Edit tour
Windows
Analysis Report
Xsysglobal Payment Receipt For Invoice 6c6172732e6b72616566744078737973676c6f62616c2e636f6d.pdf
Overview
General Information
| Sample name: | Xsysglobal Payment Receipt For Invoice 6c6172732e6b72616566744078737973676c6f62616c2e636f6d.pdf |
| Analysis ID: | 1638456 |
| MD5: | 78db39b0b81204148fc84f209e2a258b |
| SHA1: | 2b42bfa30f837694611c7a87ad8fe9896b78ec9d |
| SHA256: | 6f265a66f5fea420ac102ae53093becbae52e835782d560e7d4732ff4f1be2cd |
| Infos: | |
 | |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
AI detected landing page (webpage, office document or email)
Suspicious PDF detected (based on various text indicators)
Creates files inside the system directory
Deletes files inside the Windows folder
Classification
- System is w10x64
Acrobat.exe (PID: 8564 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\X sysglobal Payment Re ceipt For Invoice 6c 6172732e6b 7261656674 4078737973 676c6f6261 6c2e636f6d .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 8760 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 8992 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 56 --field -trial-han dle=1568,i ,372613224 1983044406 ,130549731 7122650714 1,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
chrome.exe (PID: 9032 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized --sin gle-argume nt https:/ /bc6c895b. e6ae89287c b8a7464ac3 5217.worke rs.dev/?qr c=bGFycy5r cmFlZnRAeH N5c2dsb2Jh bC5jb20= MD5: E81F54E6C1129887AEA47E7D092680BF) - chrome.exe (PID: 8548 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2008,i ,176221055 1321584255 0,43181772 5062404868 5,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version =20250306- 183004.429 000 --mojo -platform- channel-ha ndle=2088 /prefetch: 3 MD5: E81F54E6C1129887AEA47E7D092680BF) - chrome.exe (PID: 9620 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= printing.m ojom.Unsan dboxedPrin tBackendHo st --lang= en-US --se rvice-sand box-type=n one --no-p re-read-ma in-dll --f ield-trial -handle=20 08,i,17622 1055132158 42550,4318 1772506240 48685,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction - -variation s-seed-ver sion=20250 306-183004 .429000 -- mojo-platf orm-channe l-handle=3 540 /prefe tch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
Phishing |   |
|---|
| Source: | Joe Sandbox AI: | ||
| Source: | OCR Text: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File deleted: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Browser Extensions | 1 Process Injection | 11 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| www.google.com | 142.250.186.132 | true | false | high | |
| bc6c895b.e6ae89287cb8a7464ac35217.workers.dev | 172.67.149.15 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 216.58.206.36 | unknown | United States | 15169 | GOOGLEUS | false | |
| 172.67.149.15 | bc6c895b.e6ae89287cb8a7464ac35217.workers.dev | United States | 13335 | CLOUDFLARENETUS | false | |
| 142.250.186.132 | www.google.com | United States | 15169 | GOOGLEUS | false |
| IP |
|---|
| 192.168.2.5 |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1638456 |
| Start date and time: | 2025-03-14 11:59:04 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 54s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 21 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Xsysglobal Payment Receipt For Invoice 6c6172732e6b72616566744078737973676c6f62616c2e636f6d.pdf |
| Detection: | MAL |
| Classification: | mal48.phis.winPDF@35/38@6/4 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.60.203.209, 142.250.186.163, 216.58.212.142, 172.217.23.110, 74.125.206.84, 142.250.181.238, 162.159.61.3, 172.64.41.3, 2.19.104.203, 142.250.186.110, 142.250.185.206, 2.22.242.11, 2.22.242.123, 142.250.184.238, 142.250.184.206, 142.250.185.131, 172.217.16.206, 142.250.186.174, 216.58.206.78, 142.250.185.142, 50.16.47.176, 23.47.168.24, 52.149.20.212, 150.171.28.10, 2.21.65.154
- Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, e4578.dscg.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, acroipm2.adobe.com, clients2.google.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, prod.fs.microsoft.com.akadns.net, www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, acroipm2.adobe.com.edgesuite.net, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenFile calls found.
⊘No simulations
| Source | URL |
|---|---|
| Screenshot | https://bc6c895b.e6ae89287cb8a7464ac35217.workers.dev?qrc=bGFycy5rcmFlZnRAeHN5c2dsb2JhbC5jb20= |
| Screenshot | https://bc6c895b.e6ae89287cb8a7464ac35217.workers.dev?qrc=bGFycy5rcmFlZnRAeHN5c2dsb2JhbC5jb20= |
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Discord Rat | Browse |
| |
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | ScreenConnect Tool | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Discord Rat | Browse |
| ||
| Get hash | malicious | ScreenConnect Tool | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | ScreenConnect Tool | Browse |
| ||
| Get hash | malicious | Discord Rat | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.221690349978029 |
| Encrypted: | false |
| SSDEEP: | 6:iOG6TnUq2P92nKuAl9OmbnIFUto6shZmwC6s7kwO92nKuAl9OmbjLJ:7G6DUv4HAahFUto6sh/C6s75LHAaSJ |
| MD5: | 12B7CAFD24B631932A98F5866BB3972E |
| SHA1: | 4B8AF773F285005E81E3A57F387960745C469E98 |
| SHA-256: | 96595BA5A2E791C68A56E344D51328DAAA4A49C07C7CC1CF7BACBDA945BFCDA6 |
| SHA-512: | 37477607FE3F075D33B42CFDB427D70F8D2A9AB389AE54D652A2DD56C464CEB5115DDE2C5791D1C57A50DDE697A43B7C4AFE52F0852BF2A2CC9642972189DBC5 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.221690349978029 |
| Encrypted: | false |
| SSDEEP: | 6:iOG6TnUq2P92nKuAl9OmbnIFUto6shZmwC6s7kwO92nKuAl9OmbjLJ:7G6DUv4HAahFUto6sh/C6s75LHAaSJ |
| MD5: | 12B7CAFD24B631932A98F5866BB3972E |
| SHA1: | 4B8AF773F285005E81E3A57F387960745C469E98 |
| SHA-256: | 96595BA5A2E791C68A56E344D51328DAAA4A49C07C7CC1CF7BACBDA945BFCDA6 |
| SHA-512: | 37477607FE3F075D33B42CFDB427D70F8D2A9AB389AE54D652A2DD56C464CEB5115DDE2C5791D1C57A50DDE697A43B7C4AFE52F0852BF2A2CC9642972189DBC5 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.207442106346382 |
| Encrypted: | false |
| SSDEEP: | 6:iOG6jfq2P92nKuAl9Ombzo2jMGIFUto6gIZZmwC6mkR7kwO92nKuAl9Ombzo2jM4:7G6bv4HAa8uFUto6zZ/C6mkR75LHAa8z |
| MD5: | 886E42DF74B3D07F04C52A8495381F3A |
| SHA1: | B3D00435E16F917F67EFEB72B6FC37090A0B6B13 |
| SHA-256: | 3638CF0A7D0681AA253CD3EE2992BE9397FD58A872DA1CAB45F093ED280F550E |
| SHA-512: | 87AA65763B18D0C565066C7A165E7250AE863132AD43D4A9D2F0FDE59F2C64FE52AFAD2E078CCE70630232F9758DD94C53A6FE694C7A9BDE61887A21A57CBC5F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 5.207442106346382 |
| Encrypted: | false |
| SSDEEP: | 6:iOG6jfq2P92nKuAl9Ombzo2jMGIFUto6gIZZmwC6mkR7kwO92nKuAl9Ombzo2jM4:7G6bv4HAa8uFUto6zZ/C6mkR75LHAa8z |
| MD5: | 886E42DF74B3D07F04C52A8495381F3A |
| SHA1: | B3D00435E16F917F67EFEB72B6FC37090A0B6B13 |
| SHA-256: | 3638CF0A7D0681AA253CD3EE2992BE9397FD58A872DA1CAB45F093ED280F550E |
| SHA-512: | 87AA65763B18D0C565066C7A165E7250AE863132AD43D4A9D2F0FDE59F2C64FE52AFAD2E078CCE70630232F9758DD94C53A6FE694C7A9BDE61887A21A57CBC5F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\33c1b891-86a8-43fb-88cb-c4c71d592f08.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 508 |
| Entropy (8bit): | 5.058434275705317 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqgfWtsBdOg2HZcaq3QYiubxnP7E4T3OF+:Y2sRdsnfWOdMHg3QYhbxP7nbI+ |
| MD5: | 130ED7B6438964289D18B9F6E56C3B65 |
| SHA1: | 71EDB7D98CE93B2795EA7FDF1533100C2A5C1D5A |
| SHA-256: | D47AA28C1D80A9B4949BC8A5FF715E79D7D1EAF9555A8D52405F970BB511CCBE |
| SHA-512: | E3AE93226DC33B06CBDBEAF415DC1CE8EF78A34B5AD2229A9B4D074C305F0EEF48121D2AF09679ADBBA3BBBC0A30463577506C659077CC620D5FE9CB7C472B1A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 508 |
| Entropy (8bit): | 5.058434275705317 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqgfWtsBdOg2HZcaq3QYiubxnP7E4T3OF+:Y2sRdsnfWOdMHg3QYhbxP7nbI+ |
| MD5: | 130ED7B6438964289D18B9F6E56C3B65 |
| SHA1: | 71EDB7D98CE93B2795EA7FDF1533100C2A5C1D5A |
| SHA-256: | D47AA28C1D80A9B4949BC8A5FF715E79D7D1EAF9555A8D52405F970BB511CCBE |
| SHA-512: | E3AE93226DC33B06CBDBEAF415DC1CE8EF78A34B5AD2229A9B4D074C305F0EEF48121D2AF09679ADBBA3BBBC0A30463577506C659077CC620D5FE9CB7C472B1A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4509 |
| Entropy (8bit): | 5.239104756601896 |
| Encrypted: | false |
| SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLU7dAiGweXeG7Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLL |
| MD5: | F24506D0B759832042C898F7B02DFF56 |
| SHA1: | EC3968B477CCD551C955F6ADBD90BD240048C9FB |
| SHA-256: | DA21861B29A55260F00C5B99E9FE65EFBE072DD0F726D2E9E87262A75C79DD8E |
| SHA-512: | 67C2AC9DD52776D4F7336A56B9176F16A57E53B2F1CFE98CBFCC3F73555B62FFA7B804663ADA2EBF3AD7B1861AF90100EAEA071A29BB7656252A8AB3736BE50C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.179975422969467 |
| Encrypted: | false |
| SSDEEP: | 6:iOG6JS6q2P92nKuAl9OmbzNMxIFUto6JtZmwC6JBzkwO92nKuAl9OmbzNMFLJ:7G6JDv4HAa8jFUto6Jt/C6JBz5LHAa8E |
| MD5: | E7EE95D16EF6A41D85FB7A2E47114CD4 |
| SHA1: | 951B52E3B6A3BC352BA0126BE7C89FF07A8A9096 |
| SHA-256: | 4B5DE10DED972D05EBD55137D041431E070A988AD2746C9BCB1A33DC85B857FA |
| SHA-512: | 46773D833B8C351C49E29B1CFDD6337983D61DFAB16868A7E33474C1D44DCB45B1B651CFDB4D24D580B50ACFBA27AAF00ED19C419A598685354DE0188AA4D4AB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 5.179975422969467 |
| Encrypted: | false |
| SSDEEP: | 6:iOG6JS6q2P92nKuAl9OmbzNMxIFUto6JtZmwC6JBzkwO92nKuAl9OmbzNMFLJ:7G6JDv4HAa8jFUto6Jt/C6JBz5LHAa8E |
| MD5: | E7EE95D16EF6A41D85FB7A2E47114CD4 |
| SHA1: | 951B52E3B6A3BC352BA0126BE7C89FF07A8A9096 |
| SHA-256: | 4B5DE10DED972D05EBD55137D041431E070A988AD2746C9BCB1A33DC85B857FA |
| SHA-512: | 46773D833B8C351C49E29B1CFDD6337983D61DFAB16868A7E33474C1D44DCB45B1B651CFDB4D24D580B50ACFBA27AAF00ED19C419A598685354DE0188AA4D4AB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250314110004Z-275.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71190 |
| Entropy (8bit): | 2.4948404100187775 |
| Encrypted: | false |
| SSDEEP: | 384:sJidopsSueI8o6HSaSzCrBM/VENlN3jNFHPAiTDfH:15SuDVq7AiTDfH |
| MD5: | 0DF8FFF4393BF30AB4599EF4551D813F |
| SHA1: | 8245C26119B9E7EF7B7FEB8C29F457540F296182 |
| SHA-256: | DB4C53AB43D3A7D7ABC46552C3CE0321BC2938BF6DE77E8545467446C89A9EDE |
| SHA-512: | 90207BCDE53BDC3E6F7CC5CE22C994B921D798A103C445012824B1DA0FCD19AB313D81F00F5F85BAFC2DE6A8EDC66B9EF6C594891FEE3FEF8F772A64C931ED09 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.345175024703928 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/gR2E1dzSx+FIbRI6XVW7+0YW1eoAvJM3g98kUwPeUkwRe9:YvXKXASUYpW7PVGMbLUkee9 |
| MD5: | E824AB927BF2892137529B64C1607D67 |
| SHA1: | BC2DD3A3B49130BF9BBA108F35D8BC5F8675AA4A |
| SHA-256: | BA33227EE4F388DF7649807288D663959C4E6DC3C4E4753E65FB592747EBC6DD |
| SHA-512: | AA456F280F7AFA1E4D762F6DDE0D9568B662241191E92B340975FA73A8EBCDC494E18C92B370F9E778092927140ED2FEBA884B4C10786E5BA49040700E06865E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.282614654146041 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/gR2E1dzSx+FIbRI6XVW7+0YW1eoAvJfBoTfXpnrPeUkwRe9:YvXKXASUYpW7PVGWTfXcUkee9 |
| MD5: | D1D9B0A8214EF25C2C0564CBF10BCF47 |
| SHA1: | 083FCEE029BAAB50D92C108C0A19F60FE8D6AC32 |
| SHA-256: | E294FA33533DC4AA93A5BAF50D375C36AA004934F58F844FD08BB1A98EA1683A |
| SHA-512: | 81DA4850621D691E52D9C6E376546F15E2BD3DB74FF5FBA271193E4EA4468E3B2CF5A3F02D8CEEDA888C2F0DB937EB037D92A06342C04AFA5526FAC0484A6FE2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.261284716570265 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/gR2E1dzSx+FIbRI6XVW7+0YW1eoAvJfBD2G6UpnrPeUkwRe9:YvXKXASUYpW7PVGR22cUkee9 |
| MD5: | 030178E0573006D02FB509EC23542F07 |
| SHA1: | 3674E0AA7B5B4CE5C5A7B5DEC7A96AC87CD47BA4 |
| SHA-256: | 96F857E629C800B34E1DF60B0C48D89C9E341809AF52E9083874E8EB754AB676 |
| SHA-512: | 3DCF11C516F39CB4419EFCD5FBEBB11A73678C9B9A30E1DD79337C05E82E5D6ECD72FA451E1C1C2E90E4B92F4C57F048EB6FED8B830A36451A314EE698D488B7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.323429714231082 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/gR2E1dzSx+FIbRI6XVW7+0YW1eoAvJfPmwrPeUkwRe9:YvXKXASUYpW7PVGH56Ukee9 |
| MD5: | BF3D0E079940CE4F7E6444FF9C9C35A5 |
| SHA1: | CC67315AE42B63239E482240F7BFF43885B23340 |
| SHA-256: | 1AFC3B508B5E5B5DF6FA301CF0CBBA40936CADC20A3C83D75410BC738C550465 |
| SHA-512: | D79BAB1EA23BFA9F1B3F61D824C9586D316E6FAC4DEF1326D96E0B72F29E47A607F4E17C44CB67AF469E21406339E3B541D29DB6E0D68DC107225B39F6570567 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2113 |
| Entropy (8bit): | 5.835422840065519 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XDFiP6pLgEGycjycR84bNerISIedJGWQxiE5iODneLKnlYMfNcQbpEsrAr3bs:Yv3Chgly48Y/TWCjiOumNcvKOrkUW |
| MD5: | 3EF59F262140637256624E84606E194E |
| SHA1: | CFBC431FB3F963EB6061FC22BF88A074B7EA6449 |
| SHA-256: | 8986CFE269574A08A68B26B0E7C934DAC94761535F9717A2944FE2B975ED5569 |
| SHA-512: | EED684833D7E7B9A72A3176BB4685208790C2C3FF98C0638F4B40ECDFA7CBBDF39A9542A4574E5CAFD83C28620D9E49B99642F7E59AF2FCCC4322B833B15374C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.267306830072091 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/gR2E1dzSx+FIbRI6XVW7+0YW1eoAvJf8dPeUkwRe9:YvXKXASUYpW7PVGU8Ukee9 |
| MD5: | 9735E6724A1891D76C935A9D9D013EF9 |
| SHA1: | FB0D92A3154BD55558485D3F48DDE50EC68E567E |
| SHA-256: | 88D1FCED189F36C41E003E7675BE7524CAFEA5889442F8DC4338B8915A1A7A52 |
| SHA-512: | A7498A6EA8B6065F1A116AD68A45B4B5D453A0DE8F5B3B5321BF4CF32D7E294DCDEE4BAD1238BF70467B9BDF0F19F6E18B5BCB784A8DE9149AEDE1060638E07E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.267772335163938 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/gR2E1dzSx+FIbRI6XVW7+0YW1eoAvJfQ1rPeUkwRe9:YvXKXASUYpW7PVGY16Ukee9 |
| MD5: | D9FF005815CBA73021337A83EDC4E23E |
| SHA1: | 94B39B7AA47AFEBE797D1E67F88C6137FAD41D6F |
| SHA-256: | A7847C75905499B9CCF7B78BA16622E7D8A6FFA378E8E29969D7F2A4416E306C |
| SHA-512: | 05319BAF6DCD611C3B1635EDD540BA69FF033BF3E2561C0214F853F551A566E83AF0BF1F300129BA936FEF6AE740EA5C242EA4CC7387E33148E1E9F1F372C294 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2064 |
| Entropy (8bit): | 5.8159887463634785 |
| Encrypted: | false |
| SSDEEP: | 48:Yv3JogbN48l/GiyLVzyODRHKOkQDcSmjWAW:GKg54Y/IVO4QOkQoSme |
| MD5: | 0EB56B0B86480DB2F42AF7FD52A08E24 |
| SHA1: | 3ADF633FED5B01427779F1D0A6953BBFD3EA5926 |
| SHA-256: | 1A55EBCAD1F16B9C2D8BFFD0AAF508AD59574067D6CB0C81F9D249B7EFE8ECB4 |
| SHA-512: | 2B80C61E93E041A1366FE37FD449096486E7BC2E486BFD26A2ED1624E30780265D85B89348907A0D4C1247DD58132506F5BAEC8BB55A43B7CE1C8E82B1FA8B17 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.295341909800618 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/gR2E1dzSx+FIbRI6XVW7+0YW1eoAvJfzdPeUkwRe9:YvXKXASUYpW7PVGb8Ukee9 |
| MD5: | 987CE1377E2AE107A40B067F17956BDB |
| SHA1: | FFFF7C249302A80C80D50B90DC1B2F3DA630A81F |
| SHA-256: | F8D5359E113FAD8F40DCF10581D4636C6FDC82C0E366DF9081E133E697EC8E16 |
| SHA-512: | 2D5890CE77FE8D75B51FB21D2C3EDE26E04E5F3A6D9E817818612EC88BC9C509F8FF6F81456E4091A578F5FD956C0F30344890C73543314F82E1E1C0BBDF7246 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.275193113854035 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/gR2E1dzSx+FIbRI6XVW7+0YW1eoAvJfYdPeUkwRe9:YvXKXASUYpW7PVGg8Ukee9 |
| MD5: | AA51404852DDEC8CAD217C4DD04E951B |
| SHA1: | 4A54590CDAAC9BF37795C37FB3A161E1DC98D68C |
| SHA-256: | 7E687AA3935F317F0A83BA48C3278BC979D85AED69F9EDB3ADD7C237C2A593FC |
| SHA-512: | 0B82FEDA3485437B36DC10C7906EA75BEDA033FC6DCBB6BFD828F5EBC387406460B7E8F4DE1E472B2392035BFEFD33AE79431A618AD9BFDC55F034DD5315C850 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284 |
| Entropy (8bit): | 5.261655586713295 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/gR2E1dzSx+FIbRI6XVW7+0YW1eoAvJf+dPeUkwRe9:YvXKXASUYpW7PVG28Ukee9 |
| MD5: | E139D9474509A222435B08278A8341AF |
| SHA1: | 45D3C37D14C4F986D423F9FBF7E4762CC16679EC |
| SHA-256: | 120C421CAA3AE52FC34B8BF9BFA354CB76528D811D625207AAA699F99AE16751 |
| SHA-512: | D67FA60E27B98873113A3E4425CB3B668F915411B239A9EE668CD2A464C35B891D6FA94A37234F4464CB098620E34062AE7F65151B254BCE2CAD64CE54EAADF0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.2589107055907585 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/gR2E1dzSx+FIbRI6XVW7+0YW1eoAvJfbPtdPeUkwRe9:YvXKXASUYpW7PVGDV8Ukee9 |
| MD5: | 730E32CD4D51AA0DE6CB1ECD5F1995E8 |
| SHA1: | 65F0CC0D206255AD2E7DD800C84B2D6569A083A0 |
| SHA-256: | 6127E051430D4B8E3D89B88532CF48AA06D36DB3428FF4FE1AF6B28A5D73E178 |
| SHA-512: | 8FF664233BC9CAB0084A8D2261846F7D501B9C47031C1932482BE9AAD30430422BFE79E6B26B00A32C46746B25A9E4D841D219851E91BF08B02A5379BFFBFECE |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.259926179913432 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/gR2E1dzSx+FIbRI6XVW7+0YW1eoAvJf21rPeUkwRe9:YvXKXASUYpW7PVG+16Ukee9 |
| MD5: | 01CF50DFCDEAF8F5B51DB67039A8232A |
| SHA1: | 2C92B4DF19053604647E7AF821FB65DB4EA1CF81 |
| SHA-256: | 7E492909865FA0C31C92BD83A1EAC9941C0F374EB03F48D3C6C101451F55CFEE |
| SHA-512: | 7BB126DB3BFF1437B105B737733041FC454172C208D3DD1E34D81CECAD1ECB9845FA588F2065746AD3E65329DCE494BFC540B8B25207D276B910FF21160AB1EF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2012 |
| Entropy (8bit): | 5.830751883410166 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XDFiPmamXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOBIcP:Yv3gBgBG48j/SiyLVWOAI13kUW |
| MD5: | F5D7FAF511BF67646789D9DDCA7E376E |
| SHA1: | 6F698F56CAF009833B56A1284A9A4A595942CE15 |
| SHA-256: | 21F1C597FD08D33082698661ED860F81C26A32D2F8FAEC47CFEA6B2FF022AE76 |
| SHA-512: | 745C28E28943A4998B0BC7ABB19F6393F396243DF0EA8FD89D7CAA8190C7BB0D49C57C0788FA51AA00004407370E43DA872801FBB11E308408375876B5587C1A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.2363301562526985 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/gR2E1dzSx+FIbRI6XVW7+0YW1eoAvJfshHHrPeUkwRe9:YvXKXASUYpW7PVGUUUkee9 |
| MD5: | 6F2A781C2BBD5982E226878E46858184 |
| SHA1: | 10ADF08B186D04C6FE1976C6BEFD55231D29A20F |
| SHA-256: | DACE07F700CC36C379A569904A0530EF6AAC3E187DB14EF3F020D8D4709C0EE1 |
| SHA-512: | 2419DA10A7B2E85D252ED7DB6244B19B06D19C2CC7C9FB36CD8511C8D27F598AF7A9763818E61049E6B436AF8C904A225C270202F121EA4C59EB181CD99E442A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 282 |
| Entropy (8bit): | 5.247897302663509 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HX/gR2E1dzSx+FIbRI6XVW7+0YW1eoAvJTqgFCrPeUkwRe9:YvXKXASUYpW7PVGTq16Ukee9 |
| MD5: | 1D8E486612F8EA4068675F1DA361F6C6 |
| SHA1: | 5BED5A49766FF5BACB300B5C403F4C09233F32B7 |
| SHA-256: | 1750649356D8B361E70CB3BD827BA7392683389BD23F486302A9E55EF454E7B9 |
| SHA-512: | 0D071277271C876085F52B389F33046D3DDABFA7C02F77D0BA32D941518DCF257561B0F4B2473E0580ED25F649BB8947E5732369637FAA79159648C96AA92069 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2815 |
| Entropy (8bit): | 5.124897910555451 |
| Encrypted: | false |
| SSDEEP: | 48:YEOUFKWR4WqwP7q0tiSZ8pigP+RX85OBFRc9Xt:rFKfQP7ptt6BAAO/g9 |
| MD5: | 9ACE2E6E5C38DCABD5FEC99484A89343 |
| SHA1: | 6806BF31E71873240CDB49C15757AA1D1DAB1125 |
| SHA-256: | 8F413C769273CBF9EB4AEDC78172076850920AD309D191C3214234B20D209500 |
| SHA-512: | F48B6915506054DF2C7805F1F210C577AAB381484757FF479EA7092CF1EEB8578C4CA0CBF67461667DF98D46F5942F1A24A34077F4C45FE59737A5BA61382554 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.9842591511630508 |
| Encrypted: | false |
| SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spziax4zJwtNBwtNbRZ6bRZ42iaxF:TVl2GL7ms6ggOVpmzutYtp6P9 |
| MD5: | 2040253EC9BA08E683B85868A5A2F476 |
| SHA1: | 4F57A243FB8FA07BE0B53A60EE4EFADDA9B4774E |
| SHA-256: | D5B30D1F2DACDCE25015F404DA3E44ADE686E661CC2FBB7F579AE81696431119 |
| SHA-512: | DECDD7D689BE91D6E9FB13501F9FE8E580AE614D7043F0C437840F9CD3468DE3D8E1D13A61248DB07216132CEB023D280C8D661817C974A8D71690E4B051E727 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.3383446707779245 |
| Encrypted: | false |
| SSDEEP: | 24:7+t/AD1RZKHs/Ds/SpziaxPzJwtNBwtNbRZ6bRZWf1RZKjqLBx/XYKQvGJF7ursW:7M/GgOVp9zutYtp6PM+qll2GL7msW |
| MD5: | F6CA673FCC5A1DCB72EAF7DEC901A2AC |
| SHA1: | 7A8C7CBD1709B6903FA642FBD77708F57A4B72CC |
| SHA-256: | BCCF947E04817C6B60470D82B02877CFF045A5335505942C00E578EC7BAF7614 |
| SHA-512: | 85F15E4724DBBA4AB52B91C8B25C61B1ACC2C7C7497FB4270F2883A1A06A8C21BAE662874C75B422B5F60071107948D9FE9D9365DC38C42EC0F846BA8E58B5A3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5217358039039093 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K84bl6cle:Qw946cPbiOxDlbYnuRK4x |
| MD5: | D8EEE5D170A3F56C20933004EB4C5371 |
| SHA1: | E5BD67247634583C7C1C66B99C1C9AABCF8A1242 |
| SHA-256: | 51E9D17FF3AC2489B256F87B8851E91FCD2A2CC6F299EABFE15DB00C4D4A76AE |
| SHA-512: | 71057DE8BFDD8AA3B2E9F880AB53DC5B0DC8150BE30D207125311F25F4BAE8D014D54149A51698C9EF527EF8E2070E06BAAD520B47953F8F615511F3D5D60C79 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-14 06-59-59-532.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.376360055978702 |
| Encrypted: | false |
| SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
| MD5: | 1336667A75083BF81E2632FABAA88B67 |
| SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
| SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
| SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15114 |
| Entropy (8bit): | 5.368562697842725 |
| Encrypted: | false |
| SSDEEP: | 384:dnbqm67u3XobCkoi/cv1vp76apGGT/7GfcOa8In5s3gWwl4rzilEn4nv+sSnbgIx:nN0 |
| MD5: | 0413968FAFB098A361EC5629FE798191 |
| SHA1: | 3E184212097F4696EAC7CAA8CB15CA4F2700215F |
| SHA-256: | 094B2A0DF74529EBCF399133DB2CF24AD0B7FFC2A92FF6FD10BFF3C6F3CD049C |
| SHA-512: | 26650D3EAB5FAED071A57F1954F31E20D1BF2C3E33C82358EF5E1A0F244CF4C02A5E02D80F262FC0C914B4C2ED88FBA52F5D5BB86975C632618475AFF1B7EB49 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.401160619489561 |
| Encrypted: | false |
| SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbm:q |
| MD5: | DFFDACF99CDDC48BA2B03282389350E3 |
| SHA1: | 8CCA816CBE62E8A5054E42443599DC46CD30ADEF |
| SHA-256: | 977D64CD78B9DEDB5A14E63EF8D102D799F8618DD9EE9B98BC927BCBC7E6434A |
| SHA-512: | 910CA25BB80B55841D1C08C33F5B728D846890E7D06635EEA8F2F6E10F7FAA1D408908B51CB7A09CD8D72FE7CE565AAD117AF7D251F1B1707508A78DCDEDF419 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:rBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOFjNOX1Lj3vfE4JvWTlP:r+Tegs661ybxrr/IxkB1mabFhOXZ/fEh |
| MD5: | C14EBC9A03804BAB863F67F539F142C6 |
| SHA1: | FD44F63771819778149B24DD4B073940F5D95BFA |
| SHA-256: | A495629FA5E71EE50BB96F9C4CAEAC46E8B44BFC3F910A073348258F63DFAFCE |
| SHA-512: | 8ED832A54A3925914E3BCFC96A3ABFF63A511ADAC79A869AD1569BB175CC1AF84E6C2BD20FA2187A5C3B733625EDE5D95C2172B24ED2F252835689F6D4A0F5A2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:6DaWL07oXGZGwYIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:caWLxXGZGwZGh3mlind9i4ufFXpAXkru |
| MD5: | 7867DAFF192926A49EB7516D226D452F |
| SHA1: | BD0B185B12DB865CEA23060A9789C6B2D814B62E |
| SHA-256: | C7586BA81615BBAA63DA0D81CE18C0D087D1237500C99C35239A4D3CAEED2934 |
| SHA-512: | B556042E82056983EA6A69AEE0DAB370641437EF6239FD04676FC26EC9472C6E5EF6194885C165E3987E8019321DCD9B4A574EA7A6253AC3C9468434AEAA0C21 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/VRbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oXGZnYIGNPJF:tRb3mlind9i4ufFXpAXkrfUs0qWLxXGY |
| MD5: | 9543A6C1DE815E938F6AA0F90F2EF0C6 |
| SHA1: | 62B527E0463D71548862DE000950E638F3721582 |
| SHA-256: | 8A4B4F588D79D2AF9E617936932D8264DF9017D80A68F8D39E5EA36B14D76F1D |
| SHA-512: | 50A26B895BA1F40B2ADE59996A1A89EBAFE67CB9F7B4F3A029382B6966E75F8BAD3551D25F29391C58A7EDC206F7DAF1D07F68F5E458E3A5D02556EACA377B0D |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.11943809538339 |
| TrID: |
|
| File name: | Xsysglobal Payment Receipt For Invoice 6c6172732e6b72616566744078737973676c6f62616c2e636f6d.pdf |
| File size: | 111'002 bytes |
| MD5: | 78db39b0b81204148fc84f209e2a258b |
| SHA1: | 2b42bfa30f837694611c7a87ad8fe9896b78ec9d |
| SHA256: | 6f265a66f5fea420ac102ae53093becbae52e835782d560e7d4732ff4f1be2cd |
| SHA512: | 4fe1b4f9c1e3a7d2a066a6cf6cd9bf20d318f56cf5c502e18db509cc066edd74aafab6766bd2d7812a5888e6a9ee96f676c30538bb5272d051d5aedb93ef1585 |
| SSDEEP: | 1536:A6KSPNKrSaAgrYRlwuD/n6t4trevjlXhiJmt9+jxjMse+eP66/:hKSVKGaANlwyn66revjiJKAKP3/ |
| TLSH: | 93B35C542F819F8DDDB79F34C27A06CB38583B6065A7694E133B29A4009E113BEBD71B |
| File Content Preview: | %PDF-1.4.%.....1 0 obj.<</Title (OneDrive Shared Document Notification)./Creator (Chromium)./Producer (Skia/PDF m127)./CreationDate (D:20250314095148+00'00')./ModDate (D:20250314095148+00'00')>>.endobj.3 0 obj.<</ca 1./BM /Normal>>.endobj.4 0 obj.<</Type |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.4 |
| Total Entropy: | 7.119438 |
| Total Bytes: | 111002 |
| Stream Entropy: | 7.046754 |
| Stream Bytes: | 100813 |
| Entropy outside Streams: | 5.114712 |
| Bytes outside Streams: | 10189 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 61 |
| endobj | 61 |
| stream | 10 |
| endstream | 10 |
| xref | 1 |
| trailer | 1 |
| startxref | 1 |
| /Page | 1 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 4 | a280a2a2a2a280a2 | 8ee27df02aab977142d9a21a872079d8 |  |
| 10 | 0000000000000000 | ae5346137a9e9e70ca286f401b6a4d26 |  |
| 13 | 0000000000000000 | 665f7a01d456de533c1372a3b2e81083 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 14, 2025 11:59:53.789045095 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
| Mar 14, 2025 11:59:54.100303888 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
| Mar 14, 2025 11:59:54.709667921 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
| Mar 14, 2025 11:59:54.756576061 CET | 49672 | 443 | 192.168.2.5 | 204.79.197.203 |
| Mar 14, 2025 11:59:55.912820101 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
| Mar 14, 2025 11:59:58.319048882 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
| Mar 14, 2025 12:00:02.301086903 CET | 49712 | 443 | 192.168.2.5 | 172.67.149.15 |
| Mar 14, 2025 12:00:02.301146030 CET | 443 | 49712 | 172.67.149.15 | 192.168.2.5 |
| Mar 14, 2025 12:00:02.301214933 CET | 49712 | 443 | 192.168.2.5 | 172.67.149.15 |
| Mar 14, 2025 12:00:02.407972097 CET | 49712 | 443 | 192.168.2.5 | 172.67.149.15 |
| Mar 14, 2025 12:00:02.407982111 CET | 443 | 49712 | 172.67.149.15 | 192.168.2.5 |
| Mar 14, 2025 12:00:02.913520098 CET | 443 | 49712 | 172.67.149.15 | 192.168.2.5 |
| Mar 14, 2025 12:00:02.913589954 CET | 49712 | 443 | 192.168.2.5 | 172.67.149.15 |
| Mar 14, 2025 12:00:02.921539068 CET | 49712 | 443 | 192.168.2.5 | 172.67.149.15 |
| Mar 14, 2025 12:00:02.921555042 CET | 443 | 49712 | 172.67.149.15 | 192.168.2.5 |
| Mar 14, 2025 12:00:02.922287941 CET | 443 | 49712 | 172.67.149.15 | 192.168.2.5 |
| Mar 14, 2025 12:00:02.976851940 CET | 49712 | 443 | 192.168.2.5 | 172.67.149.15 |
| Mar 14, 2025 12:00:03.103283882 CET | 49712 | 443 | 192.168.2.5 | 172.67.149.15 |
| Mar 14, 2025 12:00:03.103390932 CET | 443 | 49712 | 172.67.149.15 | 192.168.2.5 |
| Mar 14, 2025 12:00:03.103446007 CET | 49712 | 443 | 192.168.2.5 | 172.67.149.15 |
| Mar 14, 2025 12:00:03.148849964 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
| Mar 14, 2025 12:00:04.371532917 CET | 49672 | 443 | 192.168.2.5 | 204.79.197.203 |
| Mar 14, 2025 12:00:05.232276917 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.132 |
| Mar 14, 2025 12:00:05.232331038 CET | 443 | 49724 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:00:05.232566118 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.132 |
| Mar 14, 2025 12:00:05.232731104 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.132 |
| Mar 14, 2025 12:00:05.232747078 CET | 443 | 49724 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:00:05.886197090 CET | 443 | 49724 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:00:05.886260986 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.132 |
| Mar 14, 2025 12:00:05.900804996 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.132 |
| Mar 14, 2025 12:00:05.900823116 CET | 443 | 49724 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:00:05.901055098 CET | 443 | 49724 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:00:05.943016052 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.132 |
| Mar 14, 2025 12:00:12.753118038 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
| Mar 14, 2025 12:00:15.802158117 CET | 443 | 49724 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:00:15.802217960 CET | 443 | 49724 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:00:15.802275896 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.132 |
| Mar 14, 2025 12:00:16.661883116 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.132 |
| Mar 14, 2025 12:00:16.661923885 CET | 443 | 49724 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:00:43.978755951 CET | 49698 | 80 | 192.168.2.5 | 142.250.185.99 |
| Mar 14, 2025 12:00:43.978898048 CET | 49695 | 80 | 192.168.2.5 | 199.232.210.172 |
| Mar 14, 2025 12:00:43.978961945 CET | 49703 | 80 | 192.168.2.5 | 199.232.210.172 |
| Mar 14, 2025 12:00:43.984227896 CET | 80 | 49698 | 142.250.185.99 | 192.168.2.5 |
| Mar 14, 2025 12:00:43.984334946 CET | 49698 | 80 | 192.168.2.5 | 142.250.185.99 |
| Mar 14, 2025 12:00:43.984477043 CET | 80 | 49695 | 199.232.210.172 | 192.168.2.5 |
| Mar 14, 2025 12:00:43.984553099 CET | 49695 | 80 | 192.168.2.5 | 199.232.210.172 |
| Mar 14, 2025 12:00:43.984610081 CET | 80 | 49703 | 199.232.210.172 | 192.168.2.5 |
| Mar 14, 2025 12:00:43.984761000 CET | 49703 | 80 | 192.168.2.5 | 199.232.210.172 |
| Mar 14, 2025 12:00:44.247988939 CET | 49702 | 80 | 192.168.2.5 | 184.30.131.245 |
| Mar 14, 2025 12:00:44.247988939 CET | 49697 | 443 | 192.168.2.5 | 2.19.96.74 |
| Mar 14, 2025 12:01:05.276834011 CET | 49738 | 443 | 192.168.2.5 | 142.250.186.132 |
| Mar 14, 2025 12:01:05.276890039 CET | 443 | 49738 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:01:05.276988029 CET | 49738 | 443 | 192.168.2.5 | 142.250.186.132 |
| Mar 14, 2025 12:01:05.277158976 CET | 49738 | 443 | 192.168.2.5 | 142.250.186.132 |
| Mar 14, 2025 12:01:05.277168989 CET | 443 | 49738 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:01:05.925959110 CET | 443 | 49738 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:01:05.926328897 CET | 49738 | 443 | 192.168.2.5 | 142.250.186.132 |
| Mar 14, 2025 12:01:05.926354885 CET | 443 | 49738 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:01:15.833571911 CET | 443 | 49738 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:01:15.833643913 CET | 443 | 49738 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:01:15.834022045 CET | 49738 | 443 | 192.168.2.5 | 142.250.186.132 |
| Mar 14, 2025 12:01:16.652498960 CET | 49738 | 443 | 192.168.2.5 | 142.250.186.132 |
| Mar 14, 2025 12:01:16.652540922 CET | 443 | 49738 | 142.250.186.132 | 192.168.2.5 |
| Mar 14, 2025 12:01:30.385098934 CET | 49687 | 443 | 192.168.2.5 | 20.190.159.129 |
| Mar 14, 2025 12:01:30.385160923 CET | 49691 | 80 | 192.168.2.5 | 184.30.131.245 |
| Mar 14, 2025 12:01:30.385214090 CET | 49684 | 443 | 192.168.2.5 | 20.190.159.129 |
| Mar 14, 2025 12:01:30.385294914 CET | 49693 | 80 | 192.168.2.5 | 184.30.131.245 |
| Mar 14, 2025 12:01:30.385297060 CET | 49686 | 443 | 192.168.2.5 | 20.190.159.129 |
| Mar 14, 2025 12:01:30.385303974 CET | 49692 | 80 | 192.168.2.5 | 184.30.131.245 |
| Mar 14, 2025 12:01:30.385361910 CET | 49694 | 80 | 192.168.2.5 | 184.30.131.245 |
| Mar 14, 2025 12:01:30.385409117 CET | 49688 | 80 | 192.168.2.5 | 199.232.210.172 |
| Mar 14, 2025 12:01:30.385411978 CET | 49685 | 443 | 192.168.2.5 | 20.190.159.129 |
| Mar 14, 2025 12:01:30.385438919 CET | 49689 | 80 | 192.168.2.5 | 199.232.210.172 |
| Mar 14, 2025 12:01:30.385478973 CET | 49690 | 80 | 192.168.2.5 | 199.232.210.172 |
| Mar 14, 2025 12:01:30.390124083 CET | 443 | 49687 | 20.190.159.129 | 192.168.2.5 |
| Mar 14, 2025 12:01:30.390194893 CET | 49687 | 443 | 192.168.2.5 | 20.190.159.129 |
| Mar 14, 2025 12:01:30.391491890 CET | 80 | 49691 | 184.30.131.245 | 192.168.2.5 |
| Mar 14, 2025 12:01:30.391501904 CET | 443 | 49684 | 20.190.159.129 | 192.168.2.5 |
| Mar 14, 2025 12:01:30.391513109 CET | 80 | 49693 | 184.30.131.245 | 192.168.2.5 |
| Mar 14, 2025 12:01:30.391551018 CET | 443 | 49686 | 20.190.159.129 | 192.168.2.5 |
| Mar 14, 2025 12:01:30.391555071 CET | 49691 | 80 | 192.168.2.5 | 184.30.131.245 |
| Mar 14, 2025 12:01:30.391561985 CET | 80 | 49692 | 184.30.131.245 | 192.168.2.5 |
| Mar 14, 2025 12:01:30.391581059 CET | 49684 | 443 | 192.168.2.5 | 20.190.159.129 |
| Mar 14, 2025 12:01:30.391585112 CET | 80 | 49694 | 184.30.131.245 | 192.168.2.5 |
| Mar 14, 2025 12:01:30.391590118 CET | 49693 | 80 | 192.168.2.5 | 184.30.131.245 |
| Mar 14, 2025 12:01:30.391594887 CET | 80 | 49688 | 199.232.210.172 | 192.168.2.5 |
| Mar 14, 2025 12:01:30.391606092 CET | 49686 | 443 | 192.168.2.5 | 20.190.159.129 |
| Mar 14, 2025 12:01:30.391618013 CET | 443 | 49685 | 20.190.159.129 | 192.168.2.5 |
| Mar 14, 2025 12:01:30.391628027 CET | 80 | 49689 | 199.232.210.172 | 192.168.2.5 |
| Mar 14, 2025 12:01:30.391634941 CET | 49692 | 80 | 192.168.2.5 | 184.30.131.245 |
| Mar 14, 2025 12:01:30.391645908 CET | 80 | 49690 | 199.232.210.172 | 192.168.2.5 |
| Mar 14, 2025 12:01:30.391647100 CET | 49694 | 80 | 192.168.2.5 | 184.30.131.245 |
| Mar 14, 2025 12:01:30.391658068 CET | 49688 | 80 | 192.168.2.5 | 199.232.210.172 |
| Mar 14, 2025 12:01:30.391668081 CET | 49685 | 443 | 192.168.2.5 | 20.190.159.129 |
| Mar 14, 2025 12:01:30.391688108 CET | 49689 | 80 | 192.168.2.5 | 199.232.210.172 |
| Mar 14, 2025 12:01:30.391946077 CET | 49690 | 80 | 192.168.2.5 | 199.232.210.172 |
| Mar 14, 2025 12:02:05.346966028 CET | 49744 | 443 | 192.168.2.5 | 216.58.206.36 |
| Mar 14, 2025 12:02:05.347018957 CET | 443 | 49744 | 216.58.206.36 | 192.168.2.5 |
| Mar 14, 2025 12:02:05.347084999 CET | 49744 | 443 | 192.168.2.5 | 216.58.206.36 |
| Mar 14, 2025 12:02:05.347311020 CET | 49744 | 443 | 192.168.2.5 | 216.58.206.36 |
| Mar 14, 2025 12:02:05.347322941 CET | 443 | 49744 | 216.58.206.36 | 192.168.2.5 |
| Mar 14, 2025 12:02:05.995054960 CET | 443 | 49744 | 216.58.206.36 | 192.168.2.5 |
| Mar 14, 2025 12:02:05.995364904 CET | 49744 | 443 | 192.168.2.5 | 216.58.206.36 |
| Mar 14, 2025 12:02:05.995378971 CET | 443 | 49744 | 216.58.206.36 | 192.168.2.5 |
| Mar 14, 2025 12:02:15.899699926 CET | 443 | 49744 | 216.58.206.36 | 192.168.2.5 |
| Mar 14, 2025 12:02:15.899772882 CET | 443 | 49744 | 216.58.206.36 | 192.168.2.5 |
| Mar 14, 2025 12:02:15.899879932 CET | 49744 | 443 | 192.168.2.5 | 216.58.206.36 |
| Mar 14, 2025 12:02:16.652524948 CET | 49744 | 443 | 192.168.2.5 | 216.58.206.36 |
| Mar 14, 2025 12:02:16.652555943 CET | 443 | 49744 | 216.58.206.36 | 192.168.2.5 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 14, 2025 12:00:01.721501112 CET | 62255 | 53 | 192.168.2.5 | 1.1.1.1 |
| Mar 14, 2025 12:00:01.721676111 CET | 64355 | 53 | 192.168.2.5 | 1.1.1.1 |
| Mar 14, 2025 12:00:01.727093935 CET | 53 | 56345 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:00:01.734872103 CET | 53 | 62255 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:00:01.738590002 CET | 53 | 64355 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:00:02.326066971 CET | 53 | 57597 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:00:03.838013887 CET | 53 | 55533 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:00:05.220788956 CET | 60279 | 53 | 192.168.2.5 | 1.1.1.1 |
| Mar 14, 2025 12:00:05.220938921 CET | 61256 | 53 | 192.168.2.5 | 1.1.1.1 |
| Mar 14, 2025 12:00:05.227302074 CET | 53 | 60279 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:00:05.227613926 CET | 53 | 61256 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:00:20.959180117 CET | 53 | 60133 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:00:40.049928904 CET | 53 | 65380 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:00:57.062896013 CET | 138 | 138 | 192.168.2.5 | 192.168.2.255 |
| Mar 14, 2025 12:01:00.698798895 CET | 53 | 64738 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:01:02.440624952 CET | 53 | 50844 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:01:03.974797964 CET | 53 | 53129 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:01:32.721506119 CET | 53 | 63710 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:02:05.339303970 CET | 50297 | 53 | 192.168.2.5 | 1.1.1.1 |
| Mar 14, 2025 12:02:05.339483976 CET | 54415 | 53 | 192.168.2.5 | 1.1.1.1 |
| Mar 14, 2025 12:02:05.345977068 CET | 53 | 50297 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:02:05.346295118 CET | 53 | 54415 | 1.1.1.1 | 192.168.2.5 |
| Mar 14, 2025 12:02:18.737303019 CET | 53 | 54222 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 14, 2025 12:00:01.721501112 CET | 192.168.2.5 | 1.1.1.1 | 0x384d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 14, 2025 12:00:01.721676111 CET | 192.168.2.5 | 1.1.1.1 | 0xda3c | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 14, 2025 12:00:05.220788956 CET | 192.168.2.5 | 1.1.1.1 | 0x25e8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 14, 2025 12:00:05.220938921 CET | 192.168.2.5 | 1.1.1.1 | 0x8a39 | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 14, 2025 12:02:05.339303970 CET | 192.168.2.5 | 1.1.1.1 | 0xc1d1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 14, 2025 12:02:05.339483976 CET | 192.168.2.5 | 1.1.1.1 | 0x26 | Standard query (0) | 65 | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 14, 2025 12:00:01.734872103 CET | 1.1.1.1 | 192.168.2.5 | 0x384d | No error (0) | 172.67.149.15 | A (IP address) | IN (0x0001) | false | ||
| Mar 14, 2025 12:00:01.734872103 CET | 1.1.1.1 | 192.168.2.5 | 0x384d | No error (0) | 104.21.95.234 | A (IP address) | IN (0x0001) | false | ||
| Mar 14, 2025 12:00:01.738590002 CET | 1.1.1.1 | 192.168.2.5 | 0xda3c | No error (0) | 65 | IN (0x0001) | false | |||
| Mar 14, 2025 12:00:05.227302074 CET | 1.1.1.1 | 192.168.2.5 | 0x25e8 | No error (0) | 142.250.186.132 | A (IP address) | IN (0x0001) | false | ||
| Mar 14, 2025 12:00:05.227613926 CET | 1.1.1.1 | 192.168.2.5 | 0x8a39 | No error (0) | 65 | IN (0x0001) | false | |||
| Mar 14, 2025 12:02:05.345977068 CET | 1.1.1.1 | 192.168.2.5 | 0xc1d1 | No error (0) | 216.58.206.36 | A (IP address) | IN (0x0001) | false | ||
| Mar 14, 2025 12:02:05.346295118 CET | 1.1.1.1 | 192.168.2.5 | 0x26 | No error (0) | 65 | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 06:59:55 |
| Start date: | 14/03/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6a0470000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 06:59:56 |
| Start date: | 14/03/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff62d2e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 06:59:58 |
| Start date: | 14/03/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff62d2e0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 06:59:58 |
| Start date: | 14/03/2025 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff60b4c0000 |
| File size: | 3'388'000 bytes |
| MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 4 |
| Start time: | 06:59:59 |
| Start date: | 14/03/2025 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff60b4c0000 |
| File size: | 3'388'000 bytes |
| MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 5 |
| Start time: | 07:00:00 |
| Start date: | 14/03/2025 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff60b4c0000 |
| File size: | 3'388'000 bytes |
| MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
⊘No disassembly