Windows
Analysis Report
00. business card_Luca STRANIERO.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
No malicious behavior found, analyze the document also on other version of Office / Acrobat |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
- System is w10x64
- Acrobat.exe (PID: 7636 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\0 0. busines s card_Luc a STRANIER O.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AdobeCollabSync.exe (PID: 7788 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 7836 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=778 8 MD5: 8A41FC5F946230805512B943C45AC9D8) - FullTrustNotifier.exe (PID: 7524 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\RDCNoti ficationCl ient\FullT rustNotifi er.exe" Ge tChannelUr i MD5: 92366A2F482926C3D0DD02D6F952F742) - AdobeCollabSync.exe (PID: 7960 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 8000 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=796 0 MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 8068 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 8108 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=806 8 MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 8176 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 7240 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=817 6 MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 7372 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 7432 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=737 2 MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 7352 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c MD5: 8A41FC5F946230805512B943C45AC9D8) - AdobeCollabSync.exe (PID: 3272 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\AdobeCo llabSync.e xe" -c --t ype=collab -renderer --proc=735 2 MD5: 8A41FC5F946230805512B943C45AC9D8) - AcroCEF.exe (PID: 7980 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7240 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 84 --field -trial-han dle=1732,i ,159135009 5965500555 2,13017635 8127367980 14,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: |
Source: | Thread delayed: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Virtualization/Sandbox Evasion | LSASS Memory | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 2 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
chrome.cloudflare-dns.com | 162.159.61.3 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.159.61.3 | chrome.cloudflare-dns.com | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431108 |
Start date and time: | 2024-04-24 15:38:19 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 23 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 00. business card_Luca STRANIERO.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@40/55@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.1.100.158, 23.3.84.164, 23.219.38.26, 23.219.38.58, 23.202.56.131, 18.207.85.246, 34.193.227.236, 107.22.247.231, 54.144.73.197, 142.250.101.94, 142.251.2.94
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, fs.microsoft.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, www.gstatic.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
15:39:10 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
162.159.61.3 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | PureLog Stealer, Xmrig, zgRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Stealit | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Stealit | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
chrome.cloudflare-dns.com | Get hash | malicious | PureLog Stealer, Xmrig, zgRAT | Browse |
| |
Get hash | malicious | NovaSentinel | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.278910967296393 |
Encrypted: | false |
SSDEEP: | 6:pB0Vq2Pwkn2nKuAl9OmbnIFUt8r0gZmw+r0IkwOwkn2nKuAl9OmbjLJ:pSVvYfHAahFUt8Ig/+II5JfHAaSJ |
MD5: | 2EA689113B41DD00ED7694C177286975 |
SHA1: | A9C7DF1D1167B78D300E13BAE7DE43E49AB01CF9 |
SHA-256: | 89C39069F2B8875C00BC9A5C114C11AF6382617CDB1E680B2CB96FC7F8A743D7 |
SHA-512: | 8E56C0B33F077707BFEC4C2905784FDB0A7BBB899FFF2698CFB519AC5E7C6FAF163DC58BF9568DCC97ADBB51B3A39FA9D46E7B595DD3EF42E83F41EC60BD7F37 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.278910967296393 |
Encrypted: | false |
SSDEEP: | 6:pB0Vq2Pwkn2nKuAl9OmbnIFUt8r0gZmw+r0IkwOwkn2nKuAl9OmbjLJ:pSVvYfHAahFUt8Ig/+II5JfHAaSJ |
MD5: | 2EA689113B41DD00ED7694C177286975 |
SHA1: | A9C7DF1D1167B78D300E13BAE7DE43E49AB01CF9 |
SHA-256: | 89C39069F2B8875C00BC9A5C114C11AF6382617CDB1E680B2CB96FC7F8A743D7 |
SHA-512: | 8E56C0B33F077707BFEC4C2905784FDB0A7BBB899FFF2698CFB519AC5E7C6FAF163DC58BF9568DCC97ADBB51B3A39FA9D46E7B595DD3EF42E83F41EC60BD7F37 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 333 |
Entropy (8bit): | 5.217394272999673 |
Encrypted: | false |
SSDEEP: | 6:Iq2Pwkn2nKuAl9Ombzo2jMGIFUt8NZmw+/kwOwkn2nKuAl9Ombzo2jMmLJ:IvYfHAa8uFUt8N/+/5JfHAa8RJ |
MD5: | A59B09C0DFC8D9DCDEF6DB00F4ACDBF1 |
SHA1: | 237F6CD5431BDA561B1E1A80EAC4CB17418A7901 |
SHA-256: | 94A80C444573DF0E6C5AC0C0BA229DE1672355ECB441760904BD8543BFF32845 |
SHA-512: | C7643CCB83393990DA3DDDCDCAA264FE4C0F290FB132272D4E8218CEB6F1298D0761C78BB04C8202E8874F850D5E02AADE17E1DF1CA4B8C9452DE8AB4A1658DE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 333 |
Entropy (8bit): | 5.217394272999673 |
Encrypted: | false |
SSDEEP: | 6:Iq2Pwkn2nKuAl9Ombzo2jMGIFUt8NZmw+/kwOwkn2nKuAl9Ombzo2jMmLJ:IvYfHAa8uFUt8N/+/5JfHAa8RJ |
MD5: | A59B09C0DFC8D9DCDEF6DB00F4ACDBF1 |
SHA1: | 237F6CD5431BDA561B1E1A80EAC4CB17418A7901 |
SHA-256: | 94A80C444573DF0E6C5AC0C0BA229DE1672355ECB441760904BD8543BFF32845 |
SHA-512: | C7643CCB83393990DA3DDDCDCAA264FE4C0F290FB132272D4E8218CEB6F1298D0761C78BB04C8202E8874F850D5E02AADE17E1DF1CA4B8C9452DE8AB4A1658DE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\10f8968e-3d20-4c2b-95e0-00ed24e7ef60.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.9687828516377985 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZEhsBdOg2Hlcaq3QYiubInP7E4T3y:Y2sRds5ydMHE3QYhbG7nby |
MD5: | CC2FA1965E16FDC471E1BE81537D481C |
SHA1: | F9DE401524A1D8F0590417190844B0915AF3F7B2 |
SHA-256: | 72B7CE6A7A1686834855BCA0C1117795EDAD5BC7E67B39D871FB0545C0AC2377 |
SHA-512: | A48EDEC1F4333D33ADCBF0ABD18F1B8C7E657CB8CD7F519EDB2DA2A6059192B29584739816CBC13F5FB13BF146042284F47672943DC79D631A8C1A785655A5FC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.9687828516377985 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZEhsBdOg2Hlcaq3QYiubInP7E4T3y:Y2sRds5ydMHE3QYhbG7nby |
MD5: | CC2FA1965E16FDC471E1BE81537D481C |
SHA1: | F9DE401524A1D8F0590417190844B0915AF3F7B2 |
SHA-256: | 72B7CE6A7A1686834855BCA0C1117795EDAD5BC7E67B39D871FB0545C0AC2377 |
SHA-512: | A48EDEC1F4333D33ADCBF0ABD18F1B8C7E657CB8CD7F519EDB2DA2A6059192B29584739816CBC13F5FB13BF146042284F47672943DC79D631A8C1A785655A5FC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.253023250128238 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7sQbLJvppyQbLwRSZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goN |
MD5: | CE0425EA25046F8CC2AFE3ACD726D38E |
SHA1: | 07F281BC80945AFD7627E0031CC02CEF39D43C77 |
SHA-256: | 02000A5B10EAB2EC7A908FF5A7D1E2B1656EA8D4F072B3B429A5447F834216DA |
SHA-512: | 134FE784188330865014FDFB04C3CE82156F0DB39B7E5C922F5D1BC7054294C9DBCE39614FA6B2B99314711934F2327F6A832ED0E1571D5F73A31BCAA21B4C3B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 321 |
Entropy (8bit): | 5.185024808027627 |
Encrypted: | false |
SSDEEP: | 6:jq2Pwkn2nKuAl9OmbzNMxIFUt8WZmw+9FzkwOwkn2nKuAl9OmbzNMFLJ:jvYfHAa8jFUt8W/+9Fz5JfHAa84J |
MD5: | 1B764CFAC0523B181D19B7743127AE31 |
SHA1: | C94D3564854CC20DCE168B60192D9A4F8D712D9A |
SHA-256: | EF5A3A6DCAE17D0AEC27BB180DC49D3E6D59BB98328C3F83E84F036E35FB68E7 |
SHA-512: | 8B21B3A8F11500A6F85294DE8F2490C78BDB3E52F83DB9474DA1F5A924DA22FA0A850C8613BDDBF52F780661A5337C4C0014C8D5175E92D90EF209E3E8B5E2C0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 321 |
Entropy (8bit): | 5.185024808027627 |
Encrypted: | false |
SSDEEP: | 6:jq2Pwkn2nKuAl9OmbzNMxIFUt8WZmw+9FzkwOwkn2nKuAl9OmbzNMFLJ:jvYfHAa8jFUt8W/+9Fz5JfHAa84J |
MD5: | 1B764CFAC0523B181D19B7743127AE31 |
SHA1: | C94D3564854CC20DCE168B60192D9A4F8D712D9A |
SHA-256: | EF5A3A6DCAE17D0AEC27BB180DC49D3E6D59BB98328C3F83E84F036E35FB68E7 |
SHA-512: | 8B21B3A8F11500A6F85294DE8F2490C78BDB3E52F83DB9474DA1F5A924DA22FA0A850C8613BDDBF52F780661A5337C4C0014C8D5175E92D90EF209E3E8B5E2C0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 0.08728080750134917 |
Encrypted: | false |
SSDEEP: | 3:lSWFN3sl+ltlFlo1Xll:l9Fys1fo |
MD5: | 863BB379B267B2404CB64A3BC9B4A650 |
SHA1: | 139EDCE2C64569B81175543D1DE743EF474F4432 |
SHA-256: | F7C1BC02F430EBD015E45159D9FD9E18643C4CDCCBB7E7733A248C8393CAA88C |
SHA-512: | 6AFF907DDAFC78AF2186F58D7102A88527BCE5473D72C03607EFC49C56ABAA157191D391A1ED9350CC058E9BB37040C29DBA9E3A668F640DE0100A639F1D2F51 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.28499812076190567 |
Encrypted: | false |
SSDEEP: | 3:7FEG2l/xB/lFll:7+/l/x |
MD5: | 50AFF7E77F653FA57800013AAFCBFFC8 |
SHA1: | FD86AA62FD851981681844722D5941E9DB86AE11 |
SHA-256: | F17A7C06BEA76F55341D866D78D18828936E3A15E23A2534DCC3D5D24A72832A |
SHA-512: | 9EC4FA783EBE01571A07C9AA7B2AD143AF2446C0DBB1B17F9D4454B25E1443C9B8B769EFB42D4265A8651D94B6CACBEA3F75197FFFBB7980ABAF0E7E17E1CA5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.06134270827555117 |
Encrypted: | false |
SSDEEP: | 6:GzhTTxZ/WhTTxZnt4L9X8vl/UFl/Ojl/gZl/KgufS8f8/8il:wYP8Ccl/8cl/xufd8T |
MD5: | 25A65E9D789AA0E76DCDB37354068C2E |
SHA1: | 7580A3D66291219E34323DD7AA6B8629909910D3 |
SHA-256: | ABB8CB16D69D1BD42D12645DACD315E18F19AE1A4BC64902DFA6F9B50095A9D1 |
SHA-512: | 6EC6F5F497A913A2D94F5C3CEF2E3D0BDFE3C65FE15048ECBC083115691B44664F8BD62835C3F42EC4F6FC5D0785F7E94DB0A9045376FE7C324F5648F4BB9B8A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 119512 |
Entropy (8bit): | 0.9626946436312389 |
Encrypted: | false |
SSDEEP: | 192:wS4TaQ3SiQWyG4N7aQ3SiBpc4mH4q4WiIaQ3JB:34BA+4NZxlU4KJ |
MD5: | 92188444A850CD77E4363956958D8DEE |
SHA1: | F505AB9CAF2A0888B510757D258D03A873C7639D |
SHA-256: | F2694AEDCC8CB48289FB8150ECD53E7E897B0C1B5C653E96EA59BB4273A54883 |
SHA-512: | A442A27A2DECF40FD4C6EE77794DEC69C69620981B54AC6A47F3FE8447AB830F8DD4B68821FED40F8037CA3B6DC7F36A5C67F6450109D8D174FF0B86737EBFC8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-04-24.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2420 |
Entropy (8bit): | 5.150617366857073 |
Encrypted: | false |
SSDEEP: | 48:gwDlgMe1Me1R1wJw+vbwyE+otJ9zE+oWn7//0uW3otMV9z3oX:gw5gBBg+2cB+oq+oWn70roUoX |
MD5: | 8D4E77356FAC38402201E40BF0C53CA0 |
SHA1: | 9EF2A3EBB12B71C3F83BDBA0754B9F032C6A884E |
SHA-256: | 33FD726C99E06DFB049F023958D5770CB4A4A8EC197369F1167A2172C38C772A |
SHA-512: | C92BDD00CA92489A6EF4042243CC6A3F2222B2CDBB7C40E1EC56E30CC0BBC31DADF80B7C3872099E8F174C573CD16DC1373AE60A2EAC09F57895607E6ACAF8E4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.36835287347338636 |
Encrypted: | false |
SSDEEP: | 24:TLi7egbVH5hCAZIlE/F7iMXBxIV24bMo1Jllew:To1ZhCW0QfxHQd1 |
MD5: | F391306DD8BAA3198B26D3C80A906E19 |
SHA1: | 6CD1B24D186F1CC68BF9097177DA5676C4A56422 |
SHA-256: | 62604481C477AF3F8813122011B9CEC6DDEE9A3992F3FAFE236E3E92FC62E680 |
SHA-512: | 5AD524078462D761F0F01933EBFC3714B44C93296BD4EDAB34B59CB833D1D9334CE830E196D2BD2BDA82837914E91B2B53E848EDC9BD04B7EDCC31D7DFD9DD53 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.28499812076190567 |
Encrypted: | false |
SSDEEP: | 3:7FEG2l/oXOkXll/lFll:7+/l/KOkXl |
MD5: | 77BF4BF5B17BDEA16C62128DD6D661F9 |
SHA1: | FCBCF8A242C895A077BF238588E232D631405C0C |
SHA-256: | 5C8794A8A7A625AECB51488FFF9B9848132036FA13ABBEC806445A668E29ED57 |
SHA-512: | 353EF1E08E08CD5CB7535CF7097AC70E9CA6B3269899E2067E0E086BB47B0C398016E1BB032E49C7B42A92EAB7CDAC302745CC86E657308731D955F23D4C90CF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424133929Z-645.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 69590 |
Entropy (8bit): | 0.7553541509053147 |
Encrypted: | false |
SSDEEP: | 96:I910EI4dYK5gG6GvRTDra0KfZJgc1cD0IGEhctclJXOE:qCEzdI+vtbZc16jhctlE |
MD5: | 822879A103F26A8C0F80CBCDC7D829EF |
SHA1: | 7FE54B10A3CACE4E211B57C00BB46FE8BA209DE4 |
SHA-256: | 03F86B9F065EAF16E75CE45CAF74E44B622705BAECD2176AECACA051F352877D |
SHA-512: | 267679C2D6306CAE4E52CFCCDA71F6DAA29907A19D0EAC3DB6C06B2489C960A8B7C27F252A4446E1336B75F6EE7BDA2FD0A64A2280FC2E1D83B7125065D1517A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.4454692796840725 |
Encrypted: | false |
SSDEEP: | 384:yezci5tmiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rps3OazzU89UTTgUL |
MD5: | 75A9C2BE9343BFF672FDDD4DAF3004E3 |
SHA1: | 7854FE93157CAF9C447FB955E3AE9C7F14FB2710 |
SHA-256: | A1FC6674E11FC1573A4C985D68574CB9C82B24D1C1EAA2A8DE1A194523D6E43A |
SHA-512: | 10DE131847DBD6F5359D1C582BA73FCA3973EA2AD255F44A3D08CDDA943853DABB0C3C78563F18D043E4F32FE42568A5AADDC93EA62ACA210326C0C43D9F7343 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.778073486444077 |
Encrypted: | false |
SSDEEP: | 48:7MIp/E2ioyVjioy9oWoy1Cwoy1LKOioy1noy1AYoy1Wioy1hioybioyXoy1noy1h:7bpjujFCXKQCTb9IVXEBodRBk1 |
MD5: | B6AAF89D79B70E4504C319BE1052CD12 |
SHA1: | 739455415F582221C8E37CB4EB4D04CDC5AAA1EC |
SHA-256: | E5EC6EE7FFE7BBC3257ABD74CCA0D652356ED1FE9FE0786C7269B48C6ED0F945 |
SHA-512: | B19F3B77EFAED61B3F504AB761FF1611BCD82203C4A5C14EC988DFDCFE30139CF043AF96E97CDC173973AFBEB5129CAD7718FCC000FA4CC1690C490A539DD418 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 0.9951370817377893 |
Encrypted: | false |
SSDEEP: | 192:hxoGsTzoU2uCTaUxmaAxNoGsTzoU2uCTaUxoALZWLGjZ5Pj5vHAxNoGsT:hZgCeNgCaN |
MD5: | DCD066A1C8CA38D94ACA4E5DF6CA20BF |
SHA1: | 0C670E7CB31FE1CFD952082C3629AD8861BFD799 |
SHA-256: | E484D26709945669E18A3D0A7F95E3EA943D4170736EDD8FEDFE3F69A7B8D25E |
SHA-512: | C07D385DB9B836F106E1951FDCD911D7FFF44AAE6EE7406CA665B211236E8ABE3395789E10200644343779983E9AD7B5E484B3B1567CA6EAB890A88E4FF9500B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.28499812076190567 |
Encrypted: | false |
SSDEEP: | 3:7FEG2l/t8l1lFll:7+/l/t |
MD5: | 0F9EA7DDD93720E0D4E3AE39388B490A |
SHA1: | 0E37EB142F1D0C282DCC49392AC6EBF979900B10 |
SHA-256: | F5B9FB07163D54DE15D01FBB534C4FD6A17C5E707E560F98974330B309B29B9C |
SHA-512: | 7F9FC7F9D2659E197BAA749DEF706AB16F568D712C719FB78D9D4C9BAF9D88D4AEAEEBC04E88FB89D473F9FAF34212A94F8D9578A8A75F1B0D1022D4D96C60E4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 253252 |
Entropy (8bit): | 3.3269814107815225 |
Encrypted: | false |
SSDEEP: | 1536:EKPC/iyzDtrh1cK3XEivK7VK/3AYvYwgjErRo+HAun:tPC1J/3AYvYwgoFo+HAun |
MD5: | 0F5BA36A39A7B94F676CBB19112CCB0A |
SHA1: | 64FD43A0D17337401895645D42C2502606832969 |
SHA-256: | 143AD347A543E2012B592CFE0DF0F675D1A33E269FBF341AF960210C363AA49D |
SHA-512: | F76BD4190946746D0F97A10A70F2DCF007F22A5A4FAFFC92BD38BF11F0578BB3AA2BEFC82224126C668D3BADB8DBAD802C8D71D169CB256BAF02EF2E70BA30D5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.362322481052554 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJM3g98kUwPeUkwRe9:YvXKXmI2i2Zc0vhg0nGMbLUkee9 |
MD5: | DCC9901EC3D04FF30A43B80BAB49D8A0 |
SHA1: | F71CC5DE4486DD0987974C859222BA7B26666820 |
SHA-256: | 25E76E016A234AAAE00C84366029DABAAFD5250E69119D450E3221614D450E60 |
SHA-512: | A4D377973F6D0156858C313E447055E3390CC39BA7EAABD97321035CF2BF5444D828BFF58F97FD83237B50D7C5519B7AA8AC550F7D16FE5D0F9931F4CD723B2E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.309166094189834 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfBoTfXpnrPeUkwRe9:YvXKXmI2i2Zc0vhg0nGWTfXcUkee9 |
MD5: | A04CDACC1C7D68B577B21D8DDEAF8245 |
SHA1: | EF3E047594436B548389501B74C7DF24BA9C93FB |
SHA-256: | 41B9CF66A3D0666A9FE038C08328B8B082E68C459EA5E98A382214DD57ADBF37 |
SHA-512: | 48443F3803948E4965A2BEF3E688552C0F8F9A1F94798AC9703E228E193DA0D4714360851EB768B9245ED272A4EA783B87DA46F468ACA0655EC39DAF0E532EB9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.288433888104503 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfBD2G6UpnrPeUkwRe9:YvXKXmI2i2Zc0vhg0nGR22cUkee9 |
MD5: | 2E9EDD1874BA83178E831508CCA91C71 |
SHA1: | 7F72A5E36885D4B20E992E37CB4D77313E64BABD |
SHA-256: | 7E7A3A0B6C30735EFCB7EC1B16FC5FB29990B323F08B4F96948A67C4CC48442F |
SHA-512: | DCD610738AE5321E5ADDFB075C6A58BAC09C58E34AEB4595A965EFE9DEE14030D6959E45935AF729814E854B928772423BF7D6B71ED93F39D7A86330B2D36F71 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.349296464255971 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfPmwrPeUkwRe9:YvXKXmI2i2Zc0vhg0nGH56Ukee9 |
MD5: | 55097347A8C0ADE6B1F6C50B0BFA3807 |
SHA1: | 4D9428670E3A1F83BFE11D53D2627CAEE9DA9CF9 |
SHA-256: | 6FFF77BF0957E82CFA70671AF27ADA99D9EB042A0EFD1DF8F50645F3D27EE479 |
SHA-512: | EAC18EEB3E3618F72BF174B35DAC7F69183BC13AA123E958382E721E3F280874F328D70300FE51D865F39AA9927679AD64E249C96ED00F520A193AA57F94CF9D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.305392414057309 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfJWCtMdPeUkwRe9:YvXKXmI2i2Zc0vhg0nGBS8Ukee9 |
MD5: | 7337E497DB42084AF655CC6105096E70 |
SHA1: | AD2B0EF8A2C949C6C20EFD2959083501A8E506D0 |
SHA-256: | FB1C4D5F2204A1ABBBE937D427393289506876116643850F575A3D0275266795 |
SHA-512: | 18B8F68CE3E7EB941DEF22D258F8C39ED557DD91A9530EE062EEA52194F94D0600356EEB9BFB8490B8DE6CD03D433176067CA7530F67EB814D6C36D7AD8A93DA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.293008524050091 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJf8dPeUkwRe9:YvXKXmI2i2Zc0vhg0nGU8Ukee9 |
MD5: | CD08F80A2CDA2CEB6A87C7E1DAE5A262 |
SHA1: | BF1DF3617D96C99FC1FDABBE566C4FDD76CC5993 |
SHA-256: | 00770B27AAE7FD3B69432CADFF9F9D1DDA9D7E9C737A32242E292489B21C549A |
SHA-512: | 2F662F617C9D299D3AA67C9A60882CB5D5A28281AA75C881375A1B9EC0F27B0CA9122E7A5B8A7254D558250D77E5924F19BD3881AC3BF505D2B66A06AD3CFAE1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.296997162573533 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfQ1rPeUkwRe9:YvXKXmI2i2Zc0vhg0nGY16Ukee9 |
MD5: | E89443BCF9B85E0866EBCF55CE31E5E1 |
SHA1: | 2027008B16D296A166D5050CBD5F3B5FEAE4C7A7 |
SHA-256: | 07D085803D2B719F9531E0CD0EFE4B2A107D02B97DD93C21454D64ABAF2407E8 |
SHA-512: | 036651FCE9DC52AD38866A3E7330B29863A31CA6CD5DBFC00BBA087EED850A822266FA94BEE4B9D124FF7921D8563DA2FFD301266BD1C3EB8A2F324D59E017F0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.300975670943384 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfFldPeUkwRe9:YvXKXmI2i2Zc0vhg0nGz8Ukee9 |
MD5: | 91EA2A282970EA6B8C3513CF962F781B |
SHA1: | A5AE72B8BC6F507E37381A24A914BF457CCE7A44 |
SHA-256: | 096DC33CA2BA9886D86A8505A65499B847AFC52C99B386365CEF3E61130AA5B1 |
SHA-512: | 03DD18B501D08EC96D7751152195541F595E5A731877CA0E7AE91250E71622D44B4B2FD421A850BAFD5E12E9F3D70D9B72DF944E6D529C8228415DA9AABA6995 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.737943781477357 |
Encrypted: | false |
SSDEEP: | 24:Yv6X32zvW0/KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNeQs:YvmutEgigrNt0wSJn+ns8cvFJY/ |
MD5: | 9384381140127FBB23B22A4E68459374 |
SHA1: | 81C6DF839272DB7AE06C408CCECFABCC96340DD4 |
SHA-256: | 4C757F000B413C10D148B276EA01A224667C4817175097D58D5D24340F6654D5 |
SHA-512: | AB7A65782EC6F50F7C9B7FDCAB206A70CC92F03DB469E2B071D8B453DF6C1429EF0B4469FBBC8D3A9D4CD26C493C105D953755F243D7F84017E25AFFCB2AE6A9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.298521689612525 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfYdPeUkwRe9:YvXKXmI2i2Zc0vhg0nGg8Ukee9 |
MD5: | CE7A1995443A8A5E8439A5E60296EF69 |
SHA1: | 38B8CB83C2005DA6FE5DFEEA7BE4B4186FEEDA55 |
SHA-256: | 2E0A6E5DB10B2383CBDBE5063FFE9D188A8F6C40948F9E2C6FB5E8FEC40E4946 |
SHA-512: | F852B1CB5E59E3BD66E658F7539E1195EEC3925D580D0E56D3A112C545450E072751363A4260A525B6558527346D70E5910708AD475E4DD79037E1FCEFBD2799 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.776394344978596 |
Encrypted: | false |
SSDEEP: | 24:Yv6X32zvW0CrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNGQs:YvmuwHgDv3W2aYQfgB5OUupHrQ9FJU/ |
MD5: | 8165F0E0D711D2DABCF9527DD186AE75 |
SHA1: | 0EBE4BB4016FDECA324BD13458AA601C8677F99F |
SHA-256: | CD78C0D9BCB374385C46C59A12ED87E9E94449EEA93DFD5CF3A0B6F427388D27 |
SHA-512: | 6EEEE0922B3EECE620AC7475F96AF309DF0AAB0E4CDEE319DC966CC97B596A255A532B4E1D4D63B0BD00870EF8605E50818347FABF76E5369F94FAA7D459D32A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.282078947495237 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfbPtdPeUkwRe9:YvXKXmI2i2Zc0vhg0nGDV8Ukee9 |
MD5: | ACD61CC688D1644C2A457E0410E0922F |
SHA1: | 8A0C0CA6FF0A50B04BF55B9491C477947BE07E54 |
SHA-256: | 70D630BF1F0E7D075CEEE0C0047EF561652ABCDE947CD380A307FC7C5A4FF121 |
SHA-512: | B84330ED329B081C62E1FEFAE822E801FA5E3CA04C3F67C8FD95CFB8A59F3578E9CDD854F0857D83F3D5E95D62AD0C0C9432F34D117CDD6BED8B1397A00B1BD8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.287005803695001 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJf21rPeUkwRe9:YvXKXmI2i2Zc0vhg0nG+16Ukee9 |
MD5: | 20FAE61E3ABB705FEA51BA55F9CC46A2 |
SHA1: | EC07F22B0E4851667352B2AD116FEFD18F63A8B1 |
SHA-256: | 76C957100CDC8250A516D02392CF5B4BC15315F0D72112ADC8CE506317A81729 |
SHA-512: | 014C4BF3E840FB7EA73E9265152B834B6BC9978C1AE6DA9DCABFECCF3F539386BBDB6E81D7CC1C48EDB03B4357E51EF75D3714155B085E4FB71684B45BAA51D3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.305634295895797 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfbpatdPeUkwRe9:YvXKXmI2i2Zc0vhg0nGVat8Ukee9 |
MD5: | 5C6C49FF3FCA5E2D737B6A71C10241A0 |
SHA1: | 83067FE6620115B077BB2F6074E36EE15F408188 |
SHA-256: | 8DDF072D9AC27E971A2FD318DEF35F6B98A722A7A8327DBE0D060491CEF122A5 |
SHA-512: | D49487AAA76E3AB0BC101B1118E72843218EA9729203C9BED0013DA7A37A85893D0CEE0D34EC0CCD23B9582D1C8243E8BB30EBC6B8438C2FFC0FA3C366DCADE1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.261781799726259 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfshHHrPeUkwRe9:YvXKXmI2i2Zc0vhg0nGUUUkee9 |
MD5: | C4E5A9E7254136E6D3CF2B9E1603E82E |
SHA1: | D5A26CE88F9221D640B9B9F8D0A9E69E50DE7BCF |
SHA-256: | B8FE953F724194480031B1FAED0D08D915EDE38AA78593E86E8EE2F2C36D3B3C |
SHA-512: | 5FBDCD4C856E146C7949C505461B75C8DBD70BB018E715D779A97A1FCB62CBED3462CB2D82F9557310A4730BC938E2FA7FBBFF6C138B8D31E6FF2CFB37B09CC6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.369352659874663 |
Encrypted: | false |
SSDEEP: | 12:YvXKXmI2i2Zc0vhg0nGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWKQs:Yv6X32zvW0n168CgEXX5kcIfANhBQs |
MD5: | 7C671D67C5432FA88B63960B727A730D |
SHA1: | 9E91DB760F5DC16E64E743C763E6A8C1E2B868B8 |
SHA-256: | B8CF47D95242F6003379BF3E7159D276B38984EBEDB87D5C6CD80B9973009091 |
SHA-512: | CC568C9E652245D2E5D962F5907F62DDFEC9ED18AE3ACCF52C29D121670898A2B588DC0CA5AFBB55575233BF40F5573328E48E615FD27D20656F92FC19B843E6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.142870618926535 |
Encrypted: | false |
SSDEEP: | 48:Y4Y1K2OHhkV4AMgsidJZv3Jn4qTHEKB6CG1BQc6QWbr9O6Tqc:6MHhkvMgsidJZv3Jn4qTHEKB6CG56QW5 |
MD5: | A892AE3A8C1CDC377780965144B31C66 |
SHA1: | DEE7BE5EDBF1741EEDBAE2CB015E15457CAFE041 |
SHA-256: | 9E03C8B26E8E41123DA110DECBF2F05CF887118FD93B1B1C828899C29F4086E6 |
SHA-512: | D7F78473B1929E77047552804271B87125A370FFB4DF55ADD1CA18215E482F510BCA0261AB45FECCDA6A33DC6DCC31597F49881048308E8113A943BFAA785C00 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1919877324393977 |
Encrypted: | false |
SSDEEP: | 24:TLxjx/XYKQvGJF7ursEt2rn7ddR97dfRT97dfZ6i3FU/PinjXjmuhZxJZx1mPwyq:Tll2GL7msEOnvR9H9vxFGiDBCs |
MD5: | 2147356CACBE7289A8E2A9F67A3C7A84 |
SHA1: | 781D0AF3A0E9692B1F668E114F0003A82798CECC |
SHA-256: | FD92A058CF6CD628A0BA62CB59DCBF0B106203ECEAF27B07B4754D15AD69016B |
SHA-512: | 57BFF330ECA5299C152B3E77C5145376F0C2C58652142CEC1BC7EAEC93BA2CFBDF0DBED4F1818B7E1544540801D86AA48B28950EA6F0D5D12383BBF46D100E68 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6168730544170478 |
Encrypted: | false |
SSDEEP: | 24:7+tq82u7ddR97dfRT97dfZ6i3FU/PinjXIALZxJZx1mPwy2Q2NWqLRx/XYKQvGJj:7MquvR9H9vxFGiDIAYZq1l2GL7ms6a |
MD5: | AC78125C188A5580BFEB07F466B096A4 |
SHA1: | 55BDD38A36925A8B72FD27D738C32BA43A54F5E6 |
SHA-256: | DF6A87323EE36CCDEE777802B433F452F9131DCDE56E1F2A611B74396B1228E3 |
SHA-512: | D1675A8D1B04ACE99F150CB00F5FFFBB860CD6F3E5A52C628E4EE1F394C62B8FBF9EE48572DDDD000CB8BB6AA023F249453AF0F895C7A6D086C03CEB7A3FA6C8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5329345335875004 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+aTZCH:Qw946cPbiOxDlbYnuRKHhw |
MD5: | C1BCAC28172009DF06C5E628A45B9FE4 |
SHA1: | 5A3A522343BB3AC5E9F5EDF9CEA7319DC2859A39 |
SHA-256: | 009E7AD133EA7668BFADD1817AA7402DA9768E6089F218315822D8010D9DC1EB |
SHA-512: | 0C6BB21357EBB7AD91624E9A856EAE4FA7A15D8C18936A8814E8CCFCF125D99C278FEEDC931A7EBEA58FD3EC29879F5B26E732188E11577FD4A12F450DB73797 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 15-39-27-473.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.401716468234278 |
Encrypted: | false |
SSDEEP: | 384:aWYlA0JwFqaHNBtTJypXFyHn0TGyH745yMoK2KHSdLCwQ8ku7GCWPWv+Jzj5s8IS:RIG |
MD5: | FA485FDDADE4F01B7121E86895CB936E |
SHA1: | B34A878A03D587CEC62844DEE969C7C01F15908D |
SHA-256: | C126373307FCE43F0533DCDE6D1AECB33E0D829F84BA86AE0FD4EE2F243B36CE |
SHA-512: | E5556AE5375D94F59C84344EEE24B22E42877D40E2CD58EF8DA66362025D16AD77A1E197BFF90DE0EF94CD08069E4F6B8573CB475D306ED460C2E03BED3280A1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.390755158590004 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rB:9 |
MD5: | 20587C92C1E127297E0B58D578E05133 |
SHA1: | 6BFF446BC799A6D5CC4324F2EDA0300BFA90626E |
SHA-256: | 96476D79F73E4F59625A815D52EF9F8939109BEFB0D5D32EDEE1DD49584458D9 |
SHA-512: | 74F1D91F7A3A53BA922BB112C2E59A50A1564943F80B207999C9CE1333CF6E62CD65B72F7AC9CF65851AA1D2D9D2141C83532400025EA8FD4519ABB5B29325C1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje |
MD5: | 716C2C392DCD15C95BBD760EEBABFCD0 |
SHA1: | 4B4CE9C6AED6A7F809236B2DAFA9987CA886E603 |
SHA-256: | DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8 |
SHA-512: | E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.66829583405449 |
Encrypted: | false |
SSDEEP: | 3:So6FwHn:So6FwHn |
MD5: | DD4A3BD8B9FF61628346391EA9987E1D |
SHA1: | 474076C122CACAAF112469FC62976BB69187AA2B |
SHA-256: | 7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486 |
SHA-512: | FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 36 |
Entropy (8bit): | 4.294653473544341 |
Encrypted: | false |
SSDEEP: | 3:8QvCyKGziFLpn:8QayKGyLpn |
MD5: | 5C6B932A79952B4B27833691305E61DB |
SHA1: | 09804DB0986A989C2C49CDCEA563567FB4C7B1A0 |
SHA-256: | DEE5A5925227B125F4AC6D9B70A277E6EC8494FFC73D1CCE9E08CC7A78D6208A |
SHA-512: | 4FAA9585BB10156D5DEA3B62D3A3A1BFA92430BA6E1E3381FC4C76C3071C85E53D5CBCE0016DBA1D1F9EA1B7AF37B4A4EFBAF4F3106B7D958B6E2E90AA0DF059 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 54 |
Entropy (8bit): | 3.7119196645733785 |
Encrypted: | false |
SSDEEP: | 3:8QvCxXLV1AiLKltVln:8QaRhJ2ltPn |
MD5: | 6A614A7743B0C781AAECA60448E861D6 |
SHA1: | 67B7DF5EBEB4527E4C31F3F9B7E52A0581DC4B6D |
SHA-256: | 9703120DC62C2C3F843BAD5B1E77594682CA7820F0345AE0BBD73021C1427146 |
SHA-512: | 3A45B27ED6F3AAA8C2113FBB21637675CC91D1239754447A7032D1A86CB1E7381575B28F992E5FFC9986354C2B9C173C614F1F703CA4C2BEE63AB3BC6ED909A6 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.990606089533537 |
TrID: |
|
File name: | 00. business card_Luca STRANIERO.pdf |
File size: | 4'156'024 bytes |
MD5: | 8729536ff1fc73f263c67050fa1e9aaa |
SHA1: | 4b2445ddfdae6a556102f466d8dc51711b0c0bb9 |
SHA256: | 0be36f317fbd8ac2ab33fd81020ce6d768ea60f0fbd850b12efbe42f26f71e39 |
SHA512: | a1fcf394175b706e77bd5c9ed21728d80028954d0248e67922ab3a2a35842510d9b27f74b6e0898ef5adef08748a7b856ec7c767ba72be49598883636916cffe |
SSDEEP: | 98304:xpc/xLNvTrUM5XhhMVlDagNXrrBjGjCcyKPEQmX3/Cx8:xWxtHUmXhh4FNXnBQw4ED/a8 |
TLSH: | DE1633354519682AF8413F3006143D92C7A77D6F46CE95607E3EB2A10FC78962B1EABF |
File Content Preview: | %PDF-1.6.%.....2 0 obj.<<./AcroForm 4 0 R./Metadata 5 0 R./OCProperties <<./D <<./ON [6 0 R]./Order 7 0 R./RBGroups [].>>./OCGs [6 0 R].>>./Pages 8 0 R./Type /Catalog.>>.endobj.5 0 obj.<<./Length 14112./Subtype /XML./Type /Metadata.>>.stream.<?xpacket beg |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.990606 |
Total Bytes: | 4156024 |
Stream Entropy: | 7.994030 |
Stream Bytes: | 4104329 |
Entropy outside Streams: | 3.703452 |
Bytes outside Streams: | 51695 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 66 |
endobj | 65 |
stream | 63 |
endstream | 63 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
24 | 0000000000000000 | cbc7993bed3955cc4cf1acafdf600250 | |
25 | 0000000000000000 | c8b72e9beee236dc5f6b21d37225adca | |
26 | 0000000000000000 | e17dc0b012f51760532d173048cfac3b | |
33 | 0000000000000000 | 3cb0ad040a5739257365c7704cb9b389 | |
35 | 0000000000000000 | 922365737f7c8a4756fe7e390a3c56af |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 15:39:32.233283997 CEST | 49740 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.233325005 CEST | 443 | 49740 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.233402967 CEST | 49740 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.236393929 CEST | 49741 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.236417055 CEST | 443 | 49741 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.236485004 CEST | 49741 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.236876965 CEST | 49740 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.236896038 CEST | 443 | 49740 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.237401009 CEST | 49741 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.237418890 CEST | 443 | 49741 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.554512024 CEST | 443 | 49740 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.555105925 CEST | 49740 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.555128098 CEST | 443 | 49740 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.556615114 CEST | 443 | 49740 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.556680918 CEST | 49740 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.558465004 CEST | 443 | 49741 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.584017038 CEST | 49741 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.584038973 CEST | 443 | 49741 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.584331989 CEST | 49740 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.584494114 CEST | 443 | 49740 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.584604979 CEST | 49740 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.584623098 CEST | 443 | 49740 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.588089943 CEST | 443 | 49741 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.588180065 CEST | 49741 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.659425974 CEST | 49741 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.659720898 CEST | 443 | 49741 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.660491943 CEST | 49741 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.660526991 CEST | 443 | 49741 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.722810984 CEST | 49741 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.738440990 CEST | 49740 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.803709030 CEST | 49744 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.803739071 CEST | 443 | 49744 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.803828001 CEST | 49744 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.804029942 CEST | 49744 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.804044962 CEST | 443 | 49744 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.894275904 CEST | 443 | 49740 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.894395113 CEST | 443 | 49740 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.894556046 CEST | 49740 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.894649982 CEST | 49740 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.894670010 CEST | 443 | 49740 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.898400068 CEST | 443 | 49741 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.898458958 CEST | 443 | 49741 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:32.898520947 CEST | 49741 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.898631096 CEST | 49741 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:32.898643970 CEST | 443 | 49741 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:33.117084980 CEST | 443 | 49744 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:33.117532015 CEST | 49744 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:33.117551088 CEST | 443 | 49744 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:33.118525028 CEST | 443 | 49744 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:33.118635893 CEST | 49744 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:33.148060083 CEST | 49744 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:33.148272038 CEST | 443 | 49744 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:33.148361921 CEST | 49744 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:33.148371935 CEST | 443 | 49744 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:33.238538027 CEST | 49744 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:33.465370893 CEST | 443 | 49744 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:33.465570927 CEST | 443 | 49744 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:33.465629101 CEST | 49744 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:33.494184017 CEST | 49744 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:33.494199991 CEST | 443 | 49744 | 162.159.61.3 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 15:39:31.993639946 CEST | 58276 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 24, 2024 15:39:32.147105932 CEST | 53 | 58276 | 1.1.1.1 | 192.168.2.4 |
Apr 24, 2024 15:39:37.206800938 CEST | 52410 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:37.361037970 CEST | 443 | 52410 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:37.361468077 CEST | 443 | 52410 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:37.361499071 CEST | 443 | 52410 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:37.362231970 CEST | 52410 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:37.404905081 CEST | 52410 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:37.405145884 CEST | 52410 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:37.406254053 CEST | 52410 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:37.560022116 CEST | 443 | 52410 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:37.560036898 CEST | 443 | 52410 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:37.560046911 CEST | 443 | 52410 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:37.560058117 CEST | 443 | 52410 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:37.560488939 CEST | 52410 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:37.560549021 CEST | 52410 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:37.560683966 CEST | 443 | 52410 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:37.586865902 CEST | 52410 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:39:37.714410067 CEST | 443 | 52410 | 162.159.61.3 | 192.168.2.4 |
Apr 24, 2024 15:39:37.739877939 CEST | 52410 | 443 | 192.168.2.4 | 162.159.61.3 |
Apr 24, 2024 15:40:04.856709957 CEST | 52410 | 443 | 192.168.2.4 | 162.159.61.3 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 24, 2024 15:39:31.993639946 CEST | 192.168.2.4 | 1.1.1.1 | 0xf678 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 24, 2024 15:39:32.147105932 CEST | 1.1.1.1 | 192.168.2.4 | 0xf678 | No error (0) | 162.159.61.3 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 15:39:32.147105932 CEST | 1.1.1.1 | 192.168.2.4 | 0xf678 | No error (0) | 172.64.41.3 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49740 | 162.159.61.3 | 443 | 7240 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 13:39:32 UTC | 245 | OUT | |
2024-04-24 13:39:32 UTC | 128 | OUT | |
2024-04-24 13:39:32 UTC | 247 | IN | |
2024-04-24 13:39:32 UTC | 468 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49741 | 162.159.61.3 | 443 | 7240 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 13:39:32 UTC | 245 | OUT | |
2024-04-24 13:39:32 UTC | 128 | OUT | |
2024-04-24 13:39:32 UTC | 247 | IN | |
2024-04-24 13:39:32 UTC | 468 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49744 | 162.159.61.3 | 443 | 7240 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 13:39:33 UTC | 245 | OUT | |
2024-04-24 13:39:33 UTC | 128 | OUT | |
2024-04-24 13:39:33 UTC | 247 | IN | |
2024-04-24 13:39:33 UTC | 468 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:39:08 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:39:09 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff737cc0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 15:39:10 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff737cc0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 15:39:11 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff737cc0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 15:39:11 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff737cc0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 5 |
Start time: | 15:39:13 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff737cc0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 15:39:13 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff737cc0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 15:39:15 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff737cc0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 8 |
Start time: | 15:39:15 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff737cc0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 9 |
Start time: | 15:39:17 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff737cc0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 10 |
Start time: | 15:39:17 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff737cc0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 11 |
Start time: | 15:39:19 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff737cc0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 12 |
Start time: | 15:39:19 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff737cc0000 |
File size: | 11'469'784 bytes |
MD5 hash: | 8A41FC5F946230805512B943C45AC9D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 13 |
Start time: | 15:39:22 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 218'280 bytes |
MD5 hash: | 92366A2F482926C3D0DD02D6F952F742 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 14 |
Start time: | 15:39:24 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 16 |
Start time: | 15:39:25 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |