Windows
Analysis Report
Inv. 7315 Techtronic 10.04.2024.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6008 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\I nv. 7315 T echtronic 10.04.2024 .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6644 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7316 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 04 --field -trial-han dle=1748,i ,111951479 5547120841 0,11915245 0559298686 40,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | 217.20.59.35 | true | false | unknown | |
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.200.196.138 | unknown | United States | 2860 | NOS_COMUNICACOESPT | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1529332 |
Start date and time: | 2024-10-08 21:20:11 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 7s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Inv. 7315 Techtronic 10.04.2024.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/46@1/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.149, 2.19.126.143, 18.207.85.246, 107.22.247.231, 54.144.73.197, 34.193.227.236, 172.64.41.3, 162.159.61.3, 2.23.197.184, 217.20.59.35
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Inv. 7315 Techtronic 10.04.2024.pdf
Time | Type | Description |
---|---|---|
15:21:19 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brand":["CellBlock FCS, LLC", "CellBlock"], "contains_trigger_text":true, "trigger_text":"Click here to view document", "prominent_button_name":"SUBTOTAL SHIPPING TOTAL PAYMENT BALANCE DUE", "text_input_field_labels":["SUBTOTAL", "SHIPPING", "TOTAL", "PAYMENT", "BALANCE DUE"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"CellBlock FCS, LLC 261 Maverick St Boston, MA 02128 US +18004404119 ar@cellblockfcs.com cellblockfcs.com INVOICE BILL TO SHIP TO INVOICE # 7315 DATE 10/04/2024 DUE DATE 10/04/2024 TERMS 50% Deposit, 50% prior to Shipment P.O. NUMBER CB02097 SALES REP Maxwell Weerts PART NO. DESCRIPTION QTY RATE AMOUNT EVPLUS9696 EV PLUS HWH Fire Shield Blanket 8 x 8' (2.4m x 2.4m) 9 1, 419.26 12, 773.34 Dual layered construction Water-resistant silicon-coated FR textile top Insulatory felt bottom layer Handles at corners and sides - 6 grab points Weight per blanket is approximately 13.5 lbs. SUBTOTAL SHIPPING TOTAL PAYMENT BALANCE DUE 12, 773.34 635.73 13, 409.07 6, 386.67 $7, 022.40 Prices are in USD and exclude Taxes/VAT/Duties unless otherwise noted. CellBlock FCS LLC Factory and Shipping: 234 Northeast Road, Standish, ME 04084 CellBlock FCS LLC Corporate and Mailing: 261 Maverick Street, Boston, MA 02128", "has_visible_qrcode":false} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.200.196.138 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | CarnavalHeist | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AsyncRAT, StormKitty, VenomRAT | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
NOS_COMUNICACOESPT | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.1887153176705665 |
Encrypted: | false |
SSDEEP: | 6:c+/U+V/gN+q2Pwkn2nKuAl9OmbnIFUt8L+/U+VlgZZmw+L+/U+VlgNVkwOwkn2nC:c+/U+VJvYfHAahFUt8L+/U+VlM/+L+/9 |
MD5: | F62770E8E0EFD434F915B20FA79FC469 |
SHA1: | CD871B349FA9EDAE9ABFB00A4C7207418398D817 |
SHA-256: | 770E9920280E572563962D94C17294EDA600595CF557CDF68C968967B88AD072 |
SHA-512: | 355D0BC0FEA170B590B3F6A3D33B596912AF54323FBC17061D6C69AF1E43A776B1628EE248C3974156B957370E7563D4EC011B90B89FC7A12970F3AEE2A4FF82 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.1887153176705665 |
Encrypted: | false |
SSDEEP: | 6:c+/U+V/gN+q2Pwkn2nKuAl9OmbnIFUt8L+/U+VlgZZmw+L+/U+VlgNVkwOwkn2nC:c+/U+VJvYfHAahFUt8L+/U+VlM/+L+/9 |
MD5: | F62770E8E0EFD434F915B20FA79FC469 |
SHA1: | CD871B349FA9EDAE9ABFB00A4C7207418398D817 |
SHA-256: | 770E9920280E572563962D94C17294EDA600595CF557CDF68C968967B88AD072 |
SHA-512: | 355D0BC0FEA170B590B3F6A3D33B596912AF54323FBC17061D6C69AF1E43A776B1628EE248C3974156B957370E7563D4EC011B90B89FC7A12970F3AEE2A4FF82 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.116491152542842 |
Encrypted: | false |
SSDEEP: | 6:c+/U+l8L+q2Pwkn2nKuAl9Ombzo2jMGIFUt8L+/U+J3KWZmw+L+/U+JhLVkwOwkV:c+/U+uL+vYfHAa8uFUt8L+/U+J6W/+L3 |
MD5: | 727E1771119F0DEDD46177621F7CC4C9 |
SHA1: | 32B5E8632CD7C77C8775862E636AF0C74C3CF08F |
SHA-256: | 199CA92BB69F847A13EB2B505378AFD16AD6DFF6C96BB554635EAE7EA4A52AE6 |
SHA-512: | 703F7243C3E8742DCF2DBC1412BFC4A5ADB83F970F646779E675123AB1805A86B1F691C1D8F03EBC3F503F0D2D84A03B4CDC7FDA88C27E62276733C73B229B88 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.116491152542842 |
Encrypted: | false |
SSDEEP: | 6:c+/U+l8L+q2Pwkn2nKuAl9Ombzo2jMGIFUt8L+/U+J3KWZmw+L+/U+JhLVkwOwkV:c+/U+uL+vYfHAa8uFUt8L+/U+J6W/+L3 |
MD5: | 727E1771119F0DEDD46177621F7CC4C9 |
SHA1: | 32B5E8632CD7C77C8775862E636AF0C74C3CF08F |
SHA-256: | 199CA92BB69F847A13EB2B505378AFD16AD6DFF6C96BB554635EAE7EA4A52AE6 |
SHA-512: | 703F7243C3E8742DCF2DBC1412BFC4A5ADB83F970F646779E675123AB1805A86B1F691C1D8F03EBC3F503F0D2D84A03B4CDC7FDA88C27E62276733C73B229B88 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\97d9a5e5-adb0-4a91-96d1-210fa05b61f4.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.966983371696171 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqMsBdOg2HJxcaq3QYiubInP7E4T3y:Y2sRdsQdMHK3QYhbG7nby |
MD5: | DABB1E4F981DA0C528E9A034F98FF29C |
SHA1: | 1B96FD614BA404E795F78056AF3269386EBA87D1 |
SHA-256: | 7D5547FA9C5FFF332040E2226D7D51C66EDBA08CC79B5479987D2B3591D2CEFA |
SHA-512: | 955029070E8631929F9C169A80475610816A38D8CF5CB2D406035B1A9BC83C05ECF89180D326F4A3452888E86F0832F19B87B93D94C91548084C9F028EA94C98 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.966983371696171 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqMsBdOg2HJxcaq3QYiubInP7E4T3y:Y2sRdsQdMHK3QYhbG7nby |
MD5: | DABB1E4F981DA0C528E9A034F98FF29C |
SHA1: | 1B96FD614BA404E795F78056AF3269386EBA87D1 |
SHA-256: | 7D5547FA9C5FFF332040E2226D7D51C66EDBA08CC79B5479987D2B3591D2CEFA |
SHA-512: | 955029070E8631929F9C169A80475610816A38D8CF5CB2D406035B1A9BC83C05ECF89180D326F4A3452888E86F0832F19B87B93D94C91548084C9F028EA94C98 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.257020481449279 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7f+Ty+lZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go8 |
MD5: | CF6F1DC8ADFF6D039DD722EAE4C2C2AA |
SHA1: | 676C835604F9411082EE1AD8FFEC10E200B1A2EC |
SHA-256: | 2E32921F2991534B7808C0826922BCBAD67635B54A70A45D56AC954D2A6AFBDC |
SHA-512: | 63B086A9F51D5A857C5D94C65B9146E3CA2ED3EEBBD2DF715BFB779EE3536C0DF752C50986B199A6AD6EFC1A5DB05B0FA8F992D33E47D499B0D761055DBBB6F9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.17889079563925 |
Encrypted: | false |
SSDEEP: | 6:c+/U+iL+q2Pwkn2nKuAl9OmbzNMxIFUt8L+/U+DIoKWZmw+L+/U+N+LVkwOwkn2v:c+/U+iL+vYfHAa8jFUt8L+/U+kXW/+LD |
MD5: | 5FED927BF7C3407A71C9D46C7772212A |
SHA1: | 5502F5485CE8ABE528BD22DB5A0BA72471D482D9 |
SHA-256: | 6F3851B47B0DDC38FD015C2FFAB042EFDB47F4281CC7F19CCD1AD90986D7BF40 |
SHA-512: | ADB1A4F2327A6960BD46B226FAD581F8C46D3DA0CB121B587BED8803A53657AD85F483EFD764A736522E042AA194E3B690891C11DA7A480335A2CE1A0FEBEB8F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.17889079563925 |
Encrypted: | false |
SSDEEP: | 6:c+/U+iL+q2Pwkn2nKuAl9OmbzNMxIFUt8L+/U+DIoKWZmw+L+/U+N+LVkwOwkn2v:c+/U+iL+vYfHAa8jFUt8L+/U+kXW/+LD |
MD5: | 5FED927BF7C3407A71C9D46C7772212A |
SHA1: | 5502F5485CE8ABE528BD22DB5A0BA72471D482D9 |
SHA-256: | 6F3851B47B0DDC38FD015C2FFAB042EFDB47F4281CC7F19CCD1AD90986D7BF40 |
SHA-512: | ADB1A4F2327A6960BD46B226FAD581F8C46D3DA0CB121B587BED8803A53657AD85F483EFD764A736522E042AA194E3B690891C11DA7A480335A2CE1A0FEBEB8F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241008192111Z-150.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.3520716791638188 |
Encrypted: | false |
SSDEEP: | 96:Eby5MMM3MPat269SwM3BDLMKvMwqQbnktAMMM+K94G8mmLn4M7mZ56ZOMMMMVeyE:ayAMP3605AqktHT/i |
MD5: | 387DD3C2A69E9DF42421598CBE601926 |
SHA1: | 3DC14502DE0F9A05872B306F5AE54FCF7494A5DA |
SHA-256: | 90D58E74BF6FB9AABC24274E80336356DEEDA98F573AAEE05418544F75FB1C67 |
SHA-512: | 8C2618731798DDFBCB38212936518B9DB16B0C6D63BFD78C21B367EC491EFA0722F53CA1781CFA7ED13A1F92BEDF8FE44E6EFCAE27F1BD01E8A5020E9D043745 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.44505157937872 |
Encrypted: | false |
SSDEEP: | 384:yezci5tOiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rhs3OazzU89UTTgUL |
MD5: | AD5ED9C2F72E492505FF36CA10E832B3 |
SHA1: | D287D88A1EFDBDCED4B2ABAD6C2F1E9F3B274168 |
SHA-256: | 3EB9518C2F0E1E0ACBD30FCE034D160E0BA7E1C27BA46D048D1A666C41AD712D |
SHA-512: | A6F767B10718870F89E5FDD1277BFBAADFE3716AE5330DED3FC29652A8194F1852432C8EC83077000A2E0A6D8AF939C10060039F8E5D6EE32495B19F83328E42 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7746432522363715 |
Encrypted: | false |
SSDEEP: | 48:7MUp/E2ioyVzioy9oWoy1Cwoy1fKOioy1noy1AYoy1Wioy1hioybioynoy1noy1x:7PpjuzFeXKQ6Wb9IVXEBodRBkm |
MD5: | 18AE3C39A6C88293C5507621D3FCF583 |
SHA1: | D3E739E997C4BFC9331570516488259F20D8A615 |
SHA-256: | C796F131F91589CF29192D6FF6942514D79CB015B8BB16D14C284A63F2A3C088 |
SHA-512: | 5EFEFAC3DA2C2D079A6E0798756CB6E2A21F5F3FA9ECE1DDC22A6F3F6E9C9F785563A551F01CE7C929EB9C3C37CE5BEFA08CFFCFFF283462153E41128CCD4DEA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7790941963225158 |
Encrypted: | false |
SSDEEP: | 3:kkFklJpS8hfllXlE/HT8k7zltNNX8RolJuRdxLlGB9lQRYwpDdt:kKESlT8EJTNMa8RdWBwRd |
MD5: | 58EC59FA0BB76515BFDB501C5D56C9F9 |
SHA1: | 0A970DEA2829B2986FE2C72CE177502F352FCCE2 |
SHA-256: | 53BCF40A1E8CC96736310B38C19B403DEB11ECB688ACFE72EEFA86F08AE8F721 |
SHA-512: | BFF99A8CAE64AD2D7EF863C63073E1D666F6B5440B224D1F2451CB6F5085EDC9802EB1F4D9FA4930B0C67ACE0D28B67F61FCFEB66586FC58B20F76BEEA9AF615 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.1211909433898986 |
Encrypted: | false |
SSDEEP: | 6:kKXZ9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:PIDnLNkPlE99SNxAhUe/3 |
MD5: | A8E59D463C5768CBACD73D3934B57F05 |
SHA1: | DE782EFC190AE4D083FE1701E1C3CF73F76F6D55 |
SHA-256: | 0C756EE10E04013624A31EC4FFCBDC951E0CABCD77D7E527CE3B3EE5FF5FEE36 |
SHA-512: | B4A8A9F59794B1DC4A566252BA0D086B10DA9C34A3FF4E079BBBD86790F41ED8F2D36A2E275B04B71F062552C897377DBF8E075B053859AF33AD274888042049 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.362093632070332 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJM3g98kUwPeUkwRe9:YvXKXRBnEZc0vEOGMbLUkee9 |
MD5: | 08E51183675E53154BFC8CD188A4FCC4 |
SHA1: | CD3B0FFDC85993E970E582486F9169734681E3DE |
SHA-256: | CB69A4AE27F8DDC87A72B1C5A4170358F7EB4EC9B07CCB3B05DB5226A11B37DD |
SHA-512: | A9B743CF91E0D80ADC4218171D599B9D4470553223136606BDD5DDD7229774A6DF563D497EF7D998642B70A88957D80DD47DCB112162BB943E5D26BD59DBEDA8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.310132326347621 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJfBoTfXpnrPeUkwRe9:YvXKXRBnEZc0vEOGWTfXcUkee9 |
MD5: | E9EDA397CA48918DAEFEC7DD1C555D13 |
SHA1: | 5BB44D7C3A6101B18EFE80A3279D0424BFE09FF7 |
SHA-256: | 35E6B5FA716A7F5ABCF1C6C732F054405C5578D96565514C448C5DAB976D0949 |
SHA-512: | A637D053FD91C5ED34BFB6960D959D259D4D05BE266C15C3CC2749EA60068F65CD4FCF881300692E805709CCB1C42ACAD493AB2E4EB35359466FFCE8A6F50268 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.289127361742697 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJfBD2G6UpnrPeUkwRe9:YvXKXRBnEZc0vEOGR22cUkee9 |
MD5: | 53C5776BFAA018D67025DCA47B3DB70D |
SHA1: | AA16CC492C7E70430FF352101E6CBCCB69B88DA0 |
SHA-256: | BAF101B7BFE42DCDE77429C6353BA7093016D9134C79A99D8B8425BA7F8DC3B0 |
SHA-512: | BC55CF4DD6084F58EE881881A4886F510614C26F9378EE803E5C4878420134CC7FBC9D7AC4AA8E8202B738D32258AA0D71BF59967325A64194536147D7E2A9F7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.349059585484898 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJfPmwrPeUkwRe9:YvXKXRBnEZc0vEOGH56Ukee9 |
MD5: | FCA05606816429FC346A2E581AB46DAB |
SHA1: | EE9EC8421D120AA843794D53BB64DB06F65DC6A9 |
SHA-256: | BC59D4E8242758025A0E3C0A71EE03CEF6C1859DC3C54CAED580E1D25F697550 |
SHA-512: | 64DE96FBF6DB51EC7B13FE0DDC1C153B60C33BB7B9DB949A0C22D0597A45386003CD6114A87B7B0C641DDA66F60852ECAEA42BDB55DC5E477A38DD164F30D8F7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1091 |
Entropy (8bit): | 5.6912013886192625 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRBEzvE7pLgE7cgD6SOGtnnl0RCmK8czOCYvSPG:YvIMc7hgs6SraAh8cvYKO |
MD5: | 90F18AE574CED299A21E9BF761E3A0C6 |
SHA1: | 501DE0F1E2A8CED032D19C5B461476FAD81AAF6B |
SHA-256: | 47A9F33ABC540F09E607AC36E5F92C5D19B0A8260CFE636029C6E0695CE2ECBA |
SHA-512: | 5394F4A8279802F3E08F93D2F0CAB28F8483DA0D05CE36A13A24B4FA09AC8CB8FC77CC7C75D5842E6593095B8149454CD2E33512E616FB4EE75EEC4D5D94B1ED |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.65551681670801 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRBEzvE3VLgEF0c7sbnl0RCmK8czOCYHflEpwiVqG:YvIMc3Fg6sGAh8cvYHWpwO |
MD5: | 0535722BF40E87FA47AF12CF92AB8E33 |
SHA1: | 5F32825C297B511E87660173EDC231B0C9587DCD |
SHA-256: | 65AB2A21A8B6A7F08752D7AF6CA768281AD7B9D94388745C20231AD1D4FB25F2 |
SHA-512: | E505264BA79ECD066B43ACDA207A5C415DF9A120B257BBF480334DD7971AEF8934A2AA72AC2E04CE8D5A543F198F05CB6A2796824B05C3F14CBC2F3AADFA3F29 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.300213238896967 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJfQ1rPeUkwRe9:YvXKXRBnEZc0vEOGY16Ukee9 |
MD5: | 409BA1DC832B0AADD37FCED103867292 |
SHA1: | D73F5E08065CF2031C8713D536E9B441893D1283 |
SHA-256: | 586CE05BB97E930DBA1E63042C043F7FBC64F856B786B0CA31B39262C97833EC |
SHA-512: | A8C31F0D0D9488E308F49E119C033507C3A7C8D8FF94BB370F39AB5C185082DA45F673614CBD96286CA11918FFA1C580E4A4DA9B423C85135315DE7514AC6C46 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1098 |
Entropy (8bit): | 5.689470232743263 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRBEzvEm2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSPG:YvIMcmogq2SrhAh8cvUgEmO |
MD5: | 6FF7632ABD75FAD668D4FCFCE6386EBC |
SHA1: | DB5BE2E5CCAEAB04311F494A4E40DBFE56929C90 |
SHA-256: | 1028F519391D84E5868B2E88C72111ED5AAB873E6B32822FF09C06DCAAF9C9EC |
SHA-512: | ADD839DA3F10438EC61ED15EC154C8D99334233457919657F288D77D6222C6C85A249F889728178174409C21B822D663BA2A45FC6AFF933F4F6D8742E58C4F7A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.699830658198342 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRBEzvEKKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5qV:YvIMcKEgqprtrS5OZjSlwTmAfSKy |
MD5: | 902DA212BE175250CE2321D0950CA4E1 |
SHA1: | 0509A8816B8F3BD6241E75EC29A35EAC996C59FB |
SHA-256: | 68B1B4D0849AD76986352074C7D4BA3E366E51112B8BE3BF203E255D0B965560 |
SHA-512: | 808DEAF13436600978C1059A69CCE4777317E551A024132F0CFB0A2A46C3D8BCD08D7111A5EA36EA603C122D4C3509922737C05A3811BE942ACA91AC7F4325A2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.30177115081129 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJfYdPeUkwRe9:YvXKXRBnEZc0vEOGg8Ukee9 |
MD5: | 66B74A7497062FE833A2A732B9CBA10D |
SHA1: | B25AD805C95A50CD19285A7201662D7D7D1ED53C |
SHA-256: | 53600D113D78A3E8C1762BCC03C738054928D966446BF2EA910DC124A5B0F57E |
SHA-512: | 173F40045DDC41E88AA4CC093E961B6D043C66301DB84DDC6C98FD3580EE353BE6D9C1FF371E788E9F55B0704FDC2F71356EED71B927110A1D762A2D2378BFB4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.780437067090259 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRBEzvE5rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNCG:YvIMc5HgDv3W2aYQfgB5OUupHrQ9FJB |
MD5: | 100B1DAB64C10A941D47E393E103A85F |
SHA1: | 427AFB6C4AA62416CA7975D32FB2DFFAA48F6614 |
SHA-256: | E662F67C40D5F54C8AB134DB26C6718FE45A925C560CADF219987AB9CACF4163 |
SHA-512: | AA0370FF7832D03880715859027D63AD28169823F88CCC59E55CA914DA75DAE2E9A6BA1B0A5B4002ED692871C2769FAA5B71752CF69EDB9EFE1D37670E000DD4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.285306075627344 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJfbPtdPeUkwRe9:YvXKXRBnEZc0vEOGDV8Ukee9 |
MD5: | 947BE5032064054A6D076DCF5992B420 |
SHA1: | A8661457AA3D617673DE3590DFF0363C72F96FEF |
SHA-256: | 74736E854099DFDF4E7A221DD0E9D99FE9B6B60285CBBE73DC48A2BE3D82D8DB |
SHA-512: | 2A96F5117672DA64EECE573ECC254835F56AF81BE092B715426745AEBC4A4EB8F92339AD2E2CD5E251881B9E7043E81D3DE6ABC86F321DFEE3324AA145801664 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.290277909222676 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJf21rPeUkwRe9:YvXKXRBnEZc0vEOG+16Ukee9 |
MD5: | 671A668F3D90406E2E61D2AE554D5751 |
SHA1: | FF229014A15ED87CC8FBC4481EF265201EFFE54C |
SHA-256: | 445A7CF02B61E28F0838E9E10F1F735BA7F17283DE751DCDCC1C112EF15E8F07 |
SHA-512: | BDD1B88C92469ED9AAA1178838EE344941EF3BD5C42E8E968F3ED9B2E7F0316790C16C6AD8B8BF87D9A0DCE70B9856B91B00032D80FFD9B6B0AB10506EB71D16 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1054 |
Entropy (8bit): | 5.667653823252814 |
Encrypted: | false |
SSDEEP: | 24:Yv6XRBEzvE7amXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSPG:YvIMcLBgSXQSrOAh8cv6mO |
MD5: | A19A3416973939CD2F8C6CE72123D6AE |
SHA1: | 7A730EE64B790501122F07207A3CE795CFE81362 |
SHA-256: | C6A2C2BB7CB129E18787C417536FAB7AB24967DE82A79A6BACF0577256C63012 |
SHA-512: | D0AD21C145C50A1677EF563EAD903E4B330FF54899EE40759E2A52D12791EE3565735B4E91C2C9C362B474D3F083FFBD3E7BC1037D59A8DDFA571AEBAB5F5E86 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.266645339087524 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJfshHHrPeUkwRe9:YvXKXRBnEZc0vEOGUUUkee9 |
MD5: | 480654CC82FEA8B3065867F0F41EF3EE |
SHA1: | 75E70CB1DB321FB42FE226A12FE512824E5195A1 |
SHA-256: | 79717F9FE32A082A052E0B5D2A19DDEAF2CD88734419432B7444D9F4DF0B80CE |
SHA-512: | 25FCF7C400F4BDBF02C079E1029385E9640B80E939248A31AF1C046967BBB1682092B23DF163C129F910B4F033751E4618367A4294F6C25F345F7A8DF999F9F3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.369830668096556 |
Encrypted: | false |
SSDEEP: | 12:YvXKXRBnEZc0vEOGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWd4RI:Yv6XRBEzvEY168CgEXX5kcIfANhPG |
MD5: | 89CF5B8C729200418FE7F8AEADBED647 |
SHA1: | A501FADC8F97B06FF1813F7A6149CA7A8264F158 |
SHA-256: | D809C11B467E85D1CFAF63F9135F830FC3ECE80532D5944C0A7431E891E76306 |
SHA-512: | 695569D5653987A1FD4DCA8BD33F4230A902AC2F94182B39F02682E4138EBAC2499FB600BE6A01CB3F69A8252B9F510D55DBC60F4908A7831261A15A4756A53B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.132915217954572 |
Encrypted: | false |
SSDEEP: | 24:Y7zBTkVzauntayAAqkCKd2gLkqBrrpDBgjTOaj0Sordg2dFVs12LSCQpab57e4UF:Y7qhn/13gqBuC8Yymvy8QcbU4U9b |
MD5: | 942A96E5DFE840AA225BABA02455339B |
SHA1: | C11E91DD65FECFBD76B734359140FBE18AE6B995 |
SHA-256: | B9F1D9838A1F8E5377689B68C98267C5524B4532BC38497A8600769B44B6B07E |
SHA-512: | 143DF83AC97A4ED4DBA15C8B71FC882CD5DBCF40933CB93000C1C258DADCBA45E247F395EB0F229D34773CCAD6558423D5EC476D33918F3FA268467FEE7312F6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.187541596928701 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUcgSvR9H9vxFGiDIAEkGVvpA+:lNVmswUUUUUUUU7+FGSItz |
MD5: | 287B811AD295919221E17148580BA854 |
SHA1: | B29F33A395EDDE166FB7F93D61D66C98D4032BF6 |
SHA-256: | 2B2CA08B29F4385BA55A5988D11A502123735392E3B34AEC0E7EE84AB71A3E6D |
SHA-512: | 0733F52AA3FB99356FDC1C1E040E28849F1379B038645F0A1C6071D0BA69B117AC1C5C28EE7F36C4781B87C900310F5588F95E0BB94EA016FF4653C279359F85 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6056947218450124 |
Encrypted: | false |
SSDEEP: | 48:7MsKUUUUUUUUUUcSvR9H9vxFGiDIAEkGVvcqFl2GL7msy:7wUUUUUUUUUUHFGSItmKVmsy |
MD5: | 5F6BE7FF03A5F148C1381FC91AD4EEC0 |
SHA1: | 7CD7E71DDC600CD5B415EDB86BBAD73261F728B4 |
SHA-256: | 552793FE569FD97CA1585D7DDFAF56ABE8B6217AA10092C972D8CE2F4DC1C887 |
SHA-512: | 339A4327497A829896D4D9BA984038065390DF9B8DFABDCC97C19B2FBB3BFF5C4D1BDCE38605B3D93424686C22BECD9491CD77C8096CC0003943AF54DF567D05 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5085442896850614 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ejqWKB:Qw946cPbiOxDlbYnuRK/I |
MD5: | 868F82B922DF3AAA3658D588BDB9C5E5 |
SHA1: | 855571A59C6D26FFA3B9FEC3375792B08C7C72A8 |
SHA-256: | 4876ACD3DA1E4F9ACC5FDEA36416005E2A19807ABDA81F38B7F2971A80E186EC |
SHA-512: | E739A556140477E89B3947DCD9F95CB57D9E7D8D3E145A7E0AAE4CF962C3AAA2EEB5A45DF26E5EB7E094DB2B7C3BCB4D71965399373A2772F214B0796E766ABF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-08 15-21-09-490.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.339764864166001 |
Encrypted: | false |
SSDEEP: | 384:pXJyxrgHHY53rMQQVz0ZISeHrIuTOC+JVOHtD39jDclC4EY4YLxde1ej67t4AvXZ:p+w |
MD5: | CD517DDEB32771037FF0C87F9CF03193 |
SHA1: | B5DB40BB2F494824650186E15961A86DFA7639ED |
SHA-256: | 1A52C51C7BE57730821DB3AC8132160286B3199B5D317CF53D65E22B2DFF7D87 |
SHA-512: | B2705F5CD27FA7B245C85A1E530E8C9D983FA55BB9B0D49B5AE4133703BC0F7B6024240446E6E0C74321427013611885E03B0D52313B6840164ABBBEBE47B0B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.385327686470429 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r/:r |
MD5: | 855F4F08939E43D301FFF12E152BF2DB |
SHA1: | 7A35550CBBC9C132CD2221064897F33A1943388E |
SHA-256: | FD3B7D92EAB5A7CECAB8201D3E07EF3DCBAE50798E29324A228299FAA42B5F67 |
SHA-512: | 20D36D6D29854D72F45916340AEDF518AA6B6512C2FD12AEE0DC09C45B210D2E35D63899018C0C82D8B97DAF4378BF13D13241B1F23180BB220A7C173440AE19 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLaGZ4ZwYIGNPS:RB3mlind9i4ufFXpAXkrfUs0kWLaGZ48 |
MD5: | 1D64D25345DD73F100517644279994E6 |
SHA1: | DE807F82098D469302955DCBE1A963CD6E887737 |
SHA-256: | 0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC |
SHA-512: | C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru |
MD5: | AE1E8A5D3E7B2198980A0CA16DE5F3D3 |
SHA1: | A1DB2C58AFC81E6A114A8EB47BE0243956F79460 |
SHA-256: | 8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F |
SHA-512: | 5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.902446681844504 |
TrID: |
|
File name: | Inv. 7315 Techtronic 10.04.2024.pdf |
File size: | 27'032 bytes |
MD5: | cb63ab3c6aec0a326c132c26c6da48b8 |
SHA1: | 887db00c0c7f88d87ae2f9426ba3f33e08b508cd |
SHA256: | 4d77d92b6edf33f3310ef7e6729822a6cccd6f9e967491248d1df58db72ce02c |
SHA512: | 56a70d33cbd010868f5d435a3b5d6c8de9418b1c5c981895936757dd7e2039e9af2e767d14715d3146abf2c07191b53850e31d590748963582d5037de6e3ca8c |
SSDEEP: | 768:hBngUtrKOjhP89sVRm1FvwEfBoRW+X2arJo62YxILZBTphe:rVwF75o0xarkldm |
TLSH: | 1AC2CF189745ACDC925743F26F444827BB5ED079704CA8E22D8E434B9E81EEBEA534A2 |
File Content Preview: | %PDF-1.7..4 0 obj..<</Type /Page/Parent 3 0 R/Contents 5 0 R/MediaBox [0 0 612 792]/Resources<</Font<</FAAAAH 7 0 R/FAAAAJ 9 0 R/FAAABC 12 0 R>>/XObject<</X1 14 0 R/X2 15 0 R>>>>/Group <</Type/Group/S/Transparency/CS/DeviceRGB>>>>..endobj..5 0 obj..<</Len |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.902447 |
Total Bytes: | 27032 |
Stream Entropy: | 7.974447 |
Stream Bytes: | 23569 |
Entropy outside Streams: | 5.265772 |
Bytes outside Streams: | 3463 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 23 |
endobj | 23 |
stream | 6 |
endstream | 6 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
14 | 8dcd0507cd95431b | db7629d2ddf09a03f86b9c76d775cd38 | |
15 | 0000000000000000 | 631b364375d0dec4310692a54cc4b030 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 21:21:20.619359970 CEST | 49742 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 8, 2024 21:21:20.619396925 CEST | 443 | 49742 | 23.200.196.138 | 192.168.2.4 |
Oct 8, 2024 21:21:20.619452953 CEST | 49742 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 8, 2024 21:21:20.619838953 CEST | 49742 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 8, 2024 21:21:20.619849920 CEST | 443 | 49742 | 23.200.196.138 | 192.168.2.4 |
Oct 8, 2024 21:21:21.218873024 CEST | 443 | 49742 | 23.200.196.138 | 192.168.2.4 |
Oct 8, 2024 21:21:21.219357967 CEST | 49742 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 8, 2024 21:21:21.219379902 CEST | 443 | 49742 | 23.200.196.138 | 192.168.2.4 |
Oct 8, 2024 21:21:21.222929955 CEST | 443 | 49742 | 23.200.196.138 | 192.168.2.4 |
Oct 8, 2024 21:21:21.223320007 CEST | 49742 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 8, 2024 21:21:21.226130962 CEST | 49742 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 8, 2024 21:21:21.226130962 CEST | 49742 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 8, 2024 21:21:21.226144075 CEST | 443 | 49742 | 23.200.196.138 | 192.168.2.4 |
Oct 8, 2024 21:21:21.226191998 CEST | 443 | 49742 | 23.200.196.138 | 192.168.2.4 |
Oct 8, 2024 21:21:21.273799896 CEST | 49742 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 8, 2024 21:21:21.273812056 CEST | 443 | 49742 | 23.200.196.138 | 192.168.2.4 |
Oct 8, 2024 21:21:21.320589066 CEST | 49742 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 8, 2024 21:21:21.332665920 CEST | 443 | 49742 | 23.200.196.138 | 192.168.2.4 |
Oct 8, 2024 21:21:21.332842112 CEST | 443 | 49742 | 23.200.196.138 | 192.168.2.4 |
Oct 8, 2024 21:21:21.332962036 CEST | 49742 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 8, 2024 21:21:21.333532095 CEST | 49742 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 8, 2024 21:21:21.333551884 CEST | 443 | 49742 | 23.200.196.138 | 192.168.2.4 |
Oct 8, 2024 21:21:21.333606958 CEST | 49742 | 443 | 192.168.2.4 | 23.200.196.138 |
Oct 8, 2024 21:21:21.333750010 CEST | 49742 | 443 | 192.168.2.4 | 23.200.196.138 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 21:21:20.210526943 CEST | 63325 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 8, 2024 21:21:20.210526943 CEST | 192.168.2.4 | 1.1.1.1 | 0xf09d | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 8, 2024 21:21:20.218895912 CEST | 1.1.1.1 | 192.168.2.4 | 0xf09d | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 8, 2024 21:21:20.910590887 CEST | 1.1.1.1 | 192.168.2.4 | 0x10ea | No error (0) | default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 8, 2024 21:21:20.910590887 CEST | 1.1.1.1 | 192.168.2.4 | 0x10ea | No error (0) | 217.20.59.35 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 21:21:20.910590887 CEST | 1.1.1.1 | 192.168.2.4 | 0x10ea | No error (0) | 84.201.211.24 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 21:21:20.910590887 CEST | 1.1.1.1 | 192.168.2.4 | 0x10ea | No error (0) | 217.20.59.34 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 21:21:20.910590887 CEST | 1.1.1.1 | 192.168.2.4 | 0x10ea | No error (0) | 84.201.211.39 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 21:21:20.910590887 CEST | 1.1.1.1 | 192.168.2.4 | 0x10ea | No error (0) | 84.201.212.68 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 21:21:20.910590887 CEST | 1.1.1.1 | 192.168.2.4 | 0x10ea | No error (0) | 84.201.211.37 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 21:21:20.910590887 CEST | 1.1.1.1 | 192.168.2.4 | 0x10ea | No error (0) | 217.20.59.36 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 21:21:20.910590887 CEST | 1.1.1.1 | 192.168.2.4 | 0x10ea | No error (0) | 84.201.211.34 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49742 | 23.200.196.138 | 443 | 7316 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-08 19:21:21 UTC | 475 | OUT | |
2024-10-08 19:21:21 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:21:06 |
Start date: | 08/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:21:06 |
Start date: | 08/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 15:21:06 |
Start date: | 08/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |