Windows
Analysis Report
Presidio-605520.pdf
Overview
General Information
Detection
Score: | 22 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 5900 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\P residio-60 5520.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 5452 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 4244 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 84 --field -trial-han dle=1732,i ,416732860 4085593503 ,123867206 3816952466 5,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
Phishing |
---|
Source: | OCR Text: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
54.227.187.23 | unknown | United States | 14618 | AMAZON-AESUS | false | |
184.31.48.185 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431810 |
Start date and time: | 2024-04-25 20:05:33 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Presidio-605520.pdf |
Detection: | SUS |
Classification: | sus22.phis.winPDF@14/46@0/2 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.63.204.182, 172.64.41.3, 162.159.61.3, 54.144.73.197, 107.22.247.231, 34.193.227.236, 18.207.85.246, 96.7.224.59, 96.7.224.48, 96.7.224.9
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, time.windows.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54.227.187.23 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | CobaltStrike | Browse | |||
Get hash | malicious | Unknown | Browse | |||
184.31.48.185 | Get hash | malicious | STRRAT | Browse | ||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AMAZON-AESUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
AKAMAI-ASUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Babuk, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 297 |
Entropy (8bit): | 5.228025074906233 |
Encrypted: | false |
SSDEEP: | 6:3uUB+q2PcNwi2nKuAl9OmbnIFUt8M7c5Zmw+MIiVkwOcNwi2nKuAl9OmbjLJ:rMvLZHAahFUt8K4/+La54ZHAaSJ |
MD5: | 0C425F46B5BBFC672856F307A35373BF |
SHA1: | CFD553C064D3C0537AEDA25AE08168F61AFA13C6 |
SHA-256: | FEABF9AB16C73E977B83C2D35E554EB8C589FE84BC49DD44CAF7BEE75CFF93A8 |
SHA-512: | 284E0272A402AA785E90B98BC1A0EA22447DC13D4B993041816D5AA61F9FEE9F582882F7C51C556244E16FA5D80645A29EAB516AF3D0D86D10B0C41645D70333 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 297 |
Entropy (8bit): | 5.228025074906233 |
Encrypted: | false |
SSDEEP: | 6:3uUB+q2PcNwi2nKuAl9OmbnIFUt8M7c5Zmw+MIiVkwOcNwi2nKuAl9OmbjLJ:rMvLZHAahFUt8K4/+La54ZHAaSJ |
MD5: | 0C425F46B5BBFC672856F307A35373BF |
SHA1: | CFD553C064D3C0537AEDA25AE08168F61AFA13C6 |
SHA-256: | FEABF9AB16C73E977B83C2D35E554EB8C589FE84BC49DD44CAF7BEE75CFF93A8 |
SHA-512: | 284E0272A402AA785E90B98BC1A0EA22447DC13D4B993041816D5AA61F9FEE9F582882F7C51C556244E16FA5D80645A29EAB516AF3D0D86D10B0C41645D70333 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 344 |
Entropy (8bit): | 5.2480759689950816 |
Encrypted: | false |
SSDEEP: | 6:3rfIkQ+q2PcNwi2nKuAl9Ombzo2jMGIFUt8Mr5+QgZmw+MrTlQVkwOcNwi2nKuAv:DPvLZHAa8uFUt8t5/+ku54ZHAa8RJ |
MD5: | A8AB331971FBF86DFB76DE4EB7983BA9 |
SHA1: | 9EF87357A976BDA91590C28F3D0BA65D2F5A84A8 |
SHA-256: | A41A4F6ADC4E201969E1238FFA45E666B48BA4379058327CF7156983823C6AAC |
SHA-512: | F9CD43DD1360FED1108F96A56195E84F52BB591FA6FD044778F6BE717F10FB8E7B1D7DD31D468EF9F5681047E2B02EBF800D933FF14F3C0D844C9AA864FA7AAD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 344 |
Entropy (8bit): | 5.2480759689950816 |
Encrypted: | false |
SSDEEP: | 6:3rfIkQ+q2PcNwi2nKuAl9Ombzo2jMGIFUt8Mr5+QgZmw+MrTlQVkwOcNwi2nKuAv:DPvLZHAa8uFUt8t5/+ku54ZHAa8RJ |
MD5: | A8AB331971FBF86DFB76DE4EB7983BA9 |
SHA1: | 9EF87357A976BDA91590C28F3D0BA65D2F5A84A8 |
SHA-256: | A41A4F6ADC4E201969E1238FFA45E666B48BA4379058327CF7156983823C6AAC |
SHA-512: | F9CD43DD1360FED1108F96A56195E84F52BB591FA6FD044778F6BE717F10FB8E7B1D7DD31D468EF9F5681047E2B02EBF800D933FF14F3C0D844C9AA864FA7AAD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.96930632548093 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4TX:Y2sRdsRdMHSOL3QYhbSpDa7n7 |
MD5: | FBDCC2772AA26D64959F72A60AEED4DF |
SHA1: | 65DC55AD8E6AF60BDBDD0E6F3BCA306D1B4706A3 |
SHA-256: | 6C648B6773C99F25E60A691E688BE640F52738A14D94F8FADC01AE9E9EF81C05 |
SHA-512: | 036D6EC84050006D1B725801BC5A70C4DAB1CFBFA5DC114D33BF66DA4BA362C4AD22E5DF5742BB5319A01434B5451162030B50828D20A72BB418824F5555D9E1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF67413a.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.96930632548093 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4TX:Y2sRdsRdMHSOL3QYhbSpDa7n7 |
MD5: | FBDCC2772AA26D64959F72A60AEED4DF |
SHA1: | 65DC55AD8E6AF60BDBDD0E6F3BCA306D1B4706A3 |
SHA-256: | 6C648B6773C99F25E60A691E688BE640F52738A14D94F8FADC01AE9E9EF81C05 |
SHA-512: | 036D6EC84050006D1B725801BC5A70C4DAB1CFBFA5DC114D33BF66DA4BA362C4AD22E5DF5742BB5319A01434B5451162030B50828D20A72BB418824F5555D9E1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b0f37ebf-c4c4-4df9-a3d8-516b90946cce.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.975316331738347 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZLsBdOg2H/gcaq3QYiubSpDyP7E4TX:Y2sRds3dMHD3QYhbSpDa7n7 |
MD5: | D65998002F76139C63C65111CFEC14FF |
SHA1: | F10FB40A9C5B5A539AEF5B537D0E1934B92EFCBE |
SHA-256: | 1226CE36B6D1126B4A35708C78439B3AF87A9F105BEA90ACF7484F67FEC12149 |
SHA-512: | BD1410E0125170474A4188C2752A901AA5CA7380CB19988F6B1AB5DDC14C3081EDDDCD7FF7F3D9D2E38A73D09CBAC4F34230F64BDA129538FCE3C2CB2059B5F5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\df283f39-3d9b-43ec-a494-94d841e01eaf.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.96930632548093 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4TX:Y2sRdsRdMHSOL3QYhbSpDa7n7 |
MD5: | FBDCC2772AA26D64959F72A60AEED4DF |
SHA1: | 65DC55AD8E6AF60BDBDD0E6F3BCA306D1B4706A3 |
SHA-256: | 6C648B6773C99F25E60A691E688BE640F52738A14D94F8FADC01AE9E9EF81C05 |
SHA-512: | 036D6EC84050006D1B725801BC5A70C4DAB1CFBFA5DC114D33BF66DA4BA362C4AD22E5DF5742BB5319A01434B5451162030B50828D20A72BB418824F5555D9E1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.235063356054403 |
Encrypted: | false |
SSDEEP: | 96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtP3akE0/moZ:CwNw1GHqPySfkcigoO3h28ytP3akE0/H |
MD5: | 6D2031945276D9B04AD88B6D6DF3A89C |
SHA1: | 04F62A25D2B34111E390F447E17BE69616992D9B |
SHA-256: | 4901A5BB7560CFDBC255A056EB6B48B28168BCA7F7B571C16E10D66E9FF5536C |
SHA-512: | 836B347374930E8C9B46AE99F48A9700955AEC7C4CA67E0D1A94F56B70F6570A0B88DB34DC8AA6702AAFCF5BD28DEC96B07D9366A957387F70F34805F3440773 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 332 |
Entropy (8bit): | 5.224505049465682 |
Encrypted: | false |
SSDEEP: | 6:3LQQ+q2PcNwi2nKuAl9OmbzNMxIFUt8MvQgZmw+M0FQVkwOcNwi2nKuAl9OmbzNq:7ovLZHAa8jFUt82/++54ZHAa84J |
MD5: | 5D60B68E51B6094232C821432D2A4E12 |
SHA1: | 1EE4AA2ED6974AF98A5019D6B9C4F4989311B8C0 |
SHA-256: | 04F21FD2E0F00810B1E2F8E42DE33E22A12EB0469005E3FFCAC4408012A9134A |
SHA-512: | 73FD08B7F190F41D497B30CE0ED1C20FEA1B1130FFF4DB4794039C1DDDD66F17626EE261232DF0F640F01C11736816A1D7670E8B8C8582552D0EDB9F1A6F175E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 332 |
Entropy (8bit): | 5.224505049465682 |
Encrypted: | false |
SSDEEP: | 6:3LQQ+q2PcNwi2nKuAl9OmbzNMxIFUt8MvQgZmw+M0FQVkwOcNwi2nKuAl9OmbzNq:7ovLZHAa8jFUt82/++54ZHAa84J |
MD5: | 5D60B68E51B6094232C821432D2A4E12 |
SHA1: | 1EE4AA2ED6974AF98A5019D6B9C4F4989311B8C0 |
SHA-256: | 04F21FD2E0F00810B1E2F8E42DE33E22A12EB0469005E3FFCAC4408012A9134A |
SHA-512: | 73FD08B7F190F41D497B30CE0ED1C20FEA1B1130FFF4DB4794039C1DDDD66F17626EE261232DF0F640F01C11736816A1D7670E8B8C8582552D0EDB9F1A6F175E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425180634Z-191.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.5658976655218964 |
Encrypted: | false |
SSDEEP: | 192:lbbbbjVHUtVa7/CGaLH3/HA9mwnbnFKZfiiQ1+ULNwfwnR:5VHsa7LaLHPNwbFafiiQ1+yNwf8 |
MD5: | 64D65139BE4DA3CE79125F6CC7F314A0 |
SHA1: | F475F38752D76C918FCCF171036A7B249A1DBBAF |
SHA-256: | 600C6D2BC20D62B27A4A737D5FD28BB11CA5FDB5A31E6BDA8DE85AC789C14F3E |
SHA-512: | 1B92F9D2BAD88A4C7E06ED39945F1E175E0279E3C846F1074DCAB0143BCBB9CB6ECD6A7307C3EBCD55BD9A2B9731B28C577B153EFE9F4D95101DCD624038CB4C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.438912927531947 |
Encrypted: | false |
SSDEEP: | 384:yeaci5GYiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:10urVgazUpUTTGt |
MD5: | AC03DE5662F2949C632C5B8BF8DAF91F |
SHA1: | 42545CF47749D5AA30A469815C167DB4FC2324BE |
SHA-256: | 3FE7270DA75B851401D0584BBFE30CE654786E492D0F0FD95831ECEDF508732B |
SHA-512: | 137DAF3C834B8D0C77BC1D2B5E6EB01B4BC30710CB6E77720FB857438B168C7B2000784A1FCA336505D4A250039F689007372D229B739AD932F1ED16BAA52B6A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7760442152261398 |
Encrypted: | false |
SSDEEP: | 48:7Mkp/E2ioyVBioy3DoWoy1CABoy1tKOioy1noy1AYoy1Wioy1hioybioyloy1no4:7TpjuB0iArXKQgNb9IVXEBodRBk5X |
MD5: | 40A358434C6C3C93E63822BCBF360B6C |
SHA1: | 98E3A45AAD4A2655DF7E1CFD1257681911B4BDB8 |
SHA-256: | FF31B7F8263ABC3ED90F75C701B37345973DB4A07AB6232AC040B0C24F797E00 |
SHA-512: | 658EAE7F7EB2328A29C8A85454DB17F7A4B2863668737392AEEFF85C7E0B426C2B8D5A650BC289E1DDC2D7D7B17DA2CCBF7DE16B15281056F20FE25859B7BC8F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:qMKP+iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:FKPoJ/3AYvYwglFoL+sn |
MD5: | C11248DE3EDEB5F39EE8D1E2C1FFE7D8 |
SHA1: | 7EC6B85BDB7C99BA691BB08A051EF7C4D4A43231 |
SHA-256: | 57612AEEE8F8E8471B730963F8E111C9890F83D8120380A6FF0676A3814A4B41 |
SHA-512: | E13FD658A42EE8BA3CDE3DE5912C3BF3F1A5D720D6C47C3FBCB9C529208DC2860A64B3C41F08660A76CAF5482CF8FDA5EEB62ACC719860AE05EE5C8369C24D9F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.358823121898299 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJM3g98kUwPeUkwRe9:YvXKXMRU51bsdTeOvrwGMbLUkee9 |
MD5: | E16038FC1826BE0C67353D3944987233 |
SHA1: | FDD31CC48F6195A7ED08DD6AB7B8C302C8652E65 |
SHA-256: | 3A302D80A8EBE1038E9B74EDE920A477CC8A3FB1FCE4F7DE9829184A1F4C1C55 |
SHA-512: | 4FE212A34ECF80B16E6764506FDC8ECE4CB8D58EFE67568DD05FB1AE85D0C2D6AA1903BFAB157CA296CA3D6E1DDF6CEDB0B61B3F853C8F8B00CEDAE92F85BDF2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.296855007140867 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfBoTfXpnrPeUkwRe9:YvXKXMRU51bsdTeOvrwGWTfXcUkee9 |
MD5: | 4B45CA50BE7F22D8BF3DEFA7C3F9D12F |
SHA1: | 88E3A6C1A9451135B0B7482409379EE1561D2DC5 |
SHA-256: | 006034FBDC91ED586530EEE8E695349B17700CA145FEBF0B9BBA41F7D6A86F67 |
SHA-512: | 5892F070E6D28A07E6D87A71A0E6DFC940B159AA347C0F85BEFD36B3C0D99C05B6FFC4F5AAE0A7395587A6BEF4FC69FE9435EF77025A18E3499B98D7C29EBC8D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.275561221367746 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfBD2G6UpnrPeUkwRe9:YvXKXMRU51bsdTeOvrwGR22cUkee9 |
MD5: | 84EBB05E49F973F191D78CD7C351C1E4 |
SHA1: | 55B6F590D005DC483FCF9F43AF6CC5BBA23E9F01 |
SHA-256: | BC30A52348DAAF8342B663270D5AFC9E5DADDC2A0D6550498223929EB7B35AA8 |
SHA-512: | C3168187C2D81FDC7988C416767006DC6F478C6BDB986945211790040447BA7505BAA83EC2859DC7C2C1E5482F5EC8E2AC24755475D6C3A7B4FE9EDB1C82E8AF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.345542117529644 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfPmwrPeUkwRe9:YvXKXMRU51bsdTeOvrwGH56Ukee9 |
MD5: | 25EB3F72C3110CB81CE07DBB67F1FEDA |
SHA1: | 203E8BCD6EBA47114EE1F044898BA2E8CE8A2D9F |
SHA-256: | A645829BDA636D52D78F8D4AC9733BE6C5A9EA699F82089F669AADFF15195420 |
SHA-512: | A85079BB753C205D07051F05CDE55E1D664C1995A320EE6950F0B3D3821743BB6E573A99F98E522CE85967A7F8ED2A63B29E20F4E1F703E0127A2D506BF971AC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.295898991343751 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfJWCtMdPeUkwRe9:YvXKXMRU51bsdTeOvrwGBS8Ukee9 |
MD5: | AD6277FBCC9100B7E1DE70D8A3B5CEA4 |
SHA1: | CE23FA033B898B9E46BA84F1BC839E7C4AB1BF3F |
SHA-256: | D79AFDA1398068546638C348166E33F6CDB21572140951D7ABB0046D5A8EE62F |
SHA-512: | AA9C44189D956795D4A21349EEC3CE66B28ED37DF064CD920F95B72DB2038CD1037C81879EB3E5C968B31F2819330BB07CA0C55B2736E3E12F97CDB80443E962 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.282219619801114 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJf8dPeUkwRe9:YvXKXMRU51bsdTeOvrwGU8Ukee9 |
MD5: | 7A38901B83BE6512A5189930BD7DB93E |
SHA1: | 44AB44099A6DD746284BB3E0A6517970C4D94F0F |
SHA-256: | 217C46ACB72EDB8B1D8C9CB015A9FED75E6C11342CE782456A158133A140C641 |
SHA-512: | A4F1BF931D6699B27C746A503C2262EA4D7D13CBC4EB3A1127E1F22D02FFD54FAF4B7D77541032A91C408166A36D578796931DAC691F904FC533E0018AF8F175 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2874193150319915 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfQ1rPeUkwRe9:YvXKXMRU51bsdTeOvrwGY16Ukee9 |
MD5: | 3DBFF70C68BB1D5D91ED4C4F48B0BF2F |
SHA1: | 993780D4124AB3BA943FCBADF2B06EA9A531384F |
SHA-256: | D733B4F934BA1DDA6A8BF2D86CD6A6F7C71BDFC933FC82C697BC6BE692E3EF13 |
SHA-512: | F091C08F3193AB89D125F16228327E1C9B5A49F5A320977C600F1F60047183C79065867EA01CF597D466A500E46E7EDA8F9B4326DD26797F4A1774AC8C46ED5D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.302185956816162 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfFldPeUkwRe9:YvXKXMRU51bsdTeOvrwGz8Ukee9 |
MD5: | 3CDB8FEF54BB56864F4A654FB5AC48BC |
SHA1: | 9D94D7DB77FC274B81EA6964FC2A60B4E5D2D1F7 |
SHA-256: | 37ED53B1502D14D3DA49955A0195213648F2099D8606D03A1FFECAABC73A4CC0 |
SHA-512: | 97F380AD0602010292D7561ED13F6A8B0AFCC21F509ED3DE8A3381B318C97FD31DE222894BCB98E04D7C25923329B8ED7EF00979D5DC2DE2816D4525AA68E2C5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.739254528722231 |
Encrypted: | false |
SSDEEP: | 24:Yv6XrmeOvroKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNm:YvLeQoEgigrNt0wSJn+ns8cvFJA |
MD5: | 61BA06613C337E0D48A058C394533DC1 |
SHA1: | DDE2679F0D29C47FAD9294B55BD3FA152ABFC158 |
SHA-256: | 1233B4A608D3BABE1EC08DC8DCB8D0EF566DC707E9E969C36857B97F72361341 |
SHA-512: | A0F18ECFA6CF930F531780D4F0C65EB9567A515312487B7BAFDDC9F96F5AF67EEC9EF9120BFACAE95DD6BF12B02EF15B95D3DD6F1DBAE8F05C02FFC47E603D90 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.288929719258341 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfYdPeUkwRe9:YvXKXMRU51bsdTeOvrwGg8Ukee9 |
MD5: | DA69792004D7183B6F1AA37A75468391 |
SHA1: | 4635273EEC67D4B4DA81204F59CF0C635DAF6C4C |
SHA-256: | 04E322DC4CC7C4AA100D8D2BDD5D43923D73A243A59E3A1336C15316A46794E0 |
SHA-512: | 82DAEDB151EE4BA2D56BAFB3BB1D3F922359A4134D6A8CA74B1B1663F3067F5C853BF72B2C52D78F3D20D08D9326432913F2DA07A126C7ADA86B8B608B38F690 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.774891275578397 |
Encrypted: | false |
SSDEEP: | 24:Yv6XrmeOvrHrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNe:YvLeQHHgDv3W2aYQfgB5OUupHrQ9FJs |
MD5: | 81CFFB8CF1E55160E9169C27D9F70411 |
SHA1: | 6575C36A341AA8C9540C971D9016E4BA8EA9B494 |
SHA-256: | 9EDB21703EFDAFB3D50784ED2C7083602F92A1B00795683FF53AE7E73FFB8EFA |
SHA-512: | E2C01A54A8169EA5B6C36075FE111BB99656F485C81619069A7E06AAAFC6D8F84B05BE40510CFCAE103EA17B633D56AA41B89E68585EF44C59E2A470959A7153 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.272552901335929 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfbPtdPeUkwRe9:YvXKXMRU51bsdTeOvrwGDV8Ukee9 |
MD5: | E5931D3A7938AFA1658DBFB81ED2E6B9 |
SHA1: | B623E4B9FB12CC064EC9F627B700ED875D7AE088 |
SHA-256: | 9D7927E1AC42FAB4123E7167F623E2430CF74436429BB0AEB968A3F8230B1820 |
SHA-512: | 5B2B446AEC3D59AD026F725C772E61CF164366375AC4691296E7E9809E1668612AE754AF3A74AB69AD346C4E1DE7FB35B4D583C611F7EA42E63208277FB5AFEC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.2778910928422285 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJf21rPeUkwRe9:YvXKXMRU51bsdTeOvrwG+16Ukee9 |
MD5: | F4E9902BEA4A4C61078231C8FC3D22C9 |
SHA1: | 0019B2E2580E035742726ACA333221765133F8F8 |
SHA-256: | 4968DE3D06E44080E19C0806E5942DBD7AE527B2BBFABF0EBFE1179D406D0B2A |
SHA-512: | DE50DF287E0666C37A7BD3C2AF901FA2A03F1E7599ECAF02E1D94628C608302734919C6DAB220A88FEC1BA2DE97AD68E28B61C26703987E26CBF6DA1810700E2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.295471029942267 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfbpatdPeUkwRe9:YvXKXMRU51bsdTeOvrwGVat8Ukee9 |
MD5: | 40168B3B0615CCC01E5C8749BB94FDFB |
SHA1: | BC133D498DF3CD011980185651712B8C17F04188 |
SHA-256: | F178E4B518F97E18B28E7F6D463A2943FB2E3DBFC27CFA1085EE4D119CFBE9F0 |
SHA-512: | 00F71896057105757C61EB9A856DD93514E3F02F257D3126F8567BAAB9D9531B7E5F8DE57684100EFB694FCE01D130A61C5C3CE8B3F0E893D558A36F71E80FFF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.253372307121607 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfshHHrPeUkwRe9:YvXKXMRU51bsdTeOvrwGUUUkee9 |
MD5: | 1CD00395549F0EE4AE082425A85A3F0F |
SHA1: | 5D84034DFE1F1386C9C7AD00F06857E824428FEF |
SHA-256: | 7DC3FB0CB004BAA2DFEDD79BB338AB5AFCC27E41E2A3953B3101DA38422FFA74 |
SHA-512: | D3A30F52AB5DC6B87EFD2FC6C68D098B707E25C6F2E8AF2E186FF70183218B9A471FD53DC6DCB46D4DE50BEB50A6C3C26E6D1D7E77E5DCB9EE4249C4C7952522 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.373150342229787 |
Encrypted: | false |
SSDEEP: | 12:YvXKXMRU51bsdTeOvrwGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYt:Yv6XrmeOvrm168CgEXX5kcIfANhb |
MD5: | 18033EEDBEBFC30B517B757A2D700104 |
SHA1: | 5E4F0BF71CC625090A1F6F360D55192474DD922F |
SHA-256: | 8D116FBB2ADCD5A33D6C5F69A5E020F8FBA9AA8B18FFF703B144984A9FBB635E |
SHA-512: | 1E59B6083386879AECFEF6B3F36C0BE0320450051ABB4FA4A696F579289B8F022BD76B72DEEB750412A2AD43CC0D61C39AC6BB9419F0CE4D2F69E40ABF4F787F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.149340714951943 |
Encrypted: | false |
SSDEEP: | 24:Y161o4tCDGXAOpQTBea3ayudG2tPktn2qjZXnEJj0S+p0Ue2AW2LSom0Md5R19cY:Y16LxJpqMdnGn1ZXnE9foem0Md19cY |
MD5: | 715B8EE2727EB2EEA08ECA520ED94C2A |
SHA1: | 8F73E41EEC07486EDAE8880534BBFC6AC4F46819 |
SHA-256: | CAAA53C14DC1123B11D46ACEC98CC0DE4142B5F7F43C67D1B86201D40FCA69F0 |
SHA-512: | C2FFE87DC8D28196BE37A0B3A1352ECE4DFFFE551DF2BC5A81B279393D796811A1BB924DB5D39897F66E9F0F0752BC1D0A744FABC3191AB28733D8DED7D381D7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.453619448592534 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsWlP:lNVmsw3SHtbDbPe0K3+fDZd9 |
MD5: | E398217FF8747788AE87A6DDC5341DDF |
SHA1: | C86305CEFF5689F3D9444F23F26D4F7BAA4227E6 |
SHA-256: | B1981BA02C8C327808A17A3172F6C3C2B60E4A21E01F62A1CC3EC8A07CB6534E |
SHA-512: | DC0E1710BF92FAD66103AC036C52DF506438861424199A67ACFC6E9111245E082CF12B13D904B1914E8E19EB6C5B03F8988CED7B0B64A879D9E2311DE37B704D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.9583791591955912 |
Encrypted: | false |
SSDEEP: | 48:7MxrvrBd6dHtbGIbPe0K3+fDy2dsHJqFl2GL7ms6:783SHtbDbPe0K3+fDZdwKVms6 |
MD5: | 14A74A518F553D6F9DB27BD1191AF9A6 |
SHA1: | 52867AD4ED81CCC04896B70D8E084802DE8B03C5 |
SHA-256: | B42A82A8AB46CD806F66E9D496D00D8D1E199C137D409096E4CCAD2056CC18A6 |
SHA-512: | 28D8910B4AD51C6300B27975B7CCD43A717CCC93625ABCCBB01566032FF57A920680858AA40EDDE5F46EEED6DC7C6AEEF5D05613DBE0D3C89F90F585E2E61764 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5274671434738973 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+uwle:Qw946cPbiOxDlbYnuRK2ww |
MD5: | ED9F3E55EADCD78098092B80E98F3D3D |
SHA1: | C76C959447C2BA232AAEBCBF85234651B65AD444 |
SHA-256: | 2864CD31DA254CE9A88EEA0BD35545522050D0F88F5F0FD37C7DC3BA3848AD64 |
SHA-512: | 32429D6E3DA13E74E90E1D4FE50ADDE8F51DBEE8C751A6EDB85545F85388888795525FFAB61AD7CA06C9FA944C3843789DBE93B538F6D50222FC0D1D280CB49A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 20-06-30-921.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.386483451061953 |
Encrypted: | false |
SSDEEP: | 384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID |
MD5: | F49CA270724D610D1589E217EA78D6D1 |
SHA1: | 22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3 |
SHA-256: | D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D |
SHA-512: | 181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 21-57-09-897.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15280 |
Entropy (8bit): | 5.3416235163326595 |
Encrypted: | false |
SSDEEP: | 384:szRM1MIMtM5MsMFMgZDZ7ZOTZcZIZGZIZpB2BwBO0Abhb5beb9biye/erLNL39IG:s9GhuIXYv5hoTyWwizoCwjdtS5nogpTP |
MD5: | 6B23462DDF77AB5D1279EDF58CCBBF7A |
SHA1: | 8178595A4C4D507050FF2558EECD047D248C5A5D |
SHA-256: | E8F7EAA43D14B8EAE3AEB1F5EC4237A0C352733DD12E03F949B106C8EF09FB90 |
SHA-512: | FE9871A6CF604D0F0F8412B66CE2B4671AC93D23C8540BC9994A79333B05F685093784DA691303634E5879B0477EA38176A58AE7EE6913E3C77CDDE591578ACE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1255 |
Entropy (8bit): | 5.262850447326338 |
Encrypted: | false |
SSDEEP: | 24:slktzWvZOF/lBzWN82jlBSylBtmlB0wLlBn8Zvn:sG6vUz6N8czFzkz0wLzs |
MD5: | FA69A6D8A6C13F61F50E9AF82F63E8B6 |
SHA1: | E4C8355E5BABE96E33841C152AB5ABB8A290F202 |
SHA-256: | 461157F6E53428E92A1E5EE33B5AA1239F75C494DD74112900E91E64F230014D |
SHA-512: | 34F071306D37C2C7D6B65B31A470CA488D0B1ACDF069501F57F61E509D2A2B8CA89A7585CF44968AB81D72196F98A611F4A35B97031DDC586D2C570E001E9844 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35814 |
Entropy (8bit): | 5.41169885098447 |
Encrypted: | false |
SSDEEP: | 768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRs:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRW |
MD5: | 8D8FDC3E148D44EC21E936E845B4A777 |
SHA1: | 9EF12135F77B9887292495C47D8F86467BBA8ECD |
SHA-256: | 9D941401929DC7F451936DEB84E93DDD5A4E2EF94CC79BF2E1DE23C0F5B2FC23 |
SHA-512: | 9F778D35C99E6825169CA4C65D76E9EEE831CC4666CFD4240BF7308B9F2BDC6C56E56CF892C875A0A191A8B4E72D95E97EAAD7EA25447E4EA54FC1D4F347E3FE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru |
MD5: | CA6B0D9F8DDC295DACE8157B69CA7CF6 |
SHA1: | 6299B4A49AB28786E7BF75E1481D8011E6022AF4 |
SHA-256: | A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7 |
SHA-512: | 9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.8966414940614005 |
TrID: |
|
File name: | Presidio-605520.pdf |
File size: | 44'716 bytes |
MD5: | 78475d805c24eb83d0160f43f179feac |
SHA1: | 4c01010796b1d35a7362f78ea0aea8e18d452ad7 |
SHA256: | 7cf1ffa5a46a07f96c0a56ab4f3fe986c0611d3afae41a4efedc80d8eb246342 |
SHA512: | c9d803ee4cdd51119c3af8e27652e3dfc42c14a70b3423eadaf87d300787da5cd0886661da94bf479f0e5661b0f3d95f6d95bfff3de01908315feffac7db75f5 |
SSDEEP: | 768:nZaXMWO8Qt8odAs7ajxN0FXyxaJVSLlSHDt8W/qa4H2nQ95aGdd2i:nAs8Q56sOMbVel8N/q1uQ9wq4i |
TLSH: | C413E10EA9957D9DFCF2C3873042AD9D898D7A0077C469C231341A19BA9D940DDF27BB |
File Content Preview: | %PDF-1.4.1 0 obj.<<./Title (..)./Creator (..)./Producer (...Q.t. .5...5...1)./CreationDate (D:20240425150502).>>.endobj.2 0 obj.<<./Type /Catalog./Pages 3 0 R.>>.endobj.4 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None> |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.896641 |
Total Bytes: | 44716 |
Stream Entropy: | 7.932157 |
Stream Bytes: | 41730 |
Entropy outside Streams: | 5.091830 |
Bytes outside Streams: | 2986 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 24 |
endobj | 24 |
stream | 6 |
endstream | 5 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
8 | aa694bd9a7cccd95 | 5e0ff853ebf97f13aedcd8fb041215e8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 20:06:36.146053076 CEST | 49708 | 443 | 192.168.2.7 | 54.227.187.23 |
Apr 25, 2024 20:06:36.146100044 CEST | 443 | 49708 | 54.227.187.23 | 192.168.2.7 |
Apr 25, 2024 20:06:36.146153927 CEST | 49708 | 443 | 192.168.2.7 | 54.227.187.23 |
Apr 25, 2024 20:06:36.146892071 CEST | 49708 | 443 | 192.168.2.7 | 54.227.187.23 |
Apr 25, 2024 20:06:36.146907091 CEST | 443 | 49708 | 54.227.187.23 | 192.168.2.7 |
Apr 25, 2024 20:06:36.396867037 CEST | 443 | 49708 | 54.227.187.23 | 192.168.2.7 |
Apr 25, 2024 20:06:36.397423029 CEST | 49708 | 443 | 192.168.2.7 | 54.227.187.23 |
Apr 25, 2024 20:06:36.397444963 CEST | 443 | 49708 | 54.227.187.23 | 192.168.2.7 |
Apr 25, 2024 20:06:36.398499966 CEST | 443 | 49708 | 54.227.187.23 | 192.168.2.7 |
Apr 25, 2024 20:06:36.398575068 CEST | 49708 | 443 | 192.168.2.7 | 54.227.187.23 |
Apr 25, 2024 20:06:36.398601055 CEST | 443 | 49708 | 54.227.187.23 | 192.168.2.7 |
Apr 25, 2024 20:06:36.398658991 CEST | 49708 | 443 | 192.168.2.7 | 54.227.187.23 |
Apr 25, 2024 20:06:36.399058104 CEST | 49708 | 443 | 192.168.2.7 | 54.227.187.23 |
Apr 25, 2024 20:06:36.399121046 CEST | 443 | 49708 | 54.227.187.23 | 192.168.2.7 |
Apr 25, 2024 20:06:36.399857044 CEST | 49708 | 443 | 192.168.2.7 | 54.227.187.23 |
Apr 25, 2024 20:06:36.399878979 CEST | 443 | 49708 | 54.227.187.23 | 192.168.2.7 |
Apr 25, 2024 20:06:36.487539053 CEST | 49708 | 443 | 192.168.2.7 | 54.227.187.23 |
Apr 25, 2024 20:06:36.706373930 CEST | 443 | 49708 | 54.227.187.23 | 192.168.2.7 |
Apr 25, 2024 20:06:36.706394911 CEST | 443 | 49708 | 54.227.187.23 | 192.168.2.7 |
Apr 25, 2024 20:06:36.706451893 CEST | 443 | 49708 | 54.227.187.23 | 192.168.2.7 |
Apr 25, 2024 20:06:36.706460953 CEST | 49708 | 443 | 192.168.2.7 | 54.227.187.23 |
Apr 25, 2024 20:06:36.706497908 CEST | 49708 | 443 | 192.168.2.7 | 54.227.187.23 |
Apr 25, 2024 20:06:36.709419012 CEST | 49708 | 443 | 192.168.2.7 | 54.227.187.23 |
Apr 25, 2024 20:06:36.709443092 CEST | 443 | 49708 | 54.227.187.23 | 192.168.2.7 |
Apr 25, 2024 20:06:40.892203093 CEST | 49710 | 443 | 192.168.2.7 | 184.31.48.185 |
Apr 25, 2024 20:06:40.892242908 CEST | 443 | 49710 | 184.31.48.185 | 192.168.2.7 |
Apr 25, 2024 20:06:40.892344952 CEST | 49710 | 443 | 192.168.2.7 | 184.31.48.185 |
Apr 25, 2024 20:06:40.892498970 CEST | 49710 | 443 | 192.168.2.7 | 184.31.48.185 |
Apr 25, 2024 20:06:40.892527103 CEST | 443 | 49710 | 184.31.48.185 | 192.168.2.7 |
Apr 25, 2024 20:06:41.229233027 CEST | 443 | 49710 | 184.31.48.185 | 192.168.2.7 |
Apr 25, 2024 20:06:41.229597092 CEST | 49710 | 443 | 192.168.2.7 | 184.31.48.185 |
Apr 25, 2024 20:06:41.229612112 CEST | 443 | 49710 | 184.31.48.185 | 192.168.2.7 |
Apr 25, 2024 20:06:41.231051922 CEST | 443 | 49710 | 184.31.48.185 | 192.168.2.7 |
Apr 25, 2024 20:06:41.231120110 CEST | 49710 | 443 | 192.168.2.7 | 184.31.48.185 |
Apr 25, 2024 20:06:41.233402967 CEST | 49710 | 443 | 192.168.2.7 | 184.31.48.185 |
Apr 25, 2024 20:06:41.233489037 CEST | 443 | 49710 | 184.31.48.185 | 192.168.2.7 |
Apr 25, 2024 20:06:41.233624935 CEST | 49710 | 443 | 192.168.2.7 | 184.31.48.185 |
Apr 25, 2024 20:06:41.233635902 CEST | 443 | 49710 | 184.31.48.185 | 192.168.2.7 |
Apr 25, 2024 20:06:41.276891947 CEST | 49710 | 443 | 192.168.2.7 | 184.31.48.185 |
Apr 25, 2024 20:06:41.343797922 CEST | 443 | 49710 | 184.31.48.185 | 192.168.2.7 |
Apr 25, 2024 20:06:41.343880892 CEST | 443 | 49710 | 184.31.48.185 | 192.168.2.7 |
Apr 25, 2024 20:06:41.343993902 CEST | 49710 | 443 | 192.168.2.7 | 184.31.48.185 |
Apr 25, 2024 20:06:41.344433069 CEST | 49710 | 443 | 192.168.2.7 | 184.31.48.185 |
Apr 25, 2024 20:06:41.344455004 CEST | 443 | 49710 | 184.31.48.185 | 192.168.2.7 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49708 | 54.227.187.23 | 443 | 4244 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 18:06:36 UTC | 1473 | OUT | |
2024-04-25 18:06:36 UTC | 544 | IN | |
2024-04-25 18:06:36 UTC | 3120 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49710 | 184.31.48.185 | 443 | 4244 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 18:06:41 UTC | 475 | OUT | |
2024-04-25 18:06:41 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 20:06:27 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff702560000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 20:06:28 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c3ff0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 20:06:28 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c3ff0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |