Windows
Analysis Report
PPI Submittal.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7128 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\P PI Submitt al.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 3332 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7208 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 88 --field -trial-han dle=1552,i ,993882005 1784610952 ,148376674 5693320976 3,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Static file information: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
96.7.168.138 | unknown | United States | 262589 | INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1537104 |
Start date and time: | 2024-10-18 15:12:28 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | PPI Submittal.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/49@1/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.43.60.134, 2.19.126.149, 2.19.126.143, 162.159.61.3, 172.64.41.3, 23.22.254.206, 54.227.187.23, 52.202.204.11, 52.5.13.197, 2.23.197.184, 93.184.221.240
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: PPI Submittal.pdf
Time | Type | Description |
---|---|---|
09:13:48 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: claude-3-haiku-20240307 | ```json { "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": [ "Print Name:", "License Number Standard Plans Examiner:", "Standard Inspector:", "Trade Categories:", "License #:" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false } |
URL: PDF document Model: claude-3-haiku-20240307 | ```json { "brands": [ "Marion County Board of County Commissioners", "My Amelia, Inc DBA Inspected.com" ] } |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
96.7.168.138 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher, Mamba2FA | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HtmlDropper | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher, Mamba2FA | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.205641730423115 |
Encrypted: | false |
SSDEEP: | 6:hnn3Ht+q2Pwkn2nKuAl9OmbnIFUt8WnnzZmw+WnnjVkwOwkn2nKuAl9OmbjLJ:hn3ovYfHAahFUt8Wnz/+Wnp5JfHAaSJ |
MD5: | DFB30FFD81A480165864787971A26C98 |
SHA1: | 2D7F26B0F021DED1E58A1C8F03E6F05783FC53BD |
SHA-256: | 34B2E43A517899A3D8EE271A785ED178052B9516A07B0DDCF9B96198090F4041 |
SHA-512: | F823487CF57D8AB2F3B20AA0B4206135EE2EFA19FE4534229DE03763C8B0F0F7E1421672FAC6E83AB2A5C5E94335D0C544DCE03BBC2F334FA948B46D174866A0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.205641730423115 |
Encrypted: | false |
SSDEEP: | 6:hnn3Ht+q2Pwkn2nKuAl9OmbnIFUt8WnnzZmw+WnnjVkwOwkn2nKuAl9OmbjLJ:hn3ovYfHAahFUt8Wnz/+Wnp5JfHAaSJ |
MD5: | DFB30FFD81A480165864787971A26C98 |
SHA1: | 2D7F26B0F021DED1E58A1C8F03E6F05783FC53BD |
SHA-256: | 34B2E43A517899A3D8EE271A785ED178052B9516A07B0DDCF9B96198090F4041 |
SHA-512: | F823487CF57D8AB2F3B20AA0B4206135EE2EFA19FE4534229DE03763C8B0F0F7E1421672FAC6E83AB2A5C5E94335D0C544DCE03BBC2F334FA948B46D174866A0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.174037382202814 |
Encrypted: | false |
SSDEEP: | 6:hnnc4q2Pwkn2nKuAl9Ombzo2jMGIFUt8Wnnr3JZmw+Wnnr3DkwOwkn2nKuAl9OmT:hnLvYfHAa8uFUt8Wnl/+Wn35JfHAa8RJ |
MD5: | 2A919FD9E07D50334984DCDB0A6D0231 |
SHA1: | CC5C876D4923EBF20A929C572F181EE62710DEDD |
SHA-256: | D09AF33D82981F5D240D6198B1BA5CB18B818CC24E901F8CCDACFC342413ED15 |
SHA-512: | 7AACD8FCBF561E6FA73BD3D7270B3FC49CB49E6F2D4E41233CB78C90CDA015C2E62F253748A3B409813AC7302A9A3D9849A358307465A8C460A18253DE36A884 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.174037382202814 |
Encrypted: | false |
SSDEEP: | 6:hnnc4q2Pwkn2nKuAl9Ombzo2jMGIFUt8Wnnr3JZmw+Wnnr3DkwOwkn2nKuAl9OmT:hnLvYfHAa8uFUt8Wnl/+Wn35JfHAa8RJ |
MD5: | 2A919FD9E07D50334984DCDB0A6D0231 |
SHA1: | CC5C876D4923EBF20A929C572F181EE62710DEDD |
SHA-256: | D09AF33D82981F5D240D6198B1BA5CB18B818CC24E901F8CCDACFC342413ED15 |
SHA-512: | 7AACD8FCBF561E6FA73BD3D7270B3FC49CB49E6F2D4E41233CB78C90CDA015C2E62F253748A3B409813AC7302A9A3D9849A358307465A8C460A18253DE36A884 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\24d854f3-7389-4c99-843d-157744a8f3ef.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.966895279106768 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4T3y:Y2sRdsVdMHO3QYhbG7nby |
MD5: | 2B2DD4FFCADFFFA544C423CE65A911E2 |
SHA1: | 3C690C4670D732A1F54C5BD0B93A7CFF6CA96720 |
SHA-256: | 7ACAC2E53C854E8000F43FE4CB549E82A2B9F6A957366C429ABB730EE326CBD0 |
SHA-512: | 51D13C2DCDFB21C1C0F1756DA980098861148C6CE5CBB18F8D6247FB33D1037B60EB4CE27C7AC482D705509BD1BDF1EDDBC619CC6D6610A3EED3F2AAD0185C50 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\49ee5304-188b-4d74-ac9d-bbb20753f5dd.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.966596943422396 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqy0HoShsBdOg2HrYYZcaq3QYiubInP7E4T3y:Y2sRdsWIJdMHMYg3QYhbG7nby |
MD5: | 1A0D4E683BC4FF4649D2D5456038E9C4 |
SHA1: | 3262B724FE45D87672715795B9AF16044B9C1C6F |
SHA-256: | 55B3D5A8A0B0EBB4501A9154439B00E8BEA5CF46A8A60866A60F00D7A6F39E1F |
SHA-512: | 0E8AF95C87B78F05C65F78F4932A01DE8D3155423F919CECADD0740B35F4F5830A6BBDCB308D0CBE45B76C4A5471C4BFD35FCC23F3013FF6C21AB960A3674B44 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.966895279106768 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4T3y:Y2sRdsVdMHO3QYhbG7nby |
MD5: | 2B2DD4FFCADFFFA544C423CE65A911E2 |
SHA1: | 3C690C4670D732A1F54C5BD0B93A7CFF6CA96720 |
SHA-256: | 7ACAC2E53C854E8000F43FE4CB549E82A2B9F6A957366C429ABB730EE326CBD0 |
SHA-512: | 51D13C2DCDFB21C1C0F1756DA980098861148C6CE5CBB18F8D6247FB33D1037B60EB4CE27C7AC482D705509BD1BDF1EDDBC619CC6D6610A3EED3F2AAD0185C50 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF431622.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.966895279106768 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4T3y:Y2sRdsVdMHO3QYhbG7nby |
MD5: | 2B2DD4FFCADFFFA544C423CE65A911E2 |
SHA1: | 3C690C4670D732A1F54C5BD0B93A7CFF6CA96720 |
SHA-256: | 7ACAC2E53C854E8000F43FE4CB549E82A2B9F6A957366C429ABB730EE326CBD0 |
SHA-512: | 51D13C2DCDFB21C1C0F1756DA980098861148C6CE5CBB18F8D6247FB33D1037B60EB4CE27C7AC482D705509BD1BDF1EDDBC619CC6D6610A3EED3F2AAD0185C50 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.245298091995292 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo73hcKu6cKZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gop |
MD5: | 198EC196E416F9CC66C550B234F00D37 |
SHA1: | 8639E844899B4B8CC483A900DC76F90C1BB8F6F7 |
SHA-256: | 93678923220719499E01CFDAF210A3A33D0FBFEB8DF665C863407D4C73799097 |
SHA-512: | 6DBA2AA1977D9C1CACE34C347628C1E5CD34EBE7754B966DB2A80E8F70D7676052EC2507AEB17B6FC3FB3C5F18DBE48E54A460D263CF47644BDC2EAFB1692A72 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.213348158227407 |
Encrypted: | false |
SSDEEP: | 6:hn0O4q2Pwkn2nKuAl9OmbzNMxIFUt8WnwmJZmw+WnwNXNDkwOwkn2nKuAl9OmbzE:h0tvYfHAa8jFUt8WwQ/+WwNXF5JfHAab |
MD5: | 38B25F7707753D2F119B9DBE8251282B |
SHA1: | 697F1C2B09C17CDF6348D0818AC10F3751373B26 |
SHA-256: | 81D566DFC49B2E427966C52EB5C5DD131024D6F741B90641732CFDBC54E20538 |
SHA-512: | C6A1884CBB91903E23A1B12DE01D58378DF7C0F2EE22AC8E85B1D6AFD75D1E0FE9D2D9D246241C740C02746230F14D0E018E6589BA3858E3D6E3C977D1195F99 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.213348158227407 |
Encrypted: | false |
SSDEEP: | 6:hn0O4q2Pwkn2nKuAl9OmbzNMxIFUt8WnwmJZmw+WnwNXNDkwOwkn2nKuAl9OmbzE:h0tvYfHAa8jFUt8WwQ/+WwNXF5JfHAab |
MD5: | 38B25F7707753D2F119B9DBE8251282B |
SHA1: | 697F1C2B09C17CDF6348D0818AC10F3751373B26 |
SHA-256: | 81D566DFC49B2E427966C52EB5C5DD131024D6F741B90641732CFDBC54E20538 |
SHA-512: | C6A1884CBB91903E23A1B12DE01D58378DF7C0F2EE22AC8E85B1D6AFD75D1E0FE9D2D9D246241C740C02746230F14D0E018E6589BA3858E3D6E3C977D1195F99 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241018131345Z-172.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 2.3528101182483234 |
Encrypted: | false |
SSDEEP: | 384:xRDDDDDDDDDDDDDDDDDBDDDDDDDDDDDDDDDDDDDTDDDDDDDDDDDDDDDDDDDDDDDz:F9WYzpzZX |
MD5: | 73B49C1E01421F4916A3704B77E2BB4A |
SHA1: | E11AED10A7D81A4F9A84905F10B90CF1B45C10A2 |
SHA-256: | CD526270886938EC1D6976D2B7DBEDB58DA56DD937DF0FB15D6D51E2C58E7AA9 |
SHA-512: | 7FC2174435D9129A76C249582E89714AB06DB6BAE20E0C6AC8CAB7BC29D9DAC577463E8D294CC16161A2AA67A5351CDD4497B92C8A7C66B2C79B6DD7144F5E03 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445066267908185 |
Encrypted: | false |
SSDEEP: | 384:yezci5tAiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rXs3OazzU89UTTgUL |
MD5: | 64069A7DFE8525C37AF9C51DEA3912E0 |
SHA1: | 02233DBB946A04F086736DF03F8B98513C626C60 |
SHA-256: | 26110EB594E587C459CC59FEF40AB1BC170D5931AB12DB4DCF563C4A4AA2C09F |
SHA-512: | 4C5A13818924321720F5438FECABA669A5469062EB6D37EB81BEC82DB48FD02DD230972B6CBED22D7CD5D5FD12A70BD772EA11A5DB3F91CD228A4C344E8624A5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.774103163844887 |
Encrypted: | false |
SSDEEP: | 48:7MZp/E2ioyVeioy9oWoy1Cwoy1eKOioy1noy1AYoy1Wioy1hioybioyUoy1noy1q:7apjueFVXKQJOQb9IVXEBodRBkQ |
MD5: | 60BAB892675744E5B969CFA295603533 |
SHA1: | 1E7E4EC295F0FD7B1AA317D16EABA42CC1CD019B |
SHA-256: | 9DEA10E4A23148341BF82CDBBF41C285EBFB8637092260F187A2C99BF248050C |
SHA-512: | 6F89F6B112D29C941569996797A68C8D9DFAE66A79185834C9D8074E5D013561E825B62B0DC7A5752E41EBF782C4DABE5D25D4485FD52C5990E20B45583E3C63 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7647458239154146 |
Encrypted: | false |
SSDEEP: | 3:kkFklBSHD031fllXlE/HT8k0szltNNX8RolJuRdxLlGB9lQRYwpDdt:kK/HD0mT86JTNMa8RdWBwRd |
MD5: | 07D115F5514E91D4AF4F493A9D9C03D8 |
SHA1: | CC8FEA5DEAEB7905790594CEAA79E3FFBFB2FD82 |
SHA-256: | D941D0D490609C2AD6199AA773699F99841D448603BB9196833B4502AB45C3D0 |
SHA-512: | A980C91890EA43D5BB65B09B89FC656D23877B104DB819ACC937FF07DAFA7179B7359573175D55B3AB5790E5075C3E3670314869148408FDD34B7C26D97940E3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.1279761948813087 |
Encrypted: | false |
SSDEEP: | 6:kKYmi9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:vdDnLNkPlE99SNxAhUe/3 |
MD5: | 9DBC7E6E22DD21BCF0C50DABE8B30841 |
SHA1: | CE6E7E85857CDBB11C9007BCDC936710CE108D73 |
SHA-256: | 44E7263B9FAE241CFEFD223DE7CEF32676367D0B4066AFC1B92CA8BFBE53368C |
SHA-512: | E0501FA38717993EB31D16C8BDBF78960931426CC52D4FCC0CE972794B4CA345B340AE7D6A16A26085A0DF543B652DFECAD639B527C75B886C0FB56E0911C9D8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.33492945055332 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJM3g98kUwPeUkwRe9:YvXKXzY6KOZc0v1QtZGMbLUkee9 |
MD5: | 09AFD079BD52D770B8D9A3A608420B1A |
SHA1: | 2D592590CDC453FF78D9C06EB4E5687473B0B424 |
SHA-256: | E913198B63D57EF067A3B10E2283E0D3A91555D13D4906931382C2A35C1A1185 |
SHA-512: | 826DFE9173E9241C14641F63FE75B7C8523B4D70EDC454E71FE84E41AFE9FFC1F861978C21A6EB10676366FB52A6C04FF94556EE5BA65DA45E19CD683FB6506C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2853638194650046 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJfBoTfXpnrPeUkwRe9:YvXKXzY6KOZc0v1QtZGWTfXcUkee9 |
MD5: | FF84C248417BFC7A740417C68EA63580 |
SHA1: | 400267A6BC9405044D7A0683C560242892025B08 |
SHA-256: | A721647494B401C9524010527991A9E0718B6C1CC92992E2F67FE1CD2F982168 |
SHA-512: | E20E6FA6C1517F52D860749CC783763A091BEF6055D3CAD053DE2A5D5F5D24222E0BD587041471039952DDDFF196C5FC220684FA11CCD96D7F80159B08F209AD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.264631613379674 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJfBD2G6UpnrPeUkwRe9:YvXKXzY6KOZc0v1QtZGR22cUkee9 |
MD5: | 4399A78A059C3F9646C1786F552C77BF |
SHA1: | 884E8C16B505545837D9BAE2C3B092554CFB4F30 |
SHA-256: | 10158D09297CF8ED532B9A5587F5AE1331E00B9AA32412BD4ED3EFEDB2F94F1F |
SHA-512: | ADF3DB4C060D843C117F35010744BDC5F0A7218E40CA52C62EAFA857EAD4DB9B19DC6DE0C05987387E44D748F878F0EBD1B8C5EDF321E5D25169810C1177129C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.320942274791852 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJfPmwrPeUkwRe9:YvXKXzY6KOZc0v1QtZGH56Ukee9 |
MD5: | 0709B46AA506B9537D571C475372FF06 |
SHA1: | 03AA01379255343DE1D921A4CD498E4799197106 |
SHA-256: | D76731D66F74F0A7032ED62850FDB0336D792C57CB470782596BC110F89DDD33 |
SHA-512: | 68A8FD59DB879151B4CECED3BCED4E64CFFA9D42FC5796E419ACF63712F58FA3D65FE00366F601899F7C4D5E95A7794C5B938775FF6613146F5BED9F404FFCB3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1055 |
Entropy (8bit): | 5.6539472921178575 |
Encrypted: | false |
SSDEEP: | 24:Yv6XcOzv8+pLgEscLf7nnl0RCmK8czOCCSr:YvWE+hgGzaAh8cv/r |
MD5: | 81DAB6EE610AD7536B0DF5239D576EED |
SHA1: | D2E4AD98B3403F349A8370A4694E5977ED97A8AA |
SHA-256: | A3148149214456B3DF35C62A0279E2B3952F4D6364C1842F9FEAAF7C3F14F7EF |
SHA-512: | 20597168F5365D661042FFF3908A71A67EA3399785290CA653A9C3B090F7BE983932E0CB1E2A7E5A98A7D2B236F70E47784E6B7D89B1D6FD3686E4E9DE9EE196 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.6452112319223176 |
Encrypted: | false |
SSDEEP: | 24:Yv6XcOzv8oVLgEF0c7sbnl0RCmK8czOCYHflEpwiVy:YvWEoFg6sGAh8cvYHWpwr |
MD5: | 2EF5E83C1683295871478D5B6E70A39C |
SHA1: | FD76FECECF06DCBC5DA5AA3F713A38588BE09C14 |
SHA-256: | 0E4686AD7B8A6C99D109AF5E4093165C277ED99AD5DB51113E0F5E980526C114 |
SHA-512: | 06DFCBC732D7F09E7DD2DE13F9AAFBA3BA650DD7BEEFEAEADDA36C25579F2D16264D24B1048418F9BC3A47B11871C6DB050531400D99E51DF39F7F88F98917B7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.269134009691594 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJfQ1rPeUkwRe9:YvXKXzY6KOZc0v1QtZGY16Ukee9 |
MD5: | 82A2667CF75D8C03E7BF4F73D628D35F |
SHA1: | 38A856E3A3981EB6BC0E22C96F532648EBE36D0C |
SHA-256: | EACC930671B7B3A872235CE4102174192C3CBDDB7EDA12A3EC139BDB97EB428A |
SHA-512: | 4C830E7851B76DCB74646FC29B7702E6A6D76E212CF25738783D1BC70F4DCA8A1EC414C5FD7773F65D2E9E33D53FC4CFCA4A304441637697025F8C6E2D76F002 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.6363687198119985 |
Encrypted: | false |
SSDEEP: | 24:Yv6XcOzv8t2LgEF7cciAXs0nl0RCmK8czOCAPtciBy:YvWEtogc8hAh8cvAs |
MD5: | D826380FC9542AAAF87578AC8E7BF76E |
SHA1: | 54BBB25FE9CA88727D0F4F5C63042EFBAFB3568A |
SHA-256: | 62017940D6344EC25EDCE62F88EC5489F15B56BA9F98E05626F517C6E6AA0696 |
SHA-512: | 51696DF48C597B2954B29688ED92454CBC3DA216F65D95D437E305B041C78CBED5B77F56A601DCB4818B12953CCE0E1307598D89C8569601235739760C048F46 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.695023675572577 |
Encrypted: | false |
SSDEEP: | 24:Yv6XcOzv8FKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5y:YvWEFEgqprtrS5OZjSlwTmAfSKQ |
MD5: | 9898BC3548514AFB17093FD2418DB991 |
SHA1: | 1DE0F91C04B9B4F1214B874364952F9E2E1BD43E |
SHA-256: | 5BF37E6A24983D7B0546AA21EFC9628CBE129029EB91C452E802CFB7E0F38F5F |
SHA-512: | A6C3ADD04EC36C00FD4FAB2D3C5CE0E27F791C1D40B6A7DD12EB4157C491753DA19AE88CA7AAFE9FB2A09D9EDF319348A3A9E04CC139812C91BF4406E4A1D91F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.270975322890406 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJfYdPeUkwRe9:YvXKXzY6KOZc0v1QtZGg8Ukee9 |
MD5: | EE2ECBA9011173E13D40527A001707AD |
SHA1: | 3CA7EF8E763065AA3F008326AF36FF3C3D80C3A4 |
SHA-256: | F31A69AD8AA14AADBDAEDC4AF973E18CF6E513D5E0A3C1E233922A9E94D2DCFD |
SHA-512: | 26B8CB3AC97580833C30F963188605D6B407CB5FDE1E9C52F5331E03018C959D0477176F73EF6459B46B2C302E2D5315396B1E1DA703DF494C26DCF451B8ECE2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.768548654468393 |
Encrypted: | false |
SSDEEP: | 24:Yv6XcOzv84rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNa:YvWE4HgDv3W2aYQfgB5OUupHrQ9FJQ |
MD5: | 4EB3326ADDE179599A336B0836E0D132 |
SHA1: | FD0EC55265DC48D4E649F6908D38DD749BF1A9BD |
SHA-256: | 23A1A342DD5F4915815941671895E71BE9B505077E60587DCBFD237C4EEF8F4C |
SHA-512: | F273DDBBD3AC5AD567D85265B02AEA6452C3D8D996CD59E389EAA3DFE1B9282E616CCD00C23E190B85C2F3091FDF928638C43A6581882CB28E85AC6175B33026 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.254721902881175 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJfbPtdPeUkwRe9:YvXKXzY6KOZc0v1QtZGDV8Ukee9 |
MD5: | B2F465978D211EEAF4B1C903AB90B224 |
SHA1: | 518B85D63EE178687C44932136B153DB6ECB43D5 |
SHA-256: | 938D498522B592248AC92B9CA1B99954725AE59300E1C322E835CDDCF716F140 |
SHA-512: | B6573F65E0EE89CCDB6F91EE7DDABD03EED7CC4E4482239BDE07EED64D0367091C9D2EB8B643463A9604FFC823D502FDB4A64F192146A594CFB51D1847EE8C0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.258657230031148 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJf21rPeUkwRe9:YvXKXzY6KOZc0v1QtZG+16Ukee9 |
MD5: | 194BDE8DFFF88FBCDBFE8467367288E3 |
SHA1: | B1F2CF5467A8D9EAFFAEA5C0C465C432A705693B |
SHA-256: | 33406ADAC12764D8E01ACDE704E62BCA3152558793B45498EE6275FB0F836483 |
SHA-512: | 611A14B1D3F7CFFFE424C018CF561947473DCA113B58095189FBD076AFD47EED602AD5511E7B5CAE57E0642458BDF33A8AC7C7829D1263014EE8BE2EEC57BC1E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 5.622176739016289 |
Encrypted: | false |
SSDEEP: | 24:Yv6XcOzv8iamXayLgE7cMCBNaqnl0RCmK8czOC/BSr:YvWE8BgACBOAh8cvMr |
MD5: | A6B97EB079FCA3E7A9E95BA7C1C7BA17 |
SHA1: | DD5DBE9D32F3A61BB84565ACFFB5E540B9A0C39A |
SHA-256: | 429B5602F292D7122311CD0265C56A893C7C16DC355A09BA9AE0E134B2E144F3 |
SHA-512: | 211BF3FCF0837AC1829CFFF45AE4051C121D0ACBCBA38A1BF288EC77D78B567D4402B87F58F5182889CB0AF402863B8FD15A65E6F98F57E5856D79638D5021EF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.233223386865374 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJfshHHrPeUkwRe9:YvXKXzY6KOZc0v1QtZGUUUkee9 |
MD5: | 19D42D74FF79D2B923FD75F1084E9F53 |
SHA1: | 2A17819E2FA2EFA0D659F27419A1526979C2CEC2 |
SHA-256: | 1C2C232B49C5DBBBC511020398C88952E62711F4CEE1C857F287DAB5650DD742 |
SHA-512: | 9E2DD8A83629DED457A3D83802B19E9C9EAEDFB7DA0C86369D8420D1C76AD0915DED6479B6862D47777164D89EAE03BA82ABF3D0264F07E861601FA19868DDD0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.355603795864809 |
Encrypted: | false |
SSDEEP: | 12:YvXKXzY6KOZc0v1QtZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWm:Yv6XcOzv81168CgEXX5kcIfANhr |
MD5: | 83311A7BDA7EF657F5E45A4AB603587C |
SHA1: | 19296295F3B6D5741CF00C87AB95FC6C9AF3CD0A |
SHA-256: | 00B9413275B619841DCE2B1B4112DAA1DDAFD4BFD4ACAE4826C9059910B5DE63 |
SHA-512: | 7CE6085F8045747B2793E169D61BB2D86C6D707C1E8E0470B8923B8CC8C48D8E0E7F9BB5A683F9F947147AF84B3FE581DDA3661AADA6E2CC042B2402649EBFF0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.127043308146634 |
Encrypted: | false |
SSDEEP: | 24:YfBtEdVkip6tVGa02mHayKVDr/3JUV4E3VRC3/nVUooNVLfVJM+qdV/PJ+VobB48:YfBtJk0r/3A0gVna/PlkmJcgVXeOX9h |
MD5: | F1D30E3317D3DF4349009C89EBDB19F5 |
SHA1: | 8E854F1E238410ACEE3464E7374092E3F2635F40 |
SHA-256: | 3637B5B4CE9AE1ACED4D45AA63B1B864B624EF043203926D560A2C48436C05D9 |
SHA-512: | CB0E46129146C9B622AE9332EEC5520766A9D08D84534FEC6C73C3BEB39D6B47AE6A3AED60E7B97868708DCF3878BC35EE3B5833623EF03271A58411816BF3FE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1873192237421348 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUSUhSvR9H9vxFGiDIAEkGVvpmUF:lNVmswUUUUUUUUSUh+FGSItSUF |
MD5: | F55C23444821A6C89A61D46E3F22BB36 |
SHA1: | 7B8A74FA189E631EDCC61145AF4F623CA65C2D65 |
SHA-256: | 7DBE64722EF669C9DDDF6936069F7724A5D4751E0DA09DDFF1881D7DE6F237A1 |
SHA-512: | E5F1DA188C236D9F5D9C7D10991FAF2476DCC3ABB539A54C22E7B14F58476F2FEAF5917686415C73F9245CECD59AE556A220504E514C243DC64647FC1C50716D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6034114428473074 |
Encrypted: | false |
SSDEEP: | 48:7MXKUUUUUUUUUUSUpvR9H9vxFGiDIAEkGVvwqFl2GL7msr:7hUUUUUUUUUUSUNFGSItqKVmsr |
MD5: | B0C6C06288FADD14A2CFD0B955F8B8D2 |
SHA1: | 3D9E6F80AE753A3D6FE0E34636A5841FAAD767BE |
SHA-256: | DF0A20FB6929A00972BF437C1F0747F016F0FBC4D6723DA13950D648ABC825D0 |
SHA-512: | 0FF11BF65DEBDE3A0470D76F347050AB12DEF931AFB0653D03273DDD2C812CBA8392FE850D54B9AE0048B2DBA9FD4301CD032364D07D02DA94EC7A40D9E544A1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.529459928009153 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKRasw:Qw946cPbiOxDlbYnuRKSQ |
MD5: | 43EFB73DE58414B1F217B09D1F71A11F |
SHA1: | 26B3F3D86E8D82BD834763C94B74E76BBE86A863 |
SHA-256: | 99DBF566FBC55614102D99736349664388FA959A2E8C75E705BDAACF415414E4 |
SHA-512: | 017EFE3DBA2C0B6158A0F620964EEC82EDDCA82A853F569B321CA4E9BEF960A76491A9E42D3E2D533B32D42FEE4FF307D688138DD8BFB5E492B45941F74EAAFE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-18 09-13-42-710.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.338827978009275 |
Encrypted: | false |
SSDEEP: | 384:SOwfYmFlQt4+VkpzI027/ZSS2pMpGyOwZS+dvbdAxoGeoAzzFEmZdodI106HOA4z:0Bl |
MD5: | EFE7893E462057E468718E07BAEBBF12 |
SHA1: | EF0F5092CAD6ECAC6E71F317B32480ECD0B9C3DF |
SHA-256: | AD7368323AC13F6086E1B09758E1B0635FBD4FE3FD3EC1BBE0FEA738CDAE78C6 |
SHA-512: | C17A5890819B8CC9D5EB640CF69333921C2C6A69625C7A1E54EF6A5B60E43A1F5345088F7A09F6EBA8FB03087C6B186941E86B8FC7690A9311385F2389525619 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.392147547540374 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2ru:C |
MD5: | 3E99D21CE7CAF378C8DCD22EC090E77C |
SHA1: | F9BBC14A0482A29EDFB9D3CAB21D1C7BFCDA9818 |
SHA-256: | C3897AF2DA2C70B73BD7B54AACB19110DCD11FECA3AFB0A497A5D70DE04EF804 |
SHA-512: | 34433FC7C9A840824140AB21783EDD5AAD02E46119D238F586A303D9985CA46E4BD116D4EAD3C8C65C3D55FD5779DFB602692D46A3DCE2DED38E493BBCBA23F0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/VR9WL07oXGZnYIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:tR9WLxXGZnZGh3mlind9i4ufFXpAXkru |
MD5: | 9D85D4B75E446857CE3D750299B2AF1A |
SHA1: | 3CD9576D0A07B9E4454F4FF4DDF8D18EFBB764B4 |
SHA-256: | D3C44F50FD2912C92DAF009689B221515709E00C839A8DA425078C96F2D6053A |
SHA-512: | 1C63A091EF404FC446F1A789D33258FE9F6AD25C80375CADADF0829BC5DCD70A16A8E30E664D0A02F39E7A3D10B9E56AD7F9CA9D733A877726C1DD043B14842F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.99828278964409 |
TrID: |
|
File name: | PPI Submittal.pdf |
File size: | 7'218'070 bytes |
MD5: | c5e6ae17541577544d9c46e54544a51c |
SHA1: | b1afa092b7ce35f99f71a8c4814c5e708aa424e4 |
SHA256: | 1ee9855f10e199576a49f318eed6f3a3bd4fb523b4a28464cc28c5ad6b14cfed |
SHA512: | 6a0532f0ba0f0901284ac0dfbca1ec8397d615ede4bc6aa5d6626860a85a1926197229b303a28c625e9d6a8df64754555e97584c18f186af418566884049e6cf |
SSDEEP: | 196608:btw/jcfc7NnjwX7lBPMg3a5/i5M5XE9xA4x4tYu43P3YOO:hw/kWnYrEgS/4MgInft |
TLSH: | 5F7633A376BF2119D8CA0E82FD0536E1264553E32D5A196238B0C9CE3C7CDF1B255EE6 |
File Content Preview: | %PDF-1.7.%.....50 0 obj.<<./Filter /FlateDecode./Length 2574./N 3.>>.stream.H...yTSw...o......c.[....5la...Q.I...BH..AD..ED...2.mtFOE...c...}....0..8......8G.Ng......9.w..........'....0......J.....b..... ...2y..-;!....K.Z.....^..i."L..0...-....@.8.(..r.;q |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.998283 |
Total Bytes: | 7218070 |
Stream Entropy: | 7.999470 |
Stream Bytes: | 7121144 |
Entropy outside Streams: | 5.126044 |
Bytes outside Streams: | 96926 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 479 |
endobj | 478 |
stream | 477 |
endstream | 477 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 4 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 1 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
69 | 0000000000000000 | 2d1a08bf4f7c46e21560dbcbeae812c2 | |
74 | 0000000000000000 | edbb2e0a21a75e330050d55da5661992 | |
81 | 0000000000404040 | 86fd7931bfb9bc7adfa9e14cc36c5dc0 | |
85 | 0000000000000000 | b9e0eeda240f5af30e379ecb142ea005 | |
95 | 0000000000000000 | e5ca6ff758c47b8d478fb2ae78b5cfc6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 18, 2024 15:13:52.745395899 CEST | 49748 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 15:13:52.745444059 CEST | 443 | 49748 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 15:13:52.745635033 CEST | 49748 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 15:13:52.745906115 CEST | 49748 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 15:13:52.745918989 CEST | 443 | 49748 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 15:13:53.460637093 CEST | 443 | 49748 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 15:13:53.460937023 CEST | 49748 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 15:13:53.460949898 CEST | 443 | 49748 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 15:13:53.461957932 CEST | 443 | 49748 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 15:13:53.462033987 CEST | 49748 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 15:13:53.522110939 CEST | 49748 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 15:13:53.522274017 CEST | 443 | 49748 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 15:13:53.522320032 CEST | 49748 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 15:13:53.563411951 CEST | 443 | 49748 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 15:13:53.568546057 CEST | 49748 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 15:13:53.568556070 CEST | 443 | 49748 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 15:13:53.615411043 CEST | 49748 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 15:13:53.646457911 CEST | 443 | 49748 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 15:13:53.646549940 CEST | 443 | 49748 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 15:13:53.646874905 CEST | 49748 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 15:13:53.647228003 CEST | 49748 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 15:13:53.647228003 CEST | 49748 | 443 | 192.168.2.4 | 96.7.168.138 |
Oct 18, 2024 15:13:53.647250891 CEST | 443 | 49748 | 96.7.168.138 | 192.168.2.4 |
Oct 18, 2024 15:13:53.647311926 CEST | 49748 | 443 | 192.168.2.4 | 96.7.168.138 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 18, 2024 15:13:48.285828114 CEST | 53476 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 18, 2024 15:13:48.285828114 CEST | 192.168.2.4 | 1.1.1.1 | 0xb78f | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 18, 2024 15:13:48.293494940 CEST | 1.1.1.1 | 192.168.2.4 | 0xb78f | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49748 | 96.7.168.138 | 443 | 7208 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-18 13:13:53 UTC | 475 | OUT | |
2024-10-18 13:13:53 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:13:39 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 09:13:40 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 09:13:40 |
Start date: | 18/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |