Windows
Analysis Report
Declaratie 147379 - Exter B.V. - Exter DSM.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 3672 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\D eclaratie 147379 - E xter B.V. - Exter DS M.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 5668 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7192 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 76 --field -trial-han dle=1624,i ,182070516 2846134009 1,68382740 0077445151 3,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
96.7.168.138 | unknown | United States | 262589 | INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1541153 |
Start date and time: | 2024-10-24 14:09:37 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Declaratie 147379 - Exter B.V. - Exter DSM.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/47@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 23.22.254.206, 54.227.187.23, 52.5.13.197, 52.202.204.11, 162.159.61.3, 172.64.41.3, 2.23.197.184, 199.232.214.172, 2.19.126.143, 2.19.126.149
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Declaratie 147379 - Exter B.V. - Exter DSM.pdf
Time | Type | Description |
---|---|---|
08:11:09 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: claude-3-haiku-20240307 | ```json { "contains_trigger_text": true, "trigger_text": "Wegens juridische werkzaamheden in de maand augustus 2024;", "prominent_button_name": "unknown", "text_input_field_labels": [ "Honorarium", "Subtotaal", "Btw 21% over 440,00", "Door u te voldoen" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false } |
URL: PDF document Model: claude-3-haiku-20240307 | ```json { "brands": [ "Vondst" ] } |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
96.7.168.138 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Meterpreter, ReflectiveLoader | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher, Mamba2FA | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | HtmlDropper | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Meterpreter, ReflectiveLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.121923154409694 |
Encrypted: | false |
SSDEEP: | 6:+oWGVd4q2PCHhJ2nKuAl9OmbnIFUt8toWGVnJZmw+toWGVnDkwOCHhJ2nKuAl9Oe:lWGsvBHAahFUt8+WGL/++WGB56HAaSJ |
MD5: | AAD510A37AAD50ED0C9434300F8454AC |
SHA1: | 0C7B819B3F31758C3BB30C1F8EC5FF7DF61EC45B |
SHA-256: | F65AF610A83D0F2DA8830E61310D3476EDA5BC599541564710972BBB25049648 |
SHA-512: | 1CC5F6C4045CFD3156DCC541182CB1F37CC1976258904B97B11B3FBDF487321BDF435C363B717BDE1E782F1AC5551FD72E43293863A9736E4A17CDE8E7649531 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.121923154409694 |
Encrypted: | false |
SSDEEP: | 6:+oWGVd4q2PCHhJ2nKuAl9OmbnIFUt8toWGVnJZmw+toWGVnDkwOCHhJ2nKuAl9Oe:lWGsvBHAahFUt8+WGL/++WGB56HAaSJ |
MD5: | AAD510A37AAD50ED0C9434300F8454AC |
SHA1: | 0C7B819B3F31758C3BB30C1F8EC5FF7DF61EC45B |
SHA-256: | F65AF610A83D0F2DA8830E61310D3476EDA5BC599541564710972BBB25049648 |
SHA-512: | 1CC5F6C4045CFD3156DCC541182CB1F37CC1976258904B97B11B3FBDF487321BDF435C363B717BDE1E782F1AC5551FD72E43293863A9736E4A17CDE8E7649531 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.1425913836310295 |
Encrypted: | false |
SSDEEP: | 6:+oWGVdV4q2PCHhJ2nKuAl9Ombzo2jMGIFUt8toWGV3PNJZmw+toWGV3PNDkwOCHV:lWGbWvBHAa8uFUt8+WGlX/++WGlF56HA |
MD5: | CC45D23FC123663190D979A75F27F6A1 |
SHA1: | 0B630F1B203CA4A42E6F1B1425006FD4FF9979C9 |
SHA-256: | 7AB7EDD517A1DFB2FDA0A9B92CDD488601CEC17532A71D6F5B0DE4A1F4EE38E5 |
SHA-512: | 1845C17771ADC1A9F0C9C24380D86CC114FCEC326A01306246A491237D7583B6147D6896A68DEDA162A9E9223A0765A78A47CCB8A997F8010C808E129D3B6D82 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.1425913836310295 |
Encrypted: | false |
SSDEEP: | 6:+oWGVdV4q2PCHhJ2nKuAl9Ombzo2jMGIFUt8toWGV3PNJZmw+toWGV3PNDkwOCHV:lWGbWvBHAa8uFUt8+WGlX/++WGlF56HA |
MD5: | CC45D23FC123663190D979A75F27F6A1 |
SHA1: | 0B630F1B203CA4A42E6F1B1425006FD4FF9979C9 |
SHA-256: | 7AB7EDD517A1DFB2FDA0A9B92CDD488601CEC17532A71D6F5B0DE4A1F4EE38E5 |
SHA-512: | 1845C17771ADC1A9F0C9C24380D86CC114FCEC326A01306246A491237D7583B6147D6896A68DEDA162A9E9223A0765A78A47CCB8A997F8010C808E129D3B6D82 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.964572325322009 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqRYSsBdOg2HEcaq3QYiub6P7E4T3y:Y2sRds9dMHX3QYhbS7nby |
MD5: | D25A82831FBAAB53DA0A9FF676399C18 |
SHA1: | 350EFB0B2B56CC8B0F650B34B59C0A705A4B2309 |
SHA-256: | F20CB8DC5F98FBEB8B0AB91BDABB2A1D09EF0D927241321034284592013693E3 |
SHA-512: | 973F779D5A631FDE2CD2270522EBAF78B50D2CE3130638500641750F4099E7DDBEAA58B73E9696DE4240823AC03E768CF890CBF42932F815324ECDBE1DFE7A61 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF3f92b8.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.964572325322009 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqRYSsBdOg2HEcaq3QYiub6P7E4T3y:Y2sRds9dMHX3QYhbS7nby |
MD5: | D25A82831FBAAB53DA0A9FF676399C18 |
SHA1: | 350EFB0B2B56CC8B0F650B34B59C0A705A4B2309 |
SHA-256: | F20CB8DC5F98FBEB8B0AB91BDABB2A1D09EF0D927241321034284592013693E3 |
SHA-512: | 973F779D5A631FDE2CD2270522EBAF78B50D2CE3130638500641750F4099E7DDBEAA58B73E9696DE4240823AC03E768CF890CBF42932F815324ECDBE1DFE7A61 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a3077105-57fa-49c2-9a2f-237344705b39.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.964572325322009 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqRYSsBdOg2HEcaq3QYiub6P7E4T3y:Y2sRds9dMHX3QYhbS7nby |
MD5: | D25A82831FBAAB53DA0A9FF676399C18 |
SHA1: | 350EFB0B2B56CC8B0F650B34B59C0A705A4B2309 |
SHA-256: | F20CB8DC5F98FBEB8B0AB91BDABB2A1D09EF0D927241321034284592013693E3 |
SHA-512: | 973F779D5A631FDE2CD2270522EBAF78B50D2CE3130638500641750F4099E7DDBEAA58B73E9696DE4240823AC03E768CF890CBF42932F815324ECDBE1DFE7A61 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ddc4509a-daea-4306-9d74-bc88cb7fce2b.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.964435627287755 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqCWsBdOg2HpVcaq3QYiub6P7E4T3y:Y2sRdsL7dMHpU3QYhbS7nby |
MD5: | 4B26BED9BEE624446CDEB94BCC119674 |
SHA1: | B077FF05B7BEE72A439E04596CCA8AEF932D9C6D |
SHA-256: | C24545CD1712447AB0BC41E53E801108A369ECA554196741E392057248CD1E52 |
SHA-512: | 5145D45E6DCD275C33DFCCC334BD8FE84DB4DF9D44EE11B52C27FCC15C74A6077214D7A9F454E12FB7F3807FF6E59D56430EB041D99F4A248C040D8A4744671B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4288 |
Entropy (8bit): | 5.229207651851834 |
Encrypted: | false |
SSDEEP: | 96:S4bz5vsZ4CzSAsfTxiVud4TxY0CIOr3MCWO3VxBaw+b70hve30hZ:S43C4mS7fFi0KFYDjr3LWO3V3aw+bIhF |
MD5: | 28F903BB5E646F6BD53988FD4964F1B9 |
SHA1: | 025DDA36032D60C2045571537E44FD6B74FEFCF1 |
SHA-256: | EFBC7141D41B817F4DE102B53970AD59F8910ABA13ECE2066ECBADBD7D853A19 |
SHA-512: | E15AB3212B38DF3B8DAF980E24C6A31414FCA2F5D9156EAC627FCD18B470CDA09D460B1ACF091E7A4309F29BBF38568D30A06B31FC567CEE49EA656090C45BD1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.150138699248812 |
Encrypted: | false |
SSDEEP: | 6:+oWGVocuE4q2PCHhJ2nKuAl9OmbzNMxIFUt8toWGVoJZmw+toWGV1DkwOCHhJ2nv:lWGwvBHAa8jFUt8+WGI/++WGb56HAa8E |
MD5: | BBDBD8421E3F3EF77F8D885004EA999D |
SHA1: | 9B6D75B56A83A37E2829E26509DDC444C0AF00F3 |
SHA-256: | D71311D019DE8CED259CA217E65A1F720975669020AEC356CF5BE3CE741C30EF |
SHA-512: | 30FAC9372F2E1D4087791C783136C0921D4B6B8387D7023055A3BE16CAAAF0B795765D80CAAF735AF6DB57B72C2F1C708265452C80ED9D44A05D8A89558EB2F9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.150138699248812 |
Encrypted: | false |
SSDEEP: | 6:+oWGVocuE4q2PCHhJ2nKuAl9OmbzNMxIFUt8toWGVoJZmw+toWGV1DkwOCHhJ2nv:lWGwvBHAa8jFUt8+WGI/++WGb56HAa8E |
MD5: | BBDBD8421E3F3EF77F8D885004EA999D |
SHA1: | 9B6D75B56A83A37E2829E26509DDC444C0AF00F3 |
SHA-256: | D71311D019DE8CED259CA217E65A1F720975669020AEC356CF5BE3CE741C30EF |
SHA-512: | 30FAC9372F2E1D4087791C783136C0921D4B6B8387D7023055A3BE16CAAAF0B795765D80CAAF735AF6DB57B72C2F1C708265452C80ED9D44A05D8A89558EB2F9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241024121105Z-157.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 0.8019627179226868 |
Encrypted: | false |
SSDEEP: | 48:PX/8mPwVjNK4MtKza7/qhOXMtKF4tjs2+sntVt7dmt771Fh7b1q6q++i5p1Kald4:/5wvMLMc4l3SVxKiP1VlCaRxQVw/Toz7 |
MD5: | 1D93E002166026E8A4380955176DA0BA |
SHA1: | CC47329714582207CA7F86641589FC929B8F33D8 |
SHA-256: | 79A6603CDF9DA24D72D02DF56CF0BF34B48292F5BB0D9CD7DE57D12EFCDB3067 |
SHA-512: | 7A2566D47C7E8BA3441FA8A683CB5C5D9781CB79FEDB7CFA318C2E33D8DACBD9D22C82F494FB6A66122B21B32ADEB8F72CC3FF665BB19E72129C8D71DFFFF978 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | 3:kkFklq2KkNttfllXlE/HT8kzr/hlXNNX8RolJuRdxLlGB9lQRYwpDdt:kKzFkPeT86r/RNMa8RdWBwRd |
MD5: | 503E676D8C7E4F7E74629D7084DB795B |
SHA1: | 8D042951DC248B1E1BCEDEEDE6DF63BBA6C480C7 |
SHA-256: | DF973AF28E518B92BB8A7BE1E82F0D6BCD4FAACC7C78CDFEF377AC5C3190BED8 |
SHA-512: | CC6031BF67B9064BDC297F25384E4FD8317DBFDCD923797775662056F477D050D5D454D17DFA27E6A94CE50DD9F2104906E7AA451110DC07FAE265BC38454C00 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 328 |
Entropy (8bit): | 3.247897867253902 |
Encrypted: | false |
SSDEEP: | 6:kKBlL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:JkDImsLNkPlE99SNxAhUe/3 |
MD5: | B67B1B04F42D81EEF5554BE10DFD4B87 |
SHA1: | DF986F55E995409F24A5E69B542FF107A595B2E8 |
SHA-256: | 7FF83B8073E905FBAED8D753725A2226D501675CC6D4EB747E6A7ABA92D72025 |
SHA-512: | 0AE74DC2A1A1B9B10E25786B6E8D6193A532FD73DC4977142CB2ACA265E1D6DE07E14A2CD7CC5CC955F754384F2D60A937998F646CC44497D602E895D2005018 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:qKPC4iyzDtrh1cK3XEiv07VK/3AYvYwgF/rRoL+sn:XPCaL/3AYvYwglFoL+sn |
MD5: | 27094DF6D14B4D6728D59FFC4E31294B |
SHA1: | CC768A8693F9C122496C2BE949E13F0C36AE7888 |
SHA-256: | B26846BECCDB3792F05A996D2863C7A1D286BD9F997DBC2112604EBDD206FEAC |
SHA-512: | 681F8D3F21AF1B1898F6572DB44AE92CF2AF56B3E8C9421C679DF0962A6CABE44753A5327368DAB97BC9AF997EFD86B803847285BB64F427196C65C8B0348BE8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.338129986073696 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJM3g98kUwPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGMbLUkee9 |
MD5: | 168EEC34814DFB8685AAD36E13C2DD43 |
SHA1: | 39BED427123B6CA868E159DDD8BD688EF258683F |
SHA-256: | 452ABAE1D1247E92C313D7166C775F51EC46CDCBF7B7B2E83B1AE2953645EC83 |
SHA-512: | 74025CAF39EA2927C7287740D67B436190F8044C7D2E7D4043266D3B77E4E20A1E99FD1A95384036EDB886E13AE4877D6B358DE677F8BBDE1278A82990F17787 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.274578883462081 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJfBoTfXpnrPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGWTfXcUkee9 |
MD5: | 4D1D075CCE8BD3CB7B12493EA94587C9 |
SHA1: | D48984CF52A46B52BC2241CBD1972435268E87F2 |
SHA-256: | 4A28D31CCC036D6A7858E34853527645FC6A02069A3CE32592A1BB1B789877B4 |
SHA-512: | 8BD4217959F4FE5E31A892D29E27C0D3DEC15B243589A8BB350F750FBEE04F5D65271990C76BE55BA0607471F137B0A7A305AD994C52F635DDD76BB95B1F4729 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.253776631431286 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJfBD2G6UpnrPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGR22cUkee9 |
MD5: | 5DFAA762FB18F463A679C6B8724E2EBD |
SHA1: | 1B983424AFD9EB9932C71CFEB1556A042F88C10D |
SHA-256: | 34E0AA0441990B9D6D9359F4BEED7467F4E5C917B72AFFA58ACAB94748B1BC9D |
SHA-512: | FB3EA906155C08052885E794E0D6DB8957FEB2D010ABF39520B67813518FADC6FFBC2B695AB32A14164BB2583806AB0A3DFF26B84E4378BD6316B2967420CF33 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.314193150154308 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJfPmwrPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGH56Ukee9 |
MD5: | 874D40F79880E774539FD21C08E496C1 |
SHA1: | 5A3F42DB91A2CDE40D1394C662A4F200C8C98166 |
SHA-256: | 1228E7DC78F54F2C3875299812F9CEC5C1512B4BD1E4CFDE6823DCAA87BA2C24 |
SHA-512: | D525AD3EE0BA4722F49FDA94AE6CF44E976325E52D7F09452CF90EE115F1E2F4B24A67B432886E6BB50A2974F3BB585479D4276F1BB93F9F378F6A9801BAC19F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1055 |
Entropy (8bit): | 5.663040679943687 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xv4JhfpLgEscLf7nnl0RCmK8czOCCS3S:YvpJhfhgGzaAh8cv/3S |
MD5: | 54679E96C6FCECA0A7E5D4AABCCA0A6F |
SHA1: | AB4123DC0B856A1007CBE1C88BECDB1B1553C877 |
SHA-256: | 7CF2A5FC3682EF400FD127F9D11663B81F6F9519247F96977CD596BE31955641 |
SHA-512: | 9AF9B8977C02506AC6300DB3B054F49EB7E915E5B034BA667A5FE79F6A3A473E81C9A8A0809B8CAF3D2DFFEB633BE05A6D5795094B619ADD2C02EB3A5EBC7A7D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.655795685546793 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xv4JhDVLgEF0c7sbnl0RCmK8czOCYHflEpwiVkS:YvpJhDFg6sGAh8cvYHWpw3S |
MD5: | 3011FBB654C493A3FC1DBF2ECDC4555F |
SHA1: | D4C16F28593F5B8F8D3E1793065574FF440DF706 |
SHA-256: | 5193A14E4A3429EA4D9BF5DB1E9BC2A213E19D587484F6EE05821C56EC31E801 |
SHA-512: | 0D1FE50D33FCDB1F158650F3E0300470E9C9509F0BD4C577927116DD7AEE807DFD9122355F280EA1750C024567B947C9169D2D146AC6E2ED59FB41A6390221C8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.263647997773834 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJfQ1rPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGY16Ukee9 |
MD5: | DEB6D012B6AA612D0A1C7D06BE2FA799 |
SHA1: | 304D35B30A792AF4B11ABA0D6A00FD4575D4A8A6 |
SHA-256: | C2A08C641665D82A5F79B3CA820F2032858516EFB93D46F84F783C065AFD92FA |
SHA-512: | 383C6720826819384EE5222BB84AF813A2B409C8448BE9483A12787CD9444FC4C07CAA21EA31D9AB4C0620ED22944352AEAB92693507BC9BFF457BC04DF8FD70 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.649705924798479 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xv4JhS2LgEF7cciAXs0nl0RCmK8czOCAPtciBkS:YvpJhSogc8hAh8cvAiS |
MD5: | 5B907255F63C19C597A3133B7842E94B |
SHA1: | FF185901B71250D65E535152625F0D576811F99B |
SHA-256: | C59D82C1B83F62ABBABD1B950F42F11CDF9E4FFC896E74A2C4031FE1F5D8133D |
SHA-512: | 0ED6DE1707C0927F6288D7C88B4FE3D00C842A249446EA75B94C7A41DD7C2FB3473BC73840D5CD3D3A181C1B65EB17E867737BE374D43AFA7A205D43D0621E8A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.700050031021931 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xv4JhOKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5kS:YvpJhOEgqprtrS5OZjSlwTmAfSK2S |
MD5: | 8D6CCEC0E9291FAB94A121BDA6F4A2B4 |
SHA1: | 57451BA0A89B7E363D8D7F365EBE35D0EFF6641E |
SHA-256: | 65DC8A9AAE5E8FD22F818E65DE241F9523E785FB8C25E28C7ABD5EA3374CC970 |
SHA-512: | 9DD36CF2E03B5428D657BAB2EA66333AB33F8F794997B0899D21EE9E13FF66FBF2DC8C7E94932D971BAF242363775A4A1F0211B455048423BEA0DA370ED1BB47 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.272115160916455 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJfYdPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGg8Ukee9 |
MD5: | 614CA7861CEAA25C6CF7036D730D137A |
SHA1: | 0DD4E0398C26E1DEA9FAB4DCE3CA13CD14DA1CD7 |
SHA-256: | 5962E9CD25001BF9E8833E7D21F95D42E7476CC1E1D9CE6C4B070BE4CABA7363 |
SHA-512: | D11B0F2CEB6539F101967043ACC430405FA1073A9F94140ED0F3D37F8A1F71670F6FA326324A65764A91F401ED0F153BA536A5A96FB27FC1576D5BC12503016A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.772706891906669 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xv4JhFrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNMS:YvpJhFHgDv3W2aYQfgB5OUupHrQ9FJ2S |
MD5: | C424F2A49F0AE279D46822DE52C3659E |
SHA1: | 95900035F9860D29A9CDDB20B4181B885B4F6A54 |
SHA-256: | 1C9144BB525194AE17D4D4220064C2CBD7E5F9FCAD69A242FC8BFC9D69C8A997 |
SHA-512: | CE50350A176C98A8459EB7F6865279ABC65826C3D4F868696827BB6B41BD696FB9E0AE6E4C6F84CFE03238B8D3E6E8DF887B5B8D33C74C7736C390EF5C469525 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.255853906968899 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJfbPtdPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGDV8Ukee9 |
MD5: | A642FF1F5AC6A88A4A15B5F51AE8F1AC |
SHA1: | 03AA1CBB2515FEFBFDCF0126A63D2A296C77DD05 |
SHA-256: | 4357CA66F725DADD6EE7CF341501BB09562DA5400811EB5CB8BDE50A43256D56 |
SHA-512: | 6E4D4E2B9F3963A762D563870C95041C2BD7CE3F5308EE1485B8A91B8B64A9F2D3BBDD31802BA6D03AE02814736019FCEEF2F08B70F4D88AEED60C58CBABE444 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.255086165148519 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJf21rPeUkwRe9:YvXKXVlHYvR/ZwHAVMusG+16Ukee9 |
MD5: | 8E40D9E2A79AA53DE702B821EC9DB32D |
SHA1: | DD9AB5ADCFAF8A6FC4237BBA608E55247471154F |
SHA-256: | 88589E9F17620B378C7BCD5033BB519BBB4B0780F12DA4A66610C0C0EF8C703E |
SHA-512: | 2DA7E06A8B1C846523BDC8CBF34403DDEAE8BED67574B63BB0689268AE6FB2089DF4750B7320611AA1BA2664D29AD6B27B632845F1C3461ABDC0D777B4530E9D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 5.634029853673597 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xv4JhHamXayLgE7cMCBNaqnl0RCmK8czOC/BS3S:YvpJhfBgACBOAh8cvM3S |
MD5: | CF1C2D2A91FCDE38C09E5B4B7488F738 |
SHA1: | 218630BE8CB4710B4382A2B7811E9147421A7A4C |
SHA-256: | 037DA36F36D0BE3C08D6CA0B54B4E187D5A8B8D67DCE9D629AACF27D9F32E28E |
SHA-512: | 3A1AF406041BDEE51E964FDBD0E3A6FD3FE668C589CECFFFCA1CB8D49ED32BCC3955F0AC695F78F4F9AAA41328DB782D87A9E2EE3D847565AC6A0784373B73A5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.229737545266029 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJfshHHrPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGUUUkee9 |
MD5: | F291A6CEFA49C4CC0DC1A9FB4D207922 |
SHA1: | A860FE2E4F2B2AC642BB06B9C47471498FD852B3 |
SHA-256: | 926B102BFAFEB803632DFD9B64E5AD43F481BE89ED74C95883622422F3D80E9B |
SHA-512: | 74E38916770921C2BBA42230938D1D378468BD2B553D9E49B074FCEF50CE4D077BF75EED430B69FCB1FCCDCA31B0B6A549F3B72D6D85FDC85259EEB065B2F749 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.364995851300005 |
Encrypted: | false |
SSDEEP: | 12:YvXKXVlHYvR/ZwHAVMusGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWL:Yv6Xv4Jhs168CgEXX5kcIfANh3S |
MD5: | 7681DCFE7433D47750AEDA4FF24075B8 |
SHA1: | E16750C44FA396562625905C9FA9A95BA0ABCC0C |
SHA-256: | C85572172B07828786555B383A8B839FAAA4BEA539C60E4878FABFBAEF370B40 |
SHA-512: | B8CCFC2B6156D72C5B9CF7C6BBD82F342F1B22819462596A6F8B3AD24B8F7912EE043ECF65A99997403D8AF93B5DDCECA5F5D546A199DA7E57E7C857E637C36D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.131959142394226 |
Encrypted: | false |
SSDEEP: | 48:YTTgqNp4JqBB89UBqW+8pVP4SJvrUz9KZ:KUqNeJUG9MqW+4g+ohKZ |
MD5: | BCEAE372FC649D5D46F2AC7F90CE035C |
SHA1: | 0AB69835D6B353F9CA436A0475223CC285D044F8 |
SHA-256: | 697771CAF4F270737CC91A7F050B545CDBDFDB871E90EDF480C2C8D9B6F0705A |
SHA-512: | FAAD02C97A8DED1BB55DAB5570EF2BA5C82083EAC639C1857858A2152C67B17484D23A727E3FA6D1E56B70EB50E5DCD12AA7D4E8BC4B211282F976814DB05855 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.3168184204208406 |
Encrypted: | false |
SSDEEP: | 24:TLKufx/XYKQvGJF7urs9Ohn07oz7oF0Hl0FopUEiP66UEiPbnPnNknNMeQ3itqVp:TGufl2GL7ms9WR1CPmPbPahQEypilIqS |
MD5: | 1A54D2B2E91DE1EE0D0B84AF8B173F58 |
SHA1: | FEB7E041D24764160A9ED4AA88F7000DDEF86CFF |
SHA-256: | 3D8C5FE3583F4653F7AC6F6B2BCEAF32DED60267A833842653BB8A5E86EB37BE |
SHA-512: | D8F033486CCA40290BC69A058E0F81213AE730D7BE2FABD0C3FC4F3E7D808E64FFC086F1B015B854F5A1377C9F50666214FD8306FD33882108E8A0D06FBF7625 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.7809556609107904 |
Encrypted: | false |
SSDEEP: | 24:7+tglhn07oz7oF0Hl0FopUEiP66UEiPbnPnNknNMeQ3i4qVpaVrScVr0InQqLhxh:7MHWR1CPmPbPahQhypilIpqFl2GL7msT |
MD5: | 62D0BB28D6AC3FA1165B538EDE3D6632 |
SHA1: | FE4F7F3BD2BD6187B08DCA24A8095C03C9CD2EC1 |
SHA-256: | AF3BC7F1432980A8113F747881858E075C40B09598022952BD7B7D70C56A0463 |
SHA-512: | F98E4BF026CA60C9893B2BA96A34308E7BA2FEF4843021C72044C6F792E5913240E4FE0E421A5A47DDCD7EDB9DCAC4B9B023009F7520442CBCFCD4E0397FA7C0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5030768995714583 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8cjglE:Qw946cPbiOxDlbYnuRKH3 |
MD5: | 4C01736BC18D94AFDC2D824438D52650 |
SHA1: | 46FD5816CB5107294D7D0AB036C7D00008888188 |
SHA-256: | 0E0093E0D09E9F5D7A98BE0758062361DF6EAB06BB486EAECACF4DBBEE8AC33B |
SHA-512: | 927065C50B1A413918319A2C2240B56BB20BF3566224BCC4502AC362649571D113E1B6DB4288B753BD73429A64216F9A36521DCA6270588CCD2515237725369D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-24 08-11-03-476.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.33860678500249 |
Encrypted: | false |
SSDEEP: | 384:IC2heaVGJMUPhP80d0Wc+9eG/CCihFomva7RVRkfKhZmWWyC7rjgNgXo6ge5iaW0:X8B |
MD5: | C3FEDB046D1699616E22C50131AAF109 |
SHA1: | C9EEA5A1A16BD2CD8154E8C308C8A336E990CA8D |
SHA-256: | EA948BAC75D609B74084113392C9F0615D447B7F4AACA78D818205503EACC3FD |
SHA-512: | 845CDB5166B35B39215A051144452BEF9161FFD735B3F8BD232FB9A7588BA016F7939D91B62E27D6728686DFA181EFC3F3CC9954B2EDAB7FC73FCCE850915185 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.314644243585369 |
Encrypted: | false |
SSDEEP: | 384:nKEXeXpXGX8XfQFeQnQmQUQPQlQsmpmVTXTrsisusRsQsJMsOZZmy+KwKMK69WQu:nDOZ2sPEeQTDewtQ6rHxxOJDnZo1LLNe |
MD5: | 8FDA7EDFA22C678CCA94BB43A9BFA479 |
SHA1: | E49C26235C53F4791671EFAFA05BB1CE16FCC885 |
SHA-256: | FE59B7D44FA3724E02B7A76F44ADB51BF09CC08A3806DC2809AB2A5583BFF640 |
SHA-512: | 34E00BE2EFB4FD96EFE54E1115991F9D46279EE90B961C90C6BA4D4130B6708A8B706D8C3D2FC4A50486B4B113653D67B285F72C8D4EF9F5838EEE5C6539072C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.404549877136299 |
Encrypted: | false |
SSDEEP: | 768:nLxxtShUxQo/KLgJKLZQBSlddR8TsKLnRs4umeBS3dnKLdR5:I |
MD5: | 60A142E6EE464E24ACC8BDAB4EC038D3 |
SHA1: | CCBB8DE011A4068591714DF1151699BB95CB719E |
SHA-256: | 4C9FAB87837077F9348E58C21779B1B19CE557C1C021FCB883ED7A3C608C672F |
SHA-512: | B5654B654EA36D5DA07F68B7F8601015C884CCAC694F2E5F85B8B91DE874AE55AB0D674072683B9F524FF3652CBEB36E1E3B4E9B102F915618C8D3329E0E93B5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:GP7ouWLYZwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:BuWLYZwZGuGZn3mlind9i4ufFXpAXkru |
MD5: | 217ABC57FA3F0D90BF80A43AC782AB59 |
SHA1: | FB0F16B823FA9B34F7F8B104A429C0768BE56121 |
SHA-256: | 837573D29AD478BA777C839D363206CA89E1E71B6740489FEA59E40E6CD866B0 |
SHA-512: | 7EC28AAC22713E12794374556BD2776DE1DAFB723181C2A12A8CD7A5F3FAC66DB3CF06A7AD36D4AAA3F974F8E1EA3FEB809CBAE43752F56E849ED5A6AAD9BE9B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.71052628906673 |
TrID: |
|
File name: | Declaratie 147379 - Exter B.V. - Exter DSM.pdf |
File size: | 192'510 bytes |
MD5: | cb4810250c6e6aadac1c9a9f8999f46c |
SHA1: | ce55b6c83d7d6ccb6307dbab3ec17d42872494b3 |
SHA256: | 094e423e7aa1aeadc7df3d206ba7737a92665c53a73c02eeb8b7df505855c870 |
SHA512: | a7d1b3216216f088c942a2762e6deae87096083d30d7d9af3af2ebe5a54d7acaf4876da816cf683b4eacdfdc44e38f423b805a47487f96c4c5b5678363d9f59c |
SSDEEP: | 1536:izm9/IWRX5SMml8E6ixMFGUzBF1fTY1y0KOHhgaFK3BVro3HgM8V1vvUunncMeA4:TVZ+sOa5OyAOo8V1vCb1i4/ |
TLSH: | 7214C363DD888A5BF11687BEFA237C79225E7266F6C7B3F104381CEB4A51401AD87079 |
File Content Preview: | %PDF-1.7.%.....1 0 obj.<<./Type /Pages./Count 2./Kids [ 4 0 R 22 0 R ].>>.endobj.2 0 obj.<<./Producer (Legalsense\040\050www\056legalsense\056nl\051)./Author ()./CreationDate (D\07220240913095131\05501\04700\047)./Creator (\050unspecified\051)./Keywords ( |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 6.710526 |
Total Bytes: | 192510 |
Stream Entropy: | 6.724240 |
Stream Bytes: | 179154 |
Entropy outside Streams: | 4.378816 |
Bytes outside Streams: | 13356 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 33 |
endobj | 33 |
stream | 12 |
endstream | 12 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 2 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
18 | 010100000000000b | 25d801fb1492547b0fd0a54292943fcc | |
33 | 0101000000000000 | 6975824d0a75d6b0b1bbc34eaffee976 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 24, 2024 14:11:13.791143894 CEST | 49724 | 443 | 192.168.2.8 | 96.7.168.138 |
Oct 24, 2024 14:11:13.791177034 CEST | 443 | 49724 | 96.7.168.138 | 192.168.2.8 |
Oct 24, 2024 14:11:13.791336060 CEST | 49724 | 443 | 192.168.2.8 | 96.7.168.138 |
Oct 24, 2024 14:11:13.791716099 CEST | 49724 | 443 | 192.168.2.8 | 96.7.168.138 |
Oct 24, 2024 14:11:13.791732073 CEST | 443 | 49724 | 96.7.168.138 | 192.168.2.8 |
Oct 24, 2024 14:11:14.511929035 CEST | 443 | 49724 | 96.7.168.138 | 192.168.2.8 |
Oct 24, 2024 14:11:14.512294054 CEST | 49724 | 443 | 192.168.2.8 | 96.7.168.138 |
Oct 24, 2024 14:11:14.512306929 CEST | 443 | 49724 | 96.7.168.138 | 192.168.2.8 |
Oct 24, 2024 14:11:14.513442993 CEST | 443 | 49724 | 96.7.168.138 | 192.168.2.8 |
Oct 24, 2024 14:11:14.513509035 CEST | 49724 | 443 | 192.168.2.8 | 96.7.168.138 |
Oct 24, 2024 14:11:14.564537048 CEST | 49724 | 443 | 192.168.2.8 | 96.7.168.138 |
Oct 24, 2024 14:11:14.564718008 CEST | 443 | 49724 | 96.7.168.138 | 192.168.2.8 |
Oct 24, 2024 14:11:14.564743996 CEST | 49724 | 443 | 192.168.2.8 | 96.7.168.138 |
Oct 24, 2024 14:11:14.611341000 CEST | 443 | 49724 | 96.7.168.138 | 192.168.2.8 |
Oct 24, 2024 14:11:14.614310026 CEST | 49724 | 443 | 192.168.2.8 | 96.7.168.138 |
Oct 24, 2024 14:11:14.614322901 CEST | 443 | 49724 | 96.7.168.138 | 192.168.2.8 |
Oct 24, 2024 14:11:14.661176920 CEST | 49724 | 443 | 192.168.2.8 | 96.7.168.138 |
Oct 24, 2024 14:11:14.687745094 CEST | 443 | 49724 | 96.7.168.138 | 192.168.2.8 |
Oct 24, 2024 14:11:14.687835932 CEST | 443 | 49724 | 96.7.168.138 | 192.168.2.8 |
Oct 24, 2024 14:11:14.688045979 CEST | 49724 | 443 | 192.168.2.8 | 96.7.168.138 |
Oct 24, 2024 14:11:14.688358068 CEST | 49724 | 443 | 192.168.2.8 | 96.7.168.138 |
Oct 24, 2024 14:11:14.688369036 CEST | 443 | 49724 | 96.7.168.138 | 192.168.2.8 |
Oct 24, 2024 14:11:14.688380957 CEST | 49724 | 443 | 192.168.2.8 | 96.7.168.138 |
Oct 24, 2024 14:11:14.688431978 CEST | 49724 | 443 | 192.168.2.8 | 96.7.168.138 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 24, 2024 14:11:08.971493006 CEST | 57863 | 53 | 192.168.2.8 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 24, 2024 14:11:08.971493006 CEST | 192.168.2.8 | 1.1.1.1 | 0x91ae | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 24, 2024 14:11:08.980535030 CEST | 1.1.1.1 | 192.168.2.8 | 0x91ae | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 24, 2024 14:11:10.043135881 CEST | 1.1.1.1 | 192.168.2.8 | 0xe013 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Oct 24, 2024 14:11:10.043135881 CEST | 1.1.1.1 | 192.168.2.8 | 0xe013 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.8 | 49724 | 96.7.168.138 | 443 | 7192 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-24 12:11:14 UTC | 475 | OUT | |
2024-10-24 12:11:14 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:11:00 |
Start date: | 24/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6e8200000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 08:11:00 |
Start date: | 24/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79c940000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 08:11:01 |
Start date: | 24/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79c940000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |