Windows
Analysis Report
Muffenrohr Tiefbauh., Zahl.-Erinnerung KD2016680.PDF
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6540 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\M uffenrohr Tiefbauh., Zahl.-Eri nnerung KD 2016680.PD F" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2148 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6584 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 00 --field -trial-han dle=1640,i ,970792489 4947965681 ,594337421 6949905986 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.77.220.172 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1532976 |
Start date and time: | 2024-10-14 08:51:33 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 7s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Muffenrohr Tiefbauh., Zahl.-Erinnerung KD2016680.PDF |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/31@1/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 34.193.227.236, 18.207.85.246, 107.22.247.231, 54.144.73.197, 2.19.126.143, 2.19.126.149, 162.159.61.3, 172.64.41.3, 2.23.197.184, 93.184.221.240
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
02:52:44 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.77.220.172 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.1473298526180455 |
Encrypted: | false |
SSDEEP: | 6:Wy3yq2Pwkn2nKuAl9OmbnIFUt87er1Zmw+711RkwOwkn2nKuAl9OmbjLJ:0vYfHAahFUt8Kr1/+J5JfHAaSJ |
MD5: | A7A02CC9CBE80926350500BCE28B5E93 |
SHA1: | 421A97207414AF4628D4A67A20A117397CDE4EBE |
SHA-256: | A4C2D95B70DA29ADBFAFF6C5775A03A35A93575CCE08B1F5C7A151E5AA414953 |
SHA-512: | 59943870E99C7AED5FC743244B85C3C3D62196CFDD3AD804AECE9A69090A3372F570BBB78DC128526DE5F93A72D28BC61BF197C4F37E907E1768BEE451C7856F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.1473298526180455 |
Encrypted: | false |
SSDEEP: | 6:Wy3yq2Pwkn2nKuAl9OmbnIFUt87er1Zmw+711RkwOwkn2nKuAl9OmbjLJ:0vYfHAahFUt8Kr1/+J5JfHAaSJ |
MD5: | A7A02CC9CBE80926350500BCE28B5E93 |
SHA1: | 421A97207414AF4628D4A67A20A117397CDE4EBE |
SHA-256: | A4C2D95B70DA29ADBFAFF6C5775A03A35A93575CCE08B1F5C7A151E5AA414953 |
SHA-512: | 59943870E99C7AED5FC743244B85C3C3D62196CFDD3AD804AECE9A69090A3372F570BBB78DC128526DE5F93A72D28BC61BF197C4F37E907E1768BEE451C7856F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.173888156079382 |
Encrypted: | false |
SSDEEP: | 6:WRq9+q2Pwkn2nKuAl9Ombzo2jMGIFUt873qJZmw+7D9VkwOwkn2nKuAl9Ombzo23:X9+vYfHAa8uFUt8DqJ/+X9V5JfHAa8RJ |
MD5: | B699D63306110A6574F897D0069E07E4 |
SHA1: | C69C634F4953EBF88B992588FB11C8F3B8C5463F |
SHA-256: | 28E760E5F9237EE775BABCCF32562FB8948F3A5480D544404302269AF2902DB6 |
SHA-512: | E5A3FD7FF48FC07FD1EE2434335AF1C80727BACF1027CE7E8221C7893341F670A1B008CCB0CF52FF99B95D7320FA7461931A628B911F6AEF1C68BAAFED59C120 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.173888156079382 |
Encrypted: | false |
SSDEEP: | 6:WRq9+q2Pwkn2nKuAl9Ombzo2jMGIFUt873qJZmw+7D9VkwOwkn2nKuAl9Ombzo23:X9+vYfHAa8uFUt8DqJ/+X9V5JfHAa8RJ |
MD5: | B699D63306110A6574F897D0069E07E4 |
SHA1: | C69C634F4953EBF88B992588FB11C8F3B8C5463F |
SHA-256: | 28E760E5F9237EE775BABCCF32562FB8948F3A5480D544404302269AF2902DB6 |
SHA-512: | E5A3FD7FF48FC07FD1EE2434335AF1C80727BACF1027CE7E8221C7893341F670A1B008CCB0CF52FF99B95D7320FA7461931A628B911F6AEF1C68BAAFED59C120 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5d0bfcf0-e98c-422a-a70e-151bf0d353c8.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.97196132533112 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyRsBdOg2HK3caq3QYiubInP7E4T3y:Y2sRds4dMHK23QYhbG7nby |
MD5: | 1F5096F101C8662E87E0457E6B65C1AC |
SHA1: | 3F6B0A654C067AEEB4A24D5E4198322FBBA2C082 |
SHA-256: | 16ACA6143A2B43CF7EED76EA292DF4F02061150B0F2A74BAB967C5A9B4977D17 |
SHA-512: | 8A72D9137C42CC742220ABB5048F3A24C7E622A547552270A2BEF0FCC2AFFA5F31DEC9434E62CD169089CCEA45DBCA068C580A06F54DD5DA4FE34C425A5EEA0F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.97196132533112 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqyRsBdOg2HK3caq3QYiubInP7E4T3y:Y2sRds4dMHK23QYhbG7nby |
MD5: | 1F5096F101C8662E87E0457E6B65C1AC |
SHA1: | 3F6B0A654C067AEEB4A24D5E4198322FBBA2C082 |
SHA-256: | 16ACA6143A2B43CF7EED76EA292DF4F02061150B0F2A74BAB967C5A9B4977D17 |
SHA-512: | 8A72D9137C42CC742220ABB5048F3A24C7E622A547552270A2BEF0FCC2AFFA5F31DEC9434E62CD169089CCEA45DBCA068C580A06F54DD5DA4FE34C425A5EEA0F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.25439244744464 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7TgEnnxZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go/ |
MD5: | FCEC14B275A65A2A8DB94F77E84FFD44 |
SHA1: | A054A56FC9EC430BD4437C287F86D5E642F4A75F |
SHA-256: | 95A0C9ED4942B83C08942F2AB9C0A87F1712BD9B5387C682545BC714F1BAD32C |
SHA-512: | CF9892284F29C00341B1446F90C622AFF6EBD6C9BE3DC7CA6D50ADB156DA7AE6574FD4188A886ED0F5841A6490A743D3198964D3563FA493783A87B25ECC7AB8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.147227031546178 |
Encrypted: | false |
SSDEEP: | 6:WL9+q2Pwkn2nKuAl9OmbzNMxIFUt87VJZmw+7zuL9VkwOwkn2nKuAl9OmbzNMFLJ:s9+vYfHAa8jFUt8ZJ/+U9V5JfHAa84J |
MD5: | 583A91130FDA0DC99AF4D2ECA829BE6C |
SHA1: | 85BE13264721C7A57F4A6E9DCC2019A53161B054 |
SHA-256: | 96EE5FC02BCC4CEF04757F11E7E3BB7E979108AF45F933D8657496079F1B62C7 |
SHA-512: | 9081C55757AFA31B92DE6ABF26641E4CA217ADAEBC6ED9BB517C9786A39D41F86776A5A3FA530F5AA7BD7DDA700090E76E4F32E6D0C7758A7F9DC0CFC1323D31 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.147227031546178 |
Encrypted: | false |
SSDEEP: | 6:WL9+q2Pwkn2nKuAl9OmbzNMxIFUt87VJZmw+7zuL9VkwOwkn2nKuAl9OmbzNMFLJ:s9+vYfHAa8jFUt8ZJ/+U9V5JfHAa84J |
MD5: | 583A91130FDA0DC99AF4D2ECA829BE6C |
SHA1: | 85BE13264721C7A57F4A6E9DCC2019A53161B054 |
SHA-256: | 96EE5FC02BCC4CEF04757F11E7E3BB7E979108AF45F933D8657496079F1B62C7 |
SHA-512: | 9081C55757AFA31B92DE6ABF26641E4CA217ADAEBC6ED9BB517C9786A39D41F86776A5A3FA530F5AA7BD7DDA700090E76E4F32E6D0C7758A7F9DC0CFC1323D31 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241014065236Z-160.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.2241971647215868 |
Encrypted: | false |
SSDEEP: | 96:sH3JwH/bHSHVDP++sR0rMbmMMSMM/RhCfJQyDMRMPgq7Rtn7ccwOHDzD:+wHzHSHhw4D |
MD5: | 46F3784BA9C276586BD4195D79DDC161 |
SHA1: | 463C5D6A3C9C5C04262259D4C0AFA17B46627964 |
SHA-256: | 8A50A4D0E7ADBB81F6F43DD1BE8538F4C32A399FA9B4E7E2739D0E519D8E079A |
SHA-512: | B2193AA628793927EA91C00DB5B264CED7F049A608C52D311A74B8D0F449EF8A9106D1EACF5B1BE413FA8DF8452AD84347DACFD468DA367A974F24A4C3A2D204 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445101858553872 |
Encrypted: | false |
SSDEEP: | 384:yezci5tciBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:r7s3OazzU89UTTgUL |
MD5: | AFB393010F2B70B68A4DC4959B9C88DA |
SHA1: | AB5B6E91AA575582367C4DC59A93C9B64D4A220C |
SHA-256: | AF20F15FCEC3E14CEB69A7A8CDE25BF1166EDDEC03328B4249742773F9C3E920 |
SHA-512: | 70D03E2C484D47ECAFA88E0B1B54FF20ED938D33C234C4F412D4FF6EB244AC180CF3E4866FDB40EB600612D5330FA88EE98A9CF3C038375E26E9ABE2637EDFD8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7743778982303717 |
Encrypted: | false |
SSDEEP: | 48:7M7p/E2ioyVEioy9oWoy1Cwoy1EKOioy1noy1AYoy1Wioy1hioybioy2oy1noy1I:7IpjuEFfXKQPVb9IVXEBodRBkm |
MD5: | 7DC78BBF022C522F238F7894D38A2918 |
SHA1: | F48AF3E8A3A98F07E10CC80D4D00C668EB6F559C |
SHA-256: | CCFDD6E7E911B967378B5083FAF781B44D4E661319AA8BA7319FB1DC92815835 |
SHA-512: | B4AC401DF9AF4DE0BC37656972F885B9EFF53DB93511C59AB76D349C5A297639E0BF2FB61DF4058029DF12530AA7D15E77CAC425D26E81CAAA27C4EDE4CB3ACC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7464849065063075 |
Encrypted: | false |
SSDEEP: | 3:kkFklMzDg7+EvfllXlE/HT8k/C1NNX8RolJuRdxLlGB9lQRYwpDdt:kKVzD+6T82uNMa8RdWBwRd |
MD5: | 30CA5E60DBAE5F6F9C2F5586CFC5F5F7 |
SHA1: | 935E0136D745B734AFD58151B01EDE770D5DF157 |
SHA-256: | F7D9D4ACD7A09BB2304ADE2724A3ECA07293F8EEBD56D696C4B83A3DA2BB0A0B |
SHA-512: | F69AB9C6F383DBC56A0210A27E55D8F13330024197C2E37380EBD27656E0542F4FE83CF8A9AEC75B9C095946C15EA3B62DAFC8584F49294DB9C9F17FF40D48FF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.141785112603811 |
Encrypted: | false |
SSDEEP: | 6:kKgPT9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:fDnLNkPlE99SNxAhUe/3 |
MD5: | A955FE65E52681BFF61C4CD1D1BB688C |
SHA1: | E76F9022DFDA01A47DCFA7FD24C1E6851C239517 |
SHA-256: | E90157EB9F1B1A4A7B5265553AF1AF8892B20C1B6FCEE812FA6567C6B3337447 |
SHA-512: | 2AB8B9525683A9D8B07F2BFB650F56EA173FAED6393AC83FDF0FB1D57CAC4E77054448570EC2D6EFA86B04C7577062BCAC6FDBE5AF30FC47E6BBD09F49909303 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2145 |
Entropy (8bit): | 5.067215929339103 |
Encrypted: | false |
SSDEEP: | 48:Ya2sL0/EY0bMSlMtCM5mMOpiMAW0MretMSMmkaMY:Yv/SYtt55V6AWLre6JmkhY |
MD5: | C5747BA5E7269965659DC98A7C2CE9E2 |
SHA1: | E61BB863CCA9DF0FF40F22D561055C9FC70C2DE9 |
SHA-256: | CE311B0D077000F1E9010EDF8A76599BC32F7DBA03C6F70DAB1CAC84F73629E1 |
SHA-512: | 7E7D01E1FDF3EDB51726C962A86953C319AEE14CD478F197417484C4F40B6322624A6EA9A6ECA7C5E61933AD744C5CC331B32F1DBFFE2DD1951F865D68DFDBA1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1882901034903208 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUFSvR9H9vxFGiDIAEkGVvpC:lNVmswUUUUUUUUF+FGSIt2 |
MD5: | 372338DD79A1C8623FE13BAB1F4BFA56 |
SHA1: | 120A0FC05D53C4F351C193A39480EFD99202C0DB |
SHA-256: | 847B8D5C02EAC146D1008F7E41C34AA069C4DF45B71AB9D551C2BCBE75730B7D |
SHA-512: | 58DB256DCD62AE8BBFDFF775CA934448055C2FCBE399DB11856615AE23D5517935D1B9B4449772ADDB67AFD9E8C245925E4770773C0A8E34F2645199392784F4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6084863735846189 |
Encrypted: | false |
SSDEEP: | 48:7MFKUUUUUUUUUUdvR9H9vxFGiDIAEkGVvVqFl2GL7ms90:7zUUUUUUUUUUZFGSItHKVms90 |
MD5: | 1A2B94D26E1B85F179A9819E25F288E7 |
SHA1: | 819CD354612E1203333B0A88568D201A28C3C90C |
SHA-256: | 86252EED4EC1A60F1401E64635BC0E4C2565F5509E41D74879AC1E6CF566125C |
SHA-512: | 2B74049FAEB62C8AC52D5F3796E3F762D4D355C1C372C3634DC1998AB78DF6F51CDFCE0A933A5FF285F3C37A0EBE84EB583C4D65D588403BE48EFC011A772BA3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.524398495091119 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K84COlqnf9:Qw946cPbiOxDlbYnuRKbk |
MD5: | BE2BE852FF09E2F44B643D3888B4B290 |
SHA1: | 9AF11BEC9456348B362E689CF8EF7D982EFC59ED |
SHA-256: | DCAC8FC028AFBEC036117163F5F0296B23CF9345238EDAF943A24B1ABA3A660B |
SHA-512: | 26D38C00681F2CECDFCB509F86E29767F2FC00AB76F13350FA5CFF85982F61BD7E57B7D6A769C5B1424E41E0F8D66AF6F671C39AA8C9900D3075614F96969770 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-14 02-52-33-964.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.336515905870856 |
Encrypted: | false |
SSDEEP: | 384:YrN6+gD1GLe4TNMepwkDK0LGSNI5xFRLEf0q4EarGrPyUf38iLiK6/6PixnMpSav:FgZf |
MD5: | F905DF2E338C053F08900CC73F255F13 |
SHA1: | 607CCE17B0ABF08AEC7C08195B8D8ADA20F0E296 |
SHA-256: | 2154BC15A022FCFE5EFFE63B0691623E05C71201624592E2497242281E43D173 |
SHA-512: | 35244B55CCC43C076AD83D3AABAA6ECD9F6A60141179883DDB54EFFB48952A551A225BFE85FF2D32C409F3D97747C88814364865C20BB60955B7C4F05F3DE375 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.384498351227067 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rE:w |
MD5: | 332EE1676369718505D2DF1404B00C49 |
SHA1: | 0F9D185FC44AE4857463D2171907DE9DF4C8595A |
SHA-256: | F45F0D9DE41CF7FCC8E257155BD60E31C7CC2970B3E928F9EE2723814BD1216F |
SHA-512: | 298D4E429632E410828FD0F6E732BEA1AE1B5F8CB90C8464ED90D7F559A49C23A2581D87F3347CED108B2BC09B829E1DE752C2DC5BC32CA866C7A472689B10B2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 4.641783812259633 |
TrID: |
|
File name: | Muffenrohr Tiefbauh., Zahl.-Erinnerung KD2016680.PDF |
File size: | 13'005 bytes |
MD5: | 94fed46fd43f848e39f51962eb66f36a |
SHA1: | cd9668e67db6a84583694cc33bfedab32b535f24 |
SHA256: | e4eb20c6e661409e26e2f51a0f82777b771191229e51e283cc4a462fff34268d |
SHA512: | b0bd59720f25e2a0774789813202ad94d47efbccd8925a3b815f31300af7df7d44f60acf29aff08fb9bf4d01638a54560e88d90d9689744c6d7dacece0bbb9ba |
SSDEEP: | 384:jHacEj0ACu+m9EACZ3Id6egoZ5lRIWAqsF8s+1ajmj1CfgMuIGS0Gkb1HIzQHzup:jo+OaACZ3Id6egoZ5lRIWAqsF8s+1ajz |
TLSH: | 9E429ADC2662CA9CF9112DDE2FC07240932E26253AC64A8E7D2C69114B5EB07F95F8C7 |
File Content Preview: | %PDF-1.3..%......%RSTXPDF3 Parameters: DRSTXh..2 0 obj../WinAnsiEncoding..endobj..3 0 obj..<<..%Devtype HPLJ4000 Font COURIER normal Lang DE../Type /Font../Subtype /Type1../BaseFont /Courier../Name /F001../Encoding 2 0 R..>>..endobj..4 0 obj..<<../Type / |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.3 |
Total Entropy: | 4.641784 |
Total Bytes: | 13005 |
Stream Entropy: | 4.237646 |
Stream Bytes: | 8484 |
Entropy outside Streams: | 4.707391 |
Bytes outside Streams: | 4521 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 12 |
endobj | 12 |
stream | 1 |
endstream | 1 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2024 08:52:45.391686916 CEST | 49744 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 08:52:45.391778946 CEST | 443 | 49744 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 08:52:45.391859055 CEST | 49744 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 08:52:45.392184019 CEST | 49744 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 08:52:45.392235994 CEST | 443 | 49744 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 08:52:45.970400095 CEST | 443 | 49744 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 08:52:45.970730066 CEST | 49744 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 08:52:45.970762968 CEST | 443 | 49744 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 08:52:45.971734047 CEST | 443 | 49744 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 08:52:45.971843004 CEST | 49744 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 08:52:45.973754883 CEST | 49744 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 08:52:45.973815918 CEST | 443 | 49744 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 08:52:45.973946095 CEST | 49744 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 08:52:45.973963022 CEST | 443 | 49744 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 08:52:46.022500038 CEST | 49744 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 08:52:46.071784019 CEST | 443 | 49744 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 08:52:46.071887970 CEST | 443 | 49744 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 08:52:46.075287104 CEST | 49744 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 08:52:46.075306892 CEST | 443 | 49744 | 104.77.220.172 | 192.168.2.4 |
Oct 14, 2024 08:52:46.075335026 CEST | 49744 | 443 | 192.168.2.4 | 104.77.220.172 |
Oct 14, 2024 08:52:46.075419903 CEST | 49744 | 443 | 192.168.2.4 | 104.77.220.172 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2024 08:52:44.963578939 CEST | 50204 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 14, 2024 08:52:44.963578939 CEST | 192.168.2.4 | 1.1.1.1 | 0x8640 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 14, 2024 08:52:44.970583916 CEST | 1.1.1.1 | 192.168.2.4 | 0x8640 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49744 | 104.77.220.172 | 443 | 6584 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-14 06:52:45 UTC | 475 | OUT | |
2024-10-14 06:52:46 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 02:52:30 |
Start date: | 14/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 02:52:31 |
Start date: | 14/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 02:52:31 |
Start date: | 14/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |