Windows
Analysis Report
04-25-Inv-Doc-339.pdf
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6740 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\0 4-25-Inv-D oc-339.pdf " MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6912 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7332 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 08 --field -trial-han dle=1724,i ,962325086 941576876, 1718748022 9861009220 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- chrome.exe (PID: 7736 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "https ://stgmoun tainair.wp engine.com /wp-conten t/plugins/ user-priva te-files/s hared/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3872 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2040 --fi eld-trial- handle=199 6,i,176655 9153222245 1069,15418 2709852037 73523,2621 44 /prefet ch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
Phishing |
---|
Source: | Matcher: |
Source: | Matcher: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
stgmountainair.wpengine.com | 34.69.210.22 | true | false | high | |
www.google.com | 172.217.15.196 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.63.158.36 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
34.69.210.22 | stgmountainair.wpengine.com | United States | 15169 | GOOGLEUS | false | |
172.217.15.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431947 |
Start date and time: | 2024-04-26 03:42:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 40s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 04-25-Inv-Doc-339.pdf |
Detection: | MAL |
Classification: | mal48.phis.winPDF@40/54@8/5 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.46.188.157, 52.5.13.197, 23.22.254.206, 52.202.204.11, 54.227.187.23, 23.50.112.196, 23.50.112.208, 172.64.41.3, 162.159.61.3, 23.66.101.198, 23.66.101.196, 72.21.81.240, 192.229.211.108, 142.250.189.131, 142.250.189.142, 173.194.213.84, 34.104.35.123, 142.250.64.170, 192.178.50.35, 192.178.50.42, 142.250.217.170, 142.251.35.234, 192.178.50.74, 142.250.217.234, 142.250.64.202, 172.217.165.202, 142.250.217.202, 142.250.189.138, 142.250.64.138, 172.217.15.202, 172.217.2.202, 23.50.112.210, 23.50.112.198, 23.50.112.202, 172.217.165.195, 23.59.235.10, 23.59.235.6, 142.250.217.238, 142.250.64.227
- Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.63.158.36 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
239.255.255.250 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Phisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.203166738775914 |
Encrypted: | false |
SSDEEP: | 6:+3bAq2Pwkn2nKuAl9OmbnIFUt8F3mhZmw+F3m7kwOwkn2nKuAl9OmbjLJ:AAvYfHAahFUt8Ih/+I75JfHAaSJ |
MD5: | 4D912005945DB414EE312337737A9D2E |
SHA1: | EA54DCA00D52ACD2E7387CE6A1F83C51539FBBE6 |
SHA-256: | A7723DC48B638D3615E1534641E38B84AB3BBC2B4033F143D8990906B04D099C |
SHA-512: | 210041E1A19C96E312BDCB22A0792221743AF727AB0395FBFC15D59B7EED87EC9F1EEE38CDC01EF5DE1976AF4D8F0ED47B7A2D740752488C30AA091588221651 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.203166738775914 |
Encrypted: | false |
SSDEEP: | 6:+3bAq2Pwkn2nKuAl9OmbnIFUt8F3mhZmw+F3m7kwOwkn2nKuAl9OmbjLJ:AAvYfHAahFUt8Ih/+I75JfHAaSJ |
MD5: | 4D912005945DB414EE312337737A9D2E |
SHA1: | EA54DCA00D52ACD2E7387CE6A1F83C51539FBBE6 |
SHA-256: | A7723DC48B638D3615E1534641E38B84AB3BBC2B4033F143D8990906B04D099C |
SHA-512: | 210041E1A19C96E312BDCB22A0792221743AF727AB0395FBFC15D59B7EED87EC9F1EEE38CDC01EF5DE1976AF4D8F0ED47B7A2D740752488C30AA091588221651 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.147533752461722 |
Encrypted: | false |
SSDEEP: | 6:+Vu+L+q2Pwkn2nKuAl9Ombzo2jMGIFUt8FWIoKWZmw+FvJjLVkwOwkn2nKuAl9OU:ghL+vYfHAa8uFUt8HW/+rjLV5JfHAa8z |
MD5: | 7771523C57B0AF022DAD77C3B4B7EBD7 |
SHA1: | 08BA487680B139A8F78B9213F82920C270BB7475 |
SHA-256: | 268F79FD1EF3EA702665421412EAAAC608C6D4280DB6CF40A62DEB317D3F629E |
SHA-512: | C1D8677C44265B6796BF04E5440F64B505438667F326C7C853DD3A14CD9E061DD4AAFD962F2525EAC9F59980AA972430FB523E36249E183D9C579EB126E9780A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.147533752461722 |
Encrypted: | false |
SSDEEP: | 6:+Vu+L+q2Pwkn2nKuAl9Ombzo2jMGIFUt8FWIoKWZmw+FvJjLVkwOwkn2nKuAl9OU:ghL+vYfHAa8uFUt8HW/+rjLV5JfHAa8z |
MD5: | 7771523C57B0AF022DAD77C3B4B7EBD7 |
SHA1: | 08BA487680B139A8F78B9213F82920C270BB7475 |
SHA-256: | 268F79FD1EF3EA702665421412EAAAC608C6D4280DB6CF40A62DEB317D3F629E |
SHA-512: | C1D8677C44265B6796BF04E5440F64B505438667F326C7C853DD3A14CD9E061DD4AAFD962F2525EAC9F59980AA972430FB523E36249E183D9C579EB126E9780A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0d761e7e-d248-42d2-805c-d23ee07c7b70.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.971316048517525 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZ6hsBdOg2Ht2caq3QYiubInP7E4T3y:Y2sRdsedMHtJ3QYhbG7nby |
MD5: | 7FBAD3AD25DBCF4FCFAA758D525AD357 |
SHA1: | E1846185BF81BC071E5C1F7E97342D5B8D2CBB75 |
SHA-256: | FC3935387B3C80B696F3BD7E3D7ABC90A4A5B34C9F26BAE5C894D9B9F98E6246 |
SHA-512: | D342C3C03B735EFFFB03641891406BCD988150C279605850EF8F417CEDC76FF94313A8E583A979F2A3D6DCAF8F252557D27237DA5A0028B7AF0547F3EE2A28B6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.971316048517525 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZ6hsBdOg2Ht2caq3QYiubInP7E4T3y:Y2sRdsedMHtJ3QYhbG7nby |
MD5: | 7FBAD3AD25DBCF4FCFAA758D525AD357 |
SHA1: | E1846185BF81BC071E5C1F7E97342D5B8D2CBB75 |
SHA-256: | FC3935387B3C80B696F3BD7E3D7ABC90A4A5B34C9F26BAE5C894D9B9F98E6246 |
SHA-512: | D342C3C03B735EFFFB03641891406BCD988150C279605850EF8F417CEDC76FF94313A8E583A979F2A3D6DCAF8F252557D27237DA5A0028B7AF0547F3EE2A28B6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.246658026815464 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7Cp3k0GDkZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goE |
MD5: | C8B84E2C6548696D3282B30DFE7A29A7 |
SHA1: | 5265E9B147B780DAB39EB49170E3787C23A83145 |
SHA-256: | 2C268C50C812933EE4319C0F8B211DC3D6A8783C4032C6F4E1DE9C1EBB4BED5D |
SHA-512: | 7A743891DEBBF6035385E87A50F379742E601573F0D14F852F50158D35BE7F71BEBD63C91A8F924509BBBE296E31390393FC6B9AAEA2C1CE56788C792CF6C533 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.197310618466749 |
Encrypted: | false |
SSDEEP: | 6:+0GjL+q2Pwkn2nKuAl9OmbzNMxIFUt8FdoKWZmw+Fuu8LVkwOwkn2nKuAl9OmbzE:b+L+vYfHAa8jFUt8bXW/+KLV5JfHAa8E |
MD5: | ACF42BC5127252AC3A43F476625DB0E3 |
SHA1: | C140D3A34079074AF21CFB38881F973899259478 |
SHA-256: | 3E97E0318041FEAE251AE2273533F6807E25C144A73FE64C0D65E650D3C79890 |
SHA-512: | A527E6885081E0C66DC3DEB41E23E6AAACCFDEF9FCC296B765DC10A7579954436C4D5325CCA80780A9115AA9E4D409CB1587DFCA35E806BF03706B23585D81CA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.197310618466749 |
Encrypted: | false |
SSDEEP: | 6:+0GjL+q2Pwkn2nKuAl9OmbzNMxIFUt8FdoKWZmw+Fuu8LVkwOwkn2nKuAl9OmbzE:b+L+vYfHAa8jFUt8bXW/+KLV5JfHAa8E |
MD5: | ACF42BC5127252AC3A43F476625DB0E3 |
SHA1: | C140D3A34079074AF21CFB38881F973899259478 |
SHA-256: | 3E97E0318041FEAE251AE2273533F6807E25C144A73FE64C0D65E650D3C79890 |
SHA-512: | A527E6885081E0C66DC3DEB41E23E6AAACCFDEF9FCC296B765DC10A7579954436C4D5325CCA80780A9115AA9E4D409CB1587DFCA35E806BF03706B23585D81CA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426014256Z-160.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 4.269081586936094 |
Encrypted: | false |
SSDEEP: | 1536:f+wfqhSajWj9aHrdlelioWOo3A1PHaJ/bxr:f+wfqhS+Wirdlelio/1va9l |
MD5: | F29A83D26063CFBB9C02C659D60C9B4C |
SHA1: | ECA420A6B4F1773473FE4781F575AAFDEC071A8E |
SHA-256: | 5838F222277B88ED9ADC333F71582C55301E9462980D1FD8A2B268AF0785CC37 |
SHA-512: | 03482DD56A4574980851384C6885F8DCA9BCF583A5E86E0CCC451E96238EB710DF2C7A5E2AA72F2154CD36C58C682375C0484951C3B777B8E9111421F07FE217 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445264078085616 |
Encrypted: | false |
SSDEEP: | 384:yezci5tIiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rvs3OazzU89UTTgUL |
MD5: | CA1BC61CFA5DD2898D64C8CB0CFBE7A1 |
SHA1: | 28B36175A98F0D03237396004CD176D23EFED71E |
SHA-256: | 7D4D664AF3642B5462EA7B700C80999EAA490E2D420B8B01AD3C45F89ACDA2BD |
SHA-512: | 5D8876D357E40141B97403F14EEBA7E61A393F95862EDEC0AFFAE4EB31C501102AE44A3789E98DEB94C627FDF873FB196A9FFA2CA4EC20B22668D3F97D6A665B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.771755085941288 |
Encrypted: | false |
SSDEEP: | 48:7MWp/E2ioyVaioy9oWoy1Cwoy1eKOioy1noy1AYoy1Wioy1hioybioyUoy1noy1H:7VpjuaFxXKQFWb9IVXEBodRBkc |
MD5: | 9FBC0540769F742ED2858349B4907EC8 |
SHA1: | B8A939F587E20844B3E9FBDE90AFF8A5CC7F4E49 |
SHA-256: | BB4FDAF724A2AA60955124A6FCDB13CB5A04D9A407E12A7526427514D46406F3 |
SHA-512: | 3262DEBBD56D83422FCCAB250A57D5BA16BE9F19100E08E43CC1F1EE1E22E92B1C7A9F405C838B3E1CA1C2DAB85DBA01A068441E02CE03E2D455534B0D9EC066 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.316776875559436 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJM3g98kUwPeUkwRe9:YvXKXyQDR2nEZc0vc5GMbLUkee9 |
MD5: | CBB053C8E90B079A1A715C85E0725358 |
SHA1: | 5C268A59A68A6DE7F402B0E53E3D2D7220149B3D |
SHA-256: | 85F1269A3D2BDDC3F708FDB79F95A73531CE0F4CA86021F62DC754980900B144 |
SHA-512: | 20AA312FC962DAD239DCB0B2AE3B9C51443FDEF778176FB65F2CCC10C2DCB86132ED9C49FF4BDC84DD7B17C49361CFB97599EF9E1FAE594787E0E04701D9EC2B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.263117087307326 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfBoTfXpnrPeUkwRe9:YvXKXyQDR2nEZc0vc5GWTfXcUkee9 |
MD5: | 1C90D24B25E3CFB90455379E62D61A3C |
SHA1: | 404E95DC840347312CD82CF8349F0790F28BD1C9 |
SHA-256: | 20B3682D1117821D23A9E79F44138E907CDC60D91C9983F7FDCC5D6CDCCA5ACE |
SHA-512: | ABD8838332E9B591FC9BA1E523BDEB4E603186C52AEAE4C1AD0F1CC68DA56EB8AF75F74A66409F44117A5F75E3E35BA6CC530A5244C8898498019CC62C77F428 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.240967180884396 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfBD2G6UpnrPeUkwRe9:YvXKXyQDR2nEZc0vc5GR22cUkee9 |
MD5: | 61E4AFEDD8FD511C43509649558DACA6 |
SHA1: | D7C81908FE43C805FEB6F13650BB09FAE3F3D04C |
SHA-256: | 8EED3224A3BF8EC0A8C1AC2E60498541BF3E06F9ADD6793D967E3DE255BBE31C |
SHA-512: | 4D9B358B11CBA91CBD9A46C5F974D47149D95E325FB5EF30737443125F1227CC01B7C6EACEA0FEB604FAC35F871CC2D519612B359B54687D054D2A930A37EED6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.302152767342042 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfPmwrPeUkwRe9:YvXKXyQDR2nEZc0vc5GH56Ukee9 |
MD5: | 3CA9F687EEE2507CD6D8DC0819A37566 |
SHA1: | 7D770FE8CCE9B6BD9C77C51DE57010684CD5AB83 |
SHA-256: | 7B95F11429D03A5AEC39CD4C5C680D33C8AF826945D2115A8CEBC18EE91E09C7 |
SHA-512: | 87F8B082C7A19C404319BA1683DB88499D478C4E9DFBCDF17604DC31463A6262139D565835010BA6064D42A9B3044E9B1CB5FACDA2B29E792B1E1FCE7201BC1B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.261760189554014 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfJWCtMdPeUkwRe9:YvXKXyQDR2nEZc0vc5GBS8Ukee9 |
MD5: | 4F6ABA6345C2769C285BBE34976D847F |
SHA1: | DFCA61E7073158BB728A8A305168F1C32C14F94C |
SHA-256: | B0998922DEB99DA5842FD06647880CF7EC73752F28D03978E1BD7CF7A84291B0 |
SHA-512: | C54E333CE7E557696B372D33728C9C4A840DB3C94804DEBDB3272EB6A0FDAB34E05AECCD823712988358658AEAA0193CA42BDA2EA7E223719EE6ED822FD007F8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.247397588925787 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJf8dPeUkwRe9:YvXKXyQDR2nEZc0vc5GU8Ukee9 |
MD5: | BF09267E216423E3C3C6BD5AC7D1A100 |
SHA1: | 6C508EC0D93979A28277924DAFFD7554D20147EB |
SHA-256: | EF101F5E4BCEA37C1C54B3E542A33036F02460B8B38A64D1EEC6C75104F3958A |
SHA-512: | B7D4AE87D33E70D3023EE61CDF0ED56F1B5E3C07F80227F2E8C51A8B10DCB096ACFB38EC958E1F2B32EDF6ABA494E254D7A535E517F54352140C5000589091EB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.252955044747848 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfQ1rPeUkwRe9:YvXKXyQDR2nEZc0vc5GY16Ukee9 |
MD5: | 0F45E3FD21A885E2A4A71420B8BDB68D |
SHA1: | 0D64A9CFFF7C19F3D20F8363C5F84422F2F93D01 |
SHA-256: | 642CC8F501E71B4E1DEC88DDB20469DC0E4D728B7964FC112EB857C579411EBB |
SHA-512: | AACFF953287EA205DC35013D99F5E5F1DFC673EDF33605939C89233DF63157155E442DE93E127B160200CAB9C9A20D4222DE7E203F8CD41084A98586F86C47E7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.257155120552425 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfFldPeUkwRe9:YvXKXyQDR2nEZc0vc5Gz8Ukee9 |
MD5: | 79F59A6DE4054F864E70C3ABE87692D7 |
SHA1: | 4E4B5664B2B208B1D78F674688D2E596484C1F17 |
SHA-256: | BC70FA78561133FF5938F36AF0F22993CF0D4883CA48ACDBBD63C71024669C5D |
SHA-512: | 06291C2FE26FD32AB18648DF7AC2AAA3E33DF3040353E800B43CC9B48D298CB61D0A98B0E1E785C19883E373CFEE42B4F472CE4FA4FA597A1277D47E0D44B69C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.733286128188263 |
Encrypted: | false |
SSDEEP: | 24:Yv6XJFCEzvKKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN+:Yv2CEgigrNt0wSJn+ns8cvFJA |
MD5: | 0D7FF533F03AC40415E216EDA197AA00 |
SHA1: | 4A5A1E793465BA8F2C204ED037AD787F948D6E41 |
SHA-256: | 8241F63B3160648A42A46B77E55BF958918D434066625C2A642CEB56547A533C |
SHA-512: | 6FA92734E75D61060C8D6F3F913C6992D6149D499694E33901237B17E683CF8F42D3AD5D29662092704F28287C7582461E177146D6F8855C6DA14D9122C04BA1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.254436535443107 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfYdPeUkwRe9:YvXKXyQDR2nEZc0vc5Gg8Ukee9 |
MD5: | 6BB499EE296C912405D3813F95A61B92 |
SHA1: | 077949BECBFB9BD3174929AB4252E5E82DA108E7 |
SHA-256: | E6074ACFE0A47C348DA720BAB92F009185777E46004A2F49BD5533DF741E27D8 |
SHA-512: | DEC881286BDA5E9166EA9DCFFF7986BCFBF8175807B1E0A51470C0CDA62520468585C25FC9B23B1D7DF2B3B7446EA3046864FC64D57A1C3B4BF40248A24A1DDF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.775188718080611 |
Encrypted: | false |
SSDEEP: | 24:Yv6XJFCEzv5rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNG:Yv2BHgDv3W2aYQfgB5OUupHrQ9FJM |
MD5: | 2CDD7523A34559668874D5F879ACCF2C |
SHA1: | 23674F4089D1251C1289F1A8912CA9E543C17399 |
SHA-256: | B5D118C6D6E1B8D2DE411B9DF507BBDD968E873D34062ED99A6957BACDA3354A |
SHA-512: | 6F3ADE51C8213CBEAF5964F6C2EBF453D26446825007C2EBE00BC256AAFBE8B48B0508F195B69CD30C5094FA5C9421B43358C0D43AA9BAA9D7B8DE337ACE2829 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.238296784076124 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfbPtdPeUkwRe9:YvXKXyQDR2nEZc0vc5GDV8Ukee9 |
MD5: | 06567A4D526F1E9A477ABEA00BE375EC |
SHA1: | 50C05EC0ECCC5B9046340B47B8770D55E9BCD725 |
SHA-256: | 12B706B171982DA9D8899762685083CA0F7A6D9B0F8279A314924866399C115F |
SHA-512: | BF38EC78DA350406637B6B643CE2CEA870E4B99F740521B58D55DD5F136F07EC8EF0E70FDEAE940981611325C5B4CB94226CB173E86AA726A0ADD66E799C51CA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.243157538408071 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJf21rPeUkwRe9:YvXKXyQDR2nEZc0vc5G+16Ukee9 |
MD5: | B1AE059D0B9DA72C32FE7A288FC43863 |
SHA1: | 716881EE5CFDBEA60692AB18CB18D364F081D0E9 |
SHA-256: | 8A85E8D1E406E3DB3826BB3820AF030B67FA811A30068060A3FA32FEFCB77971 |
SHA-512: | AB068956309E5B98F346FF04F25A73AA85EBE400D13B467C1847CCD1C3B4C7450A540936DBBFCA249D9A89A660FE7462BC9E9CDB8A04977F9843AC83643B663B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.260977846127032 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfbpatdPeUkwRe9:YvXKXyQDR2nEZc0vc5GVat8Ukee9 |
MD5: | 55BDC91C9DB081AB185E1E403201D701 |
SHA1: | 095EFF79163C45C15706ECBF80328783D1AB8DB9 |
SHA-256: | 98E2C8EF9DD03446090665DCDD397F98B5A70E76826BE61CE38A795B78DFF297 |
SHA-512: | 4DA5C703778CF99C27B8152AD576FB7CA571EEEAD11BF39BB3E3D5ECD86A8C88B12D758A79371B339C42AFAF264ABC362D0C08D15FCA1F572DF8AD136182C4DA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.217501593212319 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfshHHrPeUkwRe9:YvXKXyQDR2nEZc0vc5GUUUkee9 |
MD5: | 8806F7349F36B5F788721B0BA4E8662B |
SHA1: | DA9BA303E972619FD3BC63914CA1A5BFD9D8B708 |
SHA-256: | EF3D9C6C874F2CFCAE0399F222F7AAC86AEC60F54D9CF17C20649B0A20708B08 |
SHA-512: | F9F72224A03F02B215C1655BE529A679CF7CE2475D93FE9C21016FD16C4C1CDDB4EF8185BCFA2410A9B473720831C14C3B4461C67FCDA00D1C54BF2A4D38504A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.364441048310901 |
Encrypted: | false |
SSDEEP: | 12:YvXKXyQDR2nEZc0vc5GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYhH:Yv6XJFCEzvY168CgEXX5kcIfANhL |
MD5: | BD2FD3B0DEEBD3167C0FBA5854F80F9F |
SHA1: | 6FCA52A0AFC503EE543DCBD9EF91769336AC801B |
SHA-256: | 982FED883C85AB8771E0814C442CD4ED6E5577397B4F90FA85A1B37315EB0E7E |
SHA-512: | 6776C3652C4B19BC889FBDBA4526FF154F87B0A273234CCE8577909CE0B128907B39C5040E4E597D9E2EDBF0C86057451396B80FD182F256D8DA60FCEF878870 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.122655637517842 |
Encrypted: | false |
SSDEEP: | 48:YmF09BXaqDLlDr0RpkuHh3gKpkKwOpCV+PXoddvrYLuB9DqYF:NF09BBxDr0Rpph3lpkKnpo+PXkv8LCD5 |
MD5: | BBF1BBEC95C8384DDE8C66B4E9E3C936 |
SHA1: | 40CA3FF31F73D823916EB681F6FADD93C606E418 |
SHA-256: | 2AB4998C1973ECFDDF48BB3A572C4C821F4B9DA4A5909004A066221864F2371B |
SHA-512: | A9920680D14B194A41BEB88C9CC8CF170748F0F378EE47D446FE9DC90F6362FB62A9C9CA30426531598F92D2E40EC4405E49D3E730BC89FA7828B34B1FF6D1F4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1881382607371673 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUhbVSvR9H9vxFGiDIAEkGVvpNbh:lNVmswUUUUUUUUhbV+FGSIthbh |
MD5: | 37798D2BA2842988E9E14E98132F1C77 |
SHA1: | 2651CE41CC3E3259CFA395EDB8A65E5B67C06C05 |
SHA-256: | CB15467AB2EC3D2CB2A6A9B3D4F3C6AE72C66C816B884594387DBF7476636FB2 |
SHA-512: | 299E036E63E1371984F4B78C69C12B3E5C6FE7F8111BD11F1D83E99122C68B1D525BE6A1496CC482B6DB6F126E6F20633D45A4ADBBFC43A7C91611EA35983281 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.605156553453878 |
Encrypted: | false |
SSDEEP: | 48:7MCKUUUUUUUUUUhbNvR9H9vxFGiDIAEkGVvLqFl2GL7msu:7WUUUUUUUUUUhbpFGSItFKVmsu |
MD5: | 6DC22CC89873F11E474688605A402297 |
SHA1: | 5DAE33291750AED5C7C3ACC2942BC84DA1AE4F0B |
SHA-256: | 8CC6AC6ECDF0313D31B166B982C860E0BF4090821B2E145A73916A005D401088 |
SHA-512: | 90452FB559F660134220AA4825789DEE234DADFB99A324E3B5053B28F25EFFB28949855B5EBAE22E8C0C9EA90360027E8A82171E76BB9009B31489FCD15AEBC1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.537590009309966 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8mdWgEi:Qw946cPbiOxDlbYnuRKvjEi |
MD5: | 584C74A964CD168FE18BC54225EA3830 |
SHA1: | 9C22785427C7DE6DD665042EA9E1AE9DE3B85895 |
SHA-256: | E267B7E17B1A03B05B97743911D03D99D5143545DE93A785F878D02C1A84B1E1 |
SHA-512: | BF8CE91D4030F59C3242C1AE3A076B86BB3D45C0E7956BCBF1B463CE2B20A6CAEF2D5FC29D415048CAC4A24247CEEFCF5BC27B410D506FC145164545FAEEF47D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 03-42-54-648.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16599 |
Entropy (8bit): | 5.374166004666828 |
Encrypted: | false |
SSDEEP: | 384:hIkhMotjOPt15pHsjxi9P1ss/Q2LowfRid53vffHGeewLog+3uqWbWL+Y2809dVf:2L0 |
MD5: | C629163337BA4C0841B7BCC07CE846CF |
SHA1: | 1DBD602229D488B09139CB88DFBEE9B2BBFD1FB7 |
SHA-256: | 06E9D29EEF884A6FCEF6B22F78E297B4AC2808BF538C7733ECCC25C5073B3EDD |
SHA-512: | 71946D0F2D43D4A7E4F215A3D185DE71790CE8E48A8A0B7DF4345EFF5BE54A2921FB6FEE940E2F9D634D9EF5B743BFB10C163262958F8B004AB8C5755D05E159 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.389584291746552 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rC:e |
MD5: | 718ADAB7C91EFE8D72E3BF844DF8F080 |
SHA1: | D1BDE288E600372CF166A6C74020E11382C13F36 |
SHA-256: | D8A8C1EFD724FBB006F40D9511A256C0C5106FFD136F005EEBF795557B35F7A9 |
SHA-512: | B778EE580EDE6DABA5B1D8A726A456EDAF5A731271791AFDCC453AF7C9F74BEA4DBAFB5E0E60F0FBD8EA4FB70374EE48D321947BBA2F15EA7503CC29DF59C597 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 48236 |
Entropy (8bit): | 7.994912604882335 |
Encrypted: | true |
SSDEEP: | 768:uj6JxavgLx5rjTH3CdZ3y11o4uMb2IVEhiB6z6GAAHJApICtBgso6HaOjTXHRWK:ujoa4LxZPCdm3B2IVEhiB62apApISxos |
MD5: | 015C126A3520C9A8F6A27979D0266E96 |
SHA1: | 2ACF956561D44434A6D84204670CF849D3215D5F |
SHA-256: | 3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA |
SHA-512: | 02A20F2788BB1C3B2C7D3142C664CDEC306B6BA5366E57E33C008EDB3EB78638B98DC03CDF932A9DC440DED7827956F99117E7A3A4D55ACADD29B006032D9C5C |
Malicious: | false |
URL: | https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 11634 |
Entropy (8bit): | 5.3590936999726 |
Encrypted: | false |
SSDEEP: | 192:a/KWbqXV6uyErbqGIwYjc1YT/7Hqqmg6uy5rbqGIwYyx1tf:kaHq9N3gq98 |
MD5: | C8F7F88BF690B7D8114390B573F5FC2D |
SHA1: | D2B2803EA1877739C1519151590FFA3D5C5C4D1D |
SHA-256: | F5285515BF363153D3AA9ED5F966D48EF395BB1F5C853AD2704B79B29D2BE692 |
SHA-512: | 61883AC520A6D30ED4AE5CD5C8C6F14AD571D9A08FDC540E88002D0EE3BFCBEFDE913C931651C645D66F53A348781077045BF5C7C83F5280C4B2E72341A11EA7 |
Malicious: | false |
URL: | https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;700&display=swap |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 173 |
Entropy (8bit): | 5.649805399408095 |
Encrypted: | false |
SSDEEP: | 3:YWR4bdUJxKvzgarO0r7r48e0B7qPoWXrHOhoWy8jdslqWte+agKWeHVH:YWybdQxKF7r48e0pqHHOtSlq1+PK9HVH |
MD5: | 5A58E7EF8367B06538630617C203EEB1 |
SHA1: | B4E0943F40A388C9624B157191062E95339BE431 |
SHA-256: | DDFD4544C8C7B3B07DBFB4574FB8477C4A196878061B536BA9EFEDFA7BCE7CAD |
SHA-512: | C95D933180A8346B37AF40D4714DAAD3F5BFCBF720C52C6DD4A924F7A5AD0854E34A11A74D0CEBB50D08AAD5BE7DE3969C7457D208D38EBD07531526060E7D83 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 16 |
Entropy (8bit): | 3.875 |
Encrypted: | false |
SSDEEP: | 3:HsqS1Y:Mp1Y |
MD5: | 5C5817DDFA72596CA976CA36E874EA95 |
SHA1: | 4491479472A5B053DE8967911670F25206244D71 |
SHA-256: | 2F317DE6216E423E81CC08AC342EA0ECD028D794E783D41CC46536ECCA8DC897 |
SHA-512: | 23E7764083C72130E745DC2A490DEAC90E99A02B00D318FE1B325C6BC16798C7FF3823FCC23346C811A66DE62656774D49C2E39F6E084B828033EA2C05773E3A |
Malicious: | false |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlM5vjemMCVuBIFDdK5ntw=?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 61018 |
Entropy (8bit): | 6.129620606388949 |
Encrypted: | false |
SSDEEP: | 1536:I4yLHoOmBp/tyoippWq25ve2d2/fqPHI3NJ32ET1yOltC1:I4yLHoO4/Op3OFW3j1yOlM |
MD5: | 6BAEA94020D865A4FC8C3F01D03EE5F2 |
SHA1: | FD276610C070F90AA68B081A0D5B3EB523784378 |
SHA-256: | 96296D63308CF90F44477F24D92A5B34BC6953D4710C66679E1255F2A8B4FCFC |
SHA-512: | 1C6682ADC080A38483D91DCE98331CF0EAABED4D27761C5641D2E64C8AFE1F0D13A6191C17CCAC36D4B512B637E71899291809BE0D3040B5E9E7019D24BB97AB |
Malicious: | false |
URL: | https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/ |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 173 |
Entropy (8bit): | 5.649805399408095 |
Encrypted: | false |
SSDEEP: | 3:YWR4bdUJxKvzgarO0r7r48e0B7qPoWXrHOhoWy8jdslqWte+agKWeHVH:YWybdQxKF7r48e0pqHHOtSlq1+PK9HVH |
MD5: | 5A58E7EF8367B06538630617C203EEB1 |
SHA1: | B4E0943F40A388C9624B157191062E95339BE431 |
SHA-256: | DDFD4544C8C7B3B07DBFB4574FB8477C4A196878061B536BA9EFEDFA7BCE7CAD |
SHA-512: | C95D933180A8346B37AF40D4714DAAD3F5BFCBF720C52C6DD4A924F7A5AD0854E34A11A74D0CEBB50D08AAD5BE7DE3969C7457D208D38EBD07531526060E7D83 |
Malicious: | false |
URL: | https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/vl.php |
Preview: |
File type: | |
Entropy (8bit): | 6.316538687888731 |
TrID: |
|
File name: | 04-25-Inv-Doc-339.pdf |
File size: | 346'711 bytes |
MD5: | ce4372ea002fca274c16b40792e074e3 |
SHA1: | ad0b901ddadfa334ca9a6260c574544f0d5311a8 |
SHA256: | deb2c73fc314f347e01b90650dd116b1fea372d0774ab19257be560aeef03e23 |
SHA512: | 505c450ecaeb7fc0fbfb4803a43a593fcb44fc27727072fd0772ca335f001ca1917f3dac9ae44892819ae59cdfe264a036ebbedb615ee6e45d88b0f54eee9366 |
SSDEEP: | 6144:YU0zngDfKcqq8HVQ+5UYmw9iXW7yJrgHu4Xbu9eIVIn7VmHEO/3xcCe:L6gDycqT9Zmw9iXW7ylmu8MhsNO/WCe |
TLSH: | CA74AF6BEAF3F0DB914858351B01F17CA6D66A6F63A2989C1DC4E50034DBEC1237A3D9 |
File Content Preview: | %PDF-1.4.%.... ReportLab Generated PDF document http://www.reportlab.com.1 0 obj.<<./F1 2 0 R.>>.endobj.2 0 obj.<<./BaseFont /Helvetica /Encoding /WinAnsiEncoding /Name /F1 /Subtype /Type1 /Type /Font.>>.endobj.3 0 obj.<<./BitsPerComponent 8 /ColorSpace / |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 6.316539 |
Total Bytes: | 346711 |
Stream Entropy: | 6.307506 |
Stream Bytes: | 344450 |
Entropy outside Streams: | 5.242851 |
Bytes outside Streams: | 2261 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 11 |
endobj | 11 |
stream | 3 |
endstream | 3 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 2 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 2 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 03:42:48.613373041 CEST | 49678 | 443 | 192.168.2.4 | 104.46.162.224 |
Apr 26, 2024 03:42:49.425792933 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 26, 2024 03:42:59.031945944 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 26, 2024 03:42:59.788983107 CEST | 49738 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:42:59.789002895 CEST | 443 | 49738 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:42:59.789074898 CEST | 49738 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:42:59.790740967 CEST | 49738 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:42:59.790754080 CEST | 443 | 49738 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:00.210144997 CEST | 443 | 49738 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:00.210216045 CEST | 49738 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:00.213970900 CEST | 49738 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:00.213977098 CEST | 443 | 49738 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:00.214200974 CEST | 443 | 49738 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:00.258073092 CEST | 49738 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:00.264837027 CEST | 49738 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:00.308160067 CEST | 443 | 49738 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:00.627002001 CEST | 443 | 49738 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:00.627057076 CEST | 443 | 49738 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:00.627103090 CEST | 49738 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:00.641910076 CEST | 49738 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:00.641921043 CEST | 443 | 49738 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:00.641930103 CEST | 49738 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:00.641935110 CEST | 443 | 49738 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:00.689702988 CEST | 49739 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:00.689785004 CEST | 443 | 49739 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:00.689873934 CEST | 49739 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:00.690109968 CEST | 49739 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:00.690145016 CEST | 443 | 49739 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:01.107677937 CEST | 443 | 49739 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:01.107758999 CEST | 49739 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:01.109302998 CEST | 49739 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:01.109328032 CEST | 443 | 49739 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:01.109563112 CEST | 443 | 49739 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:01.110694885 CEST | 49739 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:01.152117014 CEST | 443 | 49739 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:01.546442032 CEST | 443 | 49739 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:01.546557903 CEST | 443 | 49739 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:01.546844006 CEST | 49739 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:01.547281981 CEST | 49739 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:01.547282934 CEST | 49739 | 443 | 192.168.2.4 | 23.197.180.115 |
Apr 26, 2024 03:43:01.547314882 CEST | 443 | 49739 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:01.547343969 CEST | 443 | 49739 | 23.197.180.115 | 192.168.2.4 |
Apr 26, 2024 03:43:05.757777929 CEST | 49740 | 443 | 192.168.2.4 | 23.63.158.36 |
Apr 26, 2024 03:43:05.757814884 CEST | 443 | 49740 | 23.63.158.36 | 192.168.2.4 |
Apr 26, 2024 03:43:05.758816957 CEST | 49740 | 443 | 192.168.2.4 | 23.63.158.36 |
Apr 26, 2024 03:43:05.759082079 CEST | 49740 | 443 | 192.168.2.4 | 23.63.158.36 |
Apr 26, 2024 03:43:05.759093046 CEST | 443 | 49740 | 23.63.158.36 | 192.168.2.4 |
Apr 26, 2024 03:43:06.176224947 CEST | 443 | 49740 | 23.63.158.36 | 192.168.2.4 |
Apr 26, 2024 03:43:06.176808119 CEST | 49740 | 443 | 192.168.2.4 | 23.63.158.36 |
Apr 26, 2024 03:43:06.176862955 CEST | 443 | 49740 | 23.63.158.36 | 192.168.2.4 |
Apr 26, 2024 03:43:06.177824974 CEST | 443 | 49740 | 23.63.158.36 | 192.168.2.4 |
Apr 26, 2024 03:43:06.177903891 CEST | 49740 | 443 | 192.168.2.4 | 23.63.158.36 |
Apr 26, 2024 03:43:06.180892944 CEST | 49740 | 443 | 192.168.2.4 | 23.63.158.36 |
Apr 26, 2024 03:43:06.181020021 CEST | 443 | 49740 | 23.63.158.36 | 192.168.2.4 |
Apr 26, 2024 03:43:06.181185961 CEST | 49740 | 443 | 192.168.2.4 | 23.63.158.36 |
Apr 26, 2024 03:43:06.181216955 CEST | 443 | 49740 | 23.63.158.36 | 192.168.2.4 |
Apr 26, 2024 03:43:06.230143070 CEST | 49740 | 443 | 192.168.2.4 | 23.63.158.36 |
Apr 26, 2024 03:43:06.331635952 CEST | 443 | 49740 | 23.63.158.36 | 192.168.2.4 |
Apr 26, 2024 03:43:06.331927061 CEST | 443 | 49740 | 23.63.158.36 | 192.168.2.4 |
Apr 26, 2024 03:43:06.332030058 CEST | 49740 | 443 | 192.168.2.4 | 23.63.158.36 |
Apr 26, 2024 03:43:06.332535982 CEST | 49740 | 443 | 192.168.2.4 | 23.63.158.36 |
Apr 26, 2024 03:43:06.332572937 CEST | 443 | 49740 | 23.63.158.36 | 192.168.2.4 |
Apr 26, 2024 03:43:11.721945047 CEST | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:11.722033024 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:11.723246098 CEST | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:11.723246098 CEST | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:11.723330021 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:12.214665890 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:12.216818094 CEST | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:12.218733072 CEST | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:12.218744040 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:12.219074965 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:12.261531115 CEST | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:12.678950071 CEST | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:12.720141888 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:12.996622086 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:12.996649981 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:12.996665955 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:12.996675014 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:12.996686935 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:12.996710062 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:12.996769905 CEST | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:12.996845961 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:12.996886969 CEST | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:12.996910095 CEST | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:12.997081041 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:12.997160912 CEST | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:12.997169018 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:12.997231960 CEST | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:13.313898087 CEST | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:13.313971043 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:13.314027071 CEST | 49741 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:13.314044952 CEST | 443 | 49741 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:19.419855118 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:19.419928074 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:19.420053959 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:19.421042919 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:19.421097040 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:19.937046051 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:19.937285900 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:19.937313080 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:19.938159943 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:19.938215017 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:19.939280033 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:19.939335108 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:19.939444065 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:19.939451933 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:19.986475945 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:20.332300901 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.332340956 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.332348108 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.332364082 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.332396984 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.332420111 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:20.332434893 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.332458973 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:20.332484007 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:20.482847929 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.482866049 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.482944012 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:20.483009100 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.483062983 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:20.563373089 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.563389063 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.563451052 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:20.563473940 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.563522100 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:20.620131016 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.620192051 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.620224953 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:20.620228052 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:20.620250940 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:20.620291948 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:20.620461941 CEST | 49747 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:20.620492935 CEST | 443 | 49747 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:21.341058016 CEST | 49753 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:21.341085911 CEST | 443 | 49753 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:21.341175079 CEST | 49753 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:21.342283964 CEST | 49753 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:21.342302084 CEST | 443 | 49753 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:21.822967052 CEST | 49755 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:21.823064089 CEST | 443 | 49755 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:21.823157072 CEST | 49755 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:21.823342085 CEST | 49755 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:21.823379993 CEST | 443 | 49755 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:21.886315107 CEST | 443 | 49753 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:21.886569023 CEST | 49753 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:21.886585951 CEST | 443 | 49753 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:21.886930943 CEST | 443 | 49753 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:21.887217045 CEST | 49753 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:21.887279034 CEST | 443 | 49753 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:21.887327909 CEST | 49753 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:21.928153992 CEST | 443 | 49753 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.248771906 CEST | 443 | 49753 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.248825073 CEST | 443 | 49753 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.248923063 CEST | 49753 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.249725103 CEST | 49753 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.249742985 CEST | 443 | 49753 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.329051971 CEST | 443 | 49755 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.329310894 CEST | 49755 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.329351902 CEST | 443 | 49755 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.329685926 CEST | 443 | 49755 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.329958916 CEST | 49755 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.330028057 CEST | 443 | 49755 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.330097914 CEST | 49755 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.376113892 CEST | 443 | 49755 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.385404110 CEST | 49757 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.385490894 CEST | 443 | 49757 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.385576010 CEST | 49757 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.385871887 CEST | 49757 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.385915995 CEST | 443 | 49757 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.665749073 CEST | 443 | 49755 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.665800095 CEST | 443 | 49755 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.665855885 CEST | 49755 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.666331053 CEST | 49755 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.666374922 CEST | 443 | 49755 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.669724941 CEST | 49758 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.669750929 CEST | 443 | 49758 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.669816971 CEST | 49758 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.670016050 CEST | 49758 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.670028925 CEST | 443 | 49758 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.892693043 CEST | 443 | 49757 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.893290043 CEST | 49757 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.893315077 CEST | 443 | 49757 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.894177914 CEST | 443 | 49757 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.894241095 CEST | 49757 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.894992113 CEST | 49757 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.895045042 CEST | 443 | 49757 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.895131111 CEST | 49757 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:22.895138979 CEST | 443 | 49757 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:22.943223000 CEST | 49757 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:23.181216002 CEST | 443 | 49758 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:23.181813002 CEST | 49758 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:23.181828976 CEST | 443 | 49758 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:23.185357094 CEST | 443 | 49758 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:23.185430050 CEST | 49758 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:23.186067104 CEST | 49758 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:23.186233044 CEST | 443 | 49758 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:23.186245918 CEST | 49758 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:23.228147030 CEST | 443 | 49758 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:23.231291056 CEST | 443 | 49757 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:23.231349945 CEST | 443 | 49757 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:23.231542110 CEST | 49757 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:23.232161045 CEST | 49757 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:23.232206106 CEST | 443 | 49757 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:23.236512899 CEST | 49758 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:23.236521006 CEST | 443 | 49758 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:23.283504963 CEST | 49758 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:23.517043114 CEST | 443 | 49758 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:23.517112970 CEST | 443 | 49758 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:23.517205000 CEST | 49758 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:23.517685890 CEST | 49758 | 443 | 192.168.2.4 | 34.69.210.22 |
Apr 26, 2024 03:43:23.517698050 CEST | 443 | 49758 | 34.69.210.22 | 192.168.2.4 |
Apr 26, 2024 03:43:23.849140882 CEST | 49759 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:43:23.849203110 CEST | 443 | 49759 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:43:23.849347115 CEST | 49759 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:43:23.849683046 CEST | 49759 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:43:23.849714041 CEST | 443 | 49759 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:43:24.183619022 CEST | 443 | 49759 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:43:24.183959961 CEST | 49759 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:43:24.184017897 CEST | 443 | 49759 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:43:24.185447931 CEST | 443 | 49759 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:43:24.185534000 CEST | 49759 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:43:24.186813116 CEST | 49759 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:43:24.186898947 CEST | 443 | 49759 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:43:24.237231970 CEST | 49759 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:43:24.237251997 CEST | 443 | 49759 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:43:24.284116983 CEST | 49759 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:43:34.166115046 CEST | 443 | 49759 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:43:34.166193008 CEST | 443 | 49759 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:43:34.166254997 CEST | 49759 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:43:34.606985092 CEST | 49759 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:43:34.607033014 CEST | 443 | 49759 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:43:49.642448902 CEST | 49767 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:49.642478943 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:49.642570972 CEST | 49767 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:49.642976999 CEST | 49767 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:49.642992020 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:50.126636028 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:50.126715899 CEST | 49767 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:50.130672932 CEST | 49767 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:50.130683899 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:50.130944967 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:50.138039112 CEST | 49767 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:50.180154085 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:50.602814913 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:50.602834940 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:50.602900982 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:50.602907896 CEST | 49767 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:50.602936983 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:50.602971077 CEST | 49767 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:50.602983952 CEST | 49767 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:50.603059053 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:50.603111982 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:50.603118896 CEST | 49767 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:50.603132963 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:50.603142023 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:50.603164911 CEST | 49767 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:50.603193045 CEST | 49767 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:50.607961893 CEST | 49767 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:50.607975960 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:43:50.607985973 CEST | 49767 | 443 | 192.168.2.4 | 13.85.23.86 |
Apr 26, 2024 03:43:50.607990980 CEST | 443 | 49767 | 13.85.23.86 | 192.168.2.4 |
Apr 26, 2024 03:44:23.785680056 CEST | 49769 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:44:23.785722971 CEST | 443 | 49769 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:44:23.785963058 CEST | 49769 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:44:23.786113024 CEST | 49769 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:44:23.786143064 CEST | 443 | 49769 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:44:24.173192024 CEST | 443 | 49769 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:44:24.173935890 CEST | 49769 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:44:24.173966885 CEST | 443 | 49769 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:44:24.174428940 CEST | 443 | 49769 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:44:24.175349951 CEST | 49769 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:44:24.175429106 CEST | 443 | 49769 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:44:24.221992970 CEST | 49769 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:44:34.164676905 CEST | 443 | 49769 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:44:34.164758921 CEST | 443 | 49769 | 172.217.15.196 | 192.168.2.4 |
Apr 26, 2024 03:44:34.164840937 CEST | 49769 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:44:35.848746061 CEST | 49769 | 443 | 192.168.2.4 | 172.217.15.196 |
Apr 26, 2024 03:44:35.848778963 CEST | 443 | 49769 | 172.217.15.196 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 03:43:19.226881981 CEST | 57759 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 03:43:19.227119923 CEST | 58473 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 03:43:19.354269028 CEST | 53 | 53101 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:43:19.355561972 CEST | 53 | 57759 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:43:19.358169079 CEST | 53 | 58473 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:43:19.463138103 CEST | 53 | 65180 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:43:19.608992100 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Apr 26, 2024 03:43:20.448447943 CEST | 53 | 52992 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:43:20.476397991 CEST | 53 | 49527 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:43:20.476484060 CEST | 53 | 64349 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:43:21.467137098 CEST | 53 | 59904 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:43:22.253320932 CEST | 56800 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 03:43:22.253472090 CEST | 57978 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 03:43:22.382457972 CEST | 53 | 56800 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:43:22.384955883 CEST | 53 | 57978 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:43:23.722587109 CEST | 60314 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 03:43:23.722804070 CEST | 56260 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 03:43:23.847884893 CEST | 53 | 60314 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:43:23.847929955 CEST | 53 | 56260 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:43:31.864626884 CEST | 53 | 57299 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:43:37.411194086 CEST | 53 | 56789 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:43:56.222816944 CEST | 53 | 63372 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:44:18.819344997 CEST | 53 | 55931 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:44:19.184544086 CEST | 53 | 50923 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:44:46.724467993 CEST | 53 | 57741 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:45:33.304378986 CEST | 53 | 57040 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:45:54.402235031 CEST | 64849 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 03:45:54.403017998 CEST | 54148 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 03:45:54.530189037 CEST | 53 | 64849 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:45:54.536125898 CEST | 53 | 54148 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:45:54.566191912 CEST | 53 | 59402 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 03:45:54.566246033 CEST | 53 | 59422 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 26, 2024 03:43:19.226881981 CEST | 192.168.2.4 | 1.1.1.1 | 0x64ca | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 03:43:19.227119923 CEST | 192.168.2.4 | 1.1.1.1 | 0x7f42 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 26, 2024 03:43:22.253320932 CEST | 192.168.2.4 | 1.1.1.1 | 0x30ac | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 03:43:22.253472090 CEST | 192.168.2.4 | 1.1.1.1 | 0x4e79 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 26, 2024 03:43:23.722587109 CEST | 192.168.2.4 | 1.1.1.1 | 0xa3b2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 03:43:23.722804070 CEST | 192.168.2.4 | 1.1.1.1 | 0x17ad | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 26, 2024 03:45:54.402235031 CEST | 192.168.2.4 | 1.1.1.1 | 0xffc7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 03:45:54.403017998 CEST | 192.168.2.4 | 1.1.1.1 | 0x7684 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 03:43:19.355561972 CEST | 1.1.1.1 | 192.168.2.4 | 0x64ca | No error (0) | 34.69.210.22 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 03:43:22.382457972 CEST | 1.1.1.1 | 192.168.2.4 | 0x30ac | No error (0) | 34.69.210.22 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 03:43:23.847884893 CEST | 1.1.1.1 | 192.168.2.4 | 0xa3b2 | No error (0) | 172.217.15.196 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 03:43:23.847929955 CEST | 1.1.1.1 | 192.168.2.4 | 0x17ad | No error (0) | 65 | IN (0x0001) | false | |||
Apr 26, 2024 03:45:54.530189037 CEST | 1.1.1.1 | 192.168.2.4 | 0xffc7 | No error (0) | 34.69.210.22 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49738 | 23.197.180.115 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 01:43:00 UTC | 161 | OUT | |
2024-04-26 01:43:00 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49739 | 23.197.180.115 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 01:43:01 UTC | 239 | OUT | |
2024-04-26 01:43:01 UTC | 531 | IN | |
2024-04-26 01:43:01 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49740 | 23.63.158.36 | 443 | 7332 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 01:43:06 UTC | 475 | OUT | |
2024-04-26 01:43:06 UTC | 198 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49741 | 13.85.23.86 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 01:43:12 UTC | 306 | OUT | |
2024-04-26 01:43:12 UTC | 560 | IN | |
2024-04-26 01:43:12 UTC | 15824 | IN | |
2024-04-26 01:43:12 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49747 | 34.69.210.22 | 443 | 3872 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 01:43:19 UTC | 715 | OUT | |
2024-04-26 01:43:20 UTC | 404 | IN | |
2024-04-26 01:43:20 UTC | 15980 | IN | |
2024-04-26 01:43:20 UTC | 16384 | IN | |
2024-04-26 01:43:20 UTC | 16384 | IN | |
2024-04-26 01:43:20 UTC | 12270 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49753 | 34.69.210.22 | 443 | 3872 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 01:43:21 UTC | 631 | OUT | |
2024-04-26 01:43:22 UTC | 356 | IN | |
2024-04-26 01:43:22 UTC | 173 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49755 | 34.69.210.22 | 443 | 3872 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 01:43:22 UTC | 655 | OUT | |
2024-04-26 01:43:22 UTC | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49757 | 34.69.210.22 | 443 | 3872 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 01:43:22 UTC | 402 | OUT | |
2024-04-26 01:43:23 UTC | 356 | IN | |
2024-04-26 01:43:23 UTC | 173 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49758 | 34.69.210.22 | 443 | 3872 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 01:43:23 UTC | 362 | OUT | |
2024-04-26 01:43:23 UTC | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49767 | 13.85.23.86 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 01:43:50 UTC | 306 | OUT | |
2024-04-26 01:43:50 UTC | 560 | IN | |
2024-04-26 01:43:50 UTC | 15824 | IN | |
2024-04-26 01:43:50 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:42:51 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 03:42:52 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 03:42:52 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 7 |
Start time: | 03:43:16 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 8 |
Start time: | 03:43:17 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |