Windows
Analysis Report
plumsail-form-2024216-105537.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7420 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\p lumsail-fo rm-2024216 -105537.pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7592 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7780 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 80 --field -trial-han dle=1568,i ,931918510 7332236108 ,168667504 4157375733 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- chrome.exe (PID: 8692 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "https ://plumsai lforms.blo b.core.win dows.net/9 a82efd0-7e d8-4446-8e eb-7f9b67b 5f5d3/4bf2 c103-b239- 4062-bed8- c7f971eee8 61/bf1155f b-d125-45e c-9a84-5e6 9a12a60b7/ ab6eaf35-7 053238.jpg " MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 8868 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2076 --fi eld-trial- handle=198 8,i,110696 3434413063 7693,64308 7466307105 8120,26214 4 /prefetc h:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | OLE indicator, VBA macros: | ||
Source: | OLE indicator, VBA macros: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | 1 Spearphishing Link | Windows Management Instrumentation | 1 Scripting | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.250.31.99 | true | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.31.99 | www.google.com | United States | 15169 | GOOGLEUS | false | |
23.48.8.182 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417184 |
Start date and time: | 2024-03-28 18:33:21 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 27s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | plumsail-form-2024216-105537.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@38/51@2/4 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, MoUsoCoreWorker.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.221.240.182, 3.219.243.226, 52.6.155.20, 3.233.129.217, 52.22.41.97, 23.53.35.81, 23.53.35.72, 172.64.41.3, 162.159.61.3, 23.215.0.6, 192.229.211.108, 142.251.167.94, 20.60.145.4, 172.253.63.113, 172.253.63.102, 172.253.63.101, 172.253.63.100, 172.253.63.138, 172.253.63.139, 142.251.16.84, 34.104.35.123, 23.53.35.74, 172.253.62.95, 142.251.167.95, 172.253.115.95, 142.250.31.95, 172.253.63.95, 142.251.111.95, 142.251.16.95, 142.251.163.95, 172.253.122.95, 23.53.35.68, 23.53.35.75, 23.53.35.80, 23.53.35.70, 23.53.35.69, 172.253.122.94, 142.251.111.102, 142.251.111.101, 142.251.111.100, 142.251.111.139, 142.251.111.113, 142.251.111.138
- Excluded domains from analysis (whitelisted): plumsailforms.blob.core.windows.net, blob.db4prdstr10a.store.core.windows.net, clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: plumsail-form-2024216-105537.pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.48.8.182 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | PDFPhish | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | XWorm, zgRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASN1EU | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.258613521033568 |
Encrypted: | false |
SSDEEP: | 6:FInSVq2Pwkn2nKuAl9OmbnIFUt88IBgZmw+8IBIkwOwkn2nKuAl9OmbjLJ:fvYfHAahFUt8c/+c5JfHAaSJ |
MD5: | 1B2578A7AF5F0524F632E214446D02C4 |
SHA1: | 452401F5745786CBCA11F8A8C10EBB2C2ADBBDA7 |
SHA-256: | E18D5765BFB01ABFDDB8AABA191D41FCD69D9E5B7F078B688E7C4960B2BB6AC4 |
SHA-512: | 0ED4284A4750F1DF112DDCA1D111BB59A81B8D0EBF8F6109FBBE788BD7AE4B1B17D7080CE0BA6E0852D6B0C9F25BD515AA1BB3DC6167A3284D13AD77CFDAACBE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.258613521033568 |
Encrypted: | false |
SSDEEP: | 6:FInSVq2Pwkn2nKuAl9OmbnIFUt88IBgZmw+8IBIkwOwkn2nKuAl9OmbjLJ:fvYfHAahFUt8c/+c5JfHAaSJ |
MD5: | 1B2578A7AF5F0524F632E214446D02C4 |
SHA1: | 452401F5745786CBCA11F8A8C10EBB2C2ADBBDA7 |
SHA-256: | E18D5765BFB01ABFDDB8AABA191D41FCD69D9E5B7F078B688E7C4960B2BB6AC4 |
SHA-512: | 0ED4284A4750F1DF112DDCA1D111BB59A81B8D0EBF8F6109FBBE788BD7AE4B1B17D7080CE0BA6E0852D6B0C9F25BD515AA1BB3DC6167A3284D13AD77CFDAACBE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.181051674955949 |
Encrypted: | false |
SSDEEP: | 6:FIeM+q2Pwkn2nKuAl9Ombzo2jMGIFUt88IamZmw+8IapMVkwOwkn2nKuAl9Ombzz:pM+vYfHAa8uFUt8z/+OMV5JfHAa8RJ |
MD5: | 2D1CBE32BFB2C6A94D69ADB83EC5F54F |
SHA1: | 0B7A82C55D5FECA2E3DD5381AC986C085111DD0E |
SHA-256: | 54798DD62821EB04DB3BDAD81281B1C17842B318DC3AE27625D3A1145D6015D2 |
SHA-512: | 60CAC5D491E268828FEC3C7B5B9F591B4F9175A081EB9845485D2C1230DDC66D53F6788290E38E76B2E15EE4467C61F18124BA8D46C09F1EE929FAAF00571186 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.181051674955949 |
Encrypted: | false |
SSDEEP: | 6:FIeM+q2Pwkn2nKuAl9Ombzo2jMGIFUt88IamZmw+8IapMVkwOwkn2nKuAl9Ombzz:pM+vYfHAa8uFUt8z/+OMV5JfHAa8RJ |
MD5: | 2D1CBE32BFB2C6A94D69ADB83EC5F54F |
SHA1: | 0B7A82C55D5FECA2E3DD5381AC986C085111DD0E |
SHA-256: | 54798DD62821EB04DB3BDAD81281B1C17842B318DC3AE27625D3A1145D6015D2 |
SHA-512: | 60CAC5D491E268828FEC3C7B5B9F591B4F9175A081EB9845485D2C1230DDC66D53F6788290E38E76B2E15EE4467C61F18124BA8D46C09F1EE929FAAF00571186 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 474 |
Entropy (8bit): | 4.970893298425387 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZbOxsBdOg2HTfcaq3QYiubInP7E4T3y:Y2sRdswdMHK3QYhbG7nby |
MD5: | C0FBBAEDE3DB0B1C8CE7AE19B5D0A844 |
SHA1: | CE1C80D7C22C39446FA412E591D0099B8DAB4CE2 |
SHA-256: | 5DA33143A52F030BF5D1F094291CB7D17A47A8E0AF9FC284F5B75DDD4D600C1E |
SHA-512: | 047E84AC2CCB34122ABBEC695CAB17D7CA29746CA549DCF05EAA6EC5C00C617B22CF73CC43AC499DE3C1C98634E156162E31D9D18FD04FFBDA78D710B3EACF9A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f807316a-24e9-472d-9427-4e9d251125e9.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 474 |
Entropy (8bit): | 4.970893298425387 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZbOxsBdOg2HTfcaq3QYiubInP7E4T3y:Y2sRdswdMHK3QYhbG7nby |
MD5: | C0FBBAEDE3DB0B1C8CE7AE19B5D0A844 |
SHA1: | CE1C80D7C22C39446FA412E591D0099B8DAB4CE2 |
SHA-256: | 5DA33143A52F030BF5D1F094291CB7D17A47A8E0AF9FC284F5B75DDD4D600C1E |
SHA-512: | 047E84AC2CCB34122ABBEC695CAB17D7CA29746CA549DCF05EAA6EC5C00C617B22CF73CC43AC499DE3C1C98634E156162E31D9D18FD04FFBDA78D710B3EACF9A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.2493628050754415 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7E9lGZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goP |
MD5: | 85AFB58CF568F3E7C38016DA4F701DB3 |
SHA1: | 0CCC5D90D696DD0A1C1611E873AA540FCC97C5C6 |
SHA-256: | EA2BD75BB932808F2DCBBD27099786A9B87609633B0A651A882F26FE246CC7F4 |
SHA-512: | 0B92BBF2EEB6BBC60307E1F15626C83BE7EC67AB3DAB72D63249A93626CECE7CF9C921B90CC5AF9F2767D12EA444F2DD00B9EF0B90749B9788DF72E4F0169AD8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.139576717120166 |
Encrypted: | false |
SSDEEP: | 6:FI3M+q2Pwkn2nKuAl9OmbzNMxIFUt88IJZmw+8IhMVkwOwkn2nKuAl9OmbzNMFLJ:4M+vYfHAa8jFUt8H/+/MV5JfHAa84J |
MD5: | 93A2859A99E0C1DA219F154F05D4AD8B |
SHA1: | 84D368ECB34AF57D209B2D244C4C570FBF33DE2E |
SHA-256: | 719464A71C1BDFC8E497C1A3BE0E92662828939530361DC01189BF590678F15C |
SHA-512: | C3904C1F9356E69BDB52E8BD56F53E0F208ABCB8266CF426D9D9BD32B9A7C00A9E6C817B8E01DBC7EED3B72388257186854878ACF9B2E80E15FCB6820748E9C2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.139576717120166 |
Encrypted: | false |
SSDEEP: | 6:FI3M+q2Pwkn2nKuAl9OmbzNMxIFUt88IJZmw+8IhMVkwOwkn2nKuAl9OmbzNMFLJ:4M+vYfHAa8jFUt8H/+/MV5JfHAa84J |
MD5: | 93A2859A99E0C1DA219F154F05D4AD8B |
SHA1: | 84D368ECB34AF57D209B2D244C4C570FBF33DE2E |
SHA-256: | 719464A71C1BDFC8E497C1A3BE0E92662828939530361DC01189BF590678F15C |
SHA-512: | C3904C1F9356E69BDB52E8BD56F53E0F208ABCB8266CF426D9D9BD32B9A7C00A9E6C817B8E01DBC7EED3B72388257186854878ACF9B2E80E15FCB6820748E9C2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240328173411Z-160.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 78774 |
Entropy (8bit): | 2.190715229690316 |
Encrypted: | false |
SSDEEP: | 48:2NJkp6KWGUkqh2jGOfz3HQAX8YH////////////////////////////////////7:2sWw4KGS11+ju |
MD5: | 8040E7F1C91D18520E4B8F9FFC0F80F0 |
SHA1: | 5972B0F725506D16E79BEC9B6BBFDA8E1D872E53 |
SHA-256: | E672460F19B7F6FFFC4BA25743652EE241AE42F575A7628246F4EC6F1283175A |
SHA-512: | 2A1D63FC35EB973856DF63B3690B21CFD5E490E5F288621CB0D46D4D50669947AE6CE670D19FE30CDD859FB33A72B009F85CDFF51469158DE90452EDECD73410 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445399757954869 |
Encrypted: | false |
SSDEEP: | 384:yezci5tIiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rvs3OazzU89UTTgUL |
MD5: | E87B7A54F07CDA2ACE28B40094278C0E |
SHA1: | 2BFE63B4559FE7B79E6F55C4825A199FE98C30AF |
SHA-256: | 6F60C538AD4C544B66DB6E561FC401A71E628996F60338E3F4ADE01909D81C03 |
SHA-512: | 3F1FFB08448501EF8702CE4759E14FDFCD71DF6AE5FB18B97ED7422F3F9BFFCDBBFC6D259434F9E9B3F9833FAAD03817190590C507E5CBDDFC741BF0DF6C2D65 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.777387007071694 |
Encrypted: | false |
SSDEEP: | 48:7MXp/E2ioyVwioy9oWoy1Cwoy1kKOioy1noy1AYoy1Wioy1hioybioyyoy1noy1Y:7cpjuwFHXKQDJb9IVXEBodRBkq |
MD5: | 33E750CBA4C3CA19E20644C476663670 |
SHA1: | DB7860976F0D50D27E8DE0D2478B1404187A45BB |
SHA-256: | 60AD4240E3334C5236CF0015CE4881F91294D4CF7A315E1474F58084F197B8A1 |
SHA-512: | C513917ADE13E764CF3F05095C9B784EEB7F7D279D1D92A91D9D2DCAAD0AE8D45BD340057A1FC858780D807CA2CF8B8562A5030C2A83E2ACD896E88985F6575E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 244540 |
Entropy (8bit): | 3.3415042960460593 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn |
MD5: | 758B42992DDFC41CB5E57069C621B54A |
SHA1: | D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD |
SHA-256: | 55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D |
SHA-512: | 437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.360989926855193 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJM3g98kUwPeUkwRe9:YvXKXBINSm4blZc0vISVGMbLUkee9 |
MD5: | 9DEC2CAD4B4F7302F25060391848986A |
SHA1: | 74CD5A71185C93E1761C7C1E999D61465896E389 |
SHA-256: | 0869815CD5EEFECE31EB83C2BE2539D0136905D95A6B6822A758F593A913C001 |
SHA-512: | F9D557730B8E4567415382085DB00C5C5C1CE552B976C51B6319A187E1FC8FA4B244B5B82E51E295E9C5E0F5004897652AF84C3968035473D0714AB40875C355 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.305998721195993 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfBoTfXpnrPeUkwRe9:YvXKXBINSm4blZc0vISVGWTfXcUkee9 |
MD5: | A847F6D176ACF9557D07099D7AD6FD1E |
SHA1: | CF4CD96A7B4391A48415ED14FE65174361443593 |
SHA-256: | 07BB80EC0FAFC172B6692707978091C23821B5FC664C4B23AB32B497EF41B223 |
SHA-512: | 4D56593442E74FACDF1BE0D2EEB6C7C80446D4A2FEA9D0E8E62957D0CC75ECD5540D713ED86B1812818F41C61213735D7A76A18C1A951389D93877CE48F8DE73 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.285524904270026 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfBD2G6UpnrPeUkwRe9:YvXKXBINSm4blZc0vISVGR22cUkee9 |
MD5: | F5D86DA588102E47743716AF3AA442F3 |
SHA1: | 3214F54CAE4B5BC44A0F41BB9868D4D335628A66 |
SHA-256: | D25A30615181E845618F9F0C84D37F70AD09202456B28987790ECFC5961FEE56 |
SHA-512: | 16FBEBF689775010C4AD7EC8781252E9D1E006F577D127A5D90E905BD3385722E68C77F449B9ABF9D8938C79C6491EA8AE3B16371430417904DA57F6F7E95BA5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.347917153770982 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfPmwrPeUkwRe9:YvXKXBINSm4blZc0vISVGH56Ukee9 |
MD5: | 1CC162D7DEB4898DD9ADD6295DFDEB9D |
SHA1: | E1DAFCE3FEEBA985BFF30AC3B1150CAE3204E62C |
SHA-256: | 4D9A7C3F8122C3A6F20D4FC5507366B777B7B27FD9341CF6734D9D40CC9203CE |
SHA-512: | CDA84BA50372DC026E25340AD13B7CC5B0B8F9CEA51AA06AAE786A114EEC85185F69DAA704DA1E32BF6F3BB7E16A66B970812DDB266E60479CB940687532F356 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.303906429436708 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfJWCtMdPeUkwRe9:YvXKXBINSm4blZc0vISVGBS8Ukee9 |
MD5: | 82DCD178B633B46E3BF7C3317D2D60ED |
SHA1: | E36D65225D36BD93DA46F9A8FD5805CB98385F85 |
SHA-256: | F3120B85E6880E44192DB80792D2FC77236708BDB13609DD600E22360F04A217 |
SHA-512: | D045E4F745A0C3420CF75AA1A86D1FDD6649A476E166C1861EFE5BE64EA1857336FCB7D0C8DB9381E1F9FB96A219D2B850044697DF1F6782424C605DC852AF5F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.291769973543644 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJf8dPeUkwRe9:YvXKXBINSm4blZc0vISVGU8Ukee9 |
MD5: | D19E40ED01A9CE4D16131261300E8847 |
SHA1: | 025C63C8F744CD09FD0FA42629E6D08E84503E7A |
SHA-256: | A0E1407DA4212FB91EDF12D4785FECBD2054FCA4E8A5E0E1301A874A13DD7B8D |
SHA-512: | 5E87A76D0E73F114A32C60D8116EACB6ED4D10B288FC1EAF15F09290A4AE3F3346A3ECFB810EFF9D6B3B13DD01E7412DE1CFE1112F76A2DE8B768EEB1D7FD202 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.29551117795293 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfQ1rPeUkwRe9:YvXKXBINSm4blZc0vISVGY16Ukee9 |
MD5: | 552BB8B37327EBDC9BCE8ED9DAF7369E |
SHA1: | DA7E1848049C1E15225BF840C3927020E9331312 |
SHA-256: | F848D7517C4EE2112EE41D08435BE08B00FF9C809FC8A26D6772DB7886E63BF0 |
SHA-512: | 84CFDB0A013D76CCE076D97EC73F0CC8EC06F1D6BA98A29EC4039B51CF7EF94422D00BE63EFC4AC3698F1D83655C595D925D97DF944F9626BF89CFA357C5743C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.300573019814744 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfFldPeUkwRe9:YvXKXBINSm4blZc0vISVGz8Ukee9 |
MD5: | B7A6D3924CDE339FDA2E0644FE102561 |
SHA1: | A252AD87AA8DB790AF25EF2B9930DB3FE389BE68 |
SHA-256: | 67619CC601EF4FA02FED1249DA17529557FDC3B8E3C72AC2402E9BA56DE11D7C |
SHA-512: | B3A46CD5F86D5ED05337349F9C038518B3D60214293B0BEF455B4C8E2610C96E021EB06795AD5E6CA164DC35584AD3EA8C7B52A657CA20D6CF4583EB34CD5F1D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.316165457111728 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfzdPeUkwRe9:YvXKXBINSm4blZc0vISVGb8Ukee9 |
MD5: | 78DB70132DCD89344968C8981810B78B |
SHA1: | 6DFEF3458E95B690EF0BC880142DC2A537AA4D45 |
SHA-256: | A84CB029FBCEDBD98D9465296A03EB8AB4024DC7DA06952113205A725F8A3A4E |
SHA-512: | C6A1CBC1960BC062A6B9D05B9D95D034D5603A68D887E5FAB42AFAC802C2D513875A90927339C32E0EFE6FEA5BCBC0A553E9EE5C1F79C76A4EB3F95AB11087FF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.297020279546036 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfYdPeUkwRe9:YvXKXBINSm4blZc0vISVGg8Ukee9 |
MD5: | 144B8D58646FF00B4483A324B4C9B7EA |
SHA1: | 7EC2E428D22469CFE5F0739500B9E56CB570D4A1 |
SHA-256: | B6AAB863C32B14761B559F67A140F02FBA7798D61989ADC7B7693C8698A89014 |
SHA-512: | CB0BBB295433D010D1FC47930255659037DF09EF2FE2B5CA4FED9188862F3BDE9F43EED1D1D9339C072AB4D33B65F861825B0C2505C91F50435AD90077808BF4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.777868416004961 |
Encrypted: | false |
SSDEEP: | 24:Yv6XBI4lzvbMrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN2H:YvEI4JYHgDv3W2aYQfgB5OUupHrQ9FJU |
MD5: | D0C751A36D77BFA3CB1F60327D0401DE |
SHA1: | 4780BE1E55EDDAB386D0136B504BA6870D7A2DBC |
SHA-256: | F4355CCE5AFB2A53E641DDED197B7A4E1A4D720B2399EF83B417B46E1F7C0707 |
SHA-512: | 6B616E872496D7350A284B3649A6994DDE97DC084D3EF50D27D6F4F02B38A66BE9651D657A38D9CDFBB9B983F1242E23E43FEAD45D9189B01D0115F6FA1AC6DF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.280587856398277 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfbPtdPeUkwRe9:YvXKXBINSm4blZc0vISVGDV8Ukee9 |
MD5: | 190700F18FA4575C4E8A27FAC65BBAB5 |
SHA1: | A57C4342D3307398343EF7A0E16929ADC8DCFD66 |
SHA-256: | 6A7BC26C37C74EE924BDD0A9CC9429E00BA712919E50C5849853A71B91F07A86 |
SHA-512: | D50CF6BC8743E7436B11E83EA40D9B4B95335AE8B47049AEB7B6ECB11651A3D2C953E42EF0EA5B286081D9FCD1192DB90699B31030942126FCCFA005554B649E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.285493930840592 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJf21rPeUkwRe9:YvXKXBINSm4blZc0vISVG+16Ukee9 |
MD5: | 59A50746BCBE992753A7BBB1CB2D4943 |
SHA1: | 04704A1EBDA37477B87759CC7FA0153B4D09E2D3 |
SHA-256: | E1BFC3AA1CB6E99D641036E39DB322FABBD77EC3D383B627F21E440F3571B6D1 |
SHA-512: | 506C2D6F2089624692C0F1153475482DFB769B1A866408B48574D1C0B4CFF5D4D99BC5094271D5487FE38DEA5509176BEF5C8A4D4FDD214FE7B90545B27F3835 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.304395745389351 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfbpatdPeUkwRe9:YvXKXBINSm4blZc0vISVGVat8Ukee9 |
MD5: | DF1F0A051B0FF68A9207CF57658ADE47 |
SHA1: | C234B67DF6A566B97B561AAA06ACC116F9FE191A |
SHA-256: | 65E557069152788F60D8E38626B3F8540139E022943B0A75843284AB8D1C5244 |
SHA-512: | 4A54F60491F72E9C358EAC88BB588DA43EC055EE98AF480E2B24B40B4ACAD13F4BD866E88F76C565257F3D77014310B80019D49128EC01EBAE7E7910CBA86786 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.2613749249843815 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfshHHrPeUkwRe9:YvXKXBINSm4blZc0vISVGUUUkee9 |
MD5: | D38C1BC8B72DE1A3235C1849034214C1 |
SHA1: | CA5D43AEC3A03418BC754CDF75D3076053D785BD |
SHA-256: | 11BF37E3A17CFBD467857BC785252F84DD20FEF3E79FFD2FBD295956C89EC6C1 |
SHA-512: | 5C1289CCD04BC1596ECBA7C34200F33F0C0840F958F5F0BFADEA39AA503E0222EE77D185D8B9C6A63991AB86037A6F0E5D22C949CF6D71D335EFECBBD4954379 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.368050193928987 |
Encrypted: | false |
SSDEEP: | 12:YvXKXBINSm4blZc0vISVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWi:Yv6XBI4lzvbx168CgEXX5kcIfANhnH |
MD5: | B2F3C7A7DB7D9B006B305823B86AAB5F |
SHA1: | 9D9AB65C41A3D95BBB894B661986CBC1783E8C16 |
SHA-256: | 2FC6E6548207EB4A8639ED00636C6E5A9089460FEB4233105CCB1490F179E018 |
SHA-512: | C37A43855C4BD59F05A6279EC54FA77F464F9DCF6DB494B5D9021A684AED3D24807A42426ED00B3FF1F7624390F2EC2AD8CDEEEBB197CB46A8D243A9A3565413 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2813 |
Entropy (8bit): | 5.142977201613747 |
Encrypted: | false |
SSDEEP: | 48:YNNGNeHAT4Dd0OoyErDBI7VIKPyCIxWIeFGn++J9eG2i:gNzHAT4J0OoXPBIBISyCIXeFGdeG2i |
MD5: | 91D74E63791E80B4072E679AAE864D16 |
SHA1: | 084E0C5465C024A09966BC22987333DE558670F1 |
SHA-256: | 6A12B216DCB8806070672EE0B602416E583C2C59177342712FB21A2917115CAD |
SHA-512: | FDFD6FB856CBFE61B1F1119B23C0DE8CE9F77F3B3C39C64BC0D9C16A045E530E617B44CAF198F51049B5619744AC4582F39B9ACC319E0A4DC21A920CD26725E0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1878281182056798 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUULSvR9H9vxFGiDIAEkGVvpv:lNVmswUUUUUUUUL+FGSItj |
MD5: | E987584D670665558741D9F5E54E1339 |
SHA1: | 205D27B8C61F145E9B657BE047038F4A18D5104F |
SHA-256: | D07AA2FC82E5E6816D80761C3F1AA8D07ADDFFF4BB09DEEE942ED85D3E30ECB8 |
SHA-512: | 92C0C522EFA45086BC39070144CE7374A9CB594F9D22F783C9CC4ACA86782C4541AFAF6E2234D0AC574E1865E57983D2326E7EA4A11FCE08EDDE1EDFCCB7805C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6067331522522614 |
Encrypted: | false |
SSDEEP: | 48:7MvKUUUUUUUUUUfvR9H9vxFGiDIAEkGVvrqFl2GL7msz:79UUUUUUUUUUXFGSIt9KVmsz |
MD5: | FBCE7476C2E8777CCD3D21A4A88D09E9 |
SHA1: | 0A101083CEC9F69CFE88A252BCEB0A61414036DE |
SHA-256: | 68881A59291E7EAC839B2B4E7AC5CEBFE01A8FD8F7D77027D54B6F5A8C88E461 |
SHA-512: | 90A8784C013425883771A3E2D91358FBB3034FF7102A5B3E0B7B44FDE57E976F52845795A6F5002F5843767E27AEFF5DDD28A526FC289A16FF419CCED6818FB9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgzjvB6lrNzAK/qZNaWDVuBnJxLGYyu:6a6TZ44ADEzjp6lrNzAmhJFGK |
MD5: | F5E00D6EC30843EEB5ECB117DA0172BE |
SHA1: | A2F9D5A4B23480F12CF8A90A2FDEB21E70F7A72B |
SHA-256: | B7E3A1856B76B9EC4DD8696E7AE2E8615A32D5B78CAF79E2FD7D1F8597E396BC |
SHA-512: | 7D8E46F6E9DEF533CCF76909E2C1C3CB333565CFA8030199F0B9C12275B127A2E5194B4C7492CC695F67E4BD022641100753F157C91BE7D6876B15719D031522 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.534010397435022 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rFFElDDH:Qw946cPbiOxDlbYnuRKCEvH |
MD5: | F322F3DC8C33B112896792E7B7EC1DC5 |
SHA1: | 22CEAEBC767CA3D82A6F79C65B5BF70ACB92FEC5 |
SHA-256: | DB9E647513F8D725267C35E00181A6AF9F4618CC2027C629E55D2F98FDA52779 |
SHA-512: | E3C65B4E70AEAFFCD74121C683D1044383DD61CE7341DEED27D8A4A51EFFCC53C872C0CCDE5F6558A0331F62F2BE142889F2645E5CE6189D56F58D0763532E85 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-28 18-34-09-907.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.3907576178032235 |
Encrypted: | false |
SSDEEP: | 384:3CknselWdc6SNNyBD1IxLfGSRAfp9R7iJ9/5t/H+vy28vkPF42mSbSbqgCybkMIc:TZx |
MD5: | 657626F64BB68200B239799E16A83A2C |
SHA1: | 32FE78D40A4A67B176D0059E6BF20CC36A3F932B |
SHA-256: | 1AEDBB0CA0DC06963F158EC1222E483B2A090F045C88A72B3B6CD500D74AE955 |
SHA-512: | 64A928AAB296253C040269475C7D2105DD5CA147F9D2DDF9461795AC8A0800472D9D7671CF7152E63A4FD542EE348A2D125D8372E6369358F4A54829FBBF6B52 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.396383227685945 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rP:j |
MD5: | 1AE2DC65D4C019000A53EC20ED7354EB |
SHA1: | 1949188E3F9D3D99E81E1EAEA011DFE7EB0A3F69 |
SHA-256: | ABD130B6AE6FEAEF3B4FECF3143A51E1D46D4EEB8F7C340AADA4B086E4BAD515 |
SHA-512: | C5AF18F84E731F8A670D9ECDB817D5318DEC2F1291E203FDEAD495C79C2F931FEDF586B190E0E34483659CF483DC0FE394C440DB3F581C4AA5DD6B2231A2E8C9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 215 |
Entropy (8bit): | 5.289884096889609 |
Encrypted: | false |
SSDEEP: | 6:JiMVBdgqZjZWtMfgRTH1mf+gMRIVfLMU5Ag6n:MMHdVBZWyUTKJnjLF6 |
MD5: | 6E01BACA7ECA43CD9F6FB21AAB6819D4 |
SHA1: | 6E3AFE20451247C1D1D9B6AF036941CD8E2EA622 |
SHA-256: | 80D9D0909B82F774521C36D35D71ED54D45B79FC9545391E031609F76BBB97AC |
SHA-512: | 5EB0E3019A92D1FA0E470521692D2FB8B59B316478A69276363E2B2924ADD1923971085E5299BA0B0F1369881D9881EFEF61BECBED575F97013A1FDB972AAE2B |
Malicious: | false |
URL: | https://plumsailforms.blob.core.windows.net/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 215 |
Entropy (8bit): | 5.355338313451104 |
Encrypted: | false |
SSDEEP: | 6:JiMVBdgqZjZWtMfgRTH1hphxRIVfaWg6n:MMHdVBZWyUTSSn6 |
MD5: | 0DFD1EF54F01D07467D05C4E3E56FC08 |
SHA1: | A548C16336A0AD3481AE721F386BB84005255DEE |
SHA-256: | 7EFA5306FE51FE2A29414174D46950F223AA6E5B42817A654694D85CA5F473E5 |
SHA-512: | ABDA153BBD69D8E4EF2126F6D02C817D89AE959C64786990F6CE30333408C8D2310EDF941B07390E13ACD647578B6CB18501874D1EB79AECD1112341247AFA96 |
Malicious: | false |
URL: | https://plumsailforms.blob.core.windows.net/9a82efd0-7ed8-4446-8eeb-7f9b67b5f5d3/4bf2c103-b239-4062-bed8-c7f971eee861/bf1155fb-d125-45ec-9a84-5e69a12a60b7/ab6eaf35-7053238.jpg |
Preview: |
File type: | |
Entropy (8bit): | 3.311574831005607 |
TrID: |
|
File name: | plumsail-form-2024216-105537.pdf |
File size: | 141'193 bytes |
MD5: | 5dcc8013846aee3e0487cf46f2115db5 |
SHA1: | a4658e047c70295253df988eff249b1d24e633b3 |
SHA256: | 8b8afec2d2937699e8cc80f359204e1a23619fe0d81a3e57985033d22a2139a9 |
SHA512: | 6781de5c4672393d819786746e529c22d888b176e961edf7ca294d079a8a5f7eea6e55d84dd0cd708ede311683d40bfb917038d41bc4653533a414d9e3edd206 |
SSDEEP: | 768:3VhmOvl9Tvg18MladEhk6GNw2tuWddlmI6m0TYsaSQavB4TcPDzHGQ5OnyfyB1ex:ZerWX/q54wnBmyfyBECNs |
TLSH: | 0FD3D668F3E4C594F95B92F0ACF572784A37BC23CF60C12E62697B1E1B70A09E911395 |
File Content Preview: | %PDF-1.4.%.......1 0 obj <<. /Type /Catalog. /Pages 2 0 R.>> endobj..2 0 obj <<. /Type /Pages. /Kids [ 5 0 R ]. /Count 1.>> endobj..3 0 obj <<. /Producer (...K.e.n.d.o. .U.I. .P.D.F. .G.e.n.e.r.a.t.o.r). /Title (..). /Author (..). /Subject (..). |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 3.311575 |
Total Bytes: | 141193 |
Stream Entropy: | 3.164925 |
Stream Bytes: | 136387 |
Entropy outside Streams: | 5.058246 |
Bytes outside Streams: | 4806 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 23 |
endobj | 23 |
stream | 9 |
endstream | 9 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 2 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 18:34:03.895726919 CET | 49678 | 443 | 192.168.2.4 | 104.46.162.224 |
Mar 28, 2024 18:34:04.130101919 CET | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Mar 28, 2024 18:34:13.745831966 CET | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Mar 28, 2024 18:34:14.573474884 CET | 49738 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:14.573514938 CET | 443 | 49738 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:14.573620081 CET | 49738 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:14.574995041 CET | 49738 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:14.575006962 CET | 443 | 49738 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:14.945465088 CET | 443 | 49738 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:14.945544004 CET | 49738 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:14.949431896 CET | 49738 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:14.949443102 CET | 443 | 49738 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:14.949748993 CET | 443 | 49738 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:14.992394924 CET | 49738 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:15.024791002 CET | 49738 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:15.072237968 CET | 443 | 49738 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:15.333054066 CET | 443 | 49738 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:15.333159924 CET | 443 | 49738 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:15.333211899 CET | 49738 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:15.361419916 CET | 49738 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:15.361449003 CET | 443 | 49738 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:15.361465931 CET | 49738 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:15.361471891 CET | 443 | 49738 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:15.573077917 CET | 49739 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:15.573112965 CET | 443 | 49739 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:15.573189974 CET | 49739 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:15.573529005 CET | 49739 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:15.573544979 CET | 443 | 49739 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:15.919190884 CET | 443 | 49739 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:15.919271946 CET | 49739 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:15.920454025 CET | 49739 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:15.920465946 CET | 443 | 49739 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:15.920696020 CET | 443 | 49739 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:15.921885967 CET | 49739 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:15.964241982 CET | 443 | 49739 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:16.260437965 CET | 443 | 49739 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:16.260502100 CET | 443 | 49739 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:16.261251926 CET | 49739 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:16.261307001 CET | 49739 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:16.261322021 CET | 443 | 49739 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:16.261353016 CET | 49739 | 443 | 192.168.2.4 | 23.221.242.90 |
Mar 28, 2024 18:34:16.261358023 CET | 443 | 49739 | 23.221.242.90 | 192.168.2.4 |
Mar 28, 2024 18:34:20.647372007 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 28, 2024 18:34:20.647416115 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 28, 2024 18:34:20.647475958 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 28, 2024 18:34:20.648087025 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 28, 2024 18:34:20.648097992 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 28, 2024 18:34:21.172374010 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 28, 2024 18:34:21.172813892 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 28, 2024 18:34:21.172836065 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 28, 2024 18:34:21.173707008 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 28, 2024 18:34:21.173779011 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 28, 2024 18:34:21.175869942 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 28, 2024 18:34:21.175926924 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 28, 2024 18:34:21.176145077 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 28, 2024 18:34:21.176151991 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 28, 2024 18:34:21.218456030 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 28, 2024 18:34:21.350526094 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 28, 2024 18:34:21.350651026 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 28, 2024 18:34:21.350742102 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 28, 2024 18:34:21.351196051 CET | 49740 | 443 | 192.168.2.4 | 23.48.8.182 |
Mar 28, 2024 18:34:21.351207972 CET | 443 | 49740 | 23.48.8.182 | 192.168.2.4 |
Mar 28, 2024 18:34:26.403685093 CET | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Mar 28, 2024 18:34:26.403719902 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:26.403932095 CET | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Mar 28, 2024 18:34:26.404985905 CET | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Mar 28, 2024 18:34:26.404998064 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:26.831734896 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:26.831819057 CET | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Mar 28, 2024 18:34:26.835611105 CET | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Mar 28, 2024 18:34:26.835622072 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:26.835860968 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:26.890460968 CET | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Mar 28, 2024 18:34:27.364085913 CET | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Mar 28, 2024 18:34:27.408237934 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:27.636539936 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:27.636571884 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:27.636578083 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:27.636596918 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:27.636604071 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:27.636605978 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:27.636641979 CET | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Mar 28, 2024 18:34:27.636666059 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:27.636748075 CET | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Mar 28, 2024 18:34:27.637077093 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:27.637125015 CET | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Mar 28, 2024 18:34:27.637129068 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:27.637145042 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:27.637160063 CET | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Mar 28, 2024 18:34:27.637187958 CET | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Mar 28, 2024 18:34:28.063647032 CET | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Mar 28, 2024 18:34:28.063672066 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:28.063683987 CET | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Mar 28, 2024 18:34:28.063689947 CET | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Mar 28, 2024 18:34:38.289587021 CET | 49753 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:34:38.289616108 CET | 443 | 49753 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:34:38.289706945 CET | 49753 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:34:38.289969921 CET | 49753 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:34:38.289980888 CET | 443 | 49753 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:34:38.500761986 CET | 443 | 49753 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:34:38.501355886 CET | 49753 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:34:38.501388073 CET | 443 | 49753 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:34:38.502548933 CET | 443 | 49753 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:34:38.502626896 CET | 49753 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:34:38.504065037 CET | 49753 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:34:38.504138947 CET | 443 | 49753 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:34:38.550803900 CET | 49753 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:34:38.550862074 CET | 443 | 49753 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:34:38.597613096 CET | 49753 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:34:48.504724979 CET | 443 | 49753 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:34:48.504791021 CET | 443 | 49753 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:34:48.504833937 CET | 49753 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:34:50.101217985 CET | 49753 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:34:50.101244926 CET | 443 | 49753 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:35:04.661608934 CET | 49760 | 443 | 192.168.2.4 | 40.68.123.157 |
Mar 28, 2024 18:35:04.661653996 CET | 443 | 49760 | 40.68.123.157 | 192.168.2.4 |
Mar 28, 2024 18:35:04.661761045 CET | 49760 | 443 | 192.168.2.4 | 40.68.123.157 |
Mar 28, 2024 18:35:04.662199020 CET | 49760 | 443 | 192.168.2.4 | 40.68.123.157 |
Mar 28, 2024 18:35:04.662213087 CET | 443 | 49760 | 40.68.123.157 | 192.168.2.4 |
Mar 28, 2024 18:35:05.225887060 CET | 443 | 49760 | 40.68.123.157 | 192.168.2.4 |
Mar 28, 2024 18:35:05.225965023 CET | 49760 | 443 | 192.168.2.4 | 40.68.123.157 |
Mar 28, 2024 18:35:05.233962059 CET | 49760 | 443 | 192.168.2.4 | 40.68.123.157 |
Mar 28, 2024 18:35:05.233980894 CET | 443 | 49760 | 40.68.123.157 | 192.168.2.4 |
Mar 28, 2024 18:35:05.234251022 CET | 443 | 49760 | 40.68.123.157 | 192.168.2.4 |
Mar 28, 2024 18:35:05.254347086 CET | 49760 | 443 | 192.168.2.4 | 40.68.123.157 |
Mar 28, 2024 18:35:05.300235033 CET | 443 | 49760 | 40.68.123.157 | 192.168.2.4 |
Mar 28, 2024 18:35:05.777653933 CET | 443 | 49760 | 40.68.123.157 | 192.168.2.4 |
Mar 28, 2024 18:35:05.777686119 CET | 443 | 49760 | 40.68.123.157 | 192.168.2.4 |
Mar 28, 2024 18:35:05.777700901 CET | 443 | 49760 | 40.68.123.157 | 192.168.2.4 |
Mar 28, 2024 18:35:05.777910948 CET | 49760 | 443 | 192.168.2.4 | 40.68.123.157 |
Mar 28, 2024 18:35:05.777910948 CET | 49760 | 443 | 192.168.2.4 | 40.68.123.157 |
Mar 28, 2024 18:35:05.777937889 CET | 443 | 49760 | 40.68.123.157 | 192.168.2.4 |
Mar 28, 2024 18:35:05.777954102 CET | 443 | 49760 | 40.68.123.157 | 192.168.2.4 |
Mar 28, 2024 18:35:05.778023005 CET | 49760 | 443 | 192.168.2.4 | 40.68.123.157 |
Mar 28, 2024 18:35:05.783989906 CET | 49760 | 443 | 192.168.2.4 | 40.68.123.157 |
Mar 28, 2024 18:35:05.784017086 CET | 443 | 49760 | 40.68.123.157 | 192.168.2.4 |
Mar 28, 2024 18:35:05.784034967 CET | 49760 | 443 | 192.168.2.4 | 40.68.123.157 |
Mar 28, 2024 18:35:05.784041882 CET | 443 | 49760 | 40.68.123.157 | 192.168.2.4 |
Mar 28, 2024 18:35:38.255150080 CET | 49762 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:35:38.255177975 CET | 443 | 49762 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:35:38.255264997 CET | 49762 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:35:38.255511999 CET | 49762 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:35:38.255526066 CET | 443 | 49762 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:35:38.461357117 CET | 443 | 49762 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:35:38.461635113 CET | 49762 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:35:38.461643934 CET | 443 | 49762 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:35:38.461930037 CET | 443 | 49762 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:35:38.462210894 CET | 49762 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:35:38.462261915 CET | 443 | 49762 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:35:38.503845930 CET | 49762 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:35:48.461894989 CET | 443 | 49762 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:35:48.461978912 CET | 443 | 49762 | 142.250.31.99 | 192.168.2.4 |
Mar 28, 2024 18:35:48.462102890 CET | 49762 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:35:50.093050003 CET | 49762 | 443 | 192.168.2.4 | 142.250.31.99 |
Mar 28, 2024 18:35:50.093080044 CET | 443 | 49762 | 142.250.31.99 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 18:34:33.957648993 CET | 53 | 52132 | 1.1.1.1 | 192.168.2.4 |
Mar 28, 2024 18:34:34.003199100 CET | 53 | 62496 | 1.1.1.1 | 192.168.2.4 |
Mar 28, 2024 18:34:34.421705008 CET | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Mar 28, 2024 18:34:34.632281065 CET | 53 | 65422 | 1.1.1.1 | 192.168.2.4 |
Mar 28, 2024 18:34:38.192764997 CET | 55115 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 28, 2024 18:34:38.192939997 CET | 54768 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 28, 2024 18:34:38.288434029 CET | 53 | 55115 | 1.1.1.1 | 192.168.2.4 |
Mar 28, 2024 18:34:38.288592100 CET | 53 | 54768 | 1.1.1.1 | 192.168.2.4 |
Mar 28, 2024 18:34:46.184149981 CET | 53 | 63927 | 1.1.1.1 | 192.168.2.4 |
Mar 28, 2024 18:34:51.602005005 CET | 53 | 54984 | 1.1.1.1 | 192.168.2.4 |
Mar 28, 2024 18:35:10.539973021 CET | 53 | 55758 | 1.1.1.1 | 192.168.2.4 |
Mar 28, 2024 18:35:32.992832899 CET | 53 | 55199 | 1.1.1.1 | 192.168.2.4 |
Mar 28, 2024 18:35:33.573429108 CET | 53 | 51262 | 1.1.1.1 | 192.168.2.4 |
Mar 28, 2024 18:36:02.160866022 CET | 53 | 55247 | 1.1.1.1 | 192.168.2.4 |
Mar 28, 2024 18:36:46.126981974 CET | 53 | 64030 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 28, 2024 18:34:38.192764997 CET | 192.168.2.4 | 1.1.1.1 | 0x134b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 18:34:38.192939997 CET | 192.168.2.4 | 1.1.1.1 | 0xf5b8 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 28, 2024 18:34:38.288434029 CET | 1.1.1.1 | 192.168.2.4 | 0x134b | No error (0) | 142.250.31.99 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 18:34:38.288434029 CET | 1.1.1.1 | 192.168.2.4 | 0x134b | No error (0) | 142.250.31.106 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 18:34:38.288434029 CET | 1.1.1.1 | 192.168.2.4 | 0x134b | No error (0) | 142.250.31.147 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 18:34:38.288434029 CET | 1.1.1.1 | 192.168.2.4 | 0x134b | No error (0) | 142.250.31.104 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 18:34:38.288434029 CET | 1.1.1.1 | 192.168.2.4 | 0x134b | No error (0) | 142.250.31.103 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 18:34:38.288434029 CET | 1.1.1.1 | 192.168.2.4 | 0x134b | No error (0) | 142.250.31.105 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 18:34:38.288592100 CET | 1.1.1.1 | 192.168.2.4 | 0xf5b8 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49738 | 23.221.242.90 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-28 17:34:15 UTC | 161 | OUT | |
2024-03-28 17:34:15 UTC | 468 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49739 | 23.221.242.90 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-28 17:34:15 UTC | 239 | OUT | |
2024-03-28 17:34:16 UTC | 774 | IN | |
2024-03-28 17:34:16 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49740 | 23.48.8.182 | 443 | 7780 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-28 17:34:21 UTC | 475 | OUT | |
2024-03-28 17:34:21 UTC | 198 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49741 | 13.85.23.86 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-28 17:34:27 UTC | 306 | OUT | |
2024-03-28 17:34:27 UTC | 560 | IN | |
2024-03-28 17:34:27 UTC | 15824 | IN | |
2024-03-28 17:34:27 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49760 | 40.68.123.157 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-28 17:35:05 UTC | 306 | OUT | |
2024-03-28 17:35:05 UTC | 560 | IN | |
2024-03-28 17:35:05 UTC | 15824 | IN | |
2024-03-28 17:35:05 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 18:34:06 |
Start date: | 28/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 18:34:07 |
Start date: | 28/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 18:34:07 |
Start date: | 28/03/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 9 |
Start time: | 18:34:31 |
Start date: | 28/03/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 10 |
Start time: | 18:34:32 |
Start date: | 28/03/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |