Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	April 18, 2025, 6:19 a.m.	April 18, 2025, 6:24 a.m.

Size	84.0KB
Type	PDF document, version 1.4
MD5	`98cac2478538260a26ac98dedcf83828`
SHA256	`dffb331a8dc30fc74a89bb607b8521728defbf623a9d4e25fcc50a86b515326b`
CRC32	`119C1DF5`
ssdeep	`1536:i1V0gbt7+F1gNtHexn0EkyR7FL71eTYFvu7b0jSwxMedjtWJxzS:isgbJ+F2WDD/1eTQebJwxL1cVS`
Yara	PDF_Format_Z - PDF Format

AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" C:\Users\test22\AppData\Local\Temp\aplikacja_ceidg_gov_pl_seobility_net_seocompare_2023_12_12.pdf
3008

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 18, 2025, 6:19 a.m.	process_identifier: 3008 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x70f73000 process_handle: 0xffffffff	1	0	0

cmdline

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043

parent_process

acrord32.exe

martian_process

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043

aplikacja_ceidg_gov_pl_seobility_net_seocompare_2023_12_12.pdf