016B350F4C19E1841950D7770F467ABB |
SHA-256: | 57324F7975AB3824614A904C807A654217ECC09893075360BEBB8260748B2194 |
SHA-512: | 41787FB3EE65A08E03FF2966616A561167A0A3BE5B316AE23A4B43980E3237853FA9FF2173316550D65648C2EDE268A73BB7CE6BCAD739E72DC4DA494B848B6F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1969 |
Entropy (8bit): | 5.046172171862392 |
Encrypted: | false |
SSDEEP: | 48:Yr2sSbMSlMtCM5mMOpiMAW0MretMSMmkaMY:jtYtt55V6AWLre6JmkhY |
MD5: | 7C78DCF5B92C071F1E0DD22D2B4FB395 |
SHA1: | 0D08BD77982CCE13CE10454437D2B89CBB8F3D61 |
SHA-256: | 77BFEC391C6D8AD2E7479717355490B7E75600FFD4E86B76F640EFA877BC367D |
SHA-512: | 5389672BD9C02E7337EE88463AE2815605A0A2F441D53418375A0D77841783A0539B4AA65C9855AE787D95080C8F845B012C70235BDD3197D39107FBA88957DE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1888580212018212 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUshSvR9H9vxFGiDIAEkGVvp4F:lNVmswUUUUUUUUsh+FGSItsF |
MD5: | A3D1E6A986AE230B2DB1F2D9840221C7 |
SHA1: | 7BE5092B22F77DAA20F59BA11B5154F0BE7EEF59 |
SHA-256: | 00E97D042B171DB787B477F295562CFCFCA5DBDE36C1A36C69643BE7E0B4284D |
SHA-512: | 5374F73AFB2B37C95AB7783B157B69BE09AB40AC8F9EC01FC9B430F3F4693AB78F8A7F3A95B854684471DD3728DD52EC4C9016DDD83E4E3351BFD273D9236ADF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.609199122921051 |
Encrypted: | false |
SSDEEP: | 48:7MXKUUUUUUUUUUspvR9H9vxFGiDIAEkGVviqFl2GL7msT:7lUUUUUUUUUUsNFGSIt8KVmsT |
MD5: | B6944A64DF942EA5EEAE9905F7D02877 |
SHA1: | E0D5E74454A4860EBBD9485B22AB51257C7971F4 |
SHA-256: | 1EB26DFFBE85B135D08075EDD59E1DD49E68923A8B97E20AC67BB370F2E3249C |
SHA-512: | 477D0A0F00E6CA7E2F7C9A1125E5C85A4D49B38FBAD8C8D414C20885AD8B22EA6801497949939D3F8AAAECA1BC895BA57EDA5FE314A5816833EDBD3B0602CA07 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.524398495091119 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ejSPe:Qw946cPbiOxDlbYnuRKf |
MD5: | 2680F0E9282712DE1FE86172F351A061 |
SHA1: | C749F0F01FC51CF10776342CB44C43B7390A251F |
SHA-256: | B1EBE9BB3461C1BC45B2C616D4A040151E311E3CFEEB0F5DD95E46AD477E9DBA |
SHA-512: | E1C7578BC5ACAAFB1213D9D6653F1DC3135A0C2D8F096D31DD38679DDD19FA99326BFEFDCF04173D2370963C3169610C11DF54048A2A7C2B58ACA501981ED146 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-08 01-40-51-039.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15112 |
Entropy (8bit): | 5.314053841388999 |
Encrypted: | false |
SSDEEP: | 384:lMi1qEflCnmFCK5JC3X2a0OXrclpQIk2HMOoa+I6zlbjdOZQQTZlmVm7KBTE4LbL:7n+j |
MD5: | 46BF59B2272F5BADBA5024877A70318A |
SHA1: | AD6775A7FE3CB0C7A5393A753568B30DF10F9025 |
SHA-256: | 002AC30EA7FF3126D1DB6D5BE44CA3127613A003CCCF698CEFDCAABD9DEA60F8 |
SHA-512: | 03DAE90CD5B21EBFDAC0C4ED6F4DBC7E3432872E44CD06417689D8D4AE78F1A8EEF02A98BB9F440433C4E2ECCD7E1D0BDA0FE6EA517FD6A3FB63D86415F999BD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.38283613348002 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rz:Eb2 |
MD5: | 1FBAA1795E5DAC326AC51012696C3145 |
SHA1: | 38B90F1B5197BC9CFFC10D676F76F595C017AE50 |
SHA-256: | ADF5577C353718CB7D46CC2F0C1D365994A663C22A7CE3C2FB108F91F97DB4B9 |
SHA-512: | DB19ADBD62A0C9A424319503717F2A562736D968DF8CC62AA6F5496AC491F0F713CB30404D046E744F6F9E96AFA2C24BE7462F2B481CF005ADA93242C588F604 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9Uo:O3Pjegf121YS8lkipdjMMNB1DofjgJJ0 |
MD5: | 12DDE6151F5E778520B3C8434B61AD0C |
SHA1: | 2D3EA4300ED7D77866B96F7BE2BD8FA4F03D2081 |
SHA-256: | 4EDFCFF1CCA3192ECCBA77FFB1572D1C544566CFC73749F0FAC5DD0BF0C73C76 |
SHA-512: | 3DE45A91E3D8A7EF05C37CC274ECD8BD8BCB99A1AAD7A4252AC6714B57AFC281D3BB6926CE2910F7BC366F1595B27EC89D96158D94E2ABEE7B7567ACEA861F93 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.512896844277699 |
TrID: | |
File name: | Fac_F00717187991.pdf |
File size: | 536 bytes |
MD5: | d73cc679616decb1c94f690d68abc7de |
SHA1: | ad41f6f90bca7f2354f9da5c2f866972acaff21c |
SHA256: | d1258a3a442848c6879f232022ef45baae8ee762865d6af00109d6bef12fc99c |
SHA512: | a9159534cea496a3270d18a42c945b23be3a79fd6b359627dd4e8e3b17a7ba62b79594dde2c959fad7bf7f9a02ef3c9d592ee9d07c20f36a3ee2883d3e88a08a |
SSDEEP: | 12:/Alt5XYMJ9zx0Mtsc0KeY1UzP9d1rL6lvUwjICHr6uzswTn:IltJnJXwc0KeYmFjr9wjIiWu5Tn |
TLSH: | 8DF096C430468CB82D0C197EEF6249C4F65F85D8882242052008E4F58D2D09218D030B |
File Content Preview: | .........Pf..l4...P..../.Q..]P.2.<....0...,^..K.i.A..f.6..n9._9.......N...v..5.n..]..]y....Nx.~}.Mw..u.o7.O{.M....)......A`.....N...A.I..Y..R.N'k;B.e.++..7..jP...5....f]..4..PUTas.- QP..=v...AA...A.(4H.4.Y0. ..,..I%H$#J.Q.a...".....E.\+..M.....j!.......J. |
Icon Hash: | 62cc8caeb29e8ae0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 07:41:02.271253109 CEST | 49743 | 443 | 192.168.2.4 | 23.47.168.24 |
Oct 8, 2024 07:41:02.271281004 CEST | 443 | 49743 | 23.47.168.24 | 192.168.2.4 |
Oct 8, 2024 07:41:02.271337986 CEST | 49743 | 443 | 192.168.2.4 | 23.47.168.24 |
Oct 8, 2024 07:41:02.271513939 CEST | 49743 | 443 | 192.168.2.4 | 23.47.168.24 |
Oct 8, 2024 07:41:02.271521091 CEST | 443 | 49743 | 23.47.168.24 | 192.168.2.4 |
Oct 8, 2024 07:41:02.822287083 CEST | 443 | 49743 | 23.47.168.24 | 192.168.2.4 |
Oct 8, 2024 07:41:02.822608948 CEST | 49743 | 443 | 192.168.2.4 | 23.47.168.24 |
Oct 8, 2024 07:41:02.822622061 CEST | 443 | 49743 | 23.47.168.24 | 192.168.2.4 |
Oct 8, 2024 07:41:02.824076891 CEST | 443 | 49743 | 23.47.168.24 | 192.168.2.4 |
Oct 8, 2024 07:41:02.824129105 CEST | 49743 | 443 | 192.168.2.4 | 23.47.168.24 |
Oct 8, 2024 07:41:02.826160908 CEST | 49743 | 443 | 192.168.2.4 | 23.47.168.24 |
Oct 8, 2024 07:41:02.826235056 CEST | 443 | 49743 | 23.47.168.24 | 192.168.2.4 |
Oct 8, 2024 07:41:02.826463938 CEST | 49743 | 443 | 192.168.2.4 | 23.47.168.24 |
Oct 8, 2024 07:41:02.826468945 CEST | 443 | 49743 | 23.47.168.24 | 192.168.2.4 |
Oct 8, 2024 07:41:02.871896029 CEST | 49743 | 443 | 192.168.2.4 | 23.47.168.24 |
Oct 8, 2024 07:41:02.930187941 CEST | 443 | 49743 | 23.47.168.24 | 192.168.2.4 |
Oct 8, 2024 07:41:02.930440903 CEST | 443 | 49743 | 23.47.168.24 | 192.168.2.4 |
Oct 8, 2024 07:41:02.930485964 CEST | 49743 | 443 | 192.168.2.4 | 23.47.168.24 |
Oct 8, 2024 07:41:02.930716038 CEST | 49743 | 443 | 192.168.2.4 | 23.47.168.24 |
Oct 8, 2024 07:41:02.930732965 CEST | 443 | 49743 | 23.47.168.24 | 192.168.2.4 |
Oct 8, 2024 07:41:02.930741072 CEST | 49743 | 443 | 192.168.2.4 | 23.47.168.24 |
Oct 8, 2024 07:41:02.930793047 CEST | 49743 | 443 | 192.168.2.4 | 23.47.168.24 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 07:41:01.846985102 CEST | 59870 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 8, 2024 07:41:01.846985102 CEST | 192.168.2.4 | 1.1.1.1 | 0x26da | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 8, 2024 07:41:02.085514069 CEST | 1.1.1.1 | 192.168.2.4 | 0x26da | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 8, 2024 07:41:02.822397947 CEST | 1.1.1.1 | 192.168.2.4 | 0xd88c | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 07:41:02.822397947 CEST | 1.1.1.1 | 192.168.2.4 | 0xd88c | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49743 | 23.47.168.24 | 443 | 5800 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-08 05:41:02 UTC | 475 | OUT | |
2024-10-08 05:41:02 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 01:40:47 |
Start date: | 08/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 1 |
Start time: | 01:40:50 |
Start date: | 08/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 3 |
Start time: | 01:40:51 |
Start date: | 08/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |