Windows
Analysis Report
CERT-1416920247.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6684 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\C ERT-141692 0247.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7180 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7376 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 76 --field -trial-han dle=1592,i ,116915579 7196325893 9,14076181 5741584682 08,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
96.17.64.189 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
107.22.247.231 | unknown | United States | 14618 | AMAZON-AESUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432433 |
Start date and time: | 2024-04-27 03:19:43 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | CERT-1416920247.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/46@0/2 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 69.192.108.223, 172.64.41.3, 162.159.61.3, 184.26.41.186, 184.26.41.208, 23.33.46.46, 23.33.46.26, 23.36.38.92, 23.36.38.93, 23.36.38.78, 23.36.38.84, 23.36.38.118, 23.36.38.79, 23.36.38.109, 23.36.38.77, 23.33.46.49
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, geo2.adobe.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
96.17.64.189 | Get hash | malicious | Jupyter | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
107.22.247.231 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AMAZON-AESUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Captcha Phish | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Captcha Phish | Browse |
| ||
Get hash | malicious | Captcha Phish | Browse |
| ||
AKAMAI-ASUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.197961476551234 |
Encrypted: | false |
SSDEEP: | 6:SN+q2Pwkn2nKuAl9OmbnIFUt8k/ZZmw+k/NVkwOwkn2nKuAl9OmbjLJ:SIvYfHAahFUt82Z/+2z5JfHAaSJ |
MD5: | 1C1BC6CFE890C57261B8C164E866A5B7 |
SHA1: | FC882DFB5D189300E2DD04C835E96568FC893A9B |
SHA-256: | 389301B5CB2946746F0B222CDC18C75F35CD31B1F3F227ED3EE22A3DBB791097 |
SHA-512: | D21B773CB45F2A9714D74EEBE3E422908BBE9A80485B8D13F59DC7FA6FF1D48D7680A76003C3B4A7EFB1720DE42D15623268152D2CC8D9F059C85CCD0AF11CD3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.197961476551234 |
Encrypted: | false |
SSDEEP: | 6:SN+q2Pwkn2nKuAl9OmbnIFUt8k/ZZmw+k/NVkwOwkn2nKuAl9OmbjLJ:SIvYfHAahFUt82Z/+2z5JfHAaSJ |
MD5: | 1C1BC6CFE890C57261B8C164E866A5B7 |
SHA1: | FC882DFB5D189300E2DD04C835E96568FC893A9B |
SHA-256: | 389301B5CB2946746F0B222CDC18C75F35CD31B1F3F227ED3EE22A3DBB791097 |
SHA-512: | D21B773CB45F2A9714D74EEBE3E422908BBE9A80485B8D13F59DC7FA6FF1D48D7680A76003C3B4A7EFB1720DE42D15623268152D2CC8D9F059C85CCD0AF11CD3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.197074358804107 |
Encrypted: | false |
SSDEEP: | 6:xw+q2Pwkn2nKuAl9Ombzo2jMGIFUt8aZZmw+hd3VkwOwkn2nKuAl9Ombzo2jMmLJ:x1vYfHAa8uFUt8O/+hT5JfHAa8RJ |
MD5: | E7AA2A0F25A77D138B35E2994338B572 |
SHA1: | A5263E34558E9A126F142F0A4DE17A651061AC0A |
SHA-256: | 5F910CB066BC8E39FC05979FA662D671F66A50D990872982B57582D2771796F4 |
SHA-512: | 3492F5F7A2EBF435A6EEF820ABD84E693032EF5C86B872DAEF7E9A27C16319E61CF53BF39D30EF4F2231A46BA34C9A8F7F67727073678DCF05021636AE9A25E5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.197074358804107 |
Encrypted: | false |
SSDEEP: | 6:xw+q2Pwkn2nKuAl9Ombzo2jMGIFUt8aZZmw+hd3VkwOwkn2nKuAl9Ombzo2jMmLJ:x1vYfHAa8uFUt8O/+hT5JfHAa8RJ |
MD5: | E7AA2A0F25A77D138B35E2994338B572 |
SHA1: | A5263E34558E9A126F142F0A4DE17A651061AC0A |
SHA-256: | 5F910CB066BC8E39FC05979FA662D671F66A50D990872982B57582D2771796F4 |
SHA-512: | 3492F5F7A2EBF435A6EEF820ABD84E693032EF5C86B872DAEF7E9A27C16319E61CF53BF39D30EF4F2231A46BA34C9A8F7F67727073678DCF05021636AE9A25E5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0adb0edd-c452-48ba-80ae-657430bfab77.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.967403857886107 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7 |
MD5: | B7761633048D74E3C02F61AD04E00147 |
SHA1: | 72A2D446DF757BAEA2C7A58C050925976E4C9372 |
SHA-256: | 1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67 |
SHA-512: | 397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\22b650c7-1897-4b99-ac16-0027fd94b8ac.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 474 |
Entropy (8bit): | 4.963189744724114 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZQm5sBdOg2HAcaq3QYiubInP7E4TX:Y2sRdsrjdMHr3QYhbG7n7 |
MD5: | B5E18B7B8BF4BFE4668690FFF2D82495 |
SHA1: | 50C47FA782C4CE4B811A94C34D4B9BC6884FCE2E |
SHA-256: | 5326C5D9C23AC990770F590ECAF8137CEE89B5F2B9D3F0E065598702091D647F |
SHA-512: | D92BED799E256BE8A9FC8E018419DFBA7FCA60345FF620E169221F2827BF501402F29A192C02C863CCE06D61362ED5DAD14C1B0711F1FA686113D25BD40E8979 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.967403857886107 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7 |
MD5: | B7761633048D74E3C02F61AD04E00147 |
SHA1: | 72A2D446DF757BAEA2C7A58C050925976E4C9372 |
SHA-256: | 1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67 |
SHA-512: | 397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF635dfd.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.967403857886107 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7 |
MD5: | B7761633048D74E3C02F61AD04E00147 |
SHA1: | 72A2D446DF757BAEA2C7A58C050925976E4C9372 |
SHA-256: | 1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67 |
SHA-512: | 397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.258396739695005 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7PzRZ7zMZZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goQ |
MD5: | 1CF78D31DEB2E748D2F93ABC60D4D1CD |
SHA1: | 9376D11235B0A48AAB64CE176C8D17391F646BC1 |
SHA-256: | 5A9ABF8C6586E844BA38383AF8EDD9C69724DD6D733B61EE3DF3554664429D88 |
SHA-512: | A9FF08CF29EADB8912CE825F40B7BE408219D68F1F6A31480314E3D7AA05F9055AB33388439B37FDA7B50D4FF6027840642B8851208FFD63DDDC190BA95806E2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.136539136697214 |
Encrypted: | false |
SSDEEP: | 6:m2J3+q2Pwkn2nKuAl9OmbzNMxIFUt8vQFZmw+vHNVkwOwkn2nKuAl9OmbzNMFLJ:ZJOvYfHAa8jFUt8i/+r5JfHAa84J |
MD5: | D790BD969A1CA8D3D712682797C99129 |
SHA1: | A88BBF4143E0D231CA0495815BA48A474B33D709 |
SHA-256: | B35B38162F686BE10AC85588BCBF68AB6D23D07026A55C1AF57B43293E7B4046 |
SHA-512: | 673D7F6AB778FD4625BCCFD2D7EA03A13FF06B1CE11ED5000487BD30F93C0592F3525E007F71A995081E8751B949FBCC082B320FECAF554DEE82007033101170 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.136539136697214 |
Encrypted: | false |
SSDEEP: | 6:m2J3+q2Pwkn2nKuAl9OmbzNMxIFUt8vQFZmw+vHNVkwOwkn2nKuAl9OmbzNMFLJ:ZJOvYfHAa8jFUt8i/+r5JfHAa84J |
MD5: | D790BD969A1CA8D3D712682797C99129 |
SHA1: | A88BBF4143E0D231CA0495815BA48A474B33D709 |
SHA-256: | B35B38162F686BE10AC85588BCBF68AB6D23D07026A55C1AF57B43293E7B4046 |
SHA-512: | 673D7F6AB778FD4625BCCFD2D7EA03A13FF06B1CE11ED5000487BD30F93C0592F3525E007F71A995081E8751B949FBCC082B320FECAF554DEE82007033101170 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240427012039Z-270.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 2.1393135063835316 |
Encrypted: | false |
SSDEEP: | 96:U7y9rKaa0qlY7Az45UQ+lvxMMWRHhnG3H9Hz51DubdugvI6a1agQmpZqSMxqkOjP:U7jhYAk5U3v0hGX9z241ag5kOL |
MD5: | BF382857478FEDAB01C2180B0183B729 |
SHA1: | 7CB965D68B3A5A1FD138BCD761569556F37B19BA |
SHA-256: | D6DFA2C7914BE1446A74F48647DEFE1023A5B47C594A7AC40430D6AF81F2C0E1 |
SHA-512: | E31BDBC89391D2DFD15BD10DCA617215636AFC1214E8F751FCA0FE34CE7D24904D875DCD1717E71F21F8B1D12F8B98DC3DA044A1F69BB62696E0FDDF0A8BAC0A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445086619516185 |
Encrypted: | false |
SSDEEP: | 384:yezci5toiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rPs3OazzU89UTTgUL |
MD5: | CD2488F3E855D967ECBD1134A6169B7F |
SHA1: | C314F785DF655A1C684A1457D7D836E33FE6D805 |
SHA-256: | E0A46FE73A5E9A880809A7D21D6AE818D78CD2A384063CE32E9F8FBE2F3BBED7 |
SHA-512: | 79D5AEDD1AB332A041BBF6E9F04C499C1F72EDA5DAA7278C7B8155B919EC00FDF6936A8353E09CF39A38B995D0A12279D49C9EE39A127194646326B3A1222A53 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.775335325027983 |
Encrypted: | false |
SSDEEP: | 48:7MFp/E2ioyVKioy9oWoy1Cwoy1CKOioy1noy1AYoy1Wioy1hioybioygoy1noy15:7WpjuKFxXKQVUb9IVXEBodRBks |
MD5: | 3BAC380347F5AD79A67357118C3F18DA |
SHA1: | 0CA3DF28861693C19528AF8766181E56B0C0A43A |
SHA-256: | C912993BB46039CC61CDF8F0797DC5BB748B56C2ED1EF134A152289D07FE7445 |
SHA-512: | 0C1CC1DBD88F70D4EE515DC7BEC4E6A4D1ADD9845C57CC6E3FE0D864E1CD886E63DE107DC6B074082BF72390ABA87A7F8CE2C4A3AB7713AC6A39B9F879935641 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.376652361724892 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJM3g98kUwPeUkwRe9:YvXKXFOvu0H2Zc0vjGMbLUkee9 |
MD5: | 31EBB2C68BD777990EA708A1D9F3B26C |
SHA1: | DE3BF413AB10F8604FA31B86C25F2A2BF3FD6699 |
SHA-256: | 75054878974D4A5BDE734E84D9ABC66AC6521B3F36626CD8A4D274CDA5EAA905 |
SHA-512: | 65F18A432C2F825A02261D254E5C3E080CB36D48BB5795D62C6B27E752E050042D595271B219D4A6535182ABC72D97D0C31176A9AD1407F6651198B52FF8872A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.326693080019136 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfBoTfXpnrPeUkwRe9:YvXKXFOvu0H2Zc0vjGWTfXcUkee9 |
MD5: | 8EA7855200AF7B296A56F9DA8294E53F |
SHA1: | 9B452FD2102F9703B8D0D69061BD48922D29D6A4 |
SHA-256: | 4203F14ACA47C7BB055976164444F13B7188F42A4E20C2842FDA11A0A42AFB52 |
SHA-512: | 20BCC1DBEA96B3BCD24D255922FAF1E5CC30A46215B730A929B97BF8DA7A53053E7099F1F069879C8C9CF624EE9E307B668F11A54747563B9E665CC619BB96D0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.30524139654514 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfBD2G6UpnrPeUkwRe9:YvXKXFOvu0H2Zc0vjGR22cUkee9 |
MD5: | 2DBD9919707792B1E5FBEDFAA27ECEEF |
SHA1: | 1BA02CB81F00FE54F13A0E6CE17EF18D677571EC |
SHA-256: | C252B8A3217AAACF49A286A21603569451CADB7D25BD32C32E0D84E328C58A85 |
SHA-512: | 75566BA23FF09147A43311DED618F3F15A8A111756CD27B7AE372BA15194DA0990BED4BB17CFB3C930EB079DBBDEFC2CE4DC91D8A684DB0D2E0FB2EE09C90965 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.364129147758918 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfPmwrPeUkwRe9:YvXKXFOvu0H2Zc0vjGH56Ukee9 |
MD5: | 3379E3C74793B4EE32577F52A365A4E9 |
SHA1: | 39CD9C9369877B6BD3609EEE81FDEC819BB5A81C |
SHA-256: | 5A255D58FDAC8FAFB4B8F652DD1D9ACFD38CA5412E7A6CFEE193F26F59D268DC |
SHA-512: | 40EB58D4B5026AF47BFBD13ADC9BC1E4D46147BADE3A6F574F103786E8BD246E19BE22CC743D7F01489D220C8C8203276C231B231657CEA8C0BCAF829733A0C4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.320776439473564 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfJWCtMdPeUkwRe9:YvXKXFOvu0H2Zc0vjGBS8Ukee9 |
MD5: | F2E45ACA523600A70B5A01C318DD1EF5 |
SHA1: | AD1F959B0066BC4BA6AE00E29812F6FC18FF7A9E |
SHA-256: | 7E06353DE9BBABB5338831C72D99A18A0A7ED0AFA718068E25C6DE287B54E1DE |
SHA-512: | 95845D5928618040EBD3F6367BA1EE59E0B2AC779E9C2C4C576797B41A2EBD4B0DE872D85217E4D80263D7200943C300222191DFBA11806B40CCAC7D1A269703 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.307774729920476 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJf8dPeUkwRe9:YvXKXFOvu0H2Zc0vjGU8Ukee9 |
MD5: | 0D92902AA0F70916E08113DF13DAC52B |
SHA1: | 91EF91A4A7D0E437721598D471287F7464101312 |
SHA-256: | 086680BFAC74412BCB88BC80FD4A604CC8043ED5D18BACF3C525DCE78D17E11B |
SHA-512: | B841B9FEBE38EB2049ABCEC0C379DAE0E3B2669CD8DD71E5AE454AC10B55CFD4C2FC2EB1D139E5771F358CC88B8329685D3269A411E5A3117915EABF11336527 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.311286490801164 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfQ1rPeUkwRe9:YvXKXFOvu0H2Zc0vjGY16Ukee9 |
MD5: | 39CBB9A2F953538F0FACFB44FB144FD2 |
SHA1: | C02C4D132A23961FF5B162F9D89111FF1E084054 |
SHA-256: | 815E66675C003571276A240D376074C4383C2FDE8A4D565DEBB6E48AFB30B5B2 |
SHA-512: | 7FE88FFF03E0FFFEE0FCDA0946F4FECE68470C8236D2F0CFC6719A872A8946FBE930E494D7B9623B144B80F78965E786AE2AE2B6506543B8D30AAAA9CF2A83C3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.31490068427861 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfFldPeUkwRe9:YvXKXFOvu0H2Zc0vjGz8Ukee9 |
MD5: | 03CF473D9FC7D48E2D083F24E3099BE2 |
SHA1: | 56157FD8DA7A2631A892A9D1A6249A2D6C37BD28 |
SHA-256: | E9611B8410AD7D50A5B345EE836B5B257D4A377D7E0306C44F829B1572B77D45 |
SHA-512: | 2BA927E4A727B351A2CCABD7864195944B1340FBA8BA7875E2AAE7039D7CC4FBAE110A76B1B420035D9923AEA862DC5E962078C3D4EF020BCC04E0E531A82534 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.739349553753318 |
Encrypted: | false |
SSDEEP: | 24:Yv6XIG0H2zv7KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNHf:YvRGGujEgigrNt0wSJn+ns8cvFJxf |
MD5: | 47D341C5C3CE5AD46FA1D42EC64129A8 |
SHA1: | E71107343D51A10B1B212DE7A205BFB16749B2E3 |
SHA-256: | 0AEF4578DD0B340738BF976282ED8105261489ADB7C57886D8E170C5045D7CD2 |
SHA-512: | 899C137C248B66B65125A5FC4B3B89F827A5DAAA38377D293C2662D1E784071EB0D2FCF4264186AE3FF1BD879852C82B9875B66D8B6EA46EA081C148B7716548 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3140654107943455 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfYdPeUkwRe9:YvXKXFOvu0H2Zc0vjGg8Ukee9 |
MD5: | 743E68CA25E3F88BE70E93FE6CE6EB80 |
SHA1: | 87D62A0B56513CF743E9CCB310EB1A9F7A8DD3CC |
SHA-256: | C8DF45F92EBB82DACF4DC5F50DFF2028F7AFF8DD825A23FC054CB46367B52DC3 |
SHA-512: | 8503E09251D9B52EF945AD6BA60CFC431559D90F249D3FEFA6FECAB3B26CE2C9928933F4BD9153A83C5A281DD99CF9D79172F3C79CC4396E13EFAD94315C4F35 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.777775428137535 |
Encrypted: | false |
SSDEEP: | 24:Yv6XIG0H2zvmrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNPf:YvRGGu+HgDv3W2aYQfgB5OUupHrQ9FJd |
MD5: | FE330269A9232706562D530CC9D0A071 |
SHA1: | C547575708546E7DCA8229DC5A21CD0484676B64 |
SHA-256: | 1DF47866C4E03471C5B3123B02934AEB8178217F8C89A5B4E29D4F90BDCB9B2E |
SHA-512: | 32EAD936A74811D84E7DC55F9E6CD0E7D9D9AEA6FC4C1DCABE571972761E650E92BEF9E8841ABD40CD688CE6D2CE686804CB5451D1B167C21D681A044FD778E6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.297515838978215 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfbPtdPeUkwRe9:YvXKXFOvu0H2Zc0vjGDV8Ukee9 |
MD5: | 69AB3BF59D1C071E338A676573B8BC30 |
SHA1: | F15A01C85BC87923791DD1D9A9C53B40FB7C7D31 |
SHA-256: | 702C4D95D787BADF14804EAA08674C2F2E82C67A016B3BE3FC87C0F261F047E8 |
SHA-512: | CA1726806A551EA1C78B9E4630EB5FF7D7B8F9B6760847F7EBED6E8124CF6BBFB15F311AEE1EE55C3772A0EC0EDFC760417326AE6C4D2176D9E816628A71B260 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.302047597293302 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJf21rPeUkwRe9:YvXKXFOvu0H2Zc0vjG+16Ukee9 |
MD5: | F3D155A9ABEAC0313EB03B2CC27EC8E9 |
SHA1: | C53C1ADBCC0DDF1E7BB83EEF11A34D0B78DDF914 |
SHA-256: | DAFE659C5C4A1C243115DA51973305714E8D63D516A82BED8F6ABAC64B962F77 |
SHA-512: | 3E5C882B567D2912499DD52FC52BD488370BB83FCA47DDBF284CA22E43B5123812C671AF9FF16595149FACB4817FC79D1C552A1F848FC498A55EB9A085BE04E3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.320900539552493 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfbpatdPeUkwRe9:YvXKXFOvu0H2Zc0vjGVat8Ukee9 |
MD5: | E032F149F434C2BC18D200F689F74749 |
SHA1: | DCB4E60F318A4F8FB2FD2517B78F46802B9BFCE3 |
SHA-256: | 41384E7B59B7EA039A7056AB0E3C111A3121C35D59708177BBF7455C47ABABA7 |
SHA-512: | B9E94B45E5376C21D4B5488FAA6A8C909F182AE9F45BAEE0CC501856CDCD62D14A65D79BF493CFE3901EA99AEA997B41ACDDCFEA959D5763626A8808EBB911C5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.275852879634933 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfshHHrPeUkwRe9:YvXKXFOvu0H2Zc0vjGUUUkee9 |
MD5: | D80D2416752416BDE76D26B7BDDCEC79 |
SHA1: | C14EE96105CFFBD460D44FF802D5FF4EBC2F2F7F |
SHA-256: | 27B318B135424E2250A2722213CFE107BF5C22855E2E516EEEBAF3A9F79A6333 |
SHA-512: | 55E067D2B9911C0608AFF7254DAF3670E1220C61568D1E40F475365C2BE7585958786D7280FED0E19160D6C1ECC7D5FBF17DE81F27FD157CE2C495490AA28250 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.370548055865708 |
Encrypted: | false |
SSDEEP: | 12:YvXKXFOvu0H2Zc0vjGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWjf:Yv6XIG0H2zvz168CgEXX5kcIfANhIf |
MD5: | 2F6C90A147462146D3DFA9E1B5770C8C |
SHA1: | D583432D2659071A36EFF51658433DFA888110F5 |
SHA-256: | FF20A258D08ECD12F949C6CF2613248C1BDC5EC4A0F04ED8DB30CDE84F1A97A3 |
SHA-512: | FBF17C2512F47CD5CD0025A24AFF3FD9DD800DB356EE4CA9CCA5C01B080374B03425A45E8190B1243A8B61EDBCF72EC6A21A1FAC33751B01182DA9B58619BC66 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.1229853356155015 |
Encrypted: | false |
SSDEEP: | 48:YzDhJ9+o3f7tTvZSX1UobGSvgTkmO2VF9J0fwJA934ob:SDhJvTtzZSX1UobGSvgTB3H9J0fOe34e |
MD5: | F95B660BF230D70AB424D1D56F04267B |
SHA1: | F2A0185A714B4B7F81C3FD94A21C71407D539963 |
SHA-256: | 28880670C6DF20A687CDED00D01F387A4502D58A425334A0DA65F6FE184A224B |
SHA-512: | 98BDE8D639D03784778F4A7E546FF4A476635A222F5FF1FDD8A11685587E25F58E30392DDA977AC02BD7BA34434EA0686D0A2AA4AE5AF1120870C85339F5AD96 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1871931814582968 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUvgsOSvR9H9vxFGiDIAEkGVvp7gsI:lNVmswUUUUUUUUvgB+FGSItvgl |
MD5: | 83D2C43AFD738C6F68DB0C227DFF100D |
SHA1: | D1E98B1B58B694F5DAC951241DEEF25E6C0AF7AD |
SHA-256: | 7A0D369072514CBA448CB1084648063BBAA53C3DBCF491A0AC8F8133984D9040 |
SHA-512: | 6B73A5A2CA3AB5796B246529E18DD9FACC200C2356A2A77868566CFF65061CC32E5987E24957F71D27D4E4CAA4DA81519100C5D47662C37B06E14BD797089F0F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6038229068074241 |
Encrypted: | false |
SSDEEP: | 48:7MBKUUUUUUUUUUvgscvR9H9vxFGiDIAEkGVvdqFl2GL7msJ:7rUUUUUUUUUUvgtFGSItPKVmsJ |
MD5: | 5042E4CA169A1EFCC1EB5CD2164AE637 |
SHA1: | E633747758D38E6CF83488BD08CD48A5E7A50312 |
SHA-256: | E09089585B9BB1B99E8123BCF702EC5F8AF9EA02CE318E843F7AE46AF6190B66 |
SHA-512: | AD8E3A4655E55C4BB92CA18A6E8ADB45DDD4903543C3CD0427F616092CD11ACF6F7368A5144DB6F4B55E7998B0313FEE7A674222EEC3510386D86FD388FBD0E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.501595078528367 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88g0YH:Qw946cPbiOxDlbYnuRK60YH |
MD5: | 82E2EA14600DF66666DA51899211E499 |
SHA1: | 601C46122B32C674F311AAB08B7E1B67374301FC |
SHA-256: | FD30F9AED1AE75810E5A171F736D85537F65E7D4E2884082ECA5EAB9D88049CC |
SHA-512: | C45BDB8B05BF3266736D42C736D69C5764D1DB2FCC1BE8D12967D3BD17B6D108EFADBD74E921F16D01F8911137A4CFE4167390FACFCE0B66D9F9E6EA8608974A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.029725146344355 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOrmQQfQQ+MTCSyAAO:IngVMre9T0HQIDmy9g06JXyQQYQ+MTlX |
MD5: | 9093A4A4E32D32CDB09B9D30AAC4C8C7 |
SHA1: | 3F29ECD85DA46243CD8976C2667748EE81538AE0 |
SHA-256: | 918CAFF40F1C10B74BFF90FE806315D96BD1BC5E543DEB97BC55C70D682B2AE6 |
SHA-512: | 88EBB4EB979222C3F24CADEA4F3B915A1844D51F8010F5397933ABB9D7D2930321631EDBFA9EFE63A85B4B1494C4D0E4B6FC34A76EFCC9881162D6ECF5C02828 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-27 03-20-34-600.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.3491775292792365 |
Encrypted: | false |
SSDEEP: | 384:UZIN4IpsVGe4+WUerdPlaXHM/giDYcOwTyO0Q0FFCGas2WwGXGiezeT2fBOQxZtS:W5X |
MD5: | 3B442D4738024710C2D0D1507FFD049C |
SHA1: | A94676CBD33BA184600D42F899B7B42918A310E7 |
SHA-256: | A93D133D0EB03E69AAAD2F01C5F534AE195FC17B9224AB9AA9EE8119D3B0E2A1 |
SHA-512: | EE441C153992A52C8C43875693B082E825A12AA7964F6172B75D3D0648C9E9AF36BE07FDEE5C455EB0B7E8A0152DD6CD97E3727061DA7D6D8D03C114AD453C60 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.385125989912619 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rb:H |
MD5: | D1C6B1CA434BDF2689BD22A61F876778 |
SHA1: | 3D45A70FE02385331CFD4880EE887D1992A027E1 |
SHA-256: | 556AF9A4BD95CD30578EEDFE2C29D5255FEDA3560A2316030EFEE537D3654D4C |
SHA-512: | D9972BCBEA644799B9705D6B5583E09602E3AA6597D64FD5264A10A443734DE6C4AB823203BB02F867A348674C9EA6D80D3FBA50EBEEB3341815893202AED8C0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:GqA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:5VwWLkwZGuGZn3mlind9i4ufFXpAXkru |
MD5: | F51616785803EE6E460DABFE7DEF339C |
SHA1: | 1CB166E973F34BB8F95FFAEE8339F042B6B45A4E |
SHA-256: | C52B372A19A913D8F2E936209E41C296DDD8342041D4075AB2C324DD7CEDF38C |
SHA-512: | 66546829C2CBBE23E7E1904502232DA82D4605DD3710CA71ACA9409C705BCD71D589F713A8922C3F764D385C40420A966230FBC43E82863E10EE4B7C24526561 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:NFdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oXGZIZwYIGNPJF:P3mlind9i4ufFXpAXkrfUs0qWLxXGZIF |
MD5: | DE3FBE7CDF2D98BC9374D18B5AA61F8D |
SHA1: | 6E067082A48A8ABA07CB7131A6762E4EEB1807DF |
SHA-256: | 13099604A80B39BE30ED03CA5CF294741D29929C880782866E2B803108478E4A |
SHA-512: | 9BDD74F6FDB0739359152E7384A831DF415455A1BC8A979815A0004560B1747223583E596B41631B3484C2776A2657016A34A288AC5F7A0E4ECDBDEAB63D3CE3 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.732747369956663 |
TrID: |
|
File name: | CERT-1416920247.pdf |
File size: | 674'278 bytes |
MD5: | 05f30d9cb8f7b79c65256dca2447549a |
SHA1: | 3a00a290c43fa03f3312237074d0395b52d8ea94 |
SHA256: | 0f14c0cb3b105175dee0032ac24b96d071aef81fe5329cccffa18f3663058985 |
SHA512: | d3c536cc19ee48585821a7165199be6ded65e8747a0cff8f3fe9081af085014109b9f9bcacadfc1a6d2cb37eea05a5fbd6c069704e31025b194ecf6c22221fc9 |
SSDEEP: | 12288:SGz7whPHflxVO5YGXGvvHoVpGRPl+dHMVFvw5H:Nz7M7GWHepGRPk5H |
TLSH: | 95E46B081AE63BECD9F30E6EB253F35270DA743AB5CF106585A37948EE9130DC4D6299 |
File Content Preview: | %PDF-1.4.%........1 0 obj.<</Length 1093/Type/Metadata/Subtype/XML>>stream..<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rd |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.732747 |
Total Bytes: | 674278 |
Stream Entropy: | 7.772988 |
Stream Bytes: | 615206 |
Entropy outside Streams: | 5.252526 |
Bytes outside Streams: | 59072 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 281 |
endobj | 281 |
stream | 198 |
endstream | 198 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 9 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
14 | 2349184757294c3b | a0e42dfc9b14c4be1dc59c9b48c0d20f | |
141 | 0763e66b67753536 | 6fcbf6026bd0bb8c580857076de68633 | |
152 | 2349184757294c3b | a0e42dfc9b14c4be1dc59c9b48c0d20f | |
213 | 9201010101010100 | bc29e27608b1da4a32744ff485f7bfe6 | |
214 | f2c2801030b2d2f2 | 214b58333a845d4b7d6dc379739cf71a |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 27, 2024 03:20:41.060463905 CEST | 49739 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:41.060504913 CEST | 443 | 49739 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:41.060573101 CEST | 49739 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:41.060754061 CEST | 49739 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:41.060779095 CEST | 443 | 49739 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.618161917 CEST | 443 | 49739 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.618438005 CEST | 49739 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.618455887 CEST | 443 | 49739 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.619640112 CEST | 443 | 49739 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.619699955 CEST | 49739 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.619705915 CEST | 443 | 49739 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.619740009 CEST | 49739 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.626013041 CEST | 49739 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.626080990 CEST | 443 | 49739 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.626285076 CEST | 49739 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.626312971 CEST | 443 | 49739 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.671777010 CEST | 49739 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.798477888 CEST | 443 | 49739 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.798629045 CEST | 443 | 49739 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.798700094 CEST | 49739 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.800379038 CEST | 49739 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.800394058 CEST | 443 | 49739 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.800404072 CEST | 49739 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.800434113 CEST | 49739 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.802191973 CEST | 49741 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.802272081 CEST | 443 | 49741 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.802443027 CEST | 49741 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.802604914 CEST | 49741 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.802654028 CEST | 443 | 49741 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.996315956 CEST | 443 | 49741 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.996576071 CEST | 49741 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.996634007 CEST | 443 | 49741 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.998075962 CEST | 443 | 49741 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.998152018 CEST | 49741 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.998186111 CEST | 443 | 49741 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.998284101 CEST | 49741 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.998634100 CEST | 49741 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.998718023 CEST | 443 | 49741 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:42.998845100 CEST | 49741 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:42.998872042 CEST | 443 | 49741 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:43.046796083 CEST | 49741 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:43.246669054 CEST | 443 | 49741 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:43.246726036 CEST | 443 | 49741 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:43.246797085 CEST | 49741 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:43.246855021 CEST | 443 | 49741 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:43.246889114 CEST | 443 | 49741 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:43.246918917 CEST | 49741 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:43.246948004 CEST | 49741 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:43.247922897 CEST | 49741 | 443 | 192.168.2.4 | 107.22.247.231 |
Apr 27, 2024 03:20:43.247948885 CEST | 443 | 49741 | 107.22.247.231 | 192.168.2.4 |
Apr 27, 2024 03:20:45.166374922 CEST | 49742 | 443 | 192.168.2.4 | 96.17.64.189 |
Apr 27, 2024 03:20:45.166454077 CEST | 443 | 49742 | 96.17.64.189 | 192.168.2.4 |
Apr 27, 2024 03:20:45.166529894 CEST | 49742 | 443 | 192.168.2.4 | 96.17.64.189 |
Apr 27, 2024 03:20:45.167736053 CEST | 49742 | 443 | 192.168.2.4 | 96.17.64.189 |
Apr 27, 2024 03:20:45.167771101 CEST | 443 | 49742 | 96.17.64.189 | 192.168.2.4 |
Apr 27, 2024 03:20:45.665512085 CEST | 443 | 49742 | 96.17.64.189 | 192.168.2.4 |
Apr 27, 2024 03:20:45.707227945 CEST | 49742 | 443 | 192.168.2.4 | 96.17.64.189 |
Apr 27, 2024 03:20:45.990353107 CEST | 49742 | 443 | 192.168.2.4 | 96.17.64.189 |
Apr 27, 2024 03:20:45.990403891 CEST | 443 | 49742 | 96.17.64.189 | 192.168.2.4 |
Apr 27, 2024 03:20:45.994271994 CEST | 443 | 49742 | 96.17.64.189 | 192.168.2.4 |
Apr 27, 2024 03:20:45.994364977 CEST | 49742 | 443 | 192.168.2.4 | 96.17.64.189 |
Apr 27, 2024 03:20:46.574558020 CEST | 49742 | 443 | 192.168.2.4 | 96.17.64.189 |
Apr 27, 2024 03:20:46.574732065 CEST | 49742 | 443 | 192.168.2.4 | 96.17.64.189 |
Apr 27, 2024 03:20:46.574744940 CEST | 443 | 49742 | 96.17.64.189 | 192.168.2.4 |
Apr 27, 2024 03:20:46.574911118 CEST | 443 | 49742 | 96.17.64.189 | 192.168.2.4 |
Apr 27, 2024 03:20:46.628273964 CEST | 49742 | 443 | 192.168.2.4 | 96.17.64.189 |
Apr 27, 2024 03:20:46.628285885 CEST | 443 | 49742 | 96.17.64.189 | 192.168.2.4 |
Apr 27, 2024 03:20:46.675126076 CEST | 49742 | 443 | 192.168.2.4 | 96.17.64.189 |
Apr 27, 2024 03:20:46.740375996 CEST | 443 | 49742 | 96.17.64.189 | 192.168.2.4 |
Apr 27, 2024 03:20:46.740542889 CEST | 443 | 49742 | 96.17.64.189 | 192.168.2.4 |
Apr 27, 2024 03:20:46.740608931 CEST | 49742 | 443 | 192.168.2.4 | 96.17.64.189 |
Apr 27, 2024 03:20:48.057780027 CEST | 49742 | 443 | 192.168.2.4 | 96.17.64.189 |
Apr 27, 2024 03:20:48.057809114 CEST | 443 | 49742 | 96.17.64.189 | 192.168.2.4 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49739 | 107.22.247.231 | 443 | 7376 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 01:20:42 UTC | 1353 | OUT | |
2024-04-27 01:20:42 UTC | 508 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49741 | 107.22.247.231 | 443 | 7376 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 01:20:42 UTC | 1473 | OUT | |
2024-04-27 01:20:43 UTC | 544 | IN | |
2024-04-27 01:20:43 UTC | 3120 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49742 | 96.17.64.189 | 443 | 7376 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 01:20:46 UTC | 475 | OUT | |
2024-04-27 01:20:46 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:20:30 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 03:20:31 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 03:20:31 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |