Windows
Analysis Report
19194R21.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7744 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\1 9194R21.pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7944 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 8144 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 92 --field -trial-han dle=1764,i ,100774263 8192276557 0,14877554 4985852157 72,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
s-part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false | unknown | |
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
96.7.168.138 | unknown | United States | 262589 | INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1537093 |
Start date and time: | 2024-10-18 15:01:43 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 19194R21.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/47@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 162.159.61.3, 172.64.41.3, 107.22.247.231, 34.193.227.236, 54.144.73.197, 18.207.85.246, 2.23.197.184, 199.232.214.172, 2.19.126.143, 2.19.126.149
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, azureedge-t-prod.trafficmanager.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: 19194R21.pdf
Time | Type | Description |
---|---|---|
09:02:48 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: claude-3-haiku-20240307 | ```json { "contains_trigger_text": true, "trigger_text": "VIEW SHARED FILE", "prominent_button_name": "VIEW SHARED FILE", "text_input_field_labels": [ "Email Address" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false } |
URL: PDF document Model: claude-3-haiku-20240307 | ```json { "brands": [ "BELO CORP." ] } |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
96.7.168.138 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher, Mamba2FA | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HtmlDropper | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
s-part-0032.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Snake Keylogger, XRed | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
bg.microsoft.map.fastly.net | Get hash | malicious | Strela Downloader | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Sality, XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher, Mamba2FA | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.206659634000713 |
Encrypted: | false |
SSDEEP: | 6:hT+q2PFi2nKuAl9OmbnIFUt8WjJZmw+Wj9VkwOFi2nKuAl9OmbjLJ:hqvdZHAahFUt8WjJ/+WjD5wZHAaSJ |
MD5: | 5D1680252F13217969B6786A5EBC35FA |
SHA1: | 864F2C8F2E7823ABA350D70CE76D616CED7B4749 |
SHA-256: | FBBE88A7AD0E7BA9359928775D17A4FE51BE01E6DF209FF6DEF9F64040A54880 |
SHA-512: | 877B564BF71CF2430A9466327B196822E02EA1FA77D46A0588727A6DD2A209442227701E44038D5E5923DB5F467268F015F8DDB060C46808723D59A775F2100E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.206659634000713 |
Encrypted: | false |
SSDEEP: | 6:hT+q2PFi2nKuAl9OmbnIFUt8WjJZmw+Wj9VkwOFi2nKuAl9OmbjLJ:hqvdZHAahFUt8WjJ/+WjD5wZHAaSJ |
MD5: | 5D1680252F13217969B6786A5EBC35FA |
SHA1: | 864F2C8F2E7823ABA350D70CE76D616CED7B4749 |
SHA-256: | FBBE88A7AD0E7BA9359928775D17A4FE51BE01E6DF209FF6DEF9F64040A54880 |
SHA-512: | 877B564BF71CF2430A9466327B196822E02EA1FA77D46A0588727A6DD2A209442227701E44038D5E5923DB5F467268F015F8DDB060C46808723D59A775F2100E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.182311504449959 |
Encrypted: | false |
SSDEEP: | 6:hO0+q2PFi2nKuAl9Ombzo2jMGIFUt8WOKZmw+WOmVkwOFi2nKuAl9Ombzo2jMmLJ:hB+vdZHAa8uFUt8Wn/+WHV5wZHAa8RJ |
MD5: | 923CD39DF5C089F7E847D699EE90578D |
SHA1: | 6D8851ABFC5FC58C4ED04000C4569BEBC2497E3B |
SHA-256: | 6884B00533A95D5EC3BD907D14759E220F0298D9B38362C0ABA0105536F92907 |
SHA-512: | D7BA8CB3418EAC8729013181B1A01206E83F76E32F9712162B5C1FE6A0613215F4FAD141DDAC75C278503556EE98F453BB3923956750D046C32C8F19230B8B0C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.182311504449959 |
Encrypted: | false |
SSDEEP: | 6:hO0+q2PFi2nKuAl9Ombzo2jMGIFUt8WOKZmw+WOmVkwOFi2nKuAl9Ombzo2jMmLJ:hB+vdZHAa8uFUt8Wn/+WHV5wZHAa8RJ |
MD5: | 923CD39DF5C089F7E847D699EE90578D |
SHA1: | 6D8851ABFC5FC58C4ED04000C4569BEBC2497E3B |
SHA-256: | 6884B00533A95D5EC3BD907D14759E220F0298D9B38362C0ABA0105536F92907 |
SHA-512: | D7BA8CB3418EAC8729013181B1A01206E83F76E32F9712162B5C1FE6A0613215F4FAD141DDAC75C278503556EE98F453BB3923956750D046C32C8F19230B8B0C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\02a9a8b1-912e-4a33-81e7-364fa74e7b3b.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 476 |
Entropy (8bit): | 4.973973222440336 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqy2lXhsBdOg2HKAcaq3QYiubpP7E4T3y:Y2sRdswNydMHg3QYhbd7nby |
MD5: | 20D6B0600BEB35EE5889B0AD8553BB71 |
SHA1: | 93854468C27D242FF722B0E0BD4D6213872C0E13 |
SHA-256: | E45552FF308916A9DF32E65841CD96FD702A2FCB12F301579CFB23B6D5641858 |
SHA-512: | C89F8D46B1111E6457E58E1BD1BB1C1C31B280558FDF5C598197EF91167241A9528FF55C67288A2809F1D43135B75CBA999257976514E3D52E61B2A4EF6FD59D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 476 |
Entropy (8bit): | 4.973973222440336 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqy2lXhsBdOg2HKAcaq3QYiubpP7E4T3y:Y2sRdswNydMHg3QYhbd7nby |
MD5: | 20D6B0600BEB35EE5889B0AD8553BB71 |
SHA1: | 93854468C27D242FF722B0E0BD4D6213872C0E13 |
SHA-256: | E45552FF308916A9DF32E65841CD96FD702A2FCB12F301579CFB23B6D5641858 |
SHA-512: | C89F8D46B1111E6457E58E1BD1BB1C1C31B280558FDF5C598197EF91167241A9528FF55C67288A2809F1D43135B75CBA999257976514E3D52E61B2A4EF6FD59D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4288 |
Entropy (8bit): | 5.227604354643929 |
Encrypted: | false |
SSDEEP: | 96:wshFT0h7cA4YC2EVPCqY35NEmNOYcGPtqKYSEVDpDaCXQ3pIZ:wshFT0h7cZb2EVKZPEANcGIK5EVDtah8 |
MD5: | C77041D07443ABF02CB54CF44D1E085B |
SHA1: | 660543DCFC2254DBFE9958879FD46BDC882D6B08 |
SHA-256: | FDB8B20127ADD8D5DC46EE740208E345984D2AC65AD9AE67BA35C9DC61FF32A1 |
SHA-512: | 6399ABDF2AA3C7E39497B97DA17361BACD44B133F81F7B7F4EFF7C577453A84F0DE28C86857B728A86B45F81004C56298F378BCB4E5F7218FDE1C6675C502132 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.146219312830039 |
Encrypted: | false |
SSDEEP: | 6:hWjDi+q2PFi2nKuAl9OmbzNMxIFUt8WWSmZmw+WWJGVkwOFi2nKuAl9OmbzNMFLJ:hWjG+vdZHAa8jFUt8WWB/+WW0V5wZHAo |
MD5: | 4FD0D996740D9F147620252A90532A98 |
SHA1: | FA10F8724420E54D97D5302AED4EF1F36317BD3E |
SHA-256: | 08B083754F8D7D833CB689D2C29CD9BDD5D0D3E6834C7FE25062791704595BAB |
SHA-512: | DFC62EEF9E3FAD8724D9479B2C9C8A40708B1C67DADF4BE7DF5EAE90C19A5F665E60B4E60131DF7BDBD4C008A23E10CF6E997426851454FBA64E3DF19D07AB0F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.146219312830039 |
Encrypted: | false |
SSDEEP: | 6:hWjDi+q2PFi2nKuAl9OmbzNMxIFUt8WWSmZmw+WWJGVkwOFi2nKuAl9OmbzNMFLJ:hWjG+vdZHAa8jFUt8WWB/+WW0V5wZHAo |
MD5: | 4FD0D996740D9F147620252A90532A98 |
SHA1: | FA10F8724420E54D97D5302AED4EF1F36317BD3E |
SHA-256: | 08B083754F8D7D833CB689D2C29CD9BDD5D0D3E6834C7FE25062791704595BAB |
SHA-512: | DFC62EEF9E3FAD8724D9479B2C9C8A40708B1C67DADF4BE7DF5EAE90C19A5F665E60B4E60131DF7BDBD4C008A23E10CF6E997426851454FBA64E3DF19D07AB0F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241018130245Z-167.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 0.9157690851560711 |
Encrypted: | false |
SSDEEP: | 96:sXMotD+Y4B8MJLscU6JUbM5nveNMVHWQt/MAcBZ/3DloaFAivfh:wdneLHiv3nT |
MD5: | 3CD6CF8C3F33E012CCDF668401ADF719 |
SHA1: | 7D0E921FCAE594324CA5A36B59875F042FEFC846 |
SHA-256: | 702A1FB8F0D4A8D156CD4E848347AA888C0102BD75BF6FA77B85936B340D76FD |
SHA-512: | 758DAF2121BFB79A0AEEE1373E5720F24CAD8D915AEF72C7E5F87F247AD737396CE97446D777D4AB064DD7107793EDE2D28A21C7AFDB45568667DA1800897237 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.4387142106990565 |
Encrypted: | false |
SSDEEP: | 384:yejci5GkiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:0ourVgazUpUTTGt |
MD5: | 4602E1DDC472CA001FBC5C360ECDC5CE |
SHA1: | A878CDE58338E32D93CE36E0632F517EBF4F08FB |
SHA-256: | 322C7EBCC7A59B304EDBA61798C4F49E191C6331D39B5CA866954D36FEB7BDA6 |
SHA-512: | 9253D11A19B8DCB43573560FAD952CAF90C47A3FD34DFD1C545ED6AC0CC4BF17CFA53190D1B67D22C21BFD44BAA93DB5CBCF5B386D6EC4177E34AD03D856187B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.775802068470427 |
Encrypted: | false |
SSDEEP: | 48:7M4p/E2ioyVsioy5oWoy1CUoy1MKOioy1noy1AYoy1Wioy1hioybioyCoy1noy1R:7/pjusJ3XKQnab9IVXEBodRBkW |
MD5: | 4D540D2E62DDDB53E4F4906AC8E3FC43 |
SHA1: | 5C81888B4BB2A4FE97FE97DBD64E7C4CCF31F368 |
SHA-256: | FE8C389CE507E22EE58AF85569877D19D51F3DFBE9B770E09C0AACFB44138D93 |
SHA-512: | 3D6EE0796079992A19E7B01C3A185D585C5233045DE94ED980BA01DFD68684BD2A0878C2DB52D312707B7D32C410AF1B7050516FCF931C0A45D2E920FCB77A2F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7895108629891827 |
Encrypted: | false |
SSDEEP: | 3:kkFklIueb3lXfllXlE/HT8kDXNNX8RolJuRdxLlGB9lQRYwpDdt:kKRb2T8CNMa8RdWBwRd |
MD5: | 0891E7CAE5D9A9A50E99E98A2F17972B |
SHA1: | BEEFBAD0D55939F81240EE801289476EECF148F8 |
SHA-256: | EFDAC6EEAE7F4B213D056932BB5472E2768A1843803C0C5CFF5F2DCBA2303DF0 |
SHA-512: | 30ED23CAFD5D113C92F790AC22C1291C199A8410B1C742B98A49412751BBF51AD444002846C34A088121B937C94BA8131EEC43593FC15DAFFDA2B36B325AE1EA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 328 |
Entropy (8bit): | 3.253995428229511 |
Encrypted: | false |
SSDEEP: | 6:kKTO9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:FDImsLNkPlE99SNxAhUe/3 |
MD5: | 01C60A3166B786762626328538402F3D |
SHA1: | 3682BF019754168E57F6762652ADC84FD86C7974 |
SHA-256: | 9B47C9278903B886B897420BF51F6B8A8110AD85DA5F084E22D9B16A6CD57051 |
SHA-512: | 92832D389C2CDAFD7123AD63D53C1B749342EB95922272AEDF303F4EC1A494AB0DA1FF141ABFC619C6E622909414AA58F7F9029F4938375B87A9984A71BDA7A1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn |
MD5: | 265E3E1166312A864FB63291EA661C6A |
SHA1: | 80DFF3187FF929596EB22E1DB9021BAD6F97178C |
SHA-256: | C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728 |
SHA-512: | 48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.345758239727062 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6WTpKJn2UXjb24kF0Y9YxoAvJM3g98kUwPeUkwRe9:YvXKXBSn2UTbd7OGMbLUkee9 |
MD5: | 7ECD6198E7F754DF2A93F7725E54D743 |
SHA1: | EA403C72D1B1022FDC7D6F72A938EAB61FC43F35 |
SHA-256: | 85B0C25C6FA5E1DC5213C273384F45277DD78437A42E5F1E25E09B1F89DF45E6 |
SHA-512: | DA32A8D0B0603AF73EED9ACDDE36F90E58945CC783CCFF928D305DC9AEA6E2E9886D427932625F92A2DE9B384FC7DC2E1D4DCE3773DCFB44B83A2E01D5C5708B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.284027778320815 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6WTpKJn2UXjb24kF0Y9YxoAvJfBoTfXpnrPeUkwRe9:YvXKXBSn2UTbd7OGWTfXcUkee9 |
MD5: | E3106BD01081EB32EB3E4037154CF28D |
SHA1: | 494DF36C920127AD9FFBB48250E8B5EAF40E24CA |
SHA-256: | 56C3F08622D089E097664EF1186A57DD679534C18EDFF431C9E4179FA8DBBB36 |
SHA-512: | CB033A485D944E6814DB5CE2EC77E86F694AAD70FDAE4508BC7C7CEDBA675A96737CC2F66F717BE6690A6A51B4610CFF9B611A5F78ED2D1D99AC2A2D1F6E7888 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.262733992547694 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6WTpKJn2UXjb24kF0Y9YxoAvJfBD2G6UpnrPeUkwRe9:YvXKXBSn2UTbd7OGR22cUkee9 |
MD5: | CC8A17193F84396758196BEBBF351E3F |
SHA1: | DC1FC37B0B063360A7CB59A7E32DBE73CF48D8A1 |
SHA-256: | 935B83E7767BF99701038BF214A8CFD33396BAE1C77C07F8348D4F94179C0F5E |
SHA-512: | D967967E798BBD9C2CD4DF2A7930AB2A9173F3F7109E672C1354790F8A923DA3AECB199E24B88A9B862118A6AF5798F450D02B87A43C4442FB7798D521B8A78F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.319419225174243 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6WTpKJn2UXjb24kF0Y9YxoAvJfPmwrPeUkwRe9:YvXKXBSn2UTbd7OGH56Ukee9 |
MD5: | 45966DA0B72E7AF1C8955B7299749655 |
SHA1: | B88EEEC655C0AD9BE5BB3B10181998801516D631 |
SHA-256: | 5884A905DE4542CD3D9C85B0B7ABDA4071398532BE837DEE05843B442C832CBC |
SHA-512: | 38516BE9CE25DE87800899D2B05E6A4BD85A36E87E84DB13F2EC7219FD185F381D63BF015DCD1816F693F1C99288DF41800DEF127656536E826B46CF94090D22 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1055 |
Entropy (8bit): | 5.648209920213778 |
Encrypted: | false |
SSDEEP: | 24:Yv6XBS2UXNpLgEscLf7nnl0RCmK8czOCCSF:YvexwNhgGzaAh8cv/F |
MD5: | EEC313074F2EBBF6EA08463F1CD08FFE |
SHA1: | 0259E601A60DE98CA607C176D300E90BCA382FD5 |
SHA-256: | E171155B22C72CC60AC31FF508F49BB1533B913A517C8012744C7121F6FA9451 |
SHA-512: | 6A7D35853D05776B87C23F728FD0220A3F9BE24B71AB8701FBD3FDA4896CDB30FE337E2E27331C87B1AD30CA40C71704E7F22821F56A03C42392B61B0A1D02E9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.642291264997746 |
Encrypted: | false |
SSDEEP: | 24:Yv6XBS2UXRVLgEF0c7sbnl0RCmK8czOCYHflEpwiV4:YvexwRFg6sGAh8cvYHWpwF |
MD5: | 30063E2CC35712D14934BA195721B3AA |
SHA1: | CB68E8584DB4E18C46973034641156337A93EFC1 |
SHA-256: | 8FD013B0D606999A7ECFFFF07D56E2868147A88104D2AFABA2810CC02F7F8935 |
SHA-512: | FA31C86AAC873A15A1E4D88660353147D9AD0BAF4BD46ED362F527E8B7C3A2FD685BF37E44B7A21C62DB5BA3D42C909D828CEAFBCC0CB0E2A3E01FBBEFBBAC5A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.261568675488938 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6WTpKJn2UXjb24kF0Y9YxoAvJfQ1rPeUkwRe9:YvXKXBSn2UTbd7OGY16Ukee9 |
MD5: | 35B0EEB96BA39D968C0983766D25A17C |
SHA1: | A93D16C4D801B8D3B8BD31E822263956FF712A36 |
SHA-256: | 4CD65ABED6683EBB6F93C4BC5B90A729317621E15A25F723E34AD98A6B7791FB |
SHA-512: | C31DD1D4D296F165C9D61718E4EB0CC62A16E7D73E82D9F3BC25D1C7CA8DD9764D7DC8DBFB12540582F885C06934D89EA133E17E721ECD3AB61A3322FF54319D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.63725269492511 |
Encrypted: | false |
SSDEEP: | 24:Yv6XBS2UXA2LgEF7cciAXs0nl0RCmK8czOCAPtciBp:YvexwAogc8hAh8cvA7 |
MD5: | 4FCCF9BE7F03B8981DEDF6D0D6C71562 |
SHA1: | 8BC9F3978F7C2444FEF4BF622D9C128C33F4BBDF |
SHA-256: | EC107AC1241AC897EAF603AB6FA4D6E35A40383D61A6A9254B6BD6503761981C |
SHA-512: | 0D6D892B2EA6256207FA4C9D31E702ADDDFC2238E6785734BD899CCB6EA43EACA8CC8DD4A0BC1A74949984B343B1CDC753F423E327B98CD74B37F69F272B78A9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.692779312224965 |
Encrypted: | false |
SSDEEP: | 24:Yv6XBS2UXIKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5p:YvexwIEgqprtrS5OZjSlwTmAfSKH |
MD5: | 98F243987064BF2921B5F20AED32A992 |
SHA1: | 1A341C083405873694ED6ADC36BAAD721051125E |
SHA-256: | 7983E7E964C288CF8E9469894A85664F8CF7CF0315BE2C916D33CA9F99A9D6A9 |
SHA-512: | 4E3C0AADF47FFDCBFF0F245B19C91EC1EB3F3B9485C12DFDEC64E654DE3067DB5E5AB943E7124334AEBF84B6C32C626C79F037EB1AE0BA5AC7F75762F03D85ED |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.264334936015716 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6WTpKJn2UXjb24kF0Y9YxoAvJfYdPeUkwRe9:YvXKXBSn2UTbd7OGg8Ukee9 |
MD5: | 73FEABE5D2E803FBB8CCD9A4BA0BD044 |
SHA1: | 7ED8D6CDAC74E14848497FD7A7BD2EE1E1D56A62 |
SHA-256: | CB7B42B19BC3FD1C819FB063A73D6AC2EF8B000F805966ED938CCFC2BCDF5BD0 |
SHA-512: | 15E70604CA5992467D124B4E3F65F0BECDD5282555E513FA3D04219CCB77840ACCD483A7AFC07B2F7BFC1161B5FC1D2A9165A986C401B92DE0166EEEA2D8FA0A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.770346481981984 |
Encrypted: | false |
SSDEEP: | 24:Yv6XBS2UXnrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNg:YvexwnHgDv3W2aYQfgB5OUupHrQ9FJW |
MD5: | EAAF4ED9AAB0909AF729DDA9F4C665F9 |
SHA1: | 8A4F6D5F603F16E951218CEA3D8F38748924FE56 |
SHA-256: | 1CFD6EB869EDF911DC9D40906788A02172C0E94FE9531BBC3DC23B5392D6B6D2 |
SHA-512: | E31C5E91713C0152887C576209809DEC7B21FAD2EFB7B0E4B70869DC15F4DFBDAA60379AB59C63DD53B4D06E111B7CF221B514E318EACFDF2E6546DDAF25ABF2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.248127154404249 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6WTpKJn2UXjb24kF0Y9YxoAvJfbPtdPeUkwRe9:YvXKXBSn2UTbd7OGDV8Ukee9 |
MD5: | 79C5665DC4EA95B1D1B96884C4D7713B |
SHA1: | 1089DE8937D8500C3A05875AD843EAD22F25439E |
SHA-256: | E47016CFF847EEAED48C0DFDCF946FD7528BEE6490850903CE6194A449E60040 |
SHA-512: | 1EFC60EF776538BBA39714745A0ABC750B022DE707BD3A6E27696619F295BEAD582A774C657FF532BDAC110E2860688520E49E6CC54A9B89EDBD91E1FC9669DD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.251590093725254 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6WTpKJn2UXjb24kF0Y9YxoAvJf21rPeUkwRe9:YvXKXBSn2UTbd7OG+16Ukee9 |
MD5: | 1488F4255B9487955804B19F62F93162 |
SHA1: | 4FD53A3815FB2260BC0CD7AB26796B2D1E4F0AC4 |
SHA-256: | 9A126A6689C19D12B806908BD3FDF78ECD75A89648C6C2A0716735EED13F4D2B |
SHA-512: | 9FB5B744624FA7E14DBA8BEFCFD0CF0D3F893DEBE9034BB184AE4DB67A78822C1AF19F4DD932EFD4D6911EF469FDFA83391A7ABFBB67525255B3D8496FE08966 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 5.61794067138879 |
Encrypted: | false |
SSDEEP: | 24:Yv6XBS2UX1amXayLgE7cMCBNaqnl0RCmK8czOC/BSF:YvexwpBgACBOAh8cvMF |
MD5: | 80C8FB428D10213114A5634DF350A1BB |
SHA1: | A49272B79DF3E5FE85329F72C4CFF68D902C6EA3 |
SHA-256: | 9E55599F3AB59A375428574328355F91D55D0EB985C032D3A5668FD2A5C19B0D |
SHA-512: | 91EE25F4D9F1FE8C3F2B77C0D4C255013D249B2B5596A7D2B0EC49A6AD07C15CB3F10F8A250B4E7D3B992D38D28C579E10CB9F7C7768CDAA302586BD3FA439A3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.224661484027625 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX6WTpKJn2UXjb24kF0Y9YxoAvJfshHHrPeUkwRe9:YvXKXBSn2UTbd7OGUUUkee9 |
MD5: | 7496960EF5586832CADA69C786699561 |
SHA1: | 98A70E0AE816A819C44EABF6751578E2D19411C3 |
SHA-256: | 084277DFB7449BB371303B5655C2F138768A8264EA1A8FEACDA1D03A97A3B701 |
SHA-512: | 750A8A850ED8928C0F1E65EAF491D9AB8E7B33AE932545F4D734BBF3F0A1CBDE4B200EDE4C3190E88F72F83664FD098E14BCBE88A1237CB449F1371C877DF52F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.351806229124044 |
Encrypted: | false |
SSDEEP: | 12:YvXKXBSn2UTbd7OGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWfM:Yv6XBS2UXG168CgEXX5kcIfANhF |
MD5: | 0905C81FA65B438C642DD4C96F7E9988 |
SHA1: | 71E63AF2D040647609517C1133658BF15305A763 |
SHA-256: | 95DB0B5968F59EB52382520C8DC3EA4CA2E0140209901CE90BBC87C8744DC35A |
SHA-512: | 377930D66CC96F27638AD0A35817D527585971246CAD185070664E92BB0E273069C19E52540C1D340D4FCB74790BFA996ADDE9B019E2D150AFF68C14C50F0593 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.13515022001343 |
Encrypted: | false |
SSDEEP: | 24:YeTPTHBngq3GazQayopOS9ABRCwRz/35JhTqHD6xsPfPj+kmwj0SxfRAIC2DsRxE:YqKWZj2PxHhTq3+kmCAWixV0Kg9CK |
MD5: | 8FC305E6EB412164B1917E1AE7FCDCF9 |
SHA1: | 1C851ECA5B7E5A8CC80FE9D0498AD0859A375191 |
SHA-256: | 90E2D310D77E874CAD8AD0AE646CA4B8F67ABE2BCFD2F8F392BC41A9C90BFE56 |
SHA-512: | 7D178E33CC10BBBBDA567069086B980B239F1360240D43F41FD1412E942C764CFFAB94D91DCFFAACD15D1BA7C610F033E80C5176AE69FD5190D2B555254C6939 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.3201381447691873 |
Encrypted: | false |
SSDEEP: | 24:TLKufx/XYKQvGJF7urs9O3KaiZ3FL63FLesb+sZobF16R6FdpqpQ6Ycn+EXSqXlt:TGufl2GL7msUKB0M0+Tb608Yc+r0F |
MD5: | 1BE7D034A789E0FC10B7237371653A4C |
SHA1: | 4AD9B620FC19E11BDC2FA53A930AC65B1ECE49D5 |
SHA-256: | 1E8FEBE7ABD927E5FDFA33C31C91608AD493C2934E0455E895CDC95419CE7567 |
SHA-512: | 22EA3292B7AB5675873E38703A2A007C5A134664A2D1580B2A0D88587718C8CCF4EA7254F59E56B5719456081A23DBCAD3335E8CB34343157F34295E33A64E47 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.7823786480981838 |
Encrypted: | false |
SSDEEP: | 24:7+tsl3KaiZ3FL63FLesb+sZobF16R6FdpqpQ6Ycn/EXSqXlyGKaidqLhx/XYKQv1:7MCKB0M0+Tb608Yc/rGK5qFl2GL7ms2 |
MD5: | 2E7E5B18967C5AFF6C5DE4E073207B79 |
SHA1: | 380C472C7B4A13E7237A61C081C10B8130F64306 |
SHA-256: | AB732FC61517B93379A2642CCEE5C23C00B3EBCC99163057D0BF0BE1D2D385CC |
SHA-512: | 1FFBA7306BAB7E81B1D15DF267368736E062E30A5E8D0EE2B1369383A3A71A49AB9E0758E7CE1A20CDB12CC0C0E875741CAA47D57293C1A4B507CCD3492DEB3E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5177502348333967 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKRaEw:Qw946cPbiOxDlbYnuRKSI |
MD5: | E30E4E473D09DE2A777749855D9ACE71 |
SHA1: | A4B126600E8A368CFF3F3D8A7C8186D4E0945A83 |
SHA-256: | 3F3E619D2AC947431BEF2A45BB4982E5A61D0C29E897113BE51E70DE032B9D00 |
SHA-512: | 71141951AA5804DAED0D6A103C40377CABF23CD5397A5AA5433AE4421E3ECF7FBE5BDD068F7EDB8345199131B1C30EC91AF23E72825F8522BEB6307E73EBA217 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-18 09-02-42-871.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.361022727805069 |
Encrypted: | false |
SSDEEP: | 384:cBD67lQV4j1MOuD/btX+wknz+fzTqyorqz3tVFr84AbAYpfFWbWt+Fjwn0z5O+Wf:4M5 |
MD5: | 70A2D078BEFD5E910EE035832171B399 |
SHA1: | 1AB91914ECD7852E512C73437D30013594A16FB0 |
SHA-256: | 2B55DE84E5446FD295128DAD5827122E98AC784F96A1F422B711B14E8F7DB1ED |
SHA-512: | 9FF36D4E320A8791AB0B87F24CAB4CBE777D9E8A3A64D26AF419132CDFDFCCD9A253EE9854032C4C87C546187951077F869CBCBDC9513278C557FC4895C7DBBC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.3553012350573255 |
Encrypted: | false |
SSDEEP: | 384:wIc1csKww2C/s9D4xT0czcxc7cfe+BGIx5dLKZFv5VPsv7ga0dbgQ/bK3w3WfV3r:kco |
MD5: | AE42EB25C36A841152E846F2028ACB8A |
SHA1: | 1AEFF3FCD94E1155A75DDCA3B69054D91D62C1E3 |
SHA-256: | 9F91C593F4C668004CBB5FB9C446E34CD3405FE213F11D005A7D01C7B238B6D7 |
SHA-512: | 35EB5AF09BCE5EA2D39F6A40600B5199E776DF0A96C87D04A8B63FF06B7FFD32F58C98462192762B5825272311125B76FA99AA2D4C3FB00F44758620339559AA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.407058144386136 |
Encrypted: | false |
SSDEEP: | 192:zcbaIGkcbIcbiIICcbBOQQ0fQNCHPaPOhWPOA3mbSAcbsGC9GZPOdIzZMJzV3ZmY:EGvIcNYdoUh |
MD5: | 4C27844A20E14750E3F985093395ECC6 |
SHA1: | AE957F3DFA540CC4A175B4765B1E85991316DE83 |
SHA-256: | 73BCF9C215F4A0F9D3B45D776244CAB96208358CF39802C702D3CD61CC8F1288 |
SHA-512: | CC4FA30807FE6A48115FA0F9425591707083AA97B898D436D4EB3989082B9E300A36E7881687C5F1EDE086727715492A32153BA7990BFD08C7A9FC65CAE5C5AD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xaWL07oywYIGNPUGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JaWLxywZG6GZn3mlind9i4ufFXpAXkru |
MD5: | FFA982D6F2F9B46A1DECDD28BF3EF0E1 |
SHA1: | B1D05ED9BD6A80BD0E3377E9F62B47EF83FCC0C8 |
SHA-256: | 93D954FA4BBEDCDFBC7BF14FA1BB3986056261F4A5035C3CFF229FF16D12B78B |
SHA-512: | BF2931508F2039FFF4A74EC9B2FF2706FCF05DC5D56E22CA9C74B7C4AF9E8B4173419791DE648FD77AE7C4B441734E7C70C964A2B91C816FC98C9BA78BEB7879 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLqGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLqGZje |
MD5: | 8C8568A58ECA8E12112C68780B16ECCF |
SHA1: | 189D30BA5ED9573B214DDEE80D3A388223DF62FD |
SHA-256: | 265A47203CC1D71634C35CA728DCE541C04B7215704CAB627560B3D27B25A88A |
SHA-512: | 2DD46BF003850324D9DB1F8A89DA86AEA83A721CD6D6FBFCF25FF9BF29FBBD64D202835CC9E25629ED75174BDF125538CD6DF1BC06839B6D17DD7A69ED39D01A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.938966055185457 |
TrID: |
|
File name: | 19194R21.pdf |
File size: | 91'111 bytes |
MD5: | 8523b894e3341389e8b0f8f46d84fb3b |
SHA1: | b2c37f027bd960ebae79e32984d81a1e4b8720eb |
SHA256: | 58031f56fff1a6b777cda8244e8acad871b5c247c1ec3f7ed468baba820fbe63 |
SHA512: | 241e86ceba92f5a8a0de2ba58d563452eccadba4595745092249f33ccaddb5daa8427042e704124d81f303954832a6019f1dd61dd9540f5abb74caae251325ef |
SSDEEP: | 1536:beYpbHNlR1ExLWrIu1XHgWACwqR+wjziSv2fTxADp:beYrj1aarv3gWPbGSvkxAd |
TLSH: | B093E1349509488DF247D14596BAB269C54DF6D213CA98C1A06CFADBCCC8E2DE1E36E3 |
File Content Preview: | %PDF-1.7 .%.... .1 0 obj .<< ./Type /Catalog ./Pages 2 0 R ./PageMode /UseNone ./ViewerPreferences << ./FitWindow true ./PageLayout /SinglePage ./NonFullScreenPageMode /UseNone .>> .>> .endobj .5 0 obj .<< ./Length 1452 ./Filter [ /FlateDecode ] .>> .stre |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.938966 |
Total Bytes: | 91111 |
Stream Entropy: | 7.996944 |
Stream Bytes: | 82882 |
Entropy outside Streams: | 4.819151 |
Bytes outside Streams: | 8229 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 59 |
endobj | 59 |
stream | 16 |
endstream | 14 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 4 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 18, 2024 15:02:53.232016087 CEST | 49801 | 443 | 192.168.2.10 | 96.7.168.138 |
Oct 18, 2024 15:02:53.232070923 CEST | 443 | 49801 | 96.7.168.138 | 192.168.2.10 |
Oct 18, 2024 15:02:53.232214928 CEST | 49801 | 443 | 192.168.2.10 | 96.7.168.138 |
Oct 18, 2024 15:02:53.232407093 CEST | 49801 | 443 | 192.168.2.10 | 96.7.168.138 |
Oct 18, 2024 15:02:53.232419968 CEST | 443 | 49801 | 96.7.168.138 | 192.168.2.10 |
Oct 18, 2024 15:02:53.970572948 CEST | 443 | 49801 | 96.7.168.138 | 192.168.2.10 |
Oct 18, 2024 15:02:53.989176035 CEST | 49801 | 443 | 192.168.2.10 | 96.7.168.138 |
Oct 18, 2024 15:02:53.989207029 CEST | 443 | 49801 | 96.7.168.138 | 192.168.2.10 |
Oct 18, 2024 15:02:53.990900040 CEST | 443 | 49801 | 96.7.168.138 | 192.168.2.10 |
Oct 18, 2024 15:02:53.990973949 CEST | 49801 | 443 | 192.168.2.10 | 96.7.168.138 |
Oct 18, 2024 15:02:54.051431894 CEST | 49801 | 443 | 192.168.2.10 | 96.7.168.138 |
Oct 18, 2024 15:02:54.051758051 CEST | 49801 | 443 | 192.168.2.10 | 96.7.168.138 |
Oct 18, 2024 15:02:54.051773071 CEST | 443 | 49801 | 96.7.168.138 | 192.168.2.10 |
Oct 18, 2024 15:02:54.051850080 CEST | 443 | 49801 | 96.7.168.138 | 192.168.2.10 |
Oct 18, 2024 15:02:54.102030993 CEST | 49801 | 443 | 192.168.2.10 | 96.7.168.138 |
Oct 18, 2024 15:02:54.102067947 CEST | 443 | 49801 | 96.7.168.138 | 192.168.2.10 |
Oct 18, 2024 15:02:54.148902893 CEST | 49801 | 443 | 192.168.2.10 | 96.7.168.138 |
Oct 18, 2024 15:02:54.176265001 CEST | 443 | 49801 | 96.7.168.138 | 192.168.2.10 |
Oct 18, 2024 15:02:54.176377058 CEST | 443 | 49801 | 96.7.168.138 | 192.168.2.10 |
Oct 18, 2024 15:02:54.176594973 CEST | 49801 | 443 | 192.168.2.10 | 96.7.168.138 |
Oct 18, 2024 15:02:54.176832914 CEST | 49801 | 443 | 192.168.2.10 | 96.7.168.138 |
Oct 18, 2024 15:02:54.176853895 CEST | 443 | 49801 | 96.7.168.138 | 192.168.2.10 |
Oct 18, 2024 15:02:54.176867008 CEST | 49801 | 443 | 192.168.2.10 | 96.7.168.138 |
Oct 18, 2024 15:02:54.176913023 CEST | 49801 | 443 | 192.168.2.10 | 96.7.168.138 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 18, 2024 15:02:48.662719965 CEST | 61221 | 53 | 192.168.2.10 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 18, 2024 15:02:48.662719965 CEST | 192.168.2.10 | 1.1.1.1 | 0xae0f | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 18, 2024 15:02:37.308629036 CEST | 1.1.1.1 | 192.168.2.10 | 0xdff1 | No error (0) | s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 18, 2024 15:02:37.308629036 CEST | 1.1.1.1 | 192.168.2.10 | 0xdff1 | No error (0) | 13.107.246.60 | A (IP address) | IN (0x0001) | false | ||
Oct 18, 2024 15:02:48.672671080 CEST | 1.1.1.1 | 192.168.2.10 | 0xae0f | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 18, 2024 15:02:49.569353104 CEST | 1.1.1.1 | 192.168.2.10 | 0x9f4d | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Oct 18, 2024 15:02:49.569353104 CEST | 1.1.1.1 | 192.168.2.10 | 0x9f4d | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.10 | 49801 | 96.7.168.138 | 443 | 8144 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-18 13:02:54 UTC | 475 | OUT | |
2024-10-18 13:02:54 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:02:39 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64eb90000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 09:02:40 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63ec50000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 09:02:40 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63ec50000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |